[an error occurred while processing this directive]
[an error occurred while processing this directive]
[an error occurred while processing this directive]
SPAM at 40ers.com
This page describes how I fell victim to a mass spamming list and what I am currently doing to resolve this problem.
Basically, it was my fault (and stupidity) for responding to a greeting card memo:
To: me@my_domain
Subject: You have received an e-card
From: "2greet.com !"
X-Sender:
X-Mailer: 2greet.com mail server
X-Priority: 1
Dear You,
You have received an e-card from someone you know.
However, he or she told us you should guess who it's from.
So click on the url below to view the card.
http://www.2greet.com/ .... (full url w/ my id withheld)
Regards,
2greet.com !
! Remember if you not pick up your card within 30 days it will be removed from the server.
The following day spam advertisement mail began filling my mailbox.
I search Google for SPAM, FIGHT SPAM, and SPAMMER to see if there was anything I could do to stop the spamming and
found a couple of PC programs that I am currently using:
- MailWasher v2.0
- A shareware utility I configured to check my email before downloading files into Eudora Pro. Preferences
allow you to place spam on a blacklist and friends on a whitelist. Blacklist mail can be configured to DELETE the
message from the server and even send the sender ISP a bounced message. You can preview mail messages without
fear of hidden graphics being downloaded from the spammer site alerting them that your site is viewing their mail.
You can also review hidden html memo source. The log file can retrieve marked blacklist urls with the date the blacklist
item was added to the database. This information can be imported into a tracking database.
I use it by first connecting to the web, all received e-mails are displayed, I add new spam to the blacklist, obtain
the header information and then fire up Sam Spade using its' whois function to see who the primary ISP is (responsible domain). Download at:
MailWasher.net, and see: MailWasher Help.
- Sam Spade v1.4
- The is a networking software having a number of useful features such as; Trace, Whois, and Parse Email Headers.
The information obtained is stored in the SPAM.fp5 database (see below). Download at: Sam Spade
- SPAM.fp5
- I wrote a FileMaker Pro database (work still in progress) call SPAM.fp5 and its relational file
SPAMDATA.fp5 to hold and analyze the data I was obtaining from Sam Spade. The MailWasher blacklist file
can be imported and its entry date converted to FMP format. Domains are broken out of the spammer email string. As a
new spam record is received, a new record routine adds the record to both databases. Whois and Parsed header info are
added to SPAMDATA fields. The primary ISP (hosting domain) contacts e-mail addresses are recorded in
a SPAMCONTACTS.fp5 database used to associate the primary ISP and build an EMAILTO field. A MAILBODY field is
used to generate a very polite message to
the primary ISP provider along with a list of all SPAM urls being supported by the primary ISP. A click of a button
generates an e-mail which is sent to the primary ISP provider:
Greetings!
Please be advised an account, SUCCESS@DAILYPROMO.COM from domain DAILYPROMO.COM, is
using your, and/or your customer server(s) to bulk mail spam to my e-mail address.
Please remove me from ALL DAILYPROMO.COM promotion (spam) lists or I will contact
the Washington State Attorney General's Office, Consumer Protection Division, with
a Junk E-Mail Complaint Form.
Thanks for your cooperation.
SPAM LISTS:
kid@dailypromo.com
music@dailypromo.com
print@dailypromo.com
success@dailypromo.com
homes@dailypromo.com
See Spam Collection gathered from 10/07/02 to present. Spam by Date, Spam by Domain
Here is what I was able to determine from the Spam Data Collection. Much of it is speculation as I
have been unable to verify the actual process except for what I have received in my mailbox:
- The web site andromeda.powweb.com used 2greet.com (appears to be legitimate) to send a card to me. He/she
used his localhost personal web server to send the card announcement.
- I responded to the Greeting Card, the spammer got my email address confirmed.
- The spammer registered my email address with several ISPs, the primary one being
Ad Pro Solutions.
- AdPro entered my e-mail address into their customer database. Their customers included:
All of the above domains indicated Ad Pro Solutions was the registered ISP for the domain (Sam Spade Whois)
administrator and all had concealed domains meaning Whois and Traceroute could not locate the domain. I assumed
these sites were using the Ad Pro Solutions database to select customers.
- Since the spamming addresses were bogus and I could not contact the spammer directly, I mailed the above
letter to Ad Pro Solutions identifying their customer sites.
- Results ... too early to tell but two days after e-mailing Ad Pro Solutions, my spam seems to have decreased
with no further memos being received from their client sites. I will continue tracking my spam until I am satisfied
the problem(s) have been resolved.
Here is an interesting note appearing on the primary ISP web page:
Lead Generation:
AdPro Solutions can assist companies in acquiring targeted permission-based information from a
web consumer by collecting information when the consumer registers on the vendor partner’s web sites.
This targeting gives marketers the ability to generate a solid revenue stream through:
- Generation of Leads
- Building a targeted database of consumers interested in the marketer’s products or services
- Email Marketing
- Increased ROI
Through AdPro Solutions targeted permission based email program, marketers can establish and build
solid lasting relationships with our members by offering appealing products, and services that are geared
specifically to match the members of our database interested in these types of offers.
The Pop-Up Ads can be launched upon entry or exit of a web site or email message as a smaller browser
window consisting of a marketer’s product or service offer. The Pop-Up Ads give consumers the advantage
of responding to offers, samples, and promotions without leaving the host web site.
I really do not know who is being spoofed here, me, the primary ISP, the greeting card web site, or all; but,
no one asked my permission to be placed in their database.
You might note the following:
- Never read a spam memo on-line after you use MailWasher to bounce the memo. Most spam memos may have hidden images
located on the spammers web site that records you browser data/cookies indicating you are still reading their e-mail. A
bounce back to the postmaster@domain site indicates their email could not be delivered. You do not want to make
a liar out of yourself by reading their memo while connected to the web and give them the stats to show you are
still on the web.
- Be polite to the primary ISP as they are not directly responsible for the spam, even though their customers maybe.
- It helps if your state has anti-spam laws you can refer to in your primary contact memo.
- Provide only information required for the primary ISP to identify offending customer domains.
- Make sure you maintain a database with copies of the spamming memo, sender domain, whois information, and any other
info you can track down. You may need it if you actually do contact your Attorney General.
- DO NOT RESPOND DIRECTLY TO THE SPAMMER(S).
Since sending my memo to the primary domain hosting ISP, spamming has significantly decreased. I continue to get the
normal and new spam, but have the tools I need to attempt to resolve these problems. I WAS LUCKY
to have located a contact person willing and could assist with the problem. This is not always the case.
Here are some references:
E-mail Jim Fortier
|
HdwSwr |
Revised: Sunday - November 17, 2002 |
[an error occurred while processing this directive] |