captkirk Posted November 5, 2006 Share Posted November 5, 2006 I am starting to receive lots of messages from "iamjustsendingthisleter[at](somedomain).com". All they contain is a variation on: Hi iamjustsendingthisleter. How are you ? Call me. Social pressures What's the point of this? Are they just validating addressess or what? Link to comment Share on other sites More sharing options...
Farelf Posted November 5, 2006 Share Posted November 5, 2006 ... What's the point of this? Are they just validating addressess or what?Maybe, who knows the mind of a spammer? Google reveals this stuff is hitting some addresses in Switzerland, Germany, Holland. Looks like it is spreading (Oh frabjous day!). Link to comment Share on other sites More sharing options...
rooster Posted November 6, 2006 Share Posted November 6, 2006 I am starting to receive lots of messages from "iamjustsendingthisleter[at](somedomain).com". All they contain is a variation on: What's the point of this? Are they just validating addressess or what? Either a pathetic cry for help, or just another 'ubergoof' playing in his/her 'goofergarten'. Link to comment Share on other sites More sharing options...
Hautron Posted November 24, 2006 Share Posted November 24, 2006 I am starting to receive lots of messages from "iamjustsendingthisleter[at](somedomain).com". All they contain is a variation on: What's the point of this? Are they just validating addressess or what? A week after we got the first of these messages (beginning of Nov/2006) to our catch-all mail-domain account we started to get a lot of bounced failure messages. Someone has started using our domain as return address in their spam messages. Currently we receive around 100 "Mail delivery failure" type messages every hour, all with different (fake) names using our domain as return address. Checking other web-messages regarding iamjustsendingthisleter it looks like many other have experienced the same sequence of events, that the receipt of iamjustsendingthisleter means that your (catch all) domain will soon be used as return addresses in mass spam distributions. Currently there are only three "companies" using our domain as return address, "PharmacyExpress.com", "Health Nation", and anonymous Stock Exchange buy alerts and it looks like they are using the same service or program to send their spam, because the messages have many similar characteristics and are in many occasions sent from the same ip-address or address-group. PS. To us it is extremely disappointing that the worst one of these www.rx555.com (PharmacyExpress.com) is still alive; it is sending at least 5 spam messages to every single one of our (non fake) domain addresses every day for at least 20 days now, all with different but valid (catch-all) return domain addresses (of other unfortunate companies like ours). Link to comment Share on other sites More sharing options...
Farelf Posted November 25, 2006 Share Posted November 25, 2006 A week after we got the first of these messages (beginning of Nov/2006) to our catch-all mail-domain account we started to get a lot of bounced failure messages. Someone has started using our domain as return address in their spam messages. Currently we receive around 100 "Mail delivery failure" type messages every hour, all with different (fake) names using our domain as return address. ... PS. To us it is extremely disappointing that the worst one of these www.rx555.com (PharmacyExpress.com) is still alive; it is sending at least 5 spam messages to every single one of our (non fake) domain addresses every day for at least 20 days now, all with different but valid (catch-all) return domain addresses (of other unfortunate companies like ours). Thanks for taking the time out to record that information Hautron! The "meaning" of those non-messages has been the subject of much conjecture but follow-ups have been few and far between - "none" being my recollection. www.rx555.com appears to be dependent on Taiwan Fixed Network CO.,LTD. (61.31.214.78 - functional NS and A records, non-functional MX) with an abuse address of abuse[at]tfn.net.tw recorded by hostmaster[at]twnic.net.tw SpamHause links 61.31.214.78 to Leo Kuvayev - http://www.spamhaus.org/sbl/sbl.lasso?query=SBL48511 Complaints to tfn.net.tw are not likely to be productive (to be kind about it) but the Taiwan NIC might be an avenue of approach - www.twnic.net.tw/english/dn/dn_02.htm (noting it does profess the power to "terminate services" for "certain reasons"). Link to comment Share on other sites More sharing options...
spamislame Posted December 12, 2006 Share Posted December 12, 2006 I am noticing that this domain is finally down. Reporting the dns server to the registrar appears to be the most effective method for shutting these sites down. Mostly fyi. SiL Link to comment Share on other sites More sharing options...
Farelf Posted December 12, 2006 Share Posted December 12, 2006 ... Reporting the dns server to the registrar appears to be the most effective method for shutting these sites down. ...Thanks SiL, and for the good news. Link to comment Share on other sites More sharing options...
mvh Posted December 14, 2006 Share Posted December 14, 2006 PS. To us it is extremely disappointing that the worst one of these www.rx555.com (PharmacyExpress.com) is still alive; it is sending at least 5 spam messages every day for at least 20 days now, What I have chosen to do : send 5 times a day from 3 different addresses of mine all mails (25+ now, increasing by some 5 a day) received from pseudo rx255.com to : info[at]pharmacyexpress.com and sales[at]pharmacyexpress.com. Boring for me but also for them, I guess. If we were a thousand to do the same, they should get mad and will act. Am'I dreaming ?? Best Link to comment Share on other sites More sharing options...
Miss Betsy Posted December 14, 2006 Share Posted December 14, 2006 They know how to configure filters also, I expect. Miss Betsy Link to comment Share on other sites More sharing options...
turetzsr Posted December 14, 2006 Share Posted December 14, 2006 <snip> What I have chosen to do : send 5 times a day from 3 different addresses of mine all mails (25+ now, increasing by some 5 a day) received from pseudo rx255.com to : info[at]pharmacyexpress.com and sales[at]pharmacyexpress.com. Boring for me but also for them, I guess. If we were a thousand to do the same, they should get mad and will act. <snip> ...My opinion is that that would be fighting abuse with abuse. One of the issues with spam is that it consumes internet bandwidth for personal gain or criminal activity for which the user is not being imposed the cost, reducing available bandwidth for the rest of us. If you do what you propose, you are consuming internet bandwidth for retaliatory purposes for which you are not being imposed the cost, further reducing available bandwidth for the rest of us. Instead, you could use SpamCop to send reports to the appropriate abuse e-mail addresses (contributing the SpamCop blacklist while you're at it) or do your own research and submit reports to appropriate authorities. Link to comment Share on other sites More sharing options...
Miss Betsy Posted December 15, 2006 Share Posted December 15, 2006 And there are more effective ways of fighting abuse with abuse - though since I don't support that, I don't remember the names or methods. Miss Betsy Link to comment Share on other sites More sharing options...
dra007 Posted December 15, 2006 Share Posted December 15, 2006 Spammers have been succesful at defeating most aggressive antispam actions in the recent past. For some reason they don't seem to be as adamant against SpamCop or else SC has developed good defensive mechanisms. Link to comment Share on other sites More sharing options...
rooster Posted December 29, 2006 Share Posted December 29, 2006 I am noticing that this domain is finally down. Reporting the dns server to the registrar appears to be the most effective method for shutting these sites down. spami; In Re: www.rx555.com/welcome.php?sid=f6d20a73a4996afaf89bae8eb4078b85 I’m not sure what has transpired since your post stating the site was down, but I just got my first spam linking to rx555.com and it is up and running this morning. Working nameserver on 60.12.193.40 [Moderator edit - link broken - Farelf] Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.