I hate spammers…
…but I’m starting to hate users who complain to the wrong people about spam more.
Apparently, some scum is (badly) forging a Received: header field with the www.lofcom.com address. The forgery seems to be malformed (in the few examples I’ve seen, anyway), looking like:
Received: from www.lofcom.com (HELO lofcom.com [27
The examples I’ve seen appear to be coming out of China and Hong Kong-based machines, but it’s possible they’re coming from zombies all over the world. I don’t know what they’re advertising, because with all the complaints I’ve received, no one has bothered sending me an accurate copy of the mail including complete header fields and body. I do know the To: header field contains, “undisclosed-recipients: ;” which is unusual in spam. Regardless, I am getting seriously tired of people seeing a web address in the headers and complaining to me about the spam. I mean seriously tired.
Look, people, forget that I’m more anti-spam than you can ever hope to be. Ignore that I’ve properly complained about more spam in my carreer than you will ever hope to get. Don’t pay any attention to the clear anti-spam graphics on the lofcom.com website.
Buy a friggin’ clue that header fields can be forged, and learn how the blazes to complain to the proper originator!
Sorry, I just had to get that out of my system. Seriously; there’s a wealth of tutorials on the Internet to explain how to “chain” Received: header fields. There’s my personal favorite, SpamCop, who will actually do this for you so you don’t have to worry about making the mistake. It’s really easy to tell from what machine any given spam came from, really it is. And although I should note this is only an anecdotal observation, most of the misdirected cursing and complaining seems to be coming from Canadians. I make no judgement here, only note the observation.
But please stop swearing at me simply because some spammer scum badly forged a Received: header field, huh?
January 15th, 2005 at 9:31 pm
Hum…this example appears to be from Latvia (213.180.96.0/19). I know the HTML conversion of WordPress is screwing up what displays here (I added the emphasis on the important Received: header field), but I checked the “raw” data in the database, and am surprised that there seems to be no body. I wonder if this spammer is so bad at what he does that his zombied machines don’t even have the sense to add his advert? –cfs3
January 21st, 2005 at 10:42 am
I read your comments about no one sending you headers etc.. I am sending you a message received today and BTW EVERY day which is addressed to ME FROM me showing YOUR site as sending just as you described.
Anne
January 21st, 2005 at 10:49 am
Here is the header information from email supposed to be from you.
I hope this helps you track who is doing this.
I also find about 30% of our mail is SPAM and another 20% is people complaining about spam supposedly coming from us, which as in your case also, is not sent from my site.
Have a good day,
Anne
——– Original Message ——–; Fri, 21 Jan 2005 08:21:05 -0600; Fri, 21 Jan 2005 08:20:58 -0600
From: - Fri Jan 21 09:26:53 2005
X-Account-Key: account6
X-UIDL: 20050121142119s1900re80ue0030a3
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Received: from naturesplan.com (unknown[207.44.150.101](misconfigured sender)) by sccrmxc19.comcast.net (sccrmxc19) with ESMTP id <20050121142108s1900fda84e>; Fri, 21 Jan 2005 14:21:19 +0000
X-Originating-IP: [207.44.150.101]
Received: from ns24.super-hosts.com (root@localhost) by naturesplan.com (8.11.6/8.11.6) with ESMTP id j0LEL5G12656 for
X-ClientAddr: 200.114.217.115
Received: from 115-217-114-200.fibertel.com.ar (115-217-114-200.fibertel.com.ar [200.114.217.115]) by ns24.super-hosts.com (8.11.6/8.11.6) with SMTP id j0LEKuE12606 for
Date: Fri, 21 Jan 2005 08:20:58 -0600
From: anne@naturesplan.com
Message-Id: <200501211420.j0LEKuE12606@ns24.super-hosts.com>
Received: from www.lofcom.com (HELO lofcom.com [23
X-MailScanner-Information: Please contact the ISP for more information
X-MScan: Not scanned: please contact your Internet E-Mail Service Provider for details
X-MailScanner-SpamCheck:
X-Antivirus: AVG for E-mail 7.0.302 [265.7.1]
Much thanks. And although, again, WordPress is being to smart for itself and screwing up the display, the raw message in the database shows it to be similar to the others, malformed header field and all.
This one apparently originated in Argentina, although I don’t trust the chain much past the Everyones Internet, Inc. delivery…but it’s likely a zombied machine regardless of the geographical location. One just reported a few minutes ago originated in Hong Kong.
What’s more important to me than who, is why. These spam messages don’t have any body content (or at least I haven’t seen any in any of the forwards I’ve received), so it doesn’t make a lick ‘o sense someone would waste the time sending these out in the first place. About all it’s doing is drawing a lot of attention to our anti-spam stance and the general disgust with spam in general…which, if you’re a spammer, doesn’t seem to be something you’d want to do.
January 31st, 2005 at 7:59 am
I recived the same mail. No Body no header.
I also would like to know why someone is doing this with your domain? Is this a new kind of spam? I’d never read any spam and followed to a site because I know what those spammers want. But what’s with this mail?! I followed directly to your site… Spam or not?! What are you offering? Looks like Anne followed the same way?
Greets,
Roi Danton
Why? Probably two seperate reasons: 1) We report all of the spam that gets through our filters (using SpamCop, which is very careful about not reporting forged header fields), so revenge is a likely component, and 2) misdirection; the more different domains the spammers can put in the spam, the more confusing it is to most people.
What I have yet to even guess at is why the blank messages. I originally thought the spammer was just incompetent, but it’s gone on far too long for that. The only assumption that makes any sense is revenge…this puts me way too high in the anti-spam pecking order. Maybe some spammer scum got annoyed by my anti-spam page?
February 3rd, 2005 at 1:19 pm
my header is only a small one:
Return-Path: < ..my adress..>
X-Flags: 1001
Delivered-To: GMX delivery to ..my adress..
Received: (qmail invoked by alias); 03 Feb 2005 17:14:11 -0000
Received: from unknown (HELO 213.165.64.100) (200.24.116.153)
by mx0.gmx.net (mx061) with SMTP; 03 Feb 2005 18:14:11 +0100
Received: from www.lofcom.com (HELO lofcom.com [22
From: ..my adress..
To: ..my adress..
Date: Thu, 3 Feb 2005 18:14:15 +0100
Nuts…I hadn’t heard from anyone for a while, so I was hoping this had stopped. Much thanks for letting me know it’s still happening; even though I wish it weren’t, I’d rather know about it!
February 5th, 2005 at 12:14 pm
Add my name to the list too. I just got one, to me, from me. Also, with no body.
It looks like their hacking the header up on purpose, so it will be easy to see your domain. I am not a spammer, but I think I could have hid it a little better. Have you made someone mad recently?
It sure looks that way, doesn’t it? –cfs3
February 7th, 2005 at 12:22 pm
Nope, it hasn’t stopped. Small header for mine too. Same as the others, from me to me and no message body.
Good luck… Looks like you are on someone’s sh*t list.
Return-Path: < ..my address..>
Received: from 204.122.16.69 ([221.127.95.63])
by ultra5.eskimo.com (8.12.10/8.12.10) with SMTP id j174Zg21005813
for < ..my address..>; Sun, 6 Feb 2005 20:35:44 -0800
Date: Sun, 6 Feb 2005 20:35:42 -0800
From: Scott Schroeder < ..my address..>
Message-Id: <200502070435.j174Zg21005813@ultra5.eskimo.com>
Received: from www.lofcom.com (HELO lofcom.com [29
X-UIDL: ?VO”!Gf$!!VK’!!*=&!!
February 7th, 2005 at 8:06 pm
well hello there gang,
strange how this problem seems to be affecting more and more people !! ( although most people probably dont bother coming here i would say !!)
I found it strange to receive an e-mail from myself that i didn,t send to myself, and even more weird that i hadn,t included any body in the thing…but sometimes we forget we do things as age takes its toll !!
I also seem to be getting a lot of “SPAM” ( my own fault i suppose, and always a problem with the e-mail harvesters on EBAY till you work out what they are up to !! ) but this one threw me a bit until i read the headers which brought me here, and i was relieved to find that there is a reason for all of this !!
My theory is based upon two “RETURNED” e-mails which i received a week or so ago, which I HAD NOT SENT, and the content of the e-mail was to advertise an X rated website.
These guys are not only harvesting e-mail addresses to use for there own underhand reasons, they are also using e-mail finder software which alerts them to active e-mail accounts. (if it dont bounce then it got through !!..so they use it !!) it is surprising how many e-mails i have had with “no content in the last 6 months.
I had been thinking of deleting the particular e-mail address i was getting all the spam through, and have finally made up my mind about it, and it will be gone shortly.
The theory is quite simple, ..and this i would say is only the tip of the iceberg !!
Where you used to get “SPAM” you are possibly now an unwitting spammer, as the set up is such that once your e-mail address is “out there” then they can use it, and all the others they have gleaned to spam away, and advertise their sleazy sites and blame it on the “other guy”…thats you and me .
How to stop it ?? …change your e-mail address and dont be silly with it again….(thats what i will be doing.)
I wont post the headers here, as they dont matter due to the fact that these cretins can change their set-ups to suit, and disguise their locations at will, but i will say this !!…it will get alot worse !! (unless tout le monde change their e-mail addresses)
A final word on this point….HONI SOIT QUI MAL Y PENSE !!
KLICK
February 8th, 2005 at 2:25 pm
I have a question
what does the
X-ClientAddr
line mean in a header..I am supposedly getting an email from from someone in Romania, and it says it is from Indiahits.com first and then as I scroll down the header it has this line and another IP address and from the 3 emails I have received each of the Ip addresses next to the X-ClientAddr line are different…what does that mean?
So far as I know, the X-ClientAddr: header field is added by some web-based mail systems to indicate the IP of the inbound connection…it may or may not be valid, depending on the system adding the header field.
To quote a posting in the SpamCop help list: “X-(anything) headers are *not* official headers and are not part of the email tracing procedure described in the RFCs.” It’s a little like the X-Originating-IP: header field; I’d trust it if the mail came through Hotmail’s servers (I know they use it), but wouldn’t if the mail appeared to come from mac.com or somewhere else. –cfs3
February 9th, 2005 at 8:07 am
I wondered why a blank email was being sent out with my name as the return path. If they hadn’t sent it to me as well, I would never have known and they are obviously targeting you for some reason but the header is strang enough for me to know you are driving it.
This person seems to be some kind of nut.
Return-Path:
X-Original-To: davepage@dial.pipex.com
X-Envelope-To: davepage@dial.pipex.com
Delivered-To: davepage@dial.pipex.com
Received: from host213-235.pool80116.interbusiness.it (host213-235.pool80116.interbusiness.it [80.116.235.213])
by zone.systems.pipex.net (Postfix) with SMTP id 78677E000089;
Wed, 9 Feb 2005 10:17:20 +0000 (GMT)
Received: from www.lofcom.com (HELO lofcom.com [27
Message-Id: <20050209101720.78677E000089@zone.systems.pipex.net>
Date: Wed, 9 Feb 2005 10:17:20 +0000 (GMT)
From: davepage@dial.pipex.com
February 10th, 2005 at 1:02 pm
No subject, no text, no “anything” Just from “me” to “me”.
Received: from barracuda.litel.com (mx.litel.com [64.184.32.3])
by zes.litel.com (8.11.7+Sun/8.11.6) with ESMTP id j1AHQlm16244;
Thu, 10 Feb 2005 12:26:47 -0500 (EST)
Received: from 209-218-90.adsl.terra.cl (209-218-90.adsl.terra.cl [200.90.218.209])
by barracuda.litel.com (Spam Firewall) with SMTP
id 023B0D002398; Thu, 10 Feb 2005 12:35:19 -0500 (EST)
Received: from www.lofcom.com (HELO lofcom.com [20
Message-Id: <20050210173519.023B0D002398@barracuda.litel.com>
Date: Thu, 10 Feb 2005 12:35:19 -0500 (EST)
X-Virus-Scanned: by LiTel Spam Filter at litel.com
From: eller@litel.com
X-UIDL: ;e\!!?Ho”!j4`!!?[8″!
February 13th, 2005 at 2:53 pm
THANK YOU! Yes, headers can be forged. One thing I HATE is an automated spam filter/virus filter that blocks your email address because some windows using bozo has their machine sending spoofed emails. Just DROP MICROSUCK for a better machine, like a FreeBSD, Linux or OSX machine NOW!
February 17th, 2005 at 2:50 pm
Here is the forged header to look like it is coming from your site:
“from www.lofcom.com (HELO lofcom.com ”
Here is the actual IP of the offender that sent the message to our system:
“from ([200.102.253.237]) by komail3.ko.com with SMTP id KP-TRPN2.59800959; Thu, 17 Feb 2005 13:16:37 -0500″
RFC822 Header Name:
“Received”
RFC822 Header Delimiter:
“: ”
RFC822 Header Body:
66 72 6F 6D 20 from
28 5B 32 30 30 ([200
2E 31 30 32 2E .102.
32 35 33 2E 32 253.2
33 37 5D 29 0D 37]).
0A 09 62 79 20 ..by
6B 6F 6D 61 69 komai
6C 33 2E 6B 6F l3.ko
2E 63 6F 6D 20 .com
77 69 74 68 20 with
53 4D 54 50 20 SMTP
20 69 64 20 4B id K
50 2D 54 52 50 P-TRP
4E 32 2E 35 39 N2.59
38 30 30 39 35 80095
39 3B 0D 0A 09 9;…
54 68 75 2C 20 Thu,
31 37 20 46 65 17 Fe
62 20 32 30 30 b 200
35 20 31 33 3A 5 13:
31 36 3A 33 37 16:37
20 2D 30 35 30 -050
30 0D 0A 0..
User is in the from and SMTPOriginator fields.
No subject and no text to the message.
Thank you!
Paul Hall
February 20th, 2005 at 7:52 am
Return-Path:-00044c-00@mx25.web.de>
X-Flags: 0000
Delivered-To: GMX delivery to myadress
Received: (qmail invoked by alias); 20 Feb 2005 12:41:36 -0000
Received: from mx25.web.de (EHLO mx25.web.de) (217.72.192.197)
by mx0.gmx.net (mx002) with SMTP; 20 Feb 2005 13:41:36 +0100
Received: from [218.191.137.115] (helo=217.72.192.188)
by mx25.web.de with smtp (WEB.DE 4.103 #192)
id 1D2qOz-00044c-00; Sun, 20 Feb 2005 13:41:34 +0100
Received: from www.lofcom.com (HELO lofcom.com [29
Message-Id:
From: myadress
Date: Sun, 20 Feb 2005 13:41:34 +0100
X-WEBDE-FORWARD: myadress -> myadress
To: myadress
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: 0 (Sender is in whitelist: myadress)
X-GMX-UID: 4elzKj9XTlIvJraoNmhrSVVGU2poZdmD
February 22nd, 2005 at 1:05 pm
well, I understand why canadians may be pissed. Im an American working as a consultant here in Canada and for the last 3 weeks we have been inundated with about 5000 spams per hour from those culprits using your domain name in the header. We have actually traced it back to California. It went through China then Italy to California, San Andreas area to be specific. We are working with law enforcement since the spams are phishing for EBAY and CITIBANK info.
Mike
Holy crap…5k/HOUR?!
If you ever put a hand on the b*stards, shove something down their throat for me, huh? –cfs3
February 22nd, 2005 at 1:37 pm
Count me in. There was no subject and no message, just a blank email sent from “me” to me. I have not been “silly” with this address. Can’t imagine why me.
Return-Path:; Tue, 22 Feb 2005 03:48:08 -0800 (PST)
Original-Recipient: rfc822;greg@worthey.com
Received: from milter5.wss.scd.yahoo.com (66.218.85.20) by mta6.wss.scd.yahoo.com (7.0.042)
id 4212A3D100364DCC for greg1@worthey.com; Tue, 22 Feb 2005 03:48:16 -0800
Received: from cm218-253-104-168.hkcable.com.hk (cm218-253-104-168.hkcable.com.hk [218.253.104.168])
by milter5.wss.scd.yahoo.com (8.13.1/8.13.1) with SMTP id j1MBlxZu015631
for
Date: Tue, 22 Feb 2005 03:47:59 -0800 (PST)
From: greg@worthey.com
Message-Id: <200502221148.j1MBlxZu015631@milter5.wss.scd.yahoo.com>
Received: from www.lofcom.com (HELO lofcom.com [24
Apparently-To:
X-Spam-Track: -40
X-Originating-IP: [218.253.104.168]
X-Antivirus: AVG for E-mail 7.0.300 [266.2.0]
February 23rd, 2005 at 11:16 am
Here is another example (in case it’s of use) which appears to have originated in Buenos Aires (Argentina). Fortunately our spam filter has picked it up so I just got a message from messagelabs saying that they can’t deliver a message I didn’t send - so no harm done. Good luck!
P.S I removed the email addresses from the extract below for obvious reasons.
Return-Path: [removed by me!]
X-VirusChecked: Checked
X-Env-Sender: [removed by me!]
X-Msg-Ref: server-3.tower-33.messagelabs.com!1109173851!15902744!1
X-StarScan-Version: 5.4.11; banners=logica.com,-,-
X-Originating-IP: [200.16.254.17]
X-SpamInfo: spam detected heuristically
X-Spam-Flag: YES
X-SpamOriginallyTo: [removed by me!]
X-SpamOriginallyTo: [removed by me!]
X-SpamOriginallyTo: [removed by me!]
X-SpamOriginallyTo: [removed by me!]
X-SpamOriginallyTo: [removed by me!]
X-SpamOriginallyTo: [removed by me!]
X-SpamReason: Yes, hits=7.0 required=7.0 tests=No Message-ID,PB_IP(16,8),
PB_IP(16,8)
Received: (qmail 16508 invoked from network); 23 Feb 2005 15:51:24 -0000
Received: from host17.advance.com.ar (200.16.254.17)
by server-3.tower-33.messagelabs.com with SMTP; 23 Feb 2005 15:51:24 -0000
Received: from www.lofcom.com (HELO lofcom.com [23
February 23rd, 2005 at 11:43 am
Following from the previous post - here is the trace route for the IP address (I wonder who telefonica-wholesale are?!?!)
[internal routing]
13 60 ms 30 ms 20 ms T3P000528-s4-3-1.pbp-3.pbp.lon.UK.COLT.NET [213.86.157.21]
14 20 ms 20 ms 20 ms g2-2.cr3.LON.ctf.lon.UK.COLT.NET [195.110.65.97]
15 10 ms 20 ms 20 ms pos1-1-cr1.LON.router.COLT.NET [212.74.64.173]
16 20 ms 30 ms 30 ms pos9-0-cr1.AMS.router.colt.net [212.74.66.53]
17 20 ms 30 ms * GE0-2-0-0-grtamstc.ri.telefonica-data.net [195.69.144.208]
18 40 ms 30 ms 20 ms GE6-0-0-0-grtamstc1.red.telefonica-wholesale.net [213.140.37.46]
19 40 ms 50 ms 40 ms So7-1-1-0-grtparix1.red.telefonica-wholesale.net [213.140.38.225]
20 110 ms 110 ms 120 ms P14-0-grtwaseq1.red.telefonica-wholesale.net [213.140.37.190]
21 130 ms 140 ms 170 ms P1-0-grtmiabr1.red.telefonica-wholesale.net [213.140.36.49]
22 250 ms 250 ms 261 ms P10-0-grtbueba1.red.telefonica-wholesale.net [213.140.43.13]
23 340 ms 241 ms 260 ms TEargentina-15-0-5-grtbueba1.red.telefonica-wholesale.net [213.140.51.138]
24 250 ms 260 ms 251 ms host62.advance.com.ar [200.51.65.62]
25 250 ms 261 ms 260 ms host61.advance.com.ar [200.51.65.61]
26 400 ms 531 ms 481 ms host70.advance.com.ar [200.41.244.70]
27 * * * Request timed out.
28 661 ms 421 ms 520 ms host17.advance.com.ar [200.16.254.17]
February 25th, 2005 at 10:59 am
Here is the info that came through on my latest email. I have receive about 20 of the “From Me, To Me” emails with no body text in the past week.
Received: from psmtp.com (exprod5mx97.postini.com [64.18.0.85]); Fri, 25 Feb 2005 08:21:20 -600 NZT forward (user good) [137/8]
by bsafemail.com (SurgeMail 2.2c10) with ESMTP id 8885701
for
Return-Path:
Received: from source ([69.145.248.18]) by exprod5mx97.postini.com ([64.18.4.10]) with SMTP;
Fri, 25 Feb 2005 06:11:17 PST
Received: from [172.18.131.8] (HELO be-1.cluster1.bresnan.net)
by fe-1.cluster1.bresnan.net (CommuniGate Pro SMTP 4.2.5)
with ESMTP id 155288974 for csmartin@bsafemail.com; Fri, 25 Feb 2005 07:11:09 -0700
Received: from
by be-1.cluster1.bresnan.net (CommuniGate Pro RULES 4.2.5)
with RULES id 2698055; Fri, 25 Feb 2005 07:11:09 -0700
X-Autogenerated: Mirror
Resent-From:
Resent-Date: Fri, 25 Feb 2005 07:11:09 -0700
Received: from [69.145.248.1] (HELO p01m5-027)
by fe-1.cluster1.bresnan.net (CommuniGate Pro SMTP 4.2.5)
with SMTP id 155288971; Fri, 25 Feb 2005 07:11:09 -0700
Received: from unknown [69.13.88.1] (EHLO express21.propagation.net)
by p01m5-027 (mxl_mta-1.3.8-10p6) with ESMTP id cf13f124.9099.004.p01m5-027;
Fri, 25 Feb 2005 07:11:08 -0700 (MST)
Received: from cm61-15-224-48.hkcable.com.hk (cm61-15-224-48.hkcable.com.hk [61.15.224.48])
by express21.propagation.net (8.11.6p2/8.11.6) with SMTP id j1PEAfm14733;
Fri, 25 Feb 2005 08:10:50 -0600
Date: Fri, 25 Feb 2005 08:10:50 -0600
From: craigmartin@insuranceemall.com
Message-Id: <200502251410.j1PEAfm14733@express21.propagation.net>
Received: from www.lofcom.com (HELO lofcom.com [27
X-Spam: [F=0.4702103751; heur=0.764(3000); stat=0.128; spamtraq-heur=0.650(2005022402)]
X-MAIL-FROM:
X-SOURCE-IP: [69.13.88.1]
X-pstn-levels: (S: 0.10833/95.60947 R:95.9108 P:95.9108 M:97.0232 C:98.7678 )
X-pstn-settings: 3 (1.0000:1.0000) s gt3 gt2 gt1 r p m c
X-pstn-addresses: from
Subject: (No subject header)
X-Server: High Performance Mail Server - http://surgemail.com
X-Rcpt-To:
X-IP-stats: Incoming Last 0, First 24, in=941, out=0, spam=0
X-External-IP: 64.18.0.85
Status: U
X-UIDL: 1109341280.1140_4222.ml2
After reading about the guys being prosecuted for Spamming, I thought they were being a little over zealous. However, after this week and reading some other comments, I think the punishment that happened to the Emperor in Shogun might be appropriate.
March 4th, 2005 at 7:35 am
I’ve been receiving the same mail for weeks, and today I decided to check the headers, and it led me to your site. The message only contains headers, no body.
Return-Path: < [My email] >
Received: from cm218-255-112-243.hkcable.com.hk (cm218-255-112-243.hkcable.com.hk [218.255.112.243])
by ftp.sivit.org (8.12.8/8.12.8) with SMTP id j24CMHOc015946
for < [My email] >; Fri, 4 Mar 2005 13:22:18 +0100
Date: Fri, 4 Mar 2005 13:22:17 +0100
From: “debilitron.com” < [My email] >
Message-Id: <200503041222.j24CMHOc015946@ftp.sivit.org>
Received: from www.lofcom.com (HELO lofcom.com [24
X-UIDL: g”2″!NM/!!Mpi”!!OR”!
X-Antivirus: avast! (VPS 0509-4, 03/03/2005), Inbound message
X-Antivirus-Status: Clean
That’s all there is about it. Not really annoying, I was just curious. The subject of the message is simply “debilitron.com” which is my website.
March 8th, 2005 at 5:44 am
This is the 2nd mail that i recived in 1 month.
Received: from localhost (unknown [127.0.0.1])
by tiga.at.subik.com (Postfix) with ESMTP
id 09B9CC670; Tue, 8 Mar 2005 03:03:52 +0000 (UTC)
Received: from tiga.at.subik.com ([127.0.0.1])
by localhost (tiga.at.subik.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 06138-03; Tue, 8 Mar 2005 04:03:44 +0100 (CET)
Received: from 62.99.235.204 (unknown [210.111.207.10])
by tiga.at.subik.com (Postfix) with SMTP
id A3616C666; Tue, 8 Mar 2005 04:03:33 +0100 (CET)
Received: from www.lofcom.com (HELO lofcom.com [22
Message-Id: <20050308030333.A3616C666@tiga.at.subik.com>
Date: Tue, 8 Mar 2005 04:03:33 +0100 (CET)
X-Virus-Scanned: by amavisd-new at subik.com
To: undisclosed-recipients:;
X-Scan-Signature: 83a480794de2c79d8cf536485b3fc6bf
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: 0 (Sender is in whitelist: %%surround.at)
X-GMX-UID: iSweepsqMmApBnBGXGBnODkxMjQ1N12h
He, he…only two? Some folks who have written me privately are getting 10 and 20 per day.
Also, some of the spams are actually commercial messages for various scam stuff (drugs, sex, the usual garbage); the “real” spam messages seem to be distinguished by a completed Received: header field with our domain name in it. In all of the ones I’ve seen, the IP address is bogus (one octet greater than 255), and there’s an alleged handoff between www.lofcom.com and <random_word>.lofcom.com. These tend to rile people up the most, and are the ones I get the most threatening mail about. –cfs3
March 8th, 2005 at 1:23 pm
I received an e-mail from myself and the options had your return as follows:; Tue, 8 Mar 2005 10:41:04 -0500 (EST)
Return-Path:
Received: from 198.185.2.69 ([218.234.243.54])
by vespasian.mspring.net (Earthlink Mail Service) with SMTP id 1d8GPz6nr3Nl5tI0
for
Received: from www.lofcom.com (HELO lofcom.com [29
From:
Message-Id: <200503081041.1d8GPz6nr3Nl5tI0@vespasian.mspring.net>
Date: Tue, 8 Mar 2005 10:41:04 -0500 (EST)
X-NAS-Language: Unknown
X-NAS-Bayes: #0: 0.803086; #1: 0.196914
X-NAS-Classification: 0
X-NAS-MessageID: 8023
X-NAS-Validation: {4FFF9F5B-0862-47C2-858F-59F6F684AC80}
Did you serve in the military in Vietnam and who do you think would be out to harm you? I have exposed some 20 nonfiction authors with Random House and they definately HATE ME, but why you?
Nope; missed Vietnam by a few years, thank heavens. As to why they hate me, I doubt it runs that strong. I probably had one of their sites shut down, and so they add my domain name in to confuse people and make my life a little more miserable. –cfs3
March 12th, 2005 at 8:57 am
Received a notice from my mail adminstrator that mail I sent was undeliverable. Turned out to be identical to what has been described on your site. As I have my provider delete all spam, this is usually the only way I find out that my email address has been hijacked. I opened the attached msg(empty per normal from everything I have read here on your site.) Anyway for what it is worth attached is the internet heading per your request. Thanks for your continuing battle against spam - I continually report all the spam that sneaks through my provider’s filters and the more instance of spam I send to my provider the less I receive. We must never give up the fight or they will win…..
Received: from 10001224894.0000013279.acesso.oni.pt ([213.58.75.151])
by priv-edtnes44.telusplanet.net
(InterMail vM.6.01.04.00 201-2131-118-20041027) with SMTP
id <20050312125819.QQWV26080.priv-edtnes44.telusplanet.net@10001224894.0000013279.acesso.oni.pt>;
Sat, 12 Mar 2005 05:58:19 -0700
Received: from www.lofcom.com (HELO lofcom.com [26
Message-Id: <20050312125819.QQWV26080.priv-edtnes44.telusplanet.net@10001224894.0000013279.acesso.oni.pt>
Date: Sat, 12 Mar 2005 05:58:23 -0700
From:
March 16th, 2005 at 2:33 am
Here are my headers. The email always has my email address as the sender. Just a minor annoyance but I guess some people have no life.
From designer@webfashioner.com Wed Mar 16 00:52:34 2005; Wed, 16 Mar 2005 00:52:34 -0500
Received: from 64.176.126.190 ([221.124.96.20])
by host.ebuyme.com (8.12.10/8.12.10) with SMTP id j2G5qXFg012097
for
Date: Wed, 16 Mar 2005 00:52:33 -0500
From: designer@webfashioner.com
Message-Id: <200503160552.j2G5qXFg012097@host.ebuyme.com>
Received: from www.lofcom.com (HELO lofcom.com [29
X-SpamProbe: GOOD 0.0000000 2ce80efe0a86c4fa9c58a035ac62f5c4
Status: R
November 16th, 2005 at 2:12 pm
Below is an copy of the spam I received, including headers. I might remark that all this discussion about it may indeed just cause more, but then a smart spammer might just turn this into exposure - I am not saying this is the case here… just a thought. I too have received spam complaints, even from people that opted in directly for information from my ads. Of course they probably opted in to other ads as well, not relealising the others would sell and re-sell the names. I don’t do that. Anyhow, making no sense at all, here is the email that brought me here (it was probably stupid to visit the site, since I had no idea what it was about from the content of the email! I wasn’t even going to complain, I get so much, but I just live with it - well the protocols I use sort it just fine, so I don’t miss what I do want to receive!):
From: PFQNRHOLK@yahoo.com
Sent: Wednesday, November 16, 2005 8:09 AM
Received: from megachild (lof@chcgil2-ar9-4-83-271-006.chcgil2.dsl-verizon.net [192.64.58.12])
To: xxxxxxxxxx@earthlink.net
by www.lofcom.com (8.6.3/8.0.3) with ESMTP id MAA36557;
Wed, 16 Nov 2005 22:00:53 +0600
X-Envelope-From: PFQNRHOLK@yahoo.com
X-Sender: PFQNRHOLK@yahoo.com
Message-Id:
Date: Wed, 16 Nov 2005 11:04:53 -0500
From: “Reggie Mata”
Subject: Feeling loved, wanted and understood again is just what you deserve <3>
MIME-Version: 1.0
Content-Type: text/html; charset=”us-ascii”
Content-Transfer-Encoding: 7bit
TE9TVCBJTiBMT1ZFID8gRklORCBZT1VSIFdBWSAtIFRIRSBFQVNZIFdBWSENCmh0dHA6Ly8w
OTguOXV4YnhndzRmZ2Z0ZXI5cmZyOTlmcjk5LnVuaXRhcnlibi5pbmZvLz81MDgNCg0KQSB5
ZWFyIGFnbywgdGhlIGxvdmUgb2YgbXkgbGlmZSB3YXMgaW52b2×2ZWQgaW4gYW4gZXh0cmFt
YXJpdGFsIGFmZmFpciwgYW5kICB3YW50ZWQgYSBzZXBhcmF0aW9uLg0KU28gSSBoYXZlIGJl
ZW4gkXRoZXJlkiwgZ29uZSB0aHJvdWdoIJFpdJIsIGFuZCBsaXZlZCB0aHJvdWdoIHdoYXQg
SSB3b3VsZCBjYWxsICJhIGxpdmluZyBoZWxsIi4NCg0KV2hlbiBteSByZWxhdGlvbnNoaXAg
ZmFpbGVkLCBJIHdhbnRlZCB0byBicmluZyBiYWNrIG15IGxvdmVyLCBhcyBJIGZlbHQgZGVl
cCBpbiBteSBoZWFydCB0aGF0IHdlIHNob3VsZCBiZSB0b2dldGhlci4NCkJ1dCBJIGRpZCBu
b3Qga25vdyB3aGF0IHdlbnQgd3JvbmcgYW5kIHdoeSB0aGluZ3MgaGFwcGVuZWQgdGhlIHdh
eSB0aGV5IGRpZCENCg0KV2VsbCBtZWFuaW5nIGZyaWVuZHMgYW5kIGFzc29jaWF0ZXMgdHJp
ZWQgdG8gY291bnNlbCBtZSBhbmQgZG8gZXZlcnl0aGluZyB0aGV5IGNvdWxkIHRvIGhlbHAg
bWUuDQpUaGV5IGRpZCBub3QgYW5zd2VyIG15IG1vc3QgcHJlc3NpbmcgcXVlc3Rpb24gliBX
SFk/DQpUaGV5IGRpZCBub3QgdGVsbCBtZSBob3cgSSBjb3VsZCBzdG9wIHRoZSBzZXBhcmF0
aW9uIG9yIGhvdyB0byByZS11bml0ZSB3aXRoIG15IGxvdmVkIG9uZS4NClRoZXkgZGlkIG5v
dCB0ZWxsIG1lIGhvdyB0byBzdG9wIGFsbCB0aGF0IHBhaW4gYW5kIGh1cnQuDQpUaGV5IGRp
ZCBub3QgdGVsbCBtZSBob3cgSSBjb3VsZCBhY2hpZXZlIGEgaGFybW9uaW91cyBhbmQgZnVs
ZmlsbGluZyByZWxhdGlvbnNoaXAsIGZvciBhcyBsb25nIGFzIEkgd2lzaGVkIGFuZCBleGFj
dGx5IGFzIEkgd2FudGVkIGl0Lg0KDQpUaGUgdHJ1dGggaXMgeW91IGRvbid0IGhhdmUgdG8g
Y2hhbmdlIGEgYml0LiBZb3Uga25vdyBhbGwgdGhlIGFuc3dlcnMgYW5kIHRoaXMgYm9vayB3
aWxsIGhlbHAgeW91IHRvIGZpbmQgdGhlbS4NCmh0dHA6Ly81MjMuOXV4YnhndzRmZ2Z0ZXI5
cmZyOTlmcjk5LnVuaXRhcnlibi5pbmZvLz81NDc=
November 16th, 2005 at 2:32 pm
I received this today… ???
From: vbzkcdyc@msn.com
Date: 16 november 2005 19:46:39 GMT+01:00
Received: from megachild (lof@chcgil2-ar3-4-43-971-006.chcgil2.dsl-verizon.net [140.140.54.160])
by www.lofcom.com (8.4.3/8.8.3) with ESMTP id MAA36217;
Wed, 16 Nov 2005 13:44:41 -0500
X-Envelope-From: vbzkcdyc@msn.com
X-Sender: vbzkcdyc@msn.com
Message-Id:
Date: Wed, 16 Nov 2005 11:42:41 -0700
From: “Angela Bender”
To: inge.emile@pi.be
Subject: Feeling loved, wanted and understood again is just what you deserve <3>
MIME-Version: 1.0
Content-Type: text/html; charset=”us-ascii”
Content-Transfer-Encoding: 7bit
TE9TVCBJTiBMT1ZFID8gRklORCBZT1VSIFdBWSAtIFRIRSBFQVNZIFdBWSENCmh0dHA6Ly8y
MTAuOXV4YnhndzRmZ2Z0ZXI5cmZyOTlmcjk5LnVuaXRhcnlibi5pbmZvLz8wNTQNCg0KQSB5
ZWFyIGFnbywgdGhlIGxvdmUgb2YgbXkgbGlmZSB3YXMgaW52b2×2ZWQgaW4gYW4gZXh0cmFt
YXJpdGFsIGFmZmFpciwgYW5kICB3YW50ZWQgYSBzZXBhcmF0aW9uLg0KU28gSSBoYXZlIGJl
ZW4gkXRoZXJlkiwgZ29uZSB0aHJvdWdoIJFpdJIsIGFuZCBsaXZlZCB0aHJvdWdoIHdoYXQg
SSB3b3VsZCBjYWxsICJhIGxpdmluZyBoZWxsIi4NCg0KV2hlbiBteSByZWxhdGlvbnNoaXAg
ZmFpbGVkLCBJIHdhbnRlZCB0byBicmluZyBiYWNrIG15IGxvdmVyLCBhcyBJIGZlbHQgZGVl
cCBpbiBteSBoZWFydCB0aGF0IHdlIHNob3VsZCBiZSB0b2dldGhlci4NCkJ1dCBJIGRpZCBu
b3Qga25vdyB3aGF0IHdlbnQgd3JvbmcgYW5kIHdoeSB0aGluZ3MgaGFwcGVuZWQgdGhlIHdh
eSB0aGV5IGRpZCENCg0KV2VsbCBtZWFuaW5nIGZyaWVuZHMgYW5kIGFzc29jaWF0ZXMgdHJp
ZWQgdG8gY291bnNlbCBtZSBhbmQgZG8gZXZlcnl0aGluZyB0aGV5IGNvdWxkIHRvIGhlbHAg
bWUuDQpUaGV5IGRpZCBub3QgYW5zd2VyIG15IG1vc3QgcHJlc3NpbmcgcXVlc3Rpb24gliBX
SFk/DQpUaGV5IGRpZCBub3QgdGVsbCBtZSBob3cgSSBjb3VsZCBzdG9wIHRoZSBzZXBhcmF0
aW9uIG9yIGhvdyB0byByZS11bml0ZSB3aXRoIG15IGxvdmVkIG9uZS4NClRoZXkgZGlkIG5v
dCB0ZWxsIG1lIGhvdyB0byBzdG9wIGFsbCB0aGF0IHBhaW4gYW5kIGh1cnQuDQpUaGV5IGRp
ZCBub3QgdGVsbCBtZSBob3cgSSBjb3VsZCBhY2hpZXZlIGEgaGFybW9uaW91cyBhbmQgZnVs
ZmlsbGluZyByZWxhdGlvbnNoaXAsIGZvciBhcyBsb25nIGFzIEkgd2lzaGVkIGFuZCBleGFj
dGx5IGFzIEkgd2FudGVkIGl0Lg0KDQpUaGUgdHJ1dGggaXMgeW91IGRvbid0IGhhdmUgdG8g
Y2hhbmdlIGEgYml0LiBZb3Uga25vdyBhbGwgdGhlIGFuc3dlcnMgYW5kIHRoaXMgYm9vayB3
aWxsIGhlbHAgeW91IHRvIGZpbmQgdGhlbS4NCmh0dHA6Ly82MDAuOXV4YnhndzRmZ2Z0ZXI5
cmZyOTlmcjk5LnVuaXRhcnlibi5pbmZvLz8yMDQ=
Received: from megachild (lof@chcgil2-ar3-4-43-971-006.chcgil2.dsl-verizon.net [140.140.54.160])
by www.lofcom.com (8.4.3/8.8.3) with ESMTP id MAA36217;
Wed, 16 Nov 2005 13:44:41 -0500
X-Envelope-From: vbzkcdyc@msn.com
X-Sender: vbzkcdyc@msn.com
Message-Id:
Date: Wed, 16 Nov 2005 11:42:41 -0700
From: “Angela Bender”
To: inge.emile@pi.be
Subject: Feeling loved, wanted and understood again is just what you deserve <3>
MIME-Version: 1.0
Content-Type: text/html; charset=”us-ascii”
Content-Transfer-Encoding: 7bit
TE9TVCBJTiBMT1ZFID8gRklORCBZT1VSIFdBWSAtIFRIRSBFQVNZIFdBWSENCmh0dHA6Ly8y
MTAuOXV4YnhndzRmZ2Z0ZXI5cmZyOTlmcjk5LnVuaXRhcnlibi5pbmZvLz8wNTQNCg0KQSB5
ZWFyIGFnbywgdGhlIGxvdmUgb2YgbXkgbGlmZSB3YXMgaW52b2×2ZWQgaW4gYW4gZXh0cmFt
YXJpdGFsIGFmZmFpciwgYW5kICB3YW50ZWQgYSBzZXBhcmF0aW9uLg0KU28gSSBoYXZlIGJl
ZW4gkXRoZXJlkiwgZ29uZSB0aHJvdWdoIJFpdJIsIGFuZCBsaXZlZCB0aHJvdWdoIHdoYXQg
SSB3b3VsZCBjYWxsICJhIGxpdmluZyBoZWxsIi4NCg0KV2hlbiBteSByZWxhdGlvbnNoaXAg
ZmFpbGVkLCBJIHdhbnRlZCB0byBicmluZyBiYWNrIG15IGxvdmVyLCBhcyBJIGZlbHQgZGVl
cCBpbiBteSBoZWFydCB0aGF0IHdlIHNob3VsZCBiZSB0b2dldGhlci4NCkJ1dCBJIGRpZCBu
b3Qga25vdyB3aGF0IHdlbnQgd3JvbmcgYW5kIHdoeSB0aGluZ3MgaGFwcGVuZWQgdGhlIHdh
eSB0aGV5IGRpZCENCg0KV2VsbCBtZWFuaW5nIGZyaWVuZHMgYW5kIGFzc29jaWF0ZXMgdHJp
ZWQgdG8gY291bnNlbCBtZSBhbmQgZG8gZXZlcnl0aGluZyB0aGV5IGNvdWxkIHRvIGhlbHAg
bWUuDQpUaGV5IGRpZCBub3QgYW5zd2VyIG15IG1vc3QgcHJlc3NpbmcgcXVlc3Rpb24gliBX
SFk/DQpUaGV5IGRpZCBub3QgdGVsbCBtZSBob3cgSSBjb3VsZCBzdG9wIHRoZSBzZXBhcmF0
aW9uIG9yIGhvdyB0byByZS11bml0ZSB3aXRoIG15IGxvdmVkIG9uZS4NClRoZXkgZGlkIG5v
dCB0ZWxsIG1lIGhvdyB0byBzdG9wIGFsbCB0aGF0IHBhaW4gYW5kIGh1cnQuDQpUaGV5IGRp
ZCBub3QgdGVsbCBtZSBob3cgSSBjb3VsZCBhY2hpZXZlIGEgaGFybW9uaW91cyBhbmQgZnVs
ZmlsbGluZyByZWxhdGlvbnNoaXAsIGZvciBhcyBsb25nIGFzIEkgd2lzaGVkIGFuZCBleGFj
dGx5IGFzIEkgd2FudGVkIGl0Lg0KDQpUaGUgdHJ1dGggaXMgeW91IGRvbid0IGhhdmUgdG8g
Y2hhbmdlIGEgYml0LiBZb3Uga25vdyBhbGwgdGhlIGFuc3dlcnMgYW5kIHRoaXMgYm9vayB3
aWxsIGhlbHAgeW91IHRvIGZpbmQgdGhlbS4NCmh0dHA6Ly82MDAuOXV4YnhndzRmZ2Z0ZXI5
cmZyOTlmcjk5LnVuaXRhcnlibi5pbmZvLz8yMDQ=