Supreme Cmdr Posted November 25, 2003 Report Share Posted November 25, 2003 OK, this is cute, just cute. Yesterday I accidentally got wind of some jackass spammer using my [email protected] address as a return address for sending out spam. Funny enough, Mailwasher Pro actually flagged it for deletion because it was spam - even though it had my email address in it. So I downloaded it and inspected the headers. Well, take a look. I have archived like six of these and one seemed to be coming from a server at familypc.com which is hosted by Road Runner (those incompetent bastards) and I have send email to their abuse dept. Anyway, if anyone knows a way to clean up this mess, let me know. code:Return-Path: Delivered-To: [email protected] X-Envelope-To: [email protected] Received: (qmail 30336 invoked from network); 25 Nov 2003 12:39:13 -0000 Received: from h24-84-53-74.vc.shawcable.net (HELO 3000ad.com) (24.84.53.74) by qs292.pair.com with SMTP; 25 Nov 2003 12:39:13 -0000 Received: from leon-fdp7chah6b [24.84.53.74] by 3000ad.com with eSMTP; Tue, 25 Nov 2003 04:39:14 -0800 Message-ID: From: "dewey" To: Subject: Gener.ic Cia.lis - Lasts 2 times longer then Via.gra! Date: Tue, 25 Nov 2003 04:39:14 -0800 MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" X-Priority: 3 X-Mailer: PHP Return-Path: [email protected] Hel-Tracking: X-Spam-Filtered: d326419afd31d64e37ddbcb04596936e X-Spam-Status: No, hits=2.1 required=4.0 tests=HTML_FONT_BIG,HTML_FONT_COLOR_RED,HTML_40_50,MIME_HTML_ONLY,UPPERCASE_25_5 X-Spam-Flag: NO X-Spam-Level: ** code:Return-Path: Delivered-To: [email protected] X-Envelope-To: [email protected] Received: (qmail 47577 invoked from network); 22 Nov 2003 07:01:23 -0000 Received: from roc-66-66-251-198.rochester.rr.com (HELO 3000ad.com) (66.66.251.198) by qs292.pair.com with SMTP; 22 Nov 2003 07:01:23 -0000 Received: from FamilyComputer [66.66.251.198] by 3000ad.com with eSMTP; Sat, 22 Nov 2003 02:00:34 -0500 Message-ID: From: "edward" To: Subject: **JUNK** We can he.lp you find the best rates! Date: Sat, 22 Nov 2003 02:00:34 -0500 MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" X-Priority: 3 X-Mailer: PHP Return-Path: [email protected] Hel-Tracking: X-Spam-Filtered: d326419afd31d64e37ddbcb04596936e X-Spam-Status: Yes, hits=4.8 required=4.0 tests=HTML_FONT_BIG,HTML_FONT_COLOR_RED,THE_BEST_RATE,MIME_HTML_ONLY,HTML_20_30 X-Spam-Flag: YES X-Spam-Level: **** Link to comment Share on other sites More sharing options...
IceCold Posted November 25, 2003 Report Share Posted November 25, 2003 The good news is: this is not a Trojan and you are dealing with an external problem. I've done a trace on the first message source and here is what I came up with. http://www.senderbase.org/?searchString=sh...searchBy=domain The server you are interested in is h24-84-53-74.vc.shawcable.net Here is a website that will allow you to trace the rest: www.ip-trace.com Unfortunatly there is really nothing you can do to prevent this sort of problem from happening. Since the spamer is rotating servers you cannot simply plug that hole. My only advice is to obtain a record of the server logs and find the home IP of the spammer's computer and then give him Hell (cross refrence sending times with login times). Bon Chance, IceCold Link to comment Share on other sites More sharing options...
IceCold Posted November 25, 2003 Report Share Posted November 25, 2003 UPDATE Well now there is a reason to blame Canada Here is specific information on the server that sent you the first message. It even has a listed owner and location: Shaw Communications Inc. in Calgary. http://www.senderbase.org/search?searchString=24.84.53.74 Another bit of interesting info on this server: its sending volume is up 1722% from its average. Looks like someone broke in and is using this as a major spam hub. I bet the owners would love to hear that. Link to comment Share on other sites More sharing options...
Supreme Cmdr Posted November 25, 2003 Author Report Share Posted November 25, 2003 wow! thanks man, I'm on it! Link to comment Share on other sites More sharing options...
GREG MILLER Posted November 25, 2003 Report Share Posted November 25, 2003 This started happening to me last week when I went to add the sender to my block list, I noticed it was my own email addy. I've since got a total of 5 of these emails. I was and am still very pissed about this. If I ever catch this guy, I will drag him around the streets of Pittsburgh, tied to the back of my truck. Link to comment Share on other sites More sharing options...
Soback Posted November 26, 2003 Report Share Posted November 26, 2003 quote:Originally posted by Greg Miller: If I ever catch this guy, I will drag him around the streets of Pittsburgh, tied to the back of my truck. ROFL, I just got a mental picture of that. Link to comment Share on other sites More sharing options...
Guest Posted November 26, 2003 Report Share Posted November 26, 2003 This actually happened to me about 6 months ago. I kept getting these message cannot be delivered errors, hundreds of them, and I mean hundreds. It just about drove me crazy, so I called my ISP and asked them to do something, and there was absolutely NOTHING that they could do about it. They slowed down after about 2 weeks, but I was pissed that someone was using my e-mail address to spam people, and people were actually E-mailing me telling me to stop sending them this stuff. I responded to about 6 and then gave it up. Took about a month before everything finally halted and my e-mail address got back to normal. Oh and this was on 56K, so it was just joyful, let me tell you. Link to comment Share on other sites More sharing options...
Supreme Cmdr Posted November 26, 2003 Author Report Share Posted November 26, 2003 ...just wait'll I catch this sumb*tch. Link to comment Share on other sites More sharing options...
DennyMala Posted November 26, 2003 Report Share Posted November 26, 2003 GIVE 'EM HELL BOSS!!!!!! Link to comment Share on other sites More sharing options...
GREG MILLER Posted November 26, 2003 Report Share Posted November 26, 2003 SC, let me know when you've captured the scum. I will be down to hook him up to the back of my truck for the drive back to Pittsburgh. After a few trips around the 'burgh, then I will head out west to Gig Harbor so Jaguar can drag him around there for a while. I just hope there is enough of him left for Jaguar to get some satisfaction out of. Link to comment Share on other sites More sharing options...
Bandus Posted November 26, 2003 Report Share Posted November 26, 2003 Seriously SC, I know it's your normal procedure to report people to the "proper authorities" but make an exception this time please. Simply post his personal info on the boards here and the rest will be taken care of....really... Link to comment Share on other sites More sharing options...
Epsilon 5 Posted November 26, 2003 Report Share Posted November 26, 2003 hmm .. bring him to where i work, I'll get one of the 2.5 tons forklifts (~1 ton pallet not included) to drive him over .. Link to comment Share on other sites More sharing options...
Guest Posted November 27, 2003 Report Share Posted November 27, 2003 i had a couple of messages like that - thankfully none of them were deliverable i asked a friend who works for Symantec about it - he said it was an e-mail virus that would've harvested my e-mail addy from an infected user's address book to use as a return addy Link to comment Share on other sites More sharing options...
Kalshion Posted November 27, 2003 Report Share Posted November 27, 2003 Was going to post about something simlier to this As it seems, Im having a problem with spaming as well = I keep getting the same 867 E-mail Messages everytime I click on receive no clue why this is happening = Link to comment Share on other sites More sharing options...
Guest $iLk Posted November 28, 2003 Report Share Posted November 28, 2003 There was a virus a couple months ago that grabbed email addy's from address books to use as return address headers. My ISP eventually blocked those messages... but it did take a couple weeks or so... until then I was getting dozens of messages an hour. Link to comment Share on other sites More sharing options...
Guest Posted November 29, 2003 Report Share Posted November 29, 2003 quote:Originally posted by Greg Miller: SC, let me know when you've captured the scum. I will be down to hook him up to the back of my truck for the drive back to Pittsburgh. After a few trips around the 'burgh, then I will head out west to Gig Harbor so Jaguar can drag him around there for a while. I just hope there is enough of him left for Jaguar to get some satisfaction out of. I got a couple of spots out here that would make him/her/it VERY uncomfortable, and I would make sure that it is prolonged agony!! VERY prolonged!! Link to comment Share on other sites More sharing options...
Guest Remo Williams Posted December 12, 2003 Report Share Posted December 12, 2003 Well here's a few unhappy spammers. Link to comment Share on other sites More sharing options...
Supreme Cmdr Posted December 12, 2003 Author Report Share Posted December 12, 2003 quote:Originally posted by Remo Williams: Well here's a few unhappy spammers. Great. I hope he gets the death penalty. Seeing its Virginia and all. Link to comment Share on other sites More sharing options...
IceCold Posted December 12, 2003 Report Share Posted December 12, 2003 quote:Great. I hope he gets the death penalty. Seeing its Virginia and all. Better idea: Find a way to put him on every list in the country. Call it poetic justice. Link to comment Share on other sites More sharing options...
Most Posted December 15, 2003 Report Share Posted December 15, 2003 That was good news, i hope they give him the whole 20, just to help thwart off the rest of these spammers. Link to comment Share on other sites More sharing options...
Urza Posted January 15, 2004 Report Share Posted January 15, 2004 Wow, I can't imagine a worse person to target this sort of thing. Link to comment Share on other sites More sharing options...
Commander Elio Jason Posted January 16, 2004 Report Share Posted January 16, 2004 speaking of spam why didn't they make this for telemarketers? Link to comment Share on other sites More sharing options...
q_dragon Posted January 16, 2004 Report Share Posted January 16, 2004 Same thing happened to me...only though it was my friends that were spamming me..but it wasnt them.. Link to comment Share on other sites More sharing options...
Baloogan Posted January 16, 2004 Report Share Posted January 16, 2004 my internet provider is shaw cable.... and Im guessing that the spammer lives near here... anything I can do to help? Link to comment Share on other sites More sharing options...
Frescas Posted January 17, 2004 Report Share Posted January 17, 2004 quote:Originally posted by Baloogan: my internet provider is shaw cable.... and Im guessing that the spammer lives near here... anything I can do to help? I hope this kan help Try this http://www.keir.net/k9.html It is really esay to configure. There are even sample of spam mail that you can use to teach the program to recognize spam. As I said. I hope this will help Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now