This morning I woke up to an inbox full (hundreds!) of returned email that I did not send. It seems that a spammer is sending Viagra emails using an address from visiblesoul.com for the reply address. A quick look into the email "headers" will show that the IP address from which the spam originated is not my IP.
It was only a matter of time until this happened to me and I am not happy about it and I am sure the recipients of these emails are not happy either. I will do what I can to stop the use of my domain name for evil purposes but since originating IP is in England there may not be much I can do. -=DKC=-
0
4 replies to this topic
#1
-
- Administrators
- 551 posts
- Location:Earth
-
Posted 16 September 2005 - 08:11 AM
Please note that I offer free support on this forum in my free time. Depending on how much work I have backlogged it may take me a week or more to answer questions. I am not ignoring you. I answer everyone but please be patient. Thanks.
Disclaimer: All forum posts, including code examples, on this forum are offered for free in the hope that they will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Use code examples at your own risk.
"If at first you don't succeed, keep on suckin' til you do succeed." -Curly Howard
#2
-
- Administrators
- 551 posts
- Location:Earth
-
Posted 16 September 2005 - 08:33 AM
Here is the one of the "headers" from the email that is being sent out with visiblesoul.net as the Reply to address. I have obscured the email addresses and IP addresses of the recipient of the spam. I also obscured my email address since it is an actual address and I don't want to get even more spam.
You can see that the "Reply-To" field uses my email address (in red). The thing is, you can put anything you want in the "Reply-To" field when you send an email. No way to stop someone from doing that...
Notice that the earliest "Received:" field shows the actual originating IP address (in green). Now go to http://www.dnsstuff.com/ or a similar online tool and enter the IP address in green into the "WHOIS Lookup" box on DNSstuff. You will see that the sender is not visiblesoul.com. If you enter "visiblesoul.com into the "Domain Info" you will see my IP address does not match the one in the email headers.
Really the only thing a person can do in this instance is to contact the webhost that owns the IP address and report that their server is being used to send out spam. Most hosts will immediately shut down the offending account. But often the spammer uses a vulnerability in someone else's server to send email through some innocent webmaster's server. And in any case the spammer will certainly move on to the next server usually before the emails have even been delivered.
-=DKC=-
Note: To view email headers in Outlook Express right-click the email title in the email list. Select "Proprties". And then select the "Details" tab.
Quote
Received: from sm2.****.com (sm2.****.com [**.19.21.66])
by mxa.****.net (Postfix) with ESMTP id 0668A7105F
for; Fri, 16 Sep 2005 07:38:49 -0400 (EDT)
Received: from smtp ([**.85.251.46])
by sm2.****.com (8.12.11/8.12.11) with SMTP id j8GBT9Ji019928
for; Fri, 16 Sep 2005 04:29:11 -0700
Received: from 212.95.255.98 (helo=MAX)
by smtp with esmtpa (Exim 4.51 (FreeBSD))
id J87Gz016064523
for explore@******.org; Fri, 16 Sep 2005 11:44:04 +0000
Date: Fri, 16 Sep 2005 11:44:04 +0000
From: "Mickey" <***@visiblesoul.com>
X-Mailer: The Bat! (v3.0) Professional
Reply-To: "Mickey" <***@visiblesoul.com>
X-Priority: 3 (Normal)
Message-ID:
To: explore@****.org
Subject: Next Viaqra generation!
MIME-Version: 1.0
Content-Type: text/html; charset=Windows-1252
Content-Transfer-Encoding: 8bit
by mxa.****.net (Postfix) with ESMTP id 0668A7105F
for
Received: from smtp ([**.85.251.46])
by sm2.****.com (8.12.11/8.12.11) with SMTP id j8GBT9Ji019928
for
Received: from 212.95.255.98 (helo=MAX)
by smtp with esmtpa (Exim 4.51 (FreeBSD))
id J87Gz016064523
for explore@******.org; Fri, 16 Sep 2005 11:44:04 +0000
Date: Fri, 16 Sep 2005 11:44:04 +0000
From: "Mickey" <***@visiblesoul.com>
X-Mailer: The Bat! (v3.0) Professional
Reply-To: "Mickey" <***@visiblesoul.com>
X-Priority: 3 (Normal)
Message-ID:
To: explore@****.org
Subject: Next Viaqra generation!
MIME-Version: 1.0
Content-Type: text/html; charset=Windows-1252
Content-Transfer-Encoding: 8bit
Notice that the earliest "Received:" field shows the actual originating IP address (in green). Now go to http://www.dnsstuff.com/ or a similar online tool and enter the IP address in green into the "WHOIS Lookup" box on DNSstuff. You will see that the sender is not visiblesoul.com. If you enter "visiblesoul.com into the "Domain Info" you will see my IP address does not match the one in the email headers.
Really the only thing a person can do in this instance is to contact the webhost that owns the IP address and report that their server is being used to send out spam. Most hosts will immediately shut down the offending account. But often the spammer uses a vulnerability in someone else's server to send email through some innocent webmaster's server. And in any case the spammer will certainly move on to the next server usually before the emails have even been delivered.
-=DKC=-
Note: To view email headers in Outlook Express right-click the email title in the email list. Select "Proprties". And then select the "Details" tab.
Please note that I offer free support on this forum in my free time. Depending on how much work I have backlogged it may take me a week or more to answer questions. I am not ignoring you. I answer everyone but please be patient. Thanks.
Disclaimer: All forum posts, including code examples, on this forum are offered for free in the hope that they will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Use code examples at your own risk.
"If at first you don't succeed, keep on suckin' til you do succeed." -Curly Howard
#3
-
- Members
- 45 posts
Posted 17 September 2005 - 07:42 AM
How frustrating! 
I have never got that many all at once but I do occasionally get a few of that type, either viagra or various aids of that kind. Always they are sent to a name I don't know but my email address, and originating from the same source. I am supposed to bat them on to my server, but I am not convinced they actually do anything much about them as they still trickle in through the so-called protection that is set up. It is just so frustrating that jerks out there have to pester folks that way.
Do these people ever get caught and prosecuted? I have not heard of any such law suits.
I have never got that many all at once but I do occasionally get a few of that type, either viagra or various aids of that kind. Always they are sent to a name I don't know but my email address, and originating from the same source. I am supposed to bat them on to my server, but I am not convinced they actually do anything much about them as they still trickle in through the so-called protection that is set up. It is just so frustrating that jerks out there have to pester folks that way.
Do these people ever get caught and prosecuted? I have not heard of any such law suits.
#4
-
- Administrators
- 551 posts
- Location:Earth
-
Posted 17 September 2005 - 09:53 AM
Quilty, on Saturday, Sep 17, 2005 09:42 am, said:
How frustrating!
I have never got that many all at once but I do occasionally get a few of that type, either viagra or various aids of that kind. Always they are sent to a name I don't know but my email address, and originating from the same source. I am supposed to bat them on to my server, but I am not convinced they actually do anything much about them as they still trickle in through the so-called protection that is set up. It is just so frustrating that jerks out there have to pester folks that way.
Do these people ever get caught and prosecuted? I have not heard of any such law suits.
I have never got that many all at once but I do occasionally get a few of that type, either viagra or various aids of that kind. Always they are sent to a name I don't know but my email address, and originating from the same source. I am supposed to bat them on to my server, but I am not convinced they actually do anything much about them as they still trickle in through the so-called protection that is set up. It is just so frustrating that jerks out there have to pester folks that way.
Do these people ever get caught and prosecuted? I have not heard of any such law suits.
But this seems to have been an isolated incident. The emails stopped after one round. I notified the owner of the originating IP and they were investigating last I heard.
I doubt many spammers are prosecuted since I don't think an American would have much luck prosecuting someone in China or Russia.
Please note that I offer free support on this forum in my free time. Depending on how much work I have backlogged it may take me a week or more to answer questions. I am not ignoring you. I answer everyone but please be patient. Thanks.
Disclaimer: All forum posts, including code examples, on this forum are offered for free in the hope that they will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Use code examples at your own risk.
"If at first you don't succeed, keep on suckin' til you do succeed." -Curly Howard
#5
-
- Members
- 45 posts
Posted 17 September 2005 - 05:13 PM
This is typical of what I get (my username removed here), yet another Viagra one in today...
The name of the person this is supposed to be sent to is not my name at all.
I gets really tedious. I am sure there are more that don't get through the filters I have in place, but sometimes Spamassassin delievers me an attached email which is a pefectly genuine one so I don't want any program dumping absolutely everything it thinks is spam.
These people should be prosecuted in their own countries by their own law enforcement authorities. Wish this would happen, especially to the types who create viruses that do a lot of damage to other peoples' property.
Yes, being "postmaster" certainly has a downside when you get the bounced returns that were not even from you in the first place.
Quote
Return-Path:
Received: from mta7-rme.xtra.co.nz ([210.86.15.142])
by mta201-rme.xtra.co.nz with ESMTP
id <20050917224643.LGIF1498.mta201-rme.xtra.co.nz@mta7-rme.xtra.co.nz>
for <**********@xtra.co.nz>; Sun, 18 Sep 2005 10:46:43 +1200
Received: from sanlam.co.za ([200.140.215.98]) by mta7-rme.xtra.co.nz
with SMTP
id <20050917224641.FSCL24729.mta7-rme.xtra.co.nz@sanlam.co.za>
for <**********@xtra.co.nz>; Sun, 18 Sep 2005 10:46:41 +1200
Received: from [192.168.25.188] (helo=materially)
by sanlam.co.za with smtp (Barograph xm 4.63 (Conceptual))
id NaSafX-VNxkUT-jh
for **********@xtra.co.nz; Sat, 17 Sep 2005 17:46:18 -0500
Message-ID: <002701c5bbd9$9c081580$bc19a8c0@materially>
Reply-To: "Areli Cullum"
From: "Areli Cullum"
To: "Odetta Bayliss" <**********@xtra.co.nz>
Subject: Re: Ano ther stuff
Date: Sat, 17 Sep 2005 17:46:15 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0024_01C5BBAF.B3320D80"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Received: from mta7-rme.xtra.co.nz ([210.86.15.142])
by mta201-rme.xtra.co.nz with ESMTP
id <20050917224643.LGIF1498.mta201-rme.xtra.co.nz@mta7-rme.xtra.co.nz>
for <**********@xtra.co.nz>; Sun, 18 Sep 2005 10:46:43 +1200
Received: from sanlam.co.za ([200.140.215.98]) by mta7-rme.xtra.co.nz
with SMTP
id <20050917224641.FSCL24729.mta7-rme.xtra.co.nz@sanlam.co.za>
for <**********@xtra.co.nz>; Sun, 18 Sep 2005 10:46:41 +1200
Received: from [192.168.25.188] (helo=materially)
by sanlam.co.za with smtp (Barograph xm 4.63 (Conceptual))
id NaSafX-VNxkUT-jh
for **********@xtra.co.nz; Sat, 17 Sep 2005 17:46:18 -0500
Message-ID: <002701c5bbd9$9c081580$bc19a8c0@materially>
Reply-To: "Areli Cullum"
From: "Areli Cullum"
To: "Odetta Bayliss" <**********@xtra.co.nz>
Subject: Re: Ano ther stuff
Date: Sat, 17 Sep 2005 17:46:15 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0024_01C5BBAF.B3320D80"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
I gets really tedious. I am sure there are more that don't get through the filters I have in place, but sometimes Spamassassin delievers me an attached email which is a pefectly genuine one so I don't want any program dumping absolutely everything it thinks is spam.
These people should be prosecuted in their own countries by their own law enforcement authorities. Wish this would happen, especially to the types who create viruses that do a lot of damage to other peoples' property.
Yes, being "postmaster" certainly has a downside when you get the bounced returns that were not even from you in the first place.
Reply to this topic
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
