Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.



201 posts

Master Geek
+1 received by user: 1

Trusted

Topic # 61249 12-May-2010 21:30 Send private message

Why are we suddenly receiving UCE purportedly from Trade Me NZ but maybe transmitted from a US address? Is this a new form of misbehaviour by Trade Me or is it common? Is Trade Me NZ attempting to exploit some loophole in the law by originating the transmission from overseas?

...
Received: (qmail 28717 invoked from network); 12 May 2010 09:07:56 +0200
Received: from unknown (HELO User) (216.105.104.37)
  by web-of-art.de with SMTP; 12 May 2010 09:07:56 +0200
Reply-To: <[email protected]>
From: "Trade Me"<[email protected]>
Subject: Lowest prices on Trade Me Motors hurry!
...

We have never signed up to Trade Me nor ever (surprise, surprise) purchased anything from Trade Me. We have no commercial relationship with Trade Me. Nor is the message "relevant to the recipient's business, role, function or duties in a business or official capacity." The e-mail (business) address may have been harvested from a public web page.

I had hoped we were protected by NZ legislation at least from NZ spammers? Or being so big does Trade Me consider it is exempt from having to abide by NZ law?

There is a weasel phrase at the end of the e-mail: "If you have received this e-mail without registering on Trade Me no further action is required." I can see no "accurate information about the person who authorised the sending of the message and a functional unsubscribe facility" as is required by the NZ Unsolicited Electronic Messages Act 2007.

Create new topic
Just A Geek
1945 posts

Uber Geek
+1 received by user: 313

Trusted
Subscriber

  Reply # 329530 12-May-2010 21:32 Send private message

are you sure its not a phishing email pretending to me trademe?

where do the links in the email actually go to?

Thanks

7740 posts

Uber Geek
+1 received by user: 307

Trusted
Subscriber

  Reply # 329534 12-May-2010 21:44 Send private message

Doesn't look like it's from trademe to me, post the rest of the email headers and double check what url/address links in the body point to.

http://en.wikipedia.org/wiki/Phishing
http://www.microsoft.com/nz/protect/yourself/phishing/identify.mspx



201 posts

Master Geek
+1 received by user: 1

Trusted

  Reply # 329537 12-May-2010 21:47 Send private message

LennonNZ: are you sure its not a phishing email pretending to me trademe?

where do the links in the email actually go to?

Thanks


Thanks, what a relief. The links in the actual mail go elsewhere, not to Trade Me NZ.

16477 posts

Uber Geek
+1 received by user: 1396

Trusted
Vodafone NZ

  Reply # 329538 12-May-2010 21:47 Send private message

You can't really call trademe a spammer that is over the top




BDFL
49896 posts

Uber Geek
+1 received by user: 4615

Administrator
Trusted
Geekzone
Subscriber

  Reply # 329557 12-May-2010 22:23 Send private message

You should not trust *ANY* email. If you thought that email was from Trade Me, what if you get an email saying it's from your bank? Would you click and enter your account/password?

You have to be very careful...




2882 posts

Uber Geek
+1 received by user: 88

Trusted

  Reply # 329561 12-May-2010 22:30 Send private message

johnr: You can't really call trademe a spammer that is over the top

You're right, you can't really call trademe "a spammer that is over the top".   They're just a regular spammer.  Or did you mean:  You can't really call trademe a spammer; that is over the top.  Just saying, correct punctuation can go a long way in clarifying one's meaning.



201 posts

Master Geek
+1 received by user: 1

Trusted

  Reply # 329578 12-May-2010 23:08 Send private message

johnr: You can't really call trademe a spammer that is over the top


The "UCE purportedly from Trade Me NZ" was not spam from Trade Me NZ so the other questions I raised were nugatory.

150 posts

Master Geek


  Reply # 329591 12-May-2010 23:51 Send private message

Interesting.. Wonder how whoever sent the e-mail is using the trademe.co.nz domain?

BDFL
49896 posts

Uber Geek
+1 received by user: 4615

Administrator
Trusted
Geekzone
Subscriber

  Reply # 329641 13-May-2010 09:10 Send private message

I see there's a bit of misunderstanding how SMTP works, so here's a brief...

UnitedWeFall: Interesting.. Wonder how whoever sent the e-mail is using the trademe.co.nz domain?


Anyone can set FROM: to whatever they want. Most SMTP servers don't check this and are happy to relay messages. Go ahead, open your email program and change its configuration. You can send emails FROM anyone.

What counts is not the FROM field, but the message headers. That tells you which server was used to send the original message and which servers were contacted through out the transission to the message's final destination.

Very few ISPs and companies lockdown their SMTP servers to prevent FROM spoofing, because it would make difficult for people to send emails. In New Zealand Telecom locks it down, and people complain. A lot.

For those services which have a SMTP lockdown they usually "authenticate" users by sending an email to the address with a code - exactly with Telecom and GMail do.

Seeing SMTP is mostly "open", companies fight spam in a variety of ways. Some won't allow relay. It means their SMTP is only used to receive messages for their own domain, not to send/forward to any other domain.

Some lock the SMTP to allow only connections from its own network, not from outside.

Some create DNS SPF records that describe which SMTP servers are allowed to send messages from its domain - the problem is that if the receiving SMTP server doesn't check SPF records there's not much you can do.

Some ISPs lock traffic to port 25 outside its network (Telecom does it) to prevent people using other SMTP servers. This is good because prevents people's infected computers from sending out spam.

In short: there are always ways to pretend to be your bank or Trade Me. Beware.





605 posts

Ultimate Geek
+1 received by user: 1

Trusted

  Reply # 329743 13-May-2010 12:49 Send private message

freitasm: I see there's a bit of misunderstanding how SMTP works, so here's a brief...

UnitedWeFall: Interesting.. Wonder how whoever sent the e-mail is using the trademe.co.nz domain?


Anyone can set FROM: to whatever they want. Most SMTP servers don't check this and are happy to relay messages. Go ahead, open your email program and change its configuration. You can send emails FROM anyone.

What counts is not the FROM field, but the message headers. That tells you which server was used to send the original message and which servers were contacted through out the transission to the message's final destination.

Very few ISPs and companies lockdown their SMTP servers to prevent FROM spoofing, because it would make difficult for people to send emails. In New Zealand Telecom locks it down, and people complain. A lot.


Be aware that the message headers themselves can be forged as well (I have seen a few spam emails trying to implicate legitimate email servers in the routing of the email ... as well as illegal IP addresses for servers (668.261.543.123 for example)

Fun times - I've seen statistics (both published and through my own very, very un-scientific methods) that show 90% of email being spam ...

However ... the convenience of email means that we continue to use it. 

150 posts

Master Geek


  Reply # 329864 13-May-2010 16:41 Send private message

Interesting post, freitasm. Thanks for the info.

19 posts

Geek
+1 received by user: 1


  Reply # 330247 14-May-2010 22:53 Send private message

If you are using Gmail or Yahoo mail (or Xtra webmail, since this is also Yahoo) you can check whether the mail was actually sent from Trade Me's servers. 

In Gmail you open the mail, then click on the 'show details' link near the top. It should say :

mailed-by  trademe.co.nz
signed-by  trademe.co.nz

The 'signed-by' bit means Gmail has verified the digital signature in the mail headers against what is published by trademe.co.nz's DNS server, effectively proving it was sent from there. 

Hopefully one day all forged email will get rejected by Gmail before it reaches the inbox.

In Yahoo (or Xtra webmail), open the message by double-clicking on it in your browser. Next to the sender's address, there should be an envelope icon with a key next to it. See http://help.yahoo.com/l/uk/yahoo/mail/yahoomail/context/context-07.html 

If you know your way around mail headers, all this stuff is laid out there too.


Received-SPF: pass (google.com: domain of [email protected] designates 203.57.145.37 as permitted sender) client-ip=203.57.145.37;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 203.57.145.37 as permitted sender) smtp.mail=[email protected]; dkim=pass header.i=[email protected]


If you receive a mail purporting to be from Trade Me which doesn't verify correctly - or is otherwise suspicious, eg contains links to non-Trade Me domains - then you should forward it as an attachment (with all headers) to [email protected]

Oh another thing to look out for, Trade Me mails usually address you by your first name - this information not available to phishers / scammers.

2239 posts

Uber Geek
+1 received by user: 81

Trusted
Vodafone NZ

  Reply # 330323 15-May-2010 10:31 Send private message

Just got this myself, to an unregistered email account (not registered with trademe)

"Lowest prices on Trade Me Motors hurry!"

A scam indeed.





Broadcast Engineer Media Services Group Vodafone New Zealand



201 posts

Master Geek
+1 received by user: 1

Trusted

  Reply # 330446 15-May-2010 17:59 Send private message


Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Another Trade Me competitor: SellShed
Created by freitasm, last reply by mattwnz on 20-Oct-2014 15:16 (22 replies)
Pages... 2


Why would Suresignal calls be worse quality than non-Suresignal calls from the same location?
Created by Geektastic, last reply by gzt on 20-Oct-2014 15:08 (37 replies)
Pages... 2 3


American legal jurisdiction in New Zealand
Created by ajobbins, last reply by gzt on 20-Oct-2014 21:03 (16 replies)
Pages... 2


Picture resizing on the forum
Created by Jase2985, last reply by freitasm on 18-Oct-2014 13:32 (13 replies)

Internet question...
Created by Geektastic, last reply by Geektastic on 17-Oct-2014 22:59 (40 replies)
Pages... 2 3


Just bought a TiVo online. No wireless adaptor. Will a standard one work? Or do I need the TiVo one ?
Created by Limerick, last reply by graemeh on 20-Oct-2014 16:03 (11 replies)

iPad Air 2 and iPad Mini 3. Gonna get one?
Created by Dingbatt, last reply by alexx on 20-Oct-2014 13:34 (45 replies)
Pages... 2 3


Why do people keep thinking National are doing a great job?
Created by sxz, last reply by BurningBeard on 20-Oct-2014 11:06 (155 replies)
Pages... 9 10 11



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.