If you use Port Explorer or any other realtime port monitoring tool you'll see that when you open a HTML email from a spammer, the email client often connects out to remote websites, usually on port 80 but that can vary. This isn't good at all -- it basically allows the spammer to detect that you have read your email, and in addition to this, they garnish your IP address and web-browser information when your browser visits their server.

The good news is that it can easily be prevented by adding two simple rules to your personal firewall (should work with all personal firewalls):
Rule #1 - Allow your email client outbound TCP access on port 25 (sending mail), 110 (receiving mail), and 119 (newsgroups, if you visit them).
Rule #2 - Block ALL other access by your email client

Note that the rules must be in that order to work :). The first rule simply allows your email client outbound access to the ports it needs to get access to, while the second rule blocks all other access, thus preventing your email client from connecting out to remote webservers.

Best regards,
Wayne

as an additional constraint on those rules, specify the IP(s) of your account's associated mail servers as the only possible destinations.

It is child' play for a script to configure a new address in most email clients (worst of all is Outlook97/2k/xp - the vba extensibility is pretty powerful) and download attachments residing on a mailserver of the script writer's choice.

I don't know if this has happened but I can't be the first to have thought of it. I've seen an ftp version of this scenario, so the same advice applies there.

Yup :) and to extend further, it won't stop your email client from connecting to a webserver that is listening (strangely) on port 25 or 110 - it's not likely to happen, but it's possible, so if you only use a few particular IP addresses, then use those :)
We get asked this quite a lot in emails so its a problem that affects a lot of people, but it's easy to deal with!

Thanks for the information Wayne. :)
I ended up moving to “The Bat” to prevent this sort of thing happening and increase protection. The advice would have maybe saved a lot of work. I do believe the next version of Outlook will include an option to stop mail doing this. Could it be that Microsoft is now beginning to take notice? :o

MS should notice with less people using their OU and OE for this and all the comments worldwide.

Let's not forget IMAP port 143 shall we !

-{ Quote: " quoting: Jooske link=board=7;threadid=6436;start=0#42901 date=1042883094]
MS should notice with less people using their OU and OE for this and all the comments worldwide.
" }-
Hi Jooske ;)

They already took care : in OE6SP1 options you may read all your mails in *.txt ;)

To complete excellent Wayne's advice : you may also need port 143 (IMAP)
If you use hotmail.com from your mail client you need port 80, bad luck :)

Rgds,

Hi Wayne,

Great piece of advice and only takes a few seconds to re-configure, simple yet very affective. As soon as I flicked through a few emails I had notifications on blocked connections (some emails were not overtly HTML either just shows that things can hide very easily).

Wink.

-{ Quote: " quoting: Wayne - DiamondCS link=board=7;threadid=6436;start=0#42881 date=1042875920]
The good news is that it can easily be prevented by adding two simple rules to your personal firewall (should work with all personal firewalls):
Rule #1 - Allow your email client outbound TCP access on port 25 (sending mail), 110 (receiving mail), and 119 (newsgroups, if you visit them).
Rule #2 - Block ALL other access by your email client

Note that the rules must be in that order to work :).
" }-

Hello Wayne!

A decent firewall is doing this job already from itself! :)

And because I'm using such a decent firewall, Outpost Pro ;), I don't care about rules for my email program (Outlook XP).

-{ Quote: "-{ Quote: " quoting: Smokey link=board=7;threadid=6436;start=0#43012 Hello Wayne!

A decent firewall is doing this job already from itself! :)

And because I'm using such a decent firewall, Outpost Pro ;), I don't care about rules for my email program (Outlook XP).
" }-

Hello,

Wrong : the default rulesset for OE in Outpost PRO is :
HTTP Connections ALLOW :-D
Set it on DENY.
And you should care 8)

Rgds,

-{ Quote: "-{ Quote: " quoting: JacK link=board=7;threadid=6436;start=0#43023 date=1042930604]

A decent firewall is doing this job already from itself! :)

And because I'm using such a decent firewall, Outpost Pro ;), I don't care about rules for my email program (Outlook XP).
" }-

Hello,

Wrong : the default rulesset for OE in Outpost PRO is :
HTTP Connections ALLOW :-D
Set it on DENY.
And you should care 8)
" }-

NOT wrong: when you are using the "Rules Wizard" in Outpost it works just like I explained before! 8) 8) ;D

BTW: you are talking about Outlook Express, I'm talking about Outlook XP....

-{ Quote: " quoting: Smokey link=board=7;threadid=6436;start=0#43032 date=1042932408]

NOT wrong: when you are using the "Rules Wizard" in Outpost it works just like I explained before! 8) 8) ;D

BTW: you are talking about Outlook Express, I'm talking about Outlook XP....

" }-
For Outlook, when using "Create rules using preset" => Email client the only rule is TCP out :25 Allow. Hence you will be prompt to edit some more rules according to your whim : you may or may not accept in learning mode TCP OUT 80, 8080, etc... when you first time receive some kind of HTLM mails requesting OUTBOND connexion ;)

Rgds,

As for hotmail: I´m trying out this program called web2pop (http://www.jmasoftware.com/english/products/web2pop/index.html)
It does what it promises, I can fetch my Hotmail with The Bat this way.
Do you see any additional security risks?

Regards,

Pieter

This was a longer post but as I posted I got a 404 error and then lost it. So I will shorten this one.

Want to stop spam? Grab Mailwasher
http://www.mailwasher.net

What does it do? It allows you to bounce emails which removes you from 99% of spam lists and also allows you to delete emails off the server which means you don't have to download it in your client (really only a problem if your on dialup)
-Jason-

-{ Quote: " quoting: Jason / DiamondCS link=board=23;threadid=6436;start=0#43320 date=1043033875]

Want to stop spam? Grab Mailwasher
http://www.mailwasher.net

What does it do? It allows you to bounce emails which removes you from 99% of spam lists " }-

Hi Jason ;)

Excellent little App but I don't think bouncing is a great idea : lot of stupid robots consider it as a positive answer
and you are at risk to receive some more spam IMHO.

I NEVER answer any spam even NEVER unsuscribe : it's often a trick to cheat you ;)

Best regards,

Hi Jack,
Well I don't know what robots they use on me but bouncing them makes them disappear, whereas doing nothing I just kept getting more and more of the same email from the same people 5 times a day. Also recently I've been getting a lot of the boss.com worm which is a pain to have to download a lot when your on a 56K :)
-Jason-

Doing nothing confirms to spammers that some mailbox is getting the spam. An unsuccessful bounce can do no more harm than that.

-{ Quote: " quoting: UNICRON link=board=23;threadid=6436;start=15#43515 date=1043122111]
Doing nothing confirms to spammers that some mailbox is getting the spam. An unsuccessful bounce can do no more harm than that.


" }-

Unless the spam bounce is so badly done that it's gives away the fact that it's a live account.

I doubt spammers keep track of bounces anyway.

-{ Quote: " quoting: Joesmith link=board=23;threadid=6436;start=15#43622 date=1043170241]
-{ Quote: " quoting: UNICRON link=board=23;threadid=6436;start=15#43515 date=1043122111]
Doing nothing confirms to spammers that some mailbox is getting the spam. An unsuccessful bounce can do no more harm than that.


" }-

Unless the spam bounce is so badly done that it's gives away the fact that it's a live account.

I doubt spammers keep track of bounces anyway.
" }-

most likely, all returns go to /dev/null

-{ Quote: " quoting: UNICRON link=board=23;threadid=6436;start=0#42883 date=1042878317]
as an additional constraint on those rules, specify the IP(s) of your account's associated mail servers as the only possible destinations.

It is child' play for a script to configure a new address in most email clients (worst of all is Outlook97/2k/xp - the vba extensibility is pretty powerful) and download attachments residing on a mailserver of the script writer's choice.

I don't know if this has happened but I can't be the first to have thought of it. I've seen an ftp version of this scenario, so the same advice applies there.

" }-

Hmm even I thought of it. It's basically an example of the basic principle of making firewall rules as restrictive as possible. Which itself is a subet of the general security rule to use only needed services and get it simple.

I've applied this restrictive rules (to specific ips) from anything like antivirus updates to Newsgroups and htmlclients (to specific email hosts I upload my site) .

To be extra careful, normally I do a reverse DNS (using web-based sites and local) to see if the Ips make sense.