They're using MY name!

[buggy]

So these folks (http://www.911pharma.biz) are sending out viagara spam using my e-mail address as the from and reply to address.

This has the double effect of:

1. Filling my inbox with "message delivery failed -- user not known" messages.

and

2. Giving dumb people the impression that *I* sent the spam.

What can I do to stop this? How can I get an offshore pharmacy to stop using my e-mail address?

Help!

Mike

[Chris Parker]

So these folks (http://www.911pharma.biz) are sending out viagara spam using my e-mail address as the from and reply to address.

What can I do to stop this?  How can I get an offshore pharmacy to stop using my e-mail address?

Unless you've got a lot of money to spend on investigators and lawyers the best you can do is to wait it out and give polite response to those who send you email. You might ask your ISP if they've got any extra filtering that they can turn on for you so that you'll not get the bounces...

[Jeff G.]

As Mike Richter would write in part:

Spammers forge the email addresses into the "From" addresses of their spam

all the time. There is no known method of making them stop. Fortunately, it

is very likely to stop on its own in a short time (typically, a few days

unless you have gotten the spammer angry at you).

Even more fortunately, no responsible individual or ISP will blame you

for the spew. You may get some irate e-mails from those who are truly

clueless, but your IP address won't show up on a blocklist for such a

forgery.

You are not supposed to report bounces or the content of bounces with

the SpamCop Reporting Service, but you can use its parsing portion to help

you compose your own reports.

[buggy]

Unless you've got a lot of money to spend on investigators and lawyers the best you can do is to wait it out and give polite response to those who send you email.  You might ask your ISP if they've got any extra filtering that they can turn on for you so that you'll not get the bounces...

Sigh. I was afraid of that. They are located in the Phillipines, of course, so even if I had the money for investigators or lawyers, it wouldn't do any good.

Thanks,

Mike

[turetzsr]

As Mike Richter would write in part:

Spammers forge the email addresses into the "From" addresses of their spam

all the time.  There is no known method of making them stop. Fortunately, it

is very likely to stop on its own in a short time (typically, a few days

unless you have gotten the spammer angry at you).

Even more fortunately, no responsible individual or ISP will blame you

for the spew. You may get some irate e-mails from those who are truly

clueless, but your IP address won't show up on a blocklist for such a

forgery.

You are not supposed to report bounces or the content of bounces with

the SpamCop Reporting Service, but you can use its parsing portion to help

you compose your own reports.

Hi, Jeff,

...Looks like another very good candidate for a FAQ!

[Jeff G.]

Looks like another very good candidate for a FAQ! 

Done.

[spamotomy]

It's definitely annoying to have to wait it out. But you can alleviate some of the problem by using a procmail recipe (provided you have server access) to filter out the bounced messages before they get to your inbox. Or, if you have a good Bayesian spam filter, you can quickly train it to start junking the bounced messages.

As for the angry messages from the less-than-knowledgeable... just ignore them. It's not your fault.

--Amit

http://Spamotomy.com

[buggy]

It's definitely annoying to have to wait it out.  But you can alleviate some of the problem by using a procmail recipe (provided you have server access) to filter out the bounced messages before they get to your inbox.  Or, if you have a good Bayesian spam filter, you can quickly train it to start junking the bounced messages.

As for the angry messages from the less-than-knowledgeable... just ignore them.  It's not your fault.

--Amit

http://Spamotomy.com

Sigh, it's still going on. Plus now I'm getting spam from the company, besides getting the bounced messages. You can get a good idea about 'em from a whois lookup, and I've complained to joker.com, but there isn't much more I can do.

I have set my spam filters to junk the bounced messages, but that means that I won't know about legitimate bounced messages either.

Sigh.

Mike

[Spam_Hater]

:angry:

Hi,

I also getting hammered with bouncing e-mails, and complaints from people asking me not to send them viagra promotions etc.

Did some research on 911pharma.biz - but cannot get "Jose Sastre" to answer the phone.

This is what I have found on whois.com

Domain Name: 911PHARMA.BIZ

Domain ID: D6121572-BIZ

Sponsoring Registrar: CSL COMPUTER SERVICE (D.B.A. JOKER.COM)

Domain Status: ok

Registrant ID: CNEU-95019

Registrant Name: Jose Sastre

Registrant Address1: POBox 704

Registrant City: Caloocan City

Registrant Postal Code: 1400

Registrant Country: Philippines

Registrant Country Code: PH

Registrant Phone Number: +639.263497186

Registrant Email: jsastre[at]advertiserpages.biz

Administrative Contact ID: CNEU-95017

Administrative Contact Name: Jose Sastre

Administrative Contact Address1: POBox 704

Administrative Contact City: Caloocan City

Administrative Contact Postal Code: 1400

Administrative Contact Country: Philippines

Administrative Contact Country Code: PH

Administrative Contact Phone Number: +639.263497186

Administrative Contact Email: jsastre[at]advertiserpages.biz

Billing Contact ID: CNEU-95017

Billing Contact Name: Jose Sastre

Billing Contact Address1: POBox 704

Billing Contact City: Caloocan City

Billing Contact Postal Code: 1400

Billing Contact Country: Philippines

Billing Contact Country Code: PH

Billing Contact Phone Number: +639.263497186

Billing Contact Email: jsastre[at]advertiserpages.biz

Technical Contact ID: CNEU-95017

Technical Contact Name: Jose Sastre

Technical Contact Address1: POBox 704

Technical Contact City: Caloocan City

Technical Contact Postal Code: 1400

Technical Contact Country: Philippines

Technical Contact Country Code: PH

Technical Contact Phone Number: +639.263497186

Technical Contact Email: jsastre[at]advertiserpages.biz

Name Server: NS1.ASEARCHES.COM

Name Server: NS2.ASEARCHES.COM

Created by Registrar: CSL COMPUTER SERVICE (D.B.A. JOKER.COM)

Last Updated by Registrar: CSL COMPUTER SERVICE (D.B.A. JOKER.COM)

Domain Registration Date: Fri Jan 23 14:29:57 GMT 2004

Domain Expiration Date: Sat Jan 22 23:59:59 GMT 2005

Domain Last Updated Date: Tue Jan 27 20:13:00 GMT 2004

[buggy]

I also getting hammered with bouncing e-mails, and complaints from people asking me not to send them viagra promotions etc.

Did some research on 911pharma.biz - but cannot get "Jose Sastre" to answer the phone.

Yeah, he's using a number of different forged real return addresses.

I wonder if this would fall enough in the area of indentity theft to matter?

[Spambo]

I also getting hammered with bouncing e-mails, and complaints from people asking me not to send them viagra promotions etc.

Did some research on 911pharma.biz - but cannot get "Jose Sastre" to answer the phone.

Yeah, he's using a number of different forged real return addresses.

I wonder if this would fall enough in the area of indentity theft to matter?

Probably, however unless you have the resources to identify the spammer and can prove damages chances are trying to go this route is a waste of time.

Your best bet is to answer any angry responses with an email telling the sender that your address was forged into the return address. Remind the sender that this is one of the reasons why they should never buy anything offered by spam since they have no reliable means to contact the seller if something goes wrong.

If you have a web page associated with the domain you might put a short notice about the forgery on your main page. Link it to a more detailed page if you wish to give more information about the forgery.

[buggy]

Your best bet is to answer any angry responses with an email telling the sender that your address was forged into the return address.  Remind the sender that this is one of the reasons why they should never buy anything offered by spam since they have no reliable means to contact the seller if something goes wrong.

Yeah, that's what got him sending the spam to me. I sent him an angry e-mail not I get his spam and his bounces and I doub't he'll ever stop using my return address.

Mike

[mrspeedmaster]

The guy who provided name services for 911pharma.biz, affordablemeds.biz is name Richard Hoenck from RLHSERVICES.COM

His name server was named asearches.com. I got his info but as of 02/06/04, he changed it with bogus info. I confronted him about it and I filed a report with the FBI, FDA, and FTC.

911Pharma.biz and affordablemeds.biz is no longer online but they have changed the domain names to two other (on my other computer) yet the spam continues. Also the forged headers.

His name server ns1.asearches.com hosted and *was* located in China on the very same machine as the spamming sites. He PROVIDED WEB-SITE hosting for the spammers.

During my phone conversation with him - he was confronted with this fact, he said it was not illegal or immoral to host outside the US.. Yeah, whatever dude. It shows a lack of moral character and guilt by just being involved with the spammers.

I provided all this info to the FBI - traceroutes, pings, APNIC info, etc. Telnetting into his machine or 911pharma all return same conclusive results. Also spam searches on him yield a lot of info.

I will personally sue them along with 3-4 other people.

If the authority cannot get him on spam, the illegal sales of prescription drugs will. I will contact the DEA next.

I've gotten over 4,000 Bounced messages. I make sure this guy will pay legally and through our justice system.

[pipeman]

speedmasterguy,

I just wrote you with my personal count of 12,691 bounces received. I have been trying to get a response from the FTC, but the FDA or DEA might be a more effective approach.

pipeman

Over the past three days our business has been overwhelmed by bounces

from a spammer advertising the websites www.911pharma.biz and

www.afforablemeds.biz. This spammer has sent email with our company

domain in the From: address of the spam, and we have to process bounces every minute around the clock. We note that this address spoofing is illegal in the new spam legislation.

We have traced ownership of his webserver hosted in China

[211.154.103.12], and it is owned by a company based in Chicago with the

domain asearches.com. We traced this by finding the name service records

and email for the China server. This is a pharmaceutical scam and is

costing our company thousands of dollars a day in staff and server time,

as it impacts our services to our customers. We have traced the business

owner and person responsible, he is the registered owner of

asearches.com and host for these spam websites:

Richard Honeck

RLH Services

6167 N Broadway #483

Chicago,IL , 60660

(773) 561-7530

(775) 923-1054

We would appreciate your time and effort to stop this activity.

[mrspeedmaster]

Since I filed a report to the authorities including the FBI, I need more evidence and data.

If you guys who are victims can forward me your bounced headers (a small sample), I'd like to use it for whatever prosecution and/or lawsuit.

If you want to be involved and be a part of investigation, your contact information and the permission to use you as witnesses will help.

I want this guy nailed.

[Keithj]

I've been having the same problem: spam with my e-mail address forged as the origin. The sending ISP is in the UK but ignores all complaints etc. I have now sent a formal complaint to the UK Data Protection Registrar and to OfCom: those are the "official" bodies, but I've never heard of either taking action. From what I can see, they only collect money in the form of registration fees from legitimate users and pass it to the Government. They don't prosecute :-(

It started with my e-mail address being put into the subject line of spam sent to me from various sources. I think spamcopping them has annoyed them, so they've chosen me as their victim. Fortunately, in this case the victim could change address and escape.