buggy Posted February 3, 2004 Share Posted February 3, 2004 So these folks (http://www.911pharma.biz) are sending out viagara spam using my e-mail address as the from and reply to address. This has the double effect of: 1. Filling my inbox with "message delivery failed -- user not known" messages. and 2. Giving dumb people the impression that *I* sent the spam. What can I do to stop this? How can I get an offshore pharmacy to stop using my e-mail address? Help! Mike Link to comment Share on other sites More sharing options...
Chris Parker Posted February 3, 2004 Share Posted February 3, 2004 So these folks (http://www.911pharma.biz) are sending out viagara spam using my e-mail address as the from and reply to address. What can I do to stop this? How can I get an offshore pharmacy to stop using my e-mail address? Unless you've got a lot of money to spend on investigators and lawyers the best you can do is to wait it out and give polite response to those who send you email. You might ask your ISP if they've got any extra filtering that they can turn on for you so that you'll not get the bounces... Link to comment Share on other sites More sharing options...
Jeff G. Posted February 4, 2004 Share Posted February 4, 2004 As Mike Richter would write in part: Spammers forge the email addresses into the "From" addresses of their spam all the time. There is no known method of making them stop. Fortunately, it is very likely to stop on its own in a short time (typically, a few days unless you have gotten the spammer angry at you). Even more fortunately, no responsible individual or ISP will blame you for the spew. You may get some irate e-mails from those who are truly clueless, but your IP address won't show up on a blocklist for such a forgery. You are not supposed to report bounces or the content of bounces with the SpamCop Reporting Service, but you can use its parsing portion to help you compose your own reports. Link to comment Share on other sites More sharing options...
buggy Posted February 4, 2004 Author Share Posted February 4, 2004 Unless you've got a lot of money to spend on investigators and lawyers the best you can do is to wait it out and give polite response to those who send you email. You might ask your ISP if they've got any extra filtering that they can turn on for you so that you'll not get the bounces... Sigh. I was afraid of that. They are located in the Phillipines, of course, so even if I had the money for investigators or lawyers, it wouldn't do any good. Thanks, Mike Link to comment Share on other sites More sharing options...
turetzsr Posted February 4, 2004 Share Posted February 4, 2004 As Mike Richter would write in part: Spammers forge the email addresses into the "From" addresses of their spam all the time. There is no known method of making them stop. Fortunately, it is very likely to stop on its own in a short time (typically, a few days unless you have gotten the spammer angry at you). Even more fortunately, no responsible individual or ISP will blame you for the spew. You may get some irate e-mails from those who are truly clueless, but your IP address won't show up on a blocklist for such a forgery. You are not supposed to report bounces or the content of bounces with the SpamCop Reporting Service, but you can use its parsing portion to help you compose your own reports. Hi, Jeff, ...Looks like another very good candidate for a FAQ! Link to comment Share on other sites More sharing options...
Jeff G. Posted February 4, 2004 Share Posted February 4, 2004 Looks like another very good candidate for a FAQ! Done. Link to comment Share on other sites More sharing options...
spamotomy Posted February 5, 2004 Share Posted February 5, 2004 It's definitely annoying to have to wait it out. But you can alleviate some of the problem by using a procmail recipe (provided you have server access) to filter out the bounced messages before they get to your inbox. Or, if you have a good Bayesian spam filter, you can quickly train it to start junking the bounced messages. As for the angry messages from the less-than-knowledgeable... just ignore them. It's not your fault. --Amit http://Spamotomy.com Link to comment Share on other sites More sharing options...
buggy Posted February 5, 2004 Author Share Posted February 5, 2004 It's definitely annoying to have to wait it out. But you can alleviate some of the problem by using a procmail recipe (provided you have server access) to filter out the bounced messages before they get to your inbox. Or, if you have a good Bayesian spam filter, you can quickly train it to start junking the bounced messages. As for the angry messages from the less-than-knowledgeable... just ignore them. It's not your fault. --Amit http://Spamotomy.com Sigh, it's still going on. Plus now I'm getting spam from the company, besides getting the bounced messages. You can get a good idea about 'em from a whois lookup, and I've complained to joker.com, but there isn't much more I can do. I have set my spam filters to junk the bounced messages, but that means that I won't know about legitimate bounced messages either. Sigh. Mike Link to comment Share on other sites More sharing options...
Spam_Hater Posted February 6, 2004 Share Posted February 6, 2004 :angry: Hi, I also getting hammered with bouncing e-mails, and complaints from people asking me not to send them viagra promotions etc. Did some research on 911pharma.biz - but cannot get "Jose Sastre" to answer the phone. This is what I have found on whois.com Domain Name: 911PHARMA.BIZ Domain ID: D6121572-BIZ Sponsoring Registrar: CSL COMPUTER SERVICE (D.B.A. JOKER.COM) Domain Status: ok Registrant ID: CNEU-95019 Registrant Name: Jose Sastre Registrant Address1: POBox 704 Registrant City: Caloocan City Registrant Postal Code: 1400 Registrant Country: Philippines Registrant Country Code: PH Registrant Phone Number: +639.263497186 Registrant Email: jsastre[at]advertiserpages.biz Administrative Contact ID: CNEU-95017 Administrative Contact Name: Jose Sastre Administrative Contact Address1: POBox 704 Administrative Contact City: Caloocan City Administrative Contact Postal Code: 1400 Administrative Contact Country: Philippines Administrative Contact Country Code: PH Administrative Contact Phone Number: +639.263497186 Administrative Contact Email: jsastre[at]advertiserpages.biz Billing Contact ID: CNEU-95017 Billing Contact Name: Jose Sastre Billing Contact Address1: POBox 704 Billing Contact City: Caloocan City Billing Contact Postal Code: 1400 Billing Contact Country: Philippines Billing Contact Country Code: PH Billing Contact Phone Number: +639.263497186 Billing Contact Email: jsastre[at]advertiserpages.biz Technical Contact ID: CNEU-95017 Technical Contact Name: Jose Sastre Technical Contact Address1: POBox 704 Technical Contact City: Caloocan City Technical Contact Postal Code: 1400 Technical Contact Country: Philippines Technical Contact Country Code: PH Technical Contact Phone Number: +639.263497186 Technical Contact Email: jsastre[at]advertiserpages.biz Name Server: NS1.ASEARCHES.COM Name Server: NS2.ASEARCHES.COM Created by Registrar: CSL COMPUTER SERVICE (D.B.A. JOKER.COM) Last Updated by Registrar: CSL COMPUTER SERVICE (D.B.A. JOKER.COM) Domain Registration Date: Fri Jan 23 14:29:57 GMT 2004 Domain Expiration Date: Sat Jan 22 23:59:59 GMT 2005 Domain Last Updated Date: Tue Jan 27 20:13:00 GMT 2004 Link to comment Share on other sites More sharing options...
buggy Posted February 6, 2004 Author Share Posted February 6, 2004 I also getting hammered with bouncing e-mails, and complaints from people asking me not to send them viagra promotions etc. Did some research on 911pharma.biz - but cannot get "Jose Sastre" to answer the phone. Yeah, he's using a number of different forged real return addresses. I wonder if this would fall enough in the area of indentity theft to matter? Link to comment Share on other sites More sharing options...
Spambo Posted February 6, 2004 Share Posted February 6, 2004 I also getting hammered with bouncing e-mails, and complaints from people asking me not to send them viagra promotions etc. Did some research on 911pharma.biz - but cannot get "Jose Sastre" to answer the phone. Yeah, he's using a number of different forged real return addresses. I wonder if this would fall enough in the area of indentity theft to matter? Probably, however unless you have the resources to identify the spammer and can prove damages chances are trying to go this route is a waste of time. Your best bet is to answer any angry responses with an email telling the sender that your address was forged into the return address. Remind the sender that this is one of the reasons why they should never buy anything offered by spam since they have no reliable means to contact the seller if something goes wrong. If you have a web page associated with the domain you might put a short notice about the forgery on your main page. Link it to a more detailed page if you wish to give more information about the forgery. Link to comment Share on other sites More sharing options...
buggy Posted February 6, 2004 Author Share Posted February 6, 2004 Your best bet is to answer any angry responses with an email telling the sender that your address was forged into the return address. Remind the sender that this is one of the reasons why they should never buy anything offered by spam since they have no reliable means to contact the seller if something goes wrong. Yeah, that's what got him sending the spam to me. I sent him an angry e-mail not I get his spam and his bounces and I doub't he'll ever stop using my return address. Mike Link to comment Share on other sites More sharing options...
mrspeedmaster Posted February 7, 2004 Share Posted February 7, 2004 The guy who provided name services for 911pharma.biz, affordablemeds.biz is name Richard Hoenck from RLHSERVICES.COM His name server was named asearches.com. I got his info but as of 02/06/04, he changed it with bogus info. I confronted him about it and I filed a report with the FBI, FDA, and FTC. 911Pharma.biz and affordablemeds.biz is no longer online but they have changed the domain names to two other (on my other computer) yet the spam continues. Also the forged headers. His name server ns1.asearches.com hosted and *was* located in China on the very same machine as the spamming sites. He PROVIDED WEB-SITE hosting for the spammers. During my phone conversation with him - he was confronted with this fact, he said it was not illegal or immoral to host outside the US.. Yeah, whatever dude. It shows a lack of moral character and guilt by just being involved with the spammers. I provided all this info to the FBI - traceroutes, pings, APNIC info, etc. Telnetting into his machine or 911pharma all return same conclusive results. Also spam searches on him yield a lot of info. I will personally sue them along with 3-4 other people. If the authority cannot get him on spam, the illegal sales of prescription drugs will. I will contact the DEA next. I've gotten over 4,000 Bounced messages. I make sure this guy will pay legally and through our justice system. Link to comment Share on other sites More sharing options...
pipeman Posted February 7, 2004 Share Posted February 7, 2004 speedmasterguy, I just wrote you with my personal count of 12,691 bounces received. I have been trying to get a response from the FTC, but the FDA or DEA might be a more effective approach. pipeman Over the past three days our business has been overwhelmed by bounces from a spammer advertising the websites www.911pharma.biz and www.afforablemeds.biz. This spammer has sent email with our company domain in the From: address of the spam, and we have to process bounces every minute around the clock. We note that this address spoofing is illegal in the new spam legislation. We have traced ownership of his webserver hosted in China [211.154.103.12], and it is owned by a company based in Chicago with the domain asearches.com. We traced this by finding the name service records and email for the China server. This is a pharmaceutical scam and is costing our company thousands of dollars a day in staff and server time, as it impacts our services to our customers. We have traced the business owner and person responsible, he is the registered owner of asearches.com and host for these spam websites: Richard Honeck RLH Services 6167 N Broadway #483 Chicago,IL , 60660 (773) 561-7530 (775) 923-1054 We would appreciate your time and effort to stop this activity. Link to comment Share on other sites More sharing options...
mrspeedmaster Posted February 7, 2004 Share Posted February 7, 2004 Since I filed a report to the authorities including the FBI, I need more evidence and data. If you guys who are victims can forward me your bounced headers (a small sample), I'd like to use it for whatever prosecution and/or lawsuit. If you want to be involved and be a part of investigation, your contact information and the permission to use you as witnesses will help. I want this guy nailed. Link to comment Share on other sites More sharing options...
Keithj Posted February 7, 2004 Share Posted February 7, 2004 I've been having the same problem: spam with my e-mail address forged as the origin. The sending ISP is in the UK but ignores all complaints etc. I have now sent a formal complaint to the UK Data Protection Registrar and to OfCom: those are the "official" bodies, but I've never heard of either taking action. From what I can see, they only collect money in the form of registration fees from legitimate users and pass it to the Government. They don't prosecute :-( It started with my e-mail address being put into the subject line of spam sent to me from various sources. I think spamcopping them has annoyed them, so they've chosen me as their victim. Fortunately, in this case the victim could change address and escape. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.