2 security issues found on your account

In message , VanguardLH
writes:
J. P. Gilliver (John) wrote:

cameo WROTE:

I found this msg in my Inbox from and I
wonder if this is some kind of fiching attempt.

Did it have any links in it?

Yep. The one for the "Take action" button is a hyperlink to:

https://accounts.google.com/AccountChooser?Email=youraccount&conti
nue=https://myaccount.google.com/security-checkup?args

Alternatively, another hyperlink in the e-mail points to:

https://myaccount.google.com

with text in the e-mail saying to go to Security Checkup under My
Account.

"Advanced users" should make a point of always forwarding such emails to
the sending company's spam/phishing-reporting address (-:.
[]
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

All humanity is divided into three classes: those who are immovable, those who
are movable, and those who move! - Benjamin Franklin

On Tue, 23 Jan 2018 20:45:26 -0600, VanguardLH wrote:
If my bank ever pushes me to 2-factor authentication, I'll tell them
that I don't have a smartphone and that they'll have to provide me one
for free


Vanguard has two-factor authentication, and you can choose text (SMS0
or voice call. I too don't have a smartphone, so I chose voice call.
It works just fine.

That's not to say that your bank necessarily uses the same system,
but maybe don't borrow trouble?

--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://BrownMath.com/
http://OakRoadSystems.com/
Shikata ga nai...

On 1/24/2018 9:58 AM, Ken Blake wrote:
On Tue, 23 Jan 2018 20:45:26 -0600, VanguardLH wrote:

Both Gmail and Hotmail/Outlook.com will lock you out of your accounts
when you try to connect from somewhere they don't recognize that you've
been before ... like when you take a vacation a ways from home.


I don't have a Hotmail/Outlook.com account, but I have a Gmail
account. I have often connected to it from places--in the US, in
Europe, in Asia--that I have never been in before. I've done it as
recently as a month ago. I've never had the problem you describe.

If it matters, I never connect to Gmail on the Gmail web site. I
always use an e-mail client--Outlook.exe when I'm home, Bluemail on my
Android phone when I'm traveling.

Same here. I've been able to connect to my accounts here from Europe, so
I don't understand VanguardLH's issues.

J. P. Gilliver (John) wrote:

In message , VanguardLH
writes:
J. P. Gilliver (John) wrote:

cameo WROTE:

I found this msg in my Inbox from and I
wonder if this is some kind of fiching attempt.

Did it have any links in it?

Yep. The one for the "Take action" button is a hyperlink to:

https://accounts.google.com/AccountChooser?Email=youraccount&conti
nue=https://myaccount.google.com/security-checkup?args

Alternatively, another hyperlink in the e-mail points to:

https://myaccount.google.com

with text in the e-mail saying to go to Security Checkup under My
Account.

"Advanced users" should make a point of always forwarding such emails to
the sending company's spam/phishing-reporting address (-:.
[]

If you are now discussing spam e-mail, yes, I am a spam reporter;
however, I use the convenience of SpamCop to send the reports. Not only
is it easier to use their expertise to know the contact e-mail address
for a source's abuse desk but they also know when a source will reject
any abuse reports on a consistent basis (so those reports go into their
spam database but not sent to a "blind" abuse desk) or source's that
have requested not to receive abuse reports from Spamcop (in which case,
you'll have to send it individually to the source's abuse desk).

I don't see Google issuing security alerts as spam. They are reflecting
their opinion regarding security on your account that uses THEIR
resources. Getting e-mails from businesses with which you've
established a relationship do not qualify as spam. UCE has definitions
regarding what is spam. Getting e-mails from your e-mail provider, your
ISP, your bank, etc are not spams. They may be unwanted e-mails and may
even be UBE aka bulk mail (obviously Google sent this out to many of
their users) but they do not qualify as spam and they are certainly not
phish mails since those sources already have all the information on you
that they need and probably more than you want them to have.

In message , VanguardLH
writes:
J. P. Gilliver (John) wrote:

In message , VanguardLH
writes:
J. P. Gilliver (John) wrote:

cameo WROTE:

I found this msg in my Inbox from and I
wonder if this is some kind of fiching attempt.

Did it have any links in it?

Yep. The one for the "Take action" button is a hyperlink to:

https://accounts.google.com/AccountChooser?Email=youraccount&conti
nue=https://myaccount.google.com/security-checkup?args

Alternatively, another hyperlink in the e-mail points to:

https://myaccount.google.com

with text in the e-mail saying to go to Security Checkup under My
Account.

"Advanced users" should make a point of always forwarding such emails to
the sending company's spam/phishing-reporting address (-:.
[]

If you are now discussing spam e-mail, yes, I am a spam reporter;
however, I use the convenience of SpamCop to send the reports. Not only
is it easier to use their expertise to know the contact e-mail address
for a source's abuse desk but they also know when a source will reject
any abuse reports on a consistent basis (so those reports go into their
spam database but not sent to a "blind" abuse desk) or source's that
have requested not to receive abuse reports from Spamcop (in which case,
you'll have to send it individually to the source's abuse desk).

Sounds good.

I don't see Google issuing security alerts as spam. They are reflecting
their opinion regarding security on your account that uses THEIR
resources. Getting e-mails from businesses with which you've
established a relationship do not qualify as spam. UCE has definitions
regarding what is spam. Getting e-mails from your e-mail provider, your
ISP, your bank, etc are not spams. They may be unwanted e-mails and may
even be UBE aka bulk mail (obviously Google sent this out to many of
their users) but they do not qualify as spam and they are certainly not
phish mails since those sources already have all the information on you
that they need and probably more than you want them to have.

I'm suggesting that, if users bounce such emails to the relevant
spam-reporting box (via your spamcop as that sounds like a good system),
it might encourage the senders to pay more attention to the format they
send them in, which normally ticks at least two of the boxes they
themselves have warned us to look out for.
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

What's awful about weird views is not the views. It's the intolerance. If
someone wants to worship the Duke of Edinburgh or a pineapple, fine. But don't
kill me if I don't agree. - Tim Rice, Radio Times 15-21 October 2011.

I missed the start of this thread, so perhaps my information
is not new.
On Wed, 24 Jan 2018 21:36:15 -0600, VanguardLH wrote
in part:
J. P. Gilliver (John) wrote:
^ in part

https://myaccount.google.com

with text in the e-mail saying to go to Security Checkup under My
Account.
....
I don't see Google issuing security alerts as spam. They are reflecting
their opinion regarding security on your account that uses THEIR
resources.
I often can't login to a gmail account on a new device or with
I new IP address, or a new program, etc.

When this happens I expect that when I use another machine or
program, or whatever, I will see an email security alert from Gmail
telling me what the problem was. Most of the time I don't get the
message. When I then use the browser interface to login to the
account I find that Gmail has put the message in the spam folder.

I have sent specific examples of these occurrences to the Gmail
people, but it is a black hole.

(rest of replied to message deleted)

On Wed, 24 Jan 2018 21:36:15 -0600, VanguardLH wrote:

[snip]

I don't see Google issuing security alerts as spam. They are reflecting
their opinion regarding security on your account that uses THEIR
resources. Getting e-mails from businesses with which you've
established a relationship do not qualify as spam. UCE has definitions
regarding what is spam. Getting e-mails from your e-mail provider, your
ISP, your bank, etc are not spams. They may be unwanted e-mails and may
even be UBE aka bulk mail (obviously Google sent this out to many of
their users) but they do not qualify as spam and they are certainly not
phish mails since those sources already have all the information on you
that they need and probably more than you want them to have.

OTOH, I have answered yes to being willing to receive E-mails
from a company I have done business with. I was not expecting to be
bombed with E-mails. I consider the excessive E-mails to be spam. My
E-mail program allows me to filter, and they go to trash without me
seeing them.

Sincerely,

Gene wirchenko

On Thu, 25 Jan 2018 10:02:48 -0800, Gene Wirchenko
wrote:

On Wed, 24 Jan 2018 21:36:15 -0600, VanguardLH wrote:

[snip]

I don't see Google issuing security alerts as spam. They are reflecting
their opinion regarding security on your account that uses THEIR
resources. Getting e-mails from businesses with which you've
established a relationship do not qualify as spam. UCE has definitions
regarding what is spam. Getting e-mails from your e-mail provider, your
ISP, your bank, etc are not spams. They may be unwanted e-mails and may
even be UBE aka bulk mail (obviously Google sent this out to many of
their users) but they do not qualify as spam and they are certainly not
phish mails since those sources already have all the information on you
that they need and probably more than you want them to have.

OTOH, I have answered yes to being willing to receive E-mails
from a company I have done business with. I was not expecting to be
bombed with E-mails. I consider the excessive E-mails to be spam.

Technically, that's not spam.

My
E-mail program allows me to filter, and they go to trash without me
seeing them.

That works, or sometimes you can simply go back to the source and choose
to opt out.

--

Char Jackson

Gene Wirchenko wrote:

On Wed, 24 Jan 2018 21:36:15 -0600, VanguardLH wrote:

[snip]

I don't see Google issuing security alerts as spam. They are reflecting
their opinion regarding security on your account that uses THEIR
resources. Getting e-mails from businesses with which you've
established a relationship do not qualify as spam. UCE has definitions
regarding what is spam. Getting e-mails from your e-mail provider, your
ISP, your bank, etc are not spams. They may be unwanted e-mails and may
even be UBE aka bulk mail (obviously Google sent this out to many of
their users) but they do not qualify as spam and they are certainly not
phish mails since those sources already have all the information on you
that they need and probably more than you want them to have.

OTOH, I have answered yes to being willing to receive E-mails
from a company I have done business with. I was not expecting to be
bombed with E-mails. I consider the excessive E-mails to be spam. My
E-mail program allows me to filter, and they go to trash without me
seeing them.

Spam is unwanted e-mail.
Not all unwanted e-mail is spam.

Your high school should've taught you about Venn diagrams or about
subset math. What you consider doesn't change the legal definition of
what is spam. Yep, I have filters to get rid of some template e-mails
that Google sends to me. Those are not spam. They are unwanted e-mail.

Some women are whores so all women are whores. Uh huh.
One Irani bombs cafe so all Mideasteners are evil. Uh huh.
And, for you, all unwanted e-mail is spam. Uh huh.

On Thu, 25 Jan 2018 14:41:50 -0600, VanguardLH wrote:

Gene Wirchenko wrote:

On Wed, 24 Jan 2018 21:36:15 -0600, VanguardLH wrote:

[snip]

I don't see Google issuing security alerts as spam. They are reflecting
their opinion regarding security on your account that uses THEIR
resources. Getting e-mails from businesses with which you've
established a relationship do not qualify as spam. UCE has definitions
regarding what is spam. Getting e-mails from your e-mail provider, your
ISP, your bank, etc are not spams. They may be unwanted e-mails and may
even be UBE aka bulk mail (obviously Google sent this out to many of
their users) but they do not qualify as spam and they are certainly not
phish mails since those sources already have all the information on you
that they need and probably more than you want them to have.

OTOH, I have answered yes to being willing to receive E-mails
from a company I have done business with. I was not expecting to be
bombed with E-mails. I consider the excessive E-mails to be spam. My
E-mail program allows me to filter, and they go to trash without me
seeing them.

Spam is unwanted e-mail.
Not all unwanted e-mail is spam.

Your high school should've taught you about Venn diagrams or about
subset math. What you consider doesn't change the legal definition of
what is spam. Yep, I have filters to get rid of some template e-mails
that Google sends to me. Those are not spam. They are unwanted e-mail.

I want a name for the offensive (in this case by quantity)
E-mail. I did not ask for this quantity of E-mail. The handling for
it is the same as for "regular spam". I see little point in
distinguishing between two things that are about the same to me. The
advantage of "spam" is that it is short.

Some women are whores so all women are whores. Uh huh.
One Irani bombs cafe so all Mideasteners are evil. Uh huh.
And, for you, all unwanted e-mail is spam. Uh huh.

False equivalences.

Sincerely,

Gene Wirchenko

On Fri, 26 Jan 2018 08:58:43 -0800, Gene Wirchenko wrote:

I did not ask for this quantity of E-mail. The handling for
it is the same as for "regular spam". I see little point in
distinguishing between two things that are about the same to me. The
advantage of "spam" is that it is short.

Hi Gene,
Don't they have a link for you to unsubscribe from their mailing list?
Most genuine sites do and they do honour the unsubscribe. If they ask
for a reason tell them too much constant email.

--
Faster, cheaper, quieter than HS2
and built in 5 years;
UKUltraspeed http://www.500kmh.com/

Gene Wirchenko wrote:

On Thu, 25 Jan 2018 14:41:50 -0600, VanguardLH wrote:

Gene Wirchenko wrote:

On Wed, 24 Jan 2018 21:36:15 -0600, VanguardLH wrote:

[snip]

I don't see Google issuing security alerts as spam. They are reflecting
their opinion regarding security on your account that uses THEIR
resources. Getting e-mails from businesses with which you've
established a relationship do not qualify as spam. UCE has definitions
regarding what is spam. Getting e-mails from your e-mail provider, your
ISP, your bank, etc are not spams. They may be unwanted e-mails and may
even be UBE aka bulk mail (obviously Google sent this out to many of
their users) but they do not qualify as spam and they are certainly not
phish mails since those sources already have all the information on you
that they need and probably more than you want them to have.

OTOH, I have answered yes to being willing to receive E-mails
from a company I have done business with.

UBE = Unsoliticted Bulk E-mail

The latter may not be apparent to you because you receive only one copy
of a bulk mailing. If you use Rhyolite's DCC (Distribute Checksum
Clearing) then you can see how many others (also using DCC) that have
received the same bulk mailing. UBE is not defined by how many
recipients are listed on a single issue of an e-mail but by how many
recipients get the same e-mail. UBE should have the following header:

Precendence: Bulk

It is consider a non-standard header despite being define in RFC 2076
(because that is an informational RFC, not a standards RFC). As such,
it may be missing often depending of the type of sender.

While UBE is often grouped with spam by end users, alerts, service
notifications, registration confirmation (like creating an account at a
site), and other bulk mails can those you expect or are part of a
service to which you agreed to their terms of use or otherwish have
established a business relationship. Some but not all UBE is spam.

UCE = Unsoliticted Commercial E-mail

That is e-mail sent for commercial gain. Whether it is spam depends
again on whether or not you have a prior relationship with the sender.
For example, eBay will occasionally send out UCE to prod their customers
to engage in some selling activity, like offering a discount for a short
time to sell a type of good or service. Obviously they are trying to
stir the waters to get some of their customers to bite the lure, sell
something, and eBay gets a slice of the transaction. In this case, the
UCE is not spam but likely unwanted. In contrast, a spammer spewing out
millions of bulk mails to hit random targets to sell Viagra, Cialis, or
whatever is definitely UCE. Some but not all UCE is spam.

While most spam is UCE, it is not required that spam be sent in bulk to
be spam. Probably easiest to distinguish between spam and unwanted
e-mail is to just call the later as unwanted e-mail since that is a
superset of spam. UCE, UBE, and spam are all unwanted e-mails but then
so perhaps is a friend of yours putting you on his joke list or getting
baby pictures from your exuberant neice or an invite to a 20 year class
reunion to meet people you don't know. "Unwanted e-mail" covers all of
those.

Some women are whores so all women are whores. Uh huh.
One Irani bombs cafe so all Mideasteners are evil. Uh huh.
And, for you, all unwanted e-mail is spam. Uh huh.

False equivalences.

Again proving you are unaware of Venn diagrams and subset math.

Rodney Pont wrote:

Gene Wirchenko wrote:

I did not ask for this quantity of E-mail. The handling for it is
the same as for "regular spam". I see little point in
distinguishing between two things that are about the same to me.
The advantage of "spam" is that it is short.

Don't they have a link for you to unsubscribe from their mailing list?
Most genuine sites do and they do honour the unsubscribe. If they ask
for a reason tell them too much constant email.

Depends on the country and their anti-spam laws. Although the USA has
their CAN-SPAM law which mandates an opt-out link is included, there are
no teeth to the law. Reports to the FBI of spam exhibits are only acted
upon if the number of such reports exceeds a perceived total value of
loss of over $25K. And what gets reports to the US authorities has
little or no impact on foreign sourced spam. Often the spammers are
charged and convicted using roundabout legalities. An online search,
like https://www.google.com/search?q=spam...ed%20convicted, will
show spammers do get charged and convicted but not that often compared
to the spam volume they generate. There may be a dip in spam volume
after the conviction of a spammer but others gradually take up the
slack.

https://www.talosintelligence.com/re...nter/email_rep

Average daily legitimate e-mail volume = 70.65 billion messages
Average daily spam volume = 406.25 billion messages
(December 2017)

The US (as of last month) leads in its participation of spam volume
perhaps because 57 of 100 households own a computer and 84% of
households have a computer. Switzerland's figures are higher regarding
computer ownership or per household yet they are lower as a spam source
(not low, just lower). While Switzerland has no or little anti-spam
laws, they employ roundabout legalities: Swiss law considers
intentional spam as an unfair publicity for the citizen and a
disrespectful behavior of the issuer in the face of competition
(https://www.mailpro.com/legal/swiss-law-emailing.asp). In addition,
the recipient must have previously opted *in* to the mailing. Check the
TOS and you'll likely find you did agree to their mailings once you have
an account there. This is in contrast with US CAN-SPAM law that
dictates there must be an opt *out* in the e-mail. Obviously countries
can enforce only their own laws or work via reciprocity with other
countries.

Alas, the weakest link in spam are the recipients. They splatter their
true e-mail address(es) all over the place, like giving it when
registering at a gaming or coupon site. Users tend to think of their
e-mail addresses as their property which is not true. Your e-mail
address belongs to someone else. You only borrow it at their
permissions. Even if you run your own mail and name servers, you're
only leasing that domain from a registrar (don't pay the renewal and you
lose that domain). Users tend to dole out their e-mail address to
whomever asks for it so they are ripe for spam harvesting. Case in
point: look at the From headers for Gene and Rodney.

In message , VanguardLH
writes:
Rodney Pont wrote:

Gene Wirchenko wrote:

I did not ask for this quantity of E-mail. The handling for it is
the same as for "regular spam". I see little point in
distinguishing between two things that are about the same to me.
The advantage of "spam" is that it is short.

Don't they have a link for you to unsubscribe from their mailing list?
Most genuine sites do and they do honour the unsubscribe. If they ask
for a reason tell them too much constant email.

Depends on the country and their anti-spam laws. Although the USA has
their CAN-SPAM law which mandates an opt-out link is included, there are

Here (not sure whether it's UK or EU [same thing for another year or so
anyway]), as well as there having to be such a link, the default has to
be no communication (i. e. ticked if it's an opt-out, not ticked if it's
an opt-in).
[]
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

I long for the commercialised Christmas of the 1970s. It's got so religious
now, it's lost its true meaning. - Mike [{at}ostic.demon.co.uk], 2003-12-24