Jump to content

Spam using my address!


Zaxon

Recommended Posts

Hi, I hope this is the right place to be asking about this.

We keep getting e-mails from someone that appear to be of the phishing variety. The strange thing is when looking in the header it is saying the e-mail is from randomname[at]myispaddress.freeserve.co.uk

(Where myispaddress is actually my own e-mail address that I use.)

I've tried using DNS WHOIS to try and find out the ISP of the people sending these e-mails but I don't really know what I'm doing and all I get is;

Using 0 day old cached answer (or, you can get fresh results).

Hiding E-mail address (you can get results with the E-mail address).

OrgName: Internet Assigned Numbers Authority

OrgID: IANA

Address: 4676 Admiralty Way, Suite 330

City: Marina del Rey

StateProv: CA

PostalCode: 90292-6695

Country: US

NetRange: 127.0.0.0 - 127.255.255.255

CIDR: 127.0.0.0/8

NetName: LOOPBACK

NetHandle: NET-127-0-0-0-1

Parent:

NetType: IANA Special Use

Comment: Please see RFC 3330 for additional information.

RegDate:

Updated: 2002-10-14

OrgAbuseHandle: IANA-IP-ARIN

OrgAbuseName: Internet Corporation for Assigned Names and Number

OrgAbusePhone: +1-310-301-5820

OrgAbuseEmail: *****[at]iana.org

OrgTechHandle: IANA-IP-ARIN

OrgTechName: Internet Corporation for Assigned Names and Number

OrgTechPhone: +1-310-301-5820

OrgTechEmail: *****[at]iana.org

# ARIN WHOIS database, last updated 2007-03-10 19:10

# Enter ? for additional hints on searching ARIN's WHOIS database.

The other info I got from the header of the e-mail was (I think) that the original e-mail address was [at]hitel.net, the IP used was either 127.0.0.1 or 127.16.87.160 and the site that they wanted you to enter your personal details into was www.stelkertster.com

I think this website domain name is registared with THE NAME IT CORPORATION DBA NAMESERVICES.NET

Again, I'm not sure if I've been using these tools correctly to identify the origin of the e-mails. But what is bothering me is the fact they are seemingly being sent from my own e-mail address. The virus checker on the computer is up to date and hasn't picked anything up. Can anyone tell me how this is happening, and how I might find out who to report it to?

My own ISP (Orange) says on their website to report it to whoever sends the spam ISP rather than themselves.

Link to comment
Share on other sites

As stated, user has little knowledge about things involved. And as the first read through makes it plain that the SpamCop.net Parsing & Reporting system has not been touched, this post will move this Topic to the Lounge area.

The SpamCop FAQ here has links to places to learn how to read headers, links to the use of the SpamCop.net tools ...

The Dictionary, Glossary, and Wiki all have defintions available for those words that may not yet be known.

Previous Topics/Discussions exist started by others that "did not send the e-mail/spam"

... some have the added "to myself" bit.

...... enough that the "why am I getting all these Bounces?" FAQ entry was created here. (a long time ago)

Link to comment
Share on other sites

Hi, I hope this is the right place to be asking about this. ...I'm not sure if I've been using these tools correctly to identify the origin of the e-mails. But what is bothering me is the fact they are seemingly being sent from my own e-mail address. The virus checker on the computer is up to date and hasn't picked anything up. Can anyone tell me how this is happening, and how I might find out who to report it to?

My own ISP (Orange) says on their website to report it to whoever sends the spam ISP rather than themselves.

Hi Zaxon. It seems you're not a SC reporter so "Reporting help" isn't/wasn't the correct place - no big thing, you tried.

First thing - your email address, the From: and Reply to: fields are usually forged in spam - that is no indication that it originates from your domain or network. The IP address of the injection point is what you need.

One hurdle to be overcome is to reveal the full headers and since you are seeing IP addresses it seems you have negotiated that one successfully. Reading headers is a skill but if you Google the phrase "how to read email headers" (without quotes) you will find much material. Next, when you try to track down the source, it looks like you are just picking up some internal message handling in your own network rather than the injection point which would most likely be earlier in the message chain. It could be originating within your network but that is not the most likely case.

Next, some interpretation/knowledge is sometimes needed in working out the "best" reporting address to use from the available whois and abuse address data and there is some tedium in dealing with the stream of bounces from any unresponsive addresses.

Now you could do far worse than sign up for a SC reporting account (it can be a free account) which gives you access to the SpamCop parser which fairly well does all the hard work for you, including the ability to then have reports sent to the actual originating networks about this spam activity. SC is primarily about listing spam sources in a blocklist to cut off the flow of spam (for those who use the blocklist) so SC reporters accordingly achieve more than just alerting the responsible network administrators.

You may not be ready to take that step so another (more basic) tool to consider might be the Abuse! reporter - however this doesn't do as good a job as SC in tracking down the sources IMO and may be a little problematic if it has to negotiate much in the way of internal network handling (if you don't know the details of such "internals" to configure it appropriately) - I don't know. And it doesn't feed a blocklist.

Link to comment
Share on other sites

Ah sorry for clogging up the forum! :blush:

Thanks very much for clarifying for me though, I'd been trying to read through FAQ and stuff but I didn't really follow it that well, since I wasn't actually sure what I was trying to look for!

I'll get working on your suggestions. Thanks again!

Link to comment
Share on other sites

Thanks very much for clarifying for me though, I'd been trying to read through FAQ and stuff but I didn't really follow it that well, since I wasn't actually sure what I was trying to look for!

I'll get working on your suggestions. Thanks again!

Another thing, from my experience, while YOU may often get spam forged from your address, it is a lot less likely (except in the case of viruses pulling information from adress books) for someone you know to receive a spam forged from your address. Often, I have received the same spam on multiple accounts and all are "from" the account that received it. It was simply scripted to put the same address in both places.

Sometimes your address can be used in a batch of spam sent, and you will see the resulting bounces from systems not setup very well. Anyone who complains to you about those mailings does not understand that sent addresses are easily forged.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...