I just got this...........Larry Froehlich

   Berea High School
Class Of 1960

From: Susan (Sue) Thompson Reddy
Email: suereddy@sc.rr.com

ALERT.....ALERT......ALERT......ALERT

Hey Rita/Larry,
Thoroughly enjoyed our weekend. You and your crew did a fantastic job. Just wanted to let you know I just got a flash that I had a message from Karen Eugene. When I logged in to read the message I got this back: Thanks for sending us your email address.
www.creditscore.com!! Are we being spammed?? You might want to check this out. Sounds like somebody hacked into our website. Sorry to send you this news.

Sue Reddy

IP Address: 66.57.197.28

This message has been sent to you from suereddy@sc.rr.com. You can not reply directly. Click here if you wish to start a new email to suereddy@sc.rr.com.

Whenever you see an IP address listed like above, that's just somebody completing your public Contact Us form. Only Admins get this never Classmates. Just delete it. Although we do screen for spam on that form the spam filter can't catch everything. Overall you'll notice the amount of spam getting through that form is very low.

The part that puzzled me was this:

"Just wanted to let you know I just got a flash that I had a message from Karen Eugene. When I logged in to read the message I got this back: Thanks for sending us your email address.
www.creditscore.com!! "

She wasn't using the "Contact Us" form. Is there anything you would like me to ask Sue, steps involved, ect?

I got a similar spam-type e-mail from a classmate this past week. It didn't say what yours did but it DID include a link that I never hit as I suspected it as spam. Someone had hijacked her e-mail address off the website.

Larry Froehlich wrote:

Looks as though the "spammers" are getting VERY creative, Larry. As Brad pointed out, that message was sent to you via the "Contact Us" and getting your names isn't hard to do at all. Be sure you are logged out (don't just close your browser, but LOG OUT of your CC site), now go and Google your name and see how many places your name appears! You may be in for a shock--and that is where they got your name. Another word of warning--if you belong to any Yahoo group or other forum group, or do you have a Yahoo e-mail or free hotmail account? Have you "Opted out" of all those marketing schemes. Yahoo is really looking out for you--they have taken the liberty of setting you up for every marketing scheme there is. YOU have to take a pro-active role and UNSUBSCRIBE yourself. One would think this to be the other way around, but then that is why they GIVE their e-mail accounts for FREE!

No...let's dispel a few things here. Nobody is hijacking email addresses from the web site. It's impossible. We don't even allow members to show other members an email address. They are literally never displayed anywhere, ever. Thus there is no possibility of anybody hijacking email addresses from the web site unless the classmate has entered his or her own email address in a public site forum (which would be a very bad idea). It's important that this point is extremely clear as people are naturally concerned about issues like this: No email addresses are ever hijacked from the web site.

Next, when I read the initial post here I saw the IP address and thus assumed it was the Contact Us form, which it was, but I didn't put 2 and 2 together. What really happened here is the Classmate got an email notification from our system that a message was waiting in the Message Center. When the Classmate went to the Message Center to get it, it turned out to be a spam email. Then the Classmate copied and pasted all of it into the public Contact Us form, which then got recopied and pasted here. That's what confused me...

Fortunately this is easily explainable. Every now and then some "wise guy" gets the idea that he/she can fill out Profile Comment forms on Profiles that are public, and to get them read they just use any other name they see on the Class List. This can be done manually or through a script if the user is a little more advanced. What they don't realize though when they start this is we only allow 10 things to go through without kicking their submissions into a much higher sensitivity spam filter. So they think they're going to email a few hundred thousand people with an automated script, only to find out that at most they can get 10 emails through before our system shuts them down. Why 10? Because it's a good # to ensure legitimate emails get through, while also ensuring spammers at most can only bother 10 people. Like any other email program, cases like this can allow a very small amount of spam through, but you'll notice messages like this are received incredibly infrequently. It really works quite well.

Note that in the rare circumstances the 10 emails get through, when we get ahold of them we take additional steps to block the sender, email, and IP address from future spam attacks. It's a non ending game of cat and mouse. Fortunately we're out in front on it.

Last week, I got an email from a web design company wanting to help me make my website more interesting and attract more hits.
They used the 'Contact Us' on our class site.
That's the first time I have ever gotten anything like that...

Yes, we're familiar with that one. Those guys rotate IP addresses and change verbiage constantly to get their spam emails through. The email you're referencing is actually the biggest game of cat and mouse we have here.

Brad Switzer wrote:

Brad, you have probably already thought of this, but when I ran my own mail server, we learned to block large blocks of IP addresses. Somewhere, I remember having access to a program that could ID just about every IP address some company or individual had at any time--of course the program had to be running 24/7 but worked quite well. This was back around 2002 timeframe.

Quote:

You are one of a handful of companies that do and I've got to tell you -- you are doing a mighty fine job...MIGHTY FINE, INDEED! I can't thank you enough!

Brad, thank you very much for the comprehensive explanation. You guys continue to do a fantastic job!