Dropspam.com Requests

zlim · Joined: Mar 11, 2005 Posts: 2747

I found this posting from July 2005 in Tom Coyote's forum

Quote:

My father's computer was hijacked by malware that originates from dropspam.com.

Is this something new? I haven't been able to find any information about it.

The program installed a toolbar on his computer, then changed his email account from his regular ISP provider to "aab.dropspam.com". It then sent a message to everyone in his address book, instructing them to click on the link to "authenticate their email address."

We have uninstalled the "program," and deleted several program file folders (which finally removed the toolbar). We also restored his original ISP POP3 account information, but he no longer receives his email through his original email address.

My father has now set up a new email address, and things seem to be working okay... but I would still like to know if anybody has ever heard of "dropspam.com." I think it may still be lurking underneath the surface.

dropspam doesn't seem like anything I'd want on my computer!

tiredmother · Joined: Aug 09, 2003 Posts: 1311

Hello,
I'm a member of a scrapbook group over on Yahoo!'s groups. We had a new member post and when we replied we received requests to verify our address with dropspam.com or the new user would no longer receive our posts. I've heard of verification software before but I've never chosen to verify my e-mail with one for a friend and certainly won't verify for someone I don't even know.

Now, a week or so later several members are getting e-mails from dropspam that their e-mail to the Yahoo! group will not be sent because the Yahoo! group is using dropspam. I KNOW that the group is not requiring verification with dropspam and only some members are receiving these replies. Oh, and their posts are going through just fine.

I'm not receiving messages from dropspam in reply to any of my posts so I'm not having a problem...I'm just hoping someone here can shed some light on this for the members that are struggling with this.

Thanks for anything you can offer.
tiredmother

tiredmother · Joined: Aug 09, 2003 Posts: 1311

dropspam.com · Joined: Sep 06, 2005 Posts: 1

Dear Sir/Madam,

We use challenge/response system to protect our client's email against spam.

There is an issue with some of the listserv/groups due to the format of FROM and TO address.

For example.
When you send an e-mail to a listserv, and listserv broadcasts to everyone, the From Address is NOT you, but groupname.RemoveThis@domain.com. as such, unless groupname.RemoveThis@domain.com is on the approval list of our client, Our Challenge/Response system will sends an e-amil to groupname.RemoveThis@domain.com requring authentication.

Some of the listserv does mass broadcasts with BCC, as such it does not specify our client's e-mail address in the TO address, instead groupname.RemoveThis@domain.com was also the TO address. Our Challenge/Response system treat "TO" address as our client's e-mail address (there's no way for us to know all of the e-mail addresses our clients may use, as such, we treat TO address as client's e-mail address.)

The best way to solve the problem is to Click on the link in the e-mail, so the listserv is added to our client's approved sender list, and it won't receive any authentication requests in the future.

cstapley · Joined: Oct 07, 2005 Posts: 1

Contrary to dropspam's response, their "solution" DOES NOT WORK.

The problem is that dropspam needs to have the list's email address authenticated, but it sends the response to the original poster. Clicking the link will only authenticate the original poster's address (if it even does that), but it doesn't authenticate the list's address. So whether the subscribers of the list click the link or not, they will continue to get these messages from dropspam every time they post.

Since the dropspam product picks up the "to" address of the original message to use in the response, the email says that the "list" is protected by dropspam, when in fact, it's one of the subscribers. So there's no way to know from the email who the person is who's using dropspam. And since the mail from the list isn't getting to them, there's no way to send a message to everyone on the list asking who's using it. It's a catch-22.

If it were possible to send a message "from" the list email address "to" the list email address, and have the reply go somewhere else (such as to the list administrator), it "might" be possible to click on the link in the email and have it authenticate the list address. But since Listservs are set up to block email where the "from" address is the list address (in order to prevent continuous loops), that's not possible.

Contacting dropspam about the issue only results in the same canned response as they give here, which is useless.

If anyone else has a solution, I'd like to hear it, because I have 500 angry subscribers who aren't very happy with getting a message from dropspam every time they post. And because of how the message is worded, they think it's the list that's "protected" and that their emails aren't going through to the other subscribers. I've even gone so far as to personally send an email to each and every subscriber individually, in the hopes that I would get a dropspam reply back with the "true" email address in it. No luck there either.

Searching the Internet has only provided me with confirmation of what I've already learned, and several Listservs which specifically tell people not to subscribe if they use this product because it's incompatible with mailing lists.

LGFan · Joined: Oct 13, 2005 Posts: 1

I don't think someone can really blame DropSpam for this. A subscriber to your system installed software that uses confirmation replies to verify emails. There's been nothing in here to suggest that DropSpam wasn't upfront about this. On the issue of giving up an email address, I can't imagine anyone advocating the use of a program that would give out your email address to suspected spammers. That would be as much as confirming to spammers that they have a valid email address for someone and should continue to spam it or use it for spoofing.

The real problem here is
1) that you have a user who has installed and poorly configured software on his system that is resulting in a spam-like situation. If a typical user can't set up this software in an easy manner to avoid problems like this, I think it's probably reasonable to recommend that your users not use this software.
and..
2) Your mailing list is set up in a way that makes it vulnerable to spamming. You're no more or less guilty than DropSpam for creating a system that is technically correct but intuitively wrong and resulting in problems for your users. I would definitely make sure that any messages from dropspam are not forwarded to the group. Check with the documentation for your mailing list software or provider to find out the best way to do this. Perhaps only allowing emails from list members to be forwarded would solve this problem and eliminate a source of future spam.

spazntwitch · Joined: Dec 09, 2005 Posts: 1

I know this might be late in coming, but DropSpam is NOT a legitimate company. After cleaning this pest off a client's machine I'll tell you what I've learned:
1. The software retrieves your POP3 username and password from your e-mail client like Outlook or Outlook Express.
2. The software relays your username and password to a third-party machine on the Internet.
3. The third-party machine uses your username and password to intercept mail going to you.
4. The sender of the mail to you receives a message stating that you are now 'protected' by DropSpam and that the sender should validate themselves by also downloading DropSpam. Meanwhile, you don't get the message because it was intercepted. In fact, you'll never get your lost messages back.

If someone were to intercept your snail mail, they'd be up for prosecution for mail tampering. DropSpam hopefully will face the same consequence in the future.

To clean it, I recommend the following:
1. Go into Safe Mode with Networking (see http://www.microsoft.com/resources/documen..._failsafe.mspx)
2. Use the virus and spyware tool at http://housecall.trendmicro.com/
3. Download, install, update, and run Spybot Search & Destroy (http://www.safer-networking.org/)
4. Download, install, update, and run Ad-Aware (http://www.lavasoftusa.com/)
5. Reboot the computer
6. Contact your ISP and change your password to your e-mail account(s) - THIS STEP IS IMPORTANT! Otherwise the third-party DropSpam machine will still intercept your messages even though it is off your computer.
7. Inform those that usually e-mail you to NOT install DropSpam and that they may receive two or three additional messages from DropSpam that they need to authenticate themselves. Tell them to ignore the DropSpam spam.

Good luck!

Rons · Joined: Dec 07, 2002 Posts: 5667

Interesting. Thanks for the info.