[email protected]

[steve]

Every day I get hundreds of messages from (e-mail address removed)

I have set up my filters to delete them on my ISP's server without
being downloaded. However I would like to stop them nearer to source.
The furthest back I can trace them is the National Internet Backbone
in India. They have not been any help.

Any ideas?


Typical headers are:-

Return-Path: <[email protected]>
Received: from punt3.mail.demon.net by mailstore
for (e-mail address removed) id 1FtjpB-4SBknw-05-Bhu;
Fri, 23 Jun 2006 11:27:45 +0000
Received: from [194.217.242.77] (lhlo=anchor-hub.mail.demon.net)
by punt3.mail.demon.net with lmtp id 1FtjpB-4SBknw-05
for (e-mail address removed); Fri, 23 Jun 2006 11:27:45 +0000
Received: from [59.92.122.45] (helo=Acc)
by anchor-hub.mail.demon.net with smtp id 1FtjoQ-0000nB-OA
for (e-mail address removed); Fri, 23 Jun 2006 11:27:44 +0000
From: "Virus" <[email protected]>
To: <[email protected]>
Subject: Re:
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_7.45981693267822E-02"

 

[Slarty]

Guy.com

This is all public information, which you can easily find yourself. I have
removed private addresses and telephone numbers.

 

[steve]

This is all public information, which you can easily find yourself. I have
removed private addresses and telephone numbers.

Yes, but they don't know anything about it.

 

[steve]

This is all public information, which you can easily find yourself. I have
removed private addresses and telephone numbers.

More on this problem:-

Network Solutions refuse to fix it because they say that they could
have to face legal action. They just send a packaged response. They
even refer to me as one of their users.

Guy.com "customer services" don't respond at all.

IMHO they are both useless organisations.

Steve

 

[Virus Guy]

Every day I get hundreds of messages from (e-mail address removed)

Hey - I've got nothing to do with that!

The furthest back I can trace them is the National Internet
Backbone in India. They have not been any help.

Received: from [59.92.122.45]

Yes, APNic sez that's India. Is there a whois or IP number registry
specifically for India?

Doesn't matter really. The next spam you'd get would probably come
from somewhere else.

Any Ideas?

Stop posting your e-mail address in public forums without munging it.

Of course, it's too late now. So your next alternative is to change
your address.

 

[steve]

Hey - I've got nothing to do with that!

Are you absolutely sure? Could you have an infected system? Either way
I have not had any today so maybe something has been "fixed".

The furthest back I can trace them is the National Internet
Backbone in India. They have not been any help.

Received: from [59.92.122.45]

Yes, APNic sez that's India. Is there a whois or IP number registry
specifically for India?

Doesn't matter really. The next spam you'd get would probably come
from somewhere else.

Any Ideas?

Stop posting your e-mail address in public forums without munging it.

Of course, it's too late now. So your next alternative is to change
your address.

After nearly 15 years without munging it's a bit too late! The address
is real but it is a redirection target. Anything sent directly goes
into the trash. The only reason I was aware of the posts from your
address is that I got an high count from the trash bin so I had a look
at the contents.

 

[edgewalker]

Hey - I've got nothing to do with that!

Maybe you do! If you made up that address and posted it to usenet
(which appears to be the case) and then it was harvested by malware
or spammers - you are responsible for that address being used in this
manner.

 

[Beauregard T. Shagnasty]

Maybe you do! If you made up that address and posted it to usenet
(which appears to be the case) and then it was harvested by malware
or spammers - you are responsible for that address being used in this
manner.

http://guy.com/

Unless our Virus Guy is Guy Harbuck of Chicago, then he is doing the
owner of that domain a disservice, to be sure.

 

[Virus Guy]

Maybe you do! If you made up that address and posted it to
usenet (which appears to be the case) and then it was
harvested by malware or spammers - you are responsible
for that address being used in this manner.

Um - think about that for a minute.

If the address that I use as a handle for posting wasn't picked up by
an NNTP e-mail extractor and used as a bogus "from", then some other
address would be used as the bogus "from" and steve at
tropheus.demon.co.uk would still have gotten that spam anyways.

The "from" address that's used in spam is always fake, and Steve would
have gotten the spams in question regardless of what "from" was used
or where it came from.

And you can tell that the spam didn't come from my computer because my
IP address (sympatico, in Ontario) doesn't appear in the header of
what Steve got (which seems to have come from a computer in India).

As for the domain "guy.com", no I'm not affiliated with it in any way.

I don't think that my use of "(e-mail address removed)" as a handle has had much
of an impact on their business model or operations, which don't appear
to be too solid anyways according to this:

http://www.guy.com/mail.htm

 

[Beauregard T. Shagnasty]

As for the domain "guy.com", no I'm not affiliated with it in any way.

Ah. Ok.

I don't think that my use of "(e-mail address removed)" as a handle has had much
of an impact on their business model or operations, which don't
appear to be too solid anyways according to this:

http://www.guy.com/mail.htm

Doesn't matter what kind of business model he has; you're still abusing
his domain name, having it sucked up by spambots, and causing spam to be
sent to his mail server. Maybe it is shutting down because of all this
spam you've caused? In any case, it would be nice of you to stop using
it. Use something like mine, which nobody can own. example.com/net/org
are reserved for the purpose.

 

[David W. Hodgins]

As for the domain "guy.com", no I'm not affiliated with it in any way.

Then you shouldn't use it. The owner of that domain will receive all
of the backscatter, caused by spammers using it in the from address.

Either use .invalid, or one that you have permission to use, such
as nomail.afraid.org (which I setup). Note that nomail.afraid.org
resolves to 127.0.0.100, which is a loopback address. That way, if
a the onwer of a computer that get's infected with a spambot is also
running their own smtp server, they'll get their own garbage, and
hopefully become aware of the spambot.

Regards, Dave Hodgins

 

[edgewalker]

Um - think about that for a minute.

If the address that I use as a handle for posting wasn't picked up by
an NNTP e-mail extractor and used as a bogus "from", then some other
address would be used as the bogus "from" and steve at
tropheus.demon.co.uk would still have gotten that spam anyways.

Well --DUH!

You are responsible for "that address" not the entire spam or malware of
course.

The "from" address that's used in spam is always fake,

Not fake, just not traceable to the actual spammer.

and Steve would
have gotten the spams in question regardless of what "from" was used
or where it came from.

Well --DUH! Again.

And you can tell that the spam didn't come from my computer because my
IP address (sympatico, in Ontario) doesn't appear in the header of
what Steve got (which seems to have come from a computer in India).

Yes. I'm only saying that *that* address wouldn't have been used if not for
you making it up.

As for the domain "guy.com", no I'm not affiliated with it in any way.

Then you shouldn't be using it without permission of the owner.

I don't think that my use of "(e-mail address removed)" as a handle has had much
of an impact on their business model or operations, which don't appear
to be too solid anyways according to this:

That's not the point. Use something that doesn't resolve to a real domain,
or use a real domain by permission of the owner.

 

[steve]

The "from" address that's used in spam is always fake, and Steve would
have gotten the spams in question regardless of what "from" was used
or where it came from.

They weren't spam. The files were over 100K so I think they were
probably a virus. I didn't download any of them so I can't be sure
what they were.