Jump to content

How did they do it to me??


brensec

Recommended Posts

I found this website because someone has reported an email as spam that appeared to have been sent by me. I have spoken to the safelist owner that 'banned' me because of the report and things have been sorted out.

I was fortunate, in that the person who used my email message and somehow made it look like it came from me, also changed some 'Affiliate referral code links' in the email of mine that they copied (it was a Stormpay promo email which included links with my affiliate ID imbedded).

Because the person responsible changed the affiliate codes links to their own, I have been able to contact Stormpay and advise that:

1. The member has used spam to promote them

2. Has used a copy of one of my emails and made it appear to be from me.

Obviously, there would be no benefit in my spamming people with an email that contained someone elses affiliate links, so this in itself, fortunately, is reasonable proof that the email in question did not come form me.

What I would like to know is: How did this person make the email look like it came from me. I don't know how to do this, and I'm pretty sure most peiople don't. The report says something about a 'third party host' being used???

Of course, I understand why the email was reported, and I have no ill feeling toward anyone (other than the mongrel who pretended to be me and spam others). I have actually joined SpamCop and want to get more involved in fighting spam. I just need to understand what actually has happened, so I can guard against it happening again. At the moment, I have no idea what to do. I was just lucky that coded links were invlolved and had been changed, so I could prove my non-involvement.

Also, where can I find out if my ISP or URL has been 'Blacklisted', possibly because of this person or maybe even other things that may have occurred that I have no knowledge of.

Any assistance would be appreciated. Thank you very much :)

Link to comment
Share on other sites

[

What I would like to know is: How did this person make the email look like it came from me. I don't know how to do this, and I'm pretty sure most peiople don't. The report says something about a 'third party host' being used???

spam is traced back to the Computer/ISP it came from. Using a source ip address like 219.249.74.74 not an email address

READ MY SIGNATURE and check your computer all links offer free programs to do this and use a firewall

Also, where can I find out if my ISP or URL has been 'Blacklisted', possibly because of this person or maybe even other things that may have occurred that I have no knowledge of.

If your URL is being"Joe Jobbed" your (web site) hosting company would be the ones you should contact

Link to comment
Share on other sites

What I would like to know is: How did this person make the email look like it came from me. I don't know how to do this, and I'm pretty sure most peiople don't. The report says something about a 'third party host' being used???

When you set up an email account, you put the user name, etc. in. That can be edited and changed to another name. And that's where the "From" or sender line comes from. It is easily forged. Spammers do it all the time. (that's the reference to bounces)

I don't understand a lot about hosting so I don't know about 'third party host' - however, you don't have to use the ISP you connect to the internet to have an email address or web site. And if you use a web based one (like hotmail or ipowerweb), then your email comes from their servers, not the server of the ISP you are connecting with. However, the headers can show that you connected to the web based email from another IP address (the one your computer was using to connect to the internet). The computer that receives an email always knows the IP address of the computer that is sending it (which may or may not be where the From address or return path is. If it isn't forged, it will be the same.) And whether it is forged or not, if a report is made, it goes to the computer that sent it. That admin can determine which user sent it and does not even look at the From to determine that.

It is unclear whether it was a spamcop report or another report that got you in trouble. I don't see how it could have been a spamcop report since spamcop reports the source IP address (which wouldn't have been yours if someone else was sending the email) or the URL in the spam which you said wasn't yours either.

You have to know the IP address in order to see if it is on a blocklist.

Miss Betsy

Link to comment
Share on other sites

It would seem to me that I have been put through a whole pile of worry and trouble for nothing. The upshot is (I think), that the Safelist owner that accused me of spamming doesn't know how to read a spam report (not that that's a biggy - I didn't either, until it was explained to me yesterday). I don't blame him - he though he was protecting his list.

I have been advised that the header of the 'spam Report' clearly shows a return path and sender (which match), that ARE NOT mine!!!!. The Safelist member has thought it was my email because it simply had the original 'Safelist from and to tag' left at the bottom (i.e. - "This Message Was Sent By: brensec To: Infoms"). I am 'brensec' who sent the original message on the safelist. It seems 'Infoms' in the person who received it and 'sent it on' (with affiliate code links changed') to someone else - who considered it spam.

I need to confirm that this is, in fact, what is indicated by this 'header' from the spam Report 'Offending Message Section'. Can someone confirm that the offending person (or place this was sent from) is he who is listed in BOLD type?

> [ Offending message ]

> X-Account-Key: account4

> Return-path: <Infoms[at]starband.net>

> Envelope-to: x

> Delivery-date: Sat, 04 Dec 2004 02:27:24 -0600

> Received: from amusive by ns3.amusive.com with local-bsmtp (Exim

4.43)

> id 1CaVG0-0002Cu-0W

> for x; Sat, 04 Dec 2004 02:27:20 -0600

> Received: from [148.64.112.85] (helo=148.64.112.85)

> by ns3.amusive.com with smtp (Exim 4.43)

> id 1CaVFx-0002CH-Mu

> for x; Sat, 04 Dec 2004 02:27:07 -0600

> From: "Reginal McLaurin" <Infoms[at]starband.net>

> To: <x>

> Subject: What Ebay/Paypal In Trouble?

> Mime-Version: 1.0

> Content-Type: multipart/alternative;

> boundary="= Multipart Boundary 1204040327"

> Date: Sat, 4 Dec 2004 03:27:19 -0500

> Reply-To: "Reginal McLaurin" <Infoms[at]starband.net>

> X-spam-Flag: YES

> X-spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on

ns3.amusive.com

> X-spam-Report:

> * 1.2 RCVD_NUMERIC_HELO Received: contains an IP address used

for HELO

> * 2.3 BIZ_TLD URI: Contains an URL in the BIZ top-level domain

> * 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%

> * [score: 0.5079]

> * 0.1 HTML_TAG_EXIST_TBODY BODY: HTML has "tbody" tag

> * 0.0 HTML_FONT_INVISIBLE BODY: HTML font color is same as

background

> * 0.0 HTML_MESSAGE BODY: HTML included in message

> * 0.1 HTML_FONT_BIG BODY: HTML tag for a big font size

> * 1.2 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-

local SMTP

> * [148.64.112.85 listed in combined.njabl.org]

> * 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from

dynamic IP address

> * [148.64.112.85 listed in dnsbl.sorbs.net]

> * 2.7 URIBL_WS_SURBL Contains an URL listed in the WS SURBL

blocklist

> * [uRIs: stormpay.com]

> X-spam-Status: Yes, score=9.7 required=5.6 tests=BAYES_50,BIZ_TLD,

>

NEITHER OF THE TWO ADRESSES THAT ARE IN BOLD TYPE HAVE ANYTHING TO DO WITH ME. THEY BELONG TO ANOTHER MEMBER OF THE SAFELIST THAT RECEIVED THE MESSAGE FROM ME (LEGALLY THROUGH THE SAFELIST).

Can someone confirm that I have read this correctly, based on the above?

Thank you again, very much. :)

Link to comment
Share on other sites

The only thing I can tell you is that none of the IP addresses in the e-mail match up with the IP you posted here with. How many ways do you need the words "forged addresses" explained? From this side of the screeen, there is nothing there that can "prove" that you didn't send this e-mail, unless you can prove that the e-mail server involved wouldn't allow "you" to send through it. There is more than enough spammy crap involved to pretty much safely call it spam. But it is a bit unusual that some random spammer would forge your address into an e-mail that carries 'internal' stuff and then also hits recipients of the "same" list. Sounds more like that you have a "friend" ... However, all this continued highlighting of "the SAFELIST" .. " (LEGALLY THROUGH THE SAFELIST)" etc., just leaves me a bit numb. This "SAFELIST" stuff is about this >< far from the "I bought a LEGAL list of all DOUBLE-OPT0IN addresses" song. Developing your own legitimate mailing-list is a lot of work .. there are no shortcuts.

Link to comment
Share on other sites

> X-Account-Key: account4

> Return-path: <Infoms[at]starband.net> This is forged

> Envelope-to: x

> Delivery-date: Sat, 04 Dec 2004 02:27:24 -0600

> Received: from amusive by ns3.amusive.com with local-bsmtp (Exim

4.43)

> id 1CaVG0-0002Cu-0W

> for x; Sat, 04 Dec 2004 02:27:20 -0600

> Received: from [148.64.112.85] This is an IP address

(helo=148.64.112.85)

> by ns3.amusive.com with smtp (Exim 4.43)

> id 1CaVFx-0002CH-Mu

> for x; Sat, 04 Dec 2004 02:27:07 -0600

> From: "Reginal McLaurin" <Infoms[at]starband.net> This is forged

> To: <x>

> Subject: What Ebay/Paypal In Trouble?

If the report came from spamcop, it would have been sent to the abuse desk that administers 148.64.112.85.

[148.64.112.85 listed in dnsbl.sorbs.net]
That IP address is listed in other lists apparently (unless that line was also a forgery which is possible).

You should read up on best practices for mailing lists if you want to be a responsible netizen. There are links in the SpamCop FAQ.

Miss Betsy

Link to comment
Share on other sites

148.64.112.85 is also a dynamic/dial-up IP and should NOT be running a mail server. Most email administrators will not accept mail from a dynamic Ip.

NJABLDYNA NJABL list of dynamic ip spaces: dynablock.njabl.org -> 127.0.0.3

Dynamic/Residential IP range listed by NJABL dynablock - http://njabl.org/dynablock.html

NOMOREFUNN local bl at moensted.dk: no-more-funn.moensted.dk -> 127.0.0.3

starband.com. Dial-Up/Cable/DSL/Home IP Range - Use your providers SMTP Gateway or whitelist your server at: http://moensted.dk/spam/no-more-funn/?addr=148.64.112.85 based on reverse dns samples 1002664800 (Wed Oct 10 2001)

JAMDSBL local bl at JAMMConsulting.com: dnsbl.jammconsulting.com -> 127.0.0.30

SORBS spam and Open Relay Blocking System: Aggregate zone: dnsbl.sorbs.net -> 127.0.0.10

Dynamic IP Address See: http://www.dnsbl.sorbs.net/lookup.shtml?148.64.112.85

SORBSDUL Dynamic IP Address ranges (NOT a Dial Up list!): dul.dnsbl.sorbs.net -> 127.0.0.10

Dynamic IP Address See: http://www.dnsbl.sorbs.net/lookup.shtml?148.64.112.85

DNSBLAUT1 Reynolds Technology Type 1: t1.dnsbl.net.au -> 127.0.0.2

148.64.112.85 See http://www.dnsbl.sorbs.net/cgi-bin/lookup?NAME=148.64.112.85

DNSBLAUSORBS External Block List - SORBS: sorbs.dnsbl.net.au -> 127.0.0.2

148.64.112.85 See http://www.dnsbl.sorbs.net/cgi-bin/lookup?NAME=148.64.112.85

Link to comment
Share on other sites

Dear Wazoo (and all repliers),

Thank you for you time and attention.

I'm not sure, Wazoo, what you're getting at here, but I can clarify a couple of 'issues' that I see raised in your post.

I'm not asking for anyone to 'prove' anything for me (although it amy have seemed that way. I'm sorry). I simply want to understand how I was banned from a safelist for an email which was clearly sent by someone else and also has someone elses 'affiliate codes' on it. This, of course is explained by the fact that the safelist owner has seen the "This Message Was Sent By: brensec To: Infoms" and assumed the email was sent by me

P.S. Where I said in my last post "The Safelist member has thought it was my email because it simply had the original 'Safelist from and to tag' left at the bottom", I meant to say "The Safelist OWNER.....". The ONLY thing in the entire email (header and content) that refers to me in any way is the 'from and to signature' (above) which is placed on the bottom of each email sent thru the list. I would not have access to an email with that signature, only a recipient would.

Secondly, you're correct in saying that Safelists are not a guarantee of 'spam free activity' (If that's what you're saying). However, this type of safelist is one that you sign on as a member and your emails are only (presumably) sent to other members of the list. There has been no 'puchasing' of opt-in lists etc (at least as far as I know - if there was, it would have been done by the owner of the list).

As for your comment about the "Safelist" defense being >< this far away from.......

I'm not sure, again waht you're driving at. I don't feel the need to defend myself for using a legal means to send emails (which is what safelists are). Of course, if spammers are beginning to target these as a means to 'harvest' email adresses, email promo content, affiliate ID's (for misleading purposes) etc, then I will have another think about using them (this process is well under way I assure you).

As for your, "friend" comment...... I don't quite know what to say, except that I came here seeking help and advice, and given that I wasn't insulting or in any way misbehaved in my posts, I expected that same trust and consideration I am given in the other forums I frequent. Fortuantely, everyone else, has been very nice and I have been given the 'benefit of the doubt' I feel I am due.

Of course, if I have somehow misunderstood your comment, then I am very sorry.

Back to the issue.....

Also, the spam complaint shouldn't have come from another member of the safelist, because they are subscribed to it. Regardless of whether the email is a forgery or not, they wouldn't have objected (or seen anything out of place) in getting an email thru a safelist that they were a member of. Whoever has used this email, has sent it OUTSIDE of the safelist membership and that's what has caused the spam complaint to be made.

I am currently completing my initial work on a Newsletter which will be 'Opt in'. So I will hopefully, in a short time, be able to get to my 'targeted audience' without having to use safelists and traffic exchanges etc. So, I am aware that the 'self built' opt-in list is certainly, by far, the very best option for reaching the people you want to on a regular basis.

Anyway, thank you very much everyone for you help and explanations. I do understand things a little better now (especially how to read a 'header'). I will also have a look at the 'better practices' for safelists, as suggested, because I do use a few of them (the 'membership' type ones that are administered by someone esle). And I will need to until my Newsletter subscriptions take of a bit

One thing I still don't understand is this: Stormapay have confirmed that the 'Affiliate ID' promoted in the email was that of a Stormpay member the same name as listed in the spam report. Why would a spammer forge a person's name and return email address and promote that same person's (presumably someone else) affiliate ID. If it's not the owner of the ID, they aren't going to benefit one iota from the spamming??? Beats me??

Again, Thank you for the help. It has all been sorted out with the safelist and Stormpay and my world is peaceful agian :)

Regards

Link to comment
Share on other sites

One thing I still don't understand is this: Stormapay have confirmed that the 'Affiliate ID' promoted in the email was that of a Stormpay member the same name as listed in the spam report. Why would a spammer forge a person's name and return email address and promote that same person's (presumably someone else) affiliate ID. If it's not the owner of the ID, they aren't going to benefit one iota from the spamming???

21356[/snapback]

Revenge or an attempt to gain an unfair competitive advantage.
Link to comment
Share on other sites

  • 5 weeks later...

The second or third thus e-mail I've received, this popped into my inbox tonight:

The original message was received at Tue, 18 Jan 2005 02:51:53 -0300 from burns.sion.com [200.69.32.246]

----- The following addresses had permanent fatal errors ----- <inva[at]sion.net>

    (reason: 550 Invalid recipient <inva[at]sion.com>)

----- Transcript of session follows ----- ... while talking to mailsrv.sion.com.:

>>> DATA

<<< 550 Invalid recipient <inva[at]sion.com> 550 5.1.1 <inva[at]sion.net>... User unknown <<< 503 No recipients specified

With the following two attached messages:

Reporting-MTA: dns; demorad.sion.com

Received-From-MTA: DNS; burns.sion.com

Arrival-Date: Tue, 18 Jan 2005 02:51:53 -0300

Final-Recipient: RFC822; inva[at]sion.com

Action: failed

Status: 5.1.1

Remote-MTA: DNS; mailsrv.sion.com

Diagnostic-Code: SMTP; 550 Invalid recipient <inva[at]sion.com>

Last-Attempt-Date: Tue, 18 Jan 2005 02:51:53 -0300

...and:

Hi!

We have a new product that we offer to you, C_I_A_L_I_S soft tabs,

Cialis Soft Tabs is the new impotence treatment drug that everyone is talking about.Soft Tabs acts up to 36 hours, compare this to only two or three hours of Viagra action! The active ingredient is Tadalafil, same as in brand Cialis.

Simply disolve half a pill under your tongue, 10 min before sex, for the best erections you've ever had!

Soft Tabs also have less sidebacks (you can drive or mix alcohol drinks with them).

You can get it at: http://onlinegenericshop.com/soft/

No thanks: http://onlinegenericshop.com/rr.php

Is there anything I can do about this? Thanks.

Link to comment
Share on other sites

endtime

Is there anything I can do about this? Thanks.

The only thing you can do is to tell the ISP who is bouncing the email to you that sending an email bounce after accepting it is no longer acceptable because spammers now use forged names in the return path and too many innocent people are being bombarded with bounces for spam they never sent. It is frightening to some people and for domain owners, is a great concern for their good name because some people send them angry letters in addition to sometimes being overwhelmed with bounces.

You may possibly be able to filter them to a special folder so that they don't clutter up your inbox.

Generally the spammer changes names and you are plagued only for a few days. There is nothing you can do about the spammer using your email address in the From.

Miss Betsy

Link to comment
Share on other sites

endtime

The only thing you can do is to tell the ISP who is bouncing the email to you that sending an email bounce after accepting it is no longer acceptable because spammers now use forged names in the return path and too many innocent people are being bombarded with bounces for spam they never sent.  It is frightening to some people and for domain owners, is a great concern for their good name because some people send them angry letters in addition to sometimes being overwhelmed with bounces.

You may possibly be able to filter them to a special folder so that they don't clutter up your inbox.

Generally the spammer changes names and you are plagued only for a few days.  There is nothing you can do about the spammer using your email address in the From.

Miss Betsy

23242[/snapback]

Thanks very much, I'll see what I can do about that.

Link to comment
Share on other sites

Hello everyone,

I am sure I'm not the first person to whom this has happened, but I could use some advice.

spam has been sent using my personal email address as the return address. Starting about 10 days ago, I started to receive "undeliverable" emails, and so far I have received thousands of them.

I do not have the spam messages themselves, just the return messages from postmasters around the world telling me that the mail "I" sent could not be delivered and that I am now considered a spammer. :(

My mail provider is Yahoo, so I am getting my money's worth from their support department (i.e. it's a free mail account and I'm not getting any help at all). I am transferring over to a new email address which I will be more careful with.

This is the site which has been sending the spam with my return address:

www.aujobs.net

They sell drugs for men's health issues, like "V|agra" and "Cia|is". Is this site on the SpamCop "spamvertisers" list? If not, how can I report it? I don't have the original spam emails, just the "undeliverable" responses.

I hope this is the right forum to ask this question, if not, please send me somewhere else.

Thanks!

Bill Reeves

(billreeves[at]yahoo.com -- now spam-infected email address)

Link to comment
Share on other sites

If you are changing your email address, it is best to use alphanumeric name, i.e.

b1llr33v3s - that way dictionary spammers won't pick it up. Has worked for me. And, of course, be careful. I use my spammy email address to order products, but some people use sneakemail.

Miss Betsy

Link to comment
Share on other sites

I have cut and pasted the message in the email I received from Yahoo. I don't know what all the information means. I didn't send any email to the party/parties mentioned in the email. I don't even know them. Someone is making a huge problem for me with using my email address like this and I am helpless to know what to do about it. Is there anything I can do to stop my email address from being used like this? My email address is <redacted> and it is a legitimate address. Thank you so much for any help, Kay

The email:

From : MAILER-DAEMON[at]yahoo.com

To : <redacted>

Subject : failure delivery

Date : 19 Jan 2005 16:17:32 -0000

Message from yahoo.com.

Unable to deliver message to the following address(es).

<munged>:

66.218.85.170 failed after I sent the message.

Remote host said: 554 5.7.1 virus Worm.SomeFool.P detected by ClamAV - http://www.clamav.net

--- Original message follows.

Return-Path: <redacted>

The original message is over 5k. Message truncated to 1K.

X-Yahoo-Forwarded: from munged2 to munged

X-Rocket-spam: 68.79.204.174

X-YahooFilteredBulk: 68.79.204.174

Authentication-Results: mta819.mail.yahoo.com

from=<redacted>; domainkeys=neutral (no sig)

X-Originating-IP: [68.79.204.174]

Received: from 207.115.57.62 (EHLO ylpvm31.prodigy.net) (207.115.57.62)

by mta819.mail.yahoo.com with SMTP; Wed, 19 Jan 2005 08:17:15 -0800

X-Originating-IP: [68.79.204.174]

Received: from sbcglobal.net (adsl-68-79-204-174.dsl.emhril.ameritech.net

[68.79.204.174])

by ylpvm31.prodigy.net (8.12.10 083104/8.12.10) with ESMTP id j0JGHQZ1010953

for <munged2>; Wed, 19 Jan 2005 11:17:27 -0500

Message-Id: <200501191617.j0JGHQZ1010953[at]ylpvm31.prodigy.net>

From: <redacted>

To: <munged2>

Subject: Re: Old times

Date: Wed, 19 Jan 2005 10:17:11 -0600

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0016----=_NextPart_000_0016"

X-Priority: 3

X-MSMail-Priority: Normal

This is a multi-part message in MIME format.

------=_NextPart_000_0016----=_NextPart_000_0016

Content-Type: text/plain;

charset="Wind

*** MESSAGE TRUNCATED ***

Link to comment
Share on other sites

I have cut and pasted the message in the email I received from Yahoo. I don't know what all the information means. I didn't send any email to the party/parties mentioned in the email.

Here it is in a nutshell:

1. The error is due to a "forgery" created by an infected computer connected to an Ameritech DSL line. That computer has "seen" your address, either in some email correspondence or on the web, and it randomly put your address in the "From" on some outgoing infected email messages. The bounce you've shown us is a rejection of one of those forged messages.

2. Your address is passed along to people you don't know when correspondents forward your message to others, or more commonly, when someone sends a message to a large number of people, including you, and they put all the addresses in the "To" or the "CC" fields of the email (instead of in the BCC, where they *should* have put them). Your address is also exposed to "harvesting" on the Web at this web address:

http://www.getorganizednow.com/po-dir-central.html

3. You can simple ignore error messages like this, because you have no control over what someone else's infected computer will do, or you could choose to report this incident to the abuse department at Ameritech (send the whole thing to <abuse[at]ameritech.net>) and it's their job to trace the user with the infected computer and disable their account so that they'll call in and be informed that they need to clean up their computer.

4. It's generally not a good idea to post your actual email address in these forums, in that they are regularly indexed by Google and other indexing "spiders" and you will probably wind up receiving more spam because of that. You should edit your original post and remove references to your address.

DT

Link to comment
Share on other sites

BTW, Kay, do you actually have a SpamCop filtered email account? That's not clear by the question you asked. If not, then your message doesn't really belong in this particular forum, which is for questions from people who pay $30/year for a filtered email account from SpamCop.

DT

Link to comment
Share on other sites

First, you should edit your original post and remove the valid email addresses. These forums can be scanned to pick up addresses to spam.

Is there anything I can do to stop my email address from being used like this?

No, there really isn't. Most viruses pick up email addresses from various places on the local system (address books, documents, web cache files, etc.) and use them in both the from and to parts of the email. The machine with the virus is likely: Received: from sbcglobal.net (adsl-68-79-204-174.dsl.emhril.ameritech.net

[68.79.204.174])

What you can do, thiough it is unlikely to make a difference, is to complain to the system that sent the message (from the full headers of your message, not provided here) and let them know that they are bouncing messages to innocent third parties. A template I use that I "borrowed" from this forum is:

Attention Postmaster,

The most recent batch of computer viruses and worms released upon the internet almost invariably forge the sender information.  Any alert notice to the address indicated in the "from" header usually is sent to an innocent party who has nothing to do with the original message.

We request that you reconfigure your mail gateway to not generate notifications sent by email to the from address within the message.  Rejecting the message during the initial SMTP transaction is the best way to accomplish this.

If you examine the headers of the message that you received you'll see, by researching the IP address in question, that the virus came from some other network.  Please contact *their* administrator if you wish to notify someone.

Thank you for taking the time to read this response. If you need assistance in configuring the mail gateway, please consult the software developer.

This is form-letter response.

------------------------- BEGIN HEADERS -----------------------------

-------------------------- END HEADERS ------------------------------

Link to comment
Share on other sites

BTW, Kay, do you actually have a SpamCop filtered email account? That's not clear by the question you asked. If not, then your message doesn't really belong in this particular forum, which is for questions from people who pay $30/year for a filtered email account from SpamCop.

DT

23342[/snapback]

I don't have an account. I didn't realize I needed one. If that was explained, I missed it.

How do I obtain an account?

Is there a way to delete my prior message then?

I'll do it right the next time!

Kay :)

Link to comment
Share on other sites

OK, was waiting for a response from the original poster .. see that ... moving this to the Lounge ...

I don't have an account. I didn't realize I needed one. If that was explained, I missed it.

The "definition" for this Forum section kind of 'hints' at a SpamCop e-mail account being involved <g> .... "A forum for questions and discussion about the SpamCop Email System and spamcop.net email accounts."

How do I obtain an account?

Included within the FAQ .. or go to www.spamcop.net and make a decision <g>

Is there a way to delete my prior message then?

Being moved to a more appropriate Forum ... as it's not a Reporting issue, not a SpamCop e-mail account issue ...

On the other hand, I see no sign that you tried to edit that first post.

Note: edited rkclark's post to remove personal data. Then merged that Topic into this discussion.

Link to comment
Share on other sites

  • 2 weeks later...

HELP!!

I recently have received about 10k bounced emails from a spammer who is using various alias addresses linked to one of my domains.

I have contacted the company directly and they are being of NO help whatsoever.

After multiple emails and chats with Live Help, I have hit a wall. Here is a copy of my conversation with them today.

++Begin Convo++

You are now chatting with 'Melissa'

Melissa: Hello. How may I assist you?

you: Hi, I am having an extremely bad issue with one of your affiliates who is spamming using return addresses from one of my domains illegally. I spoke with someone about this the other day.

you: This is the affiliate URL http://satisfactionworld.com/cat.php?ref_i...&cid=64⊂=262

you: I now have had over 10,000 bounced emails come through my servers as a result of this spamming

you: I need to know who this affiliate is

Melissa: www3.sastisfactionworld.com is the affiliate.

you: is this a company account?

you: This is an illegal action. I have several legitimate businesses and they are spamming using aliases from my domains.

you: If you can't help me, I need to know who to contact to rectify this situation immediately. We run our sites off a dedicated server and 10,000 emails bouncing around is wrecking havok with it. The volume coming through in a short period of time has caused our server to crash several times in the last 3 days.

you: Are you at a complete loss for words, checking out the situation, or just ignoring me?

Melissa: I have sent your request to the office management.

you: I've emailed and no one has replied

you: do you have any recommendations?

Melissa: no

you: who should I contact that can help me?

Melissa: i am trying

you: I have emailed and it's just that noone is replying to me. This is a very serious situation.

you: Okay. I can see this is getting me no where. Please let your management know that I will be in the process of reporting each of these emails

you: Thanks and have a good day

++End convo++

There was a good 10 minutes between my comments and her reply.

I really need to take care of this and have no clue how to handle it! I'm afraid that by reporting the emails that include return addresses from my own domain, I will end up harming myself.

I have always prided myself as being a very responsible marketer. I have never sent spam in my 4 years of doing business online.

Any advice on how to handle this PLEASE??

Thanks so much for your help,

Mari

Link to comment
Share on other sites

I wouldn't worry about it, most block lists nowdays (including SC) are based on IP of origin. Spammers have widened the use of forged e-mail domains in their spew. The only annoyance are the bounces you get as a result of their forgery. If you have the resources to trace them and sue them it would help us all. However there is no law on the books that makes this practice illegal.

Link to comment
Share on other sites

Forgive me if this topic has been covered - I can't find anything in the archive that looks like it's about the same thing but it might just be that I don't understand the terminology.

The problem - I get a message from a Postmaster saying "DELIVERY FAILURE: User kobe (kobe[at]nba.com) not listed in Domino Directory" despite me not having sent a message there in the 1st place. The returned message is included and is spam. This particular one reads,

<<<Your message

Subject: Hi Man! Downloadable D*V*D for adult.

was not delivered to:

kobe[at]nba.com

because:

User kobe (kobe[at]nba.com) not listed in Domino Directory

Reporting-MTA: dns;mailhost.nba.com

Final-Recipient: rfc822;kobe[at]nba.com

Action: failed

Status: 5.1.1

Diagnostic-Code: X-Notes; User kobe (kobe[at]nba.com) not listed in Domino

Directory

From: [removed]

Date: January 31, 2005 11:29:48 PM JST

To: Kobe <kobe[at]nba.com>

Subject: Hi Man! Downloadable D*V*D for adult.

http://66.66.129.65:8180/dv/index.html >>>

This seems to me to be nothing more than spam as if I try to bounce it back to the postmaster it comes back to me again as undeliverable. However, when I try to report it to Spamcop I get a message telling me it's a bounce and not to report bounces.

Can anyone tell me what's happening here? You help is appreciated.

Link to comment
Share on other sites

Forgive me if this topic has been covered - I can't find anything in the archive that looks like it's about the same thing but it might just be that I don't understand the terminology.

Yes, you are quite correct. I seem to tick people off when I take things literally or try to correct the wrong use of terminology, but ... in this case, I did a search on "forged address" amd came up with lots of hits, picking this as the most recent/worked-over discussion. As soon as I post this, I'm going to go move/merge yet another one in this same "issue area" .. noting that the Title on that Topic was "Alias return addresses" .... which is a long ways down the road from "forged address" ...

Anyway, hugo (and mpbmari) advised via PM of the move/merge of the original post from the Reporting Help Forum into this existing Topic.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...