Jump to content

iamjustsendingthisleter


captkirk

Recommended Posts

I am starting to receive lots of messages from "iamjustsendingthisleter[at](somedomain).com".

All they contain is a variation on:

Hi iamjustsendingthisleter.

How are you ? Call me.

Social pressures

What's the point of this? Are they just validating addressess or what?

Link to comment
Share on other sites

... What's the point of this? Are they just validating addressess or what?
Maybe, who knows the mind of a spammer? Google reveals this stuff is hitting some addresses in Switzerland, Germany, Holland. Looks like it is spreading (Oh frabjous day!).
Link to comment
Share on other sites

I am starting to receive lots of messages from "iamjustsendingthisleter[at](somedomain).com".

All they contain is a variation on:

What's the point of this? Are they just validating addressess or what?

Either a pathetic cry for help, or just another 'ubergoof' playing in his/her 'goofergarten'.

Link to comment
Share on other sites

  • 3 weeks later...

I am starting to receive lots of messages from "iamjustsendingthisleter[at](somedomain).com".

All they contain is a variation on:

What's the point of this? Are they just validating addressess or what?

A week after we got the first of these messages (beginning of Nov/2006) to our catch-all mail-domain account we started to get a lot of bounced failure messages. Someone has started using our domain as return address in their spam messages. Currently we receive around 100 "Mail delivery failure" type messages every hour, all with different (fake) names using our domain as return address.

Checking other web-messages regarding iamjustsendingthisleter it looks like many other have experienced the same sequence of events, that the receipt of iamjustsendingthisleter means that your (catch all) domain will soon be used as return addresses in mass spam distributions.

Currently there are only three "companies" using our domain as return address, "PharmacyExpress.com", "Health Nation", and anonymous Stock Exchange buy alerts and it looks like they are using the same service or program to send their spam, because the messages have many similar characteristics and are in many occasions sent from the same ip-address or address-group.

PS. To us it is extremely disappointing that the worst one of these www.rx555.com (PharmacyExpress.com) is still alive; it is sending at least 5 spam messages to every single one of our (non fake) domain addresses every day for at least 20 days now, all with different but valid (catch-all) return domain addresses (of other unfortunate companies like ours).

Link to comment
Share on other sites

A week after we got the first of these messages (beginning of Nov/2006) to our catch-all mail-domain account we started to get a lot of bounced failure messages. Someone has started using our domain as return address in their spam messages. Currently we receive around 100 "Mail delivery failure" type messages every hour, all with different (fake) names using our domain as return address.

...

PS. To us it is extremely disappointing that the worst one of these www.rx555.com (PharmacyExpress.com) is still alive; it is sending at least 5 spam messages to every single one of our (non fake) domain addresses every day for at least 20 days now, all with different but valid (catch-all) return domain addresses (of other unfortunate companies like ours).

Thanks for taking the time out to record that information Hautron! The "meaning" of those non-messages has been the subject of much conjecture but follow-ups have been few and far between - "none" being my recollection.

www.rx555.com appears to be dependent on Taiwan Fixed Network CO.,LTD. (61.31.214.78 - functional NS and A records, non-functional MX) with an abuse address of abuse[at]tfn.net.tw recorded by hostmaster[at]twnic.net.tw SpamHause links 61.31.214.78 to Leo Kuvayev - http://www.spamhaus.org/sbl/sbl.lasso?query=SBL48511 Complaints to tfn.net.tw are not likely to be productive (to be kind about it) but the Taiwan NIC might be an avenue of approach - www.twnic.net.tw/english/dn/dn_02.htm (noting it does profess the power to "terminate services" for "certain reasons").

Link to comment
Share on other sites

  • 3 weeks later...
PS. To us it is extremely disappointing that the worst one of these www.rx555.com (PharmacyExpress.com) is still alive; it is sending at least 5 spam messages every day for at least 20 days now,

What I have chosen to do : send 5 times a day from 3 different addresses of mine all mails (25+ now, increasing by some 5 a day) received from pseudo rx255.com to : info[at]pharmacyexpress.com and sales[at]pharmacyexpress.com. Boring for me but also for them, I guess. If we were a thousand to do the same, they should get mad and will act. Am'I dreaming ??

Best

Link to comment
Share on other sites

<snip>

What I have chosen to do : send 5 times a day from 3 different addresses of mine all mails (25+ now, increasing by some 5 a day) received from pseudo rx255.com to : info[at]pharmacyexpress.com and sales[at]pharmacyexpress.com. Boring for me but also for them, I guess. If we were a thousand to do the same, they should get mad and will act.

<snip>

...My opinion is that that would be fighting abuse with abuse. One of the issues with spam is that it consumes internet bandwidth for personal gain or criminal activity for which the user is not being imposed the cost, reducing available bandwidth for the rest of us. If you do what you propose, you are consuming internet bandwidth for retaliatory purposes for which you are not being imposed the cost, further reducing available bandwidth for the rest of us. Instead, you could use SpamCop to send reports to the appropriate abuse e-mail addresses (contributing the SpamCop blacklist while you're at it) or do your own research and submit reports to appropriate authorities.
Link to comment
Share on other sites

  • 2 weeks later...
I am noticing that this domain is finally down. :)

Reporting the dns server to the registrar appears to be the most effective method for shutting these sites down.

spami;

In Re:

www.rx555.com/welcome.php?sid=f6d20a73a4996afaf89bae8eb4078b85

I’m not sure what has transpired since your post stating the site was down, but I just got my first spam linking to rx555.com and it is up and running this morning.

Working nameserver on 60.12.193.40

[Moderator edit - link broken - Farelf]

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...