About 2-3 times a month I get an email from some outfit called denniskirk.com. I have no idea how I got targeted, because the message comes to my primary ISP address which I NEVER provide online. The subject line always contains the string "Dennis Kirk" so it was a trivial matter to tell my old mail alerter program (Winbiff, in case anyone's interested) to nuke that message on sight while it was still on the pop server.
I recently stopped using Winbiff because I was trying out another program that does the same thing. Thus the message from denniskirk.com started arriving here.
Eudora correctly flagged it as junk every time.
Now here's where it gets interesting.
I have a Linksys router and I use WallWatcher to monitor the router's log. I just happened to have WallWatcher open when I opened Eudora and at that very moment, WallWatcher reported a packet going out from my system on port
80 to - you guessed it - denniskirk.com.The interesting thing is that all this time the message was in my Junk folder, which I don't routinely open every time I pop mail. I do check Junk fairly often just to make sure there's been no false positive on junk mail detection, and the Junk folder is one of the 4 folders that I keep on my Eudora task bar.
The simple fact of opening Eudora triggers a packet to denniskirk.com 100% of the time I tried it. As soon as I deleted the message from Junk -- no more packets.
The only thing I didn't check before deleting the spam was whether or not it would detect Eudora's opening if Junk *wasn't* one of the folders perched on the Eudora taskbar at program startup, but I'll eventually get another one of those messages and will play around with it some more.
I recently started using a firewall called Look 'n' Stop, which is designed to stop rogue packets from going out of the system, but I'm still learning how to use it so I wasn't successful in attempting to define a rule for the firewall that would stop that outgoing packet.
I have no idea about the contents of these packets. I suspect (hope) that it's nothing more than simply an email "bug" that lets the spammer know it's reached a real live system.
As a last resort, I'll go back to using Winbiff, which will stop the message from arriving here in the first place, but curiosity has gotten the better of me and I want to see if I can stop this packet from going out the next time one of those messages arrives here.
Conceptually of course, the reason the packet is going out to begin with must be because it's using a launch vehicle (Eudora) which has already been given permission to connect to the internet -- which leads me to wonder if there really IS way of stopping an authorized program from sending an unauthorized packet.
Tom