New scam to beware of

[John BaronParticipant @johnbaron31275]

Posted by ega on 12/12/2020 11:33:47:

Posted by John Baron on 09/12/2020 19:26:14:

[…]

I use "Kmail" on which Ctrl "V" displays the full Email as text, nothing gets returned to the sender unless you want it to. Part of the issue is Windows itself. It will automatically return an MDM (Message Disposition Message) you have to very specifically turn it off.

[…]

 

John Baron:

I use Thunderbird on my Win 10 PC. Recently, I have been getting occasional emails which appear to be scams. I delete these and mark them as spam on my ISP's webmail site. I assume this is of limited value as the scammers no doubt keep changing their send address.

Presumably, if as you say it is possible to deny the sender any confirmation of receipt this might discourage future scam emails? How do I "turn it off", please?

Hi Ega,

I haven't laid hands on a W10 machine since it was released ! So all I can do is tell you what to look for.

Somewhere in your Email client settings will be something like "Security" in there turn off anything to do with HTML

Mine says "Prefer HTML to plain text" No you don't want that. It also says "Allow messages to load External references" You don't want that either.

Then it says "Message Disposition Notices" I've four choices, "Ignore, Ask, Deny, Send" I use "Ignore". All the other three will allow a sender to discover that you are receiving their mail".

After that it asks if I want to "Quote original message", with three options, "Nothing, Full message, Only Headers". I use "Nothing". Be careful with this one because if you use any of the last three in the MDN list it will still send headers.

The next one is with regard to encrypted messages. I do not send anything for encrypted messages. Its a common trick is to send an encrypted message that is just junk which will obtain an MDM even if the other setting have been turned of, so "Do not send MDM's in response to encrypted messages.

You also need to turn on warnings for "Receivers Email address is not in their security certificate and turn on warnings for certificates that are out of date, less than 14 days old or are about to expire.

Certificate validation should be turned on to get the warnings, and Ignore HTTP certificate requests should be on. Again these can be used to obtain information about you.

I think that is about all. But I'm sure that Micky will have other goodies up their sleeves.

HTH.

 

 

Edited By John Baron on 12/12/2020 20:08:34

Edited By John Baron on 12/12/2020 20:09:52

[peter smith 5Participant @petersmith5]

I just ask them what they are doing with the other hand??????

pete

[peter smith 5Participant @petersmith5]

I just ask them what they are doing with the other hand??????

pete

[Author]

Posts