[CLUE-Talk] SPAM (Unsolicited Commercial E-mail) forged using MY ADDRESS!!

rknech at pcisys.net rknech at pcisys.net
Wed Oct 23 13:47:05 MDT 2002 

I have been having similar problems.

I say the solution is DDOS the F***ers!  Orrrrrr.....  Use the old prot 25
exploit on their butts.  You know the one - telnet to [ip address] 25
and if you know your SMTP commands - have fun... OR  DDOS their port 25. But
make sure you do it through some "relay's". This way they can't directly track
it to your IP. :^)  I won't tell you how I solved the problem. I'll leave it to
people's immaginations. :^)

Me advocate someting illigal? NAW! Call it Civial Disobediance. :^)



> Warren,
> 
> I've got the same problem.  Fortunately I haven't been deluged in bounced
> e-mails yet.  This spawn [#include Warren's description] of a spammer used
> MY E-MAIL ADDRESS as the return and reply-to address for the spams.
> 
> For those of you who are reading this and are on the cc: abuse list: I 
> formally demand that you take immediate action against your users/customers 
> who are perpetrating this fraud and abuse.  I want you to immediately
> discontinue any accounts or services that they have with your organization.
> I demand that they cease & desist immediately the use of my e-mail address 
> and domain name.  I furthermore demand that you disclose to me the identity 
> of your customer who is perpetrating this fraud so I may initiate legal 
> action against them.  Please read on for why you are on the cc: list for
> this e-mail.
> 
> the spams' originating IP is: 200.196.1.16 (virtua-1-16.cwb.matrix.com.br)
> the ISP is: matrix.com.br
> 
> They contain URLS to a web server in Hong Kong, under the .co.uk domain, as
> follows (the actual web server URL was obfuscated in the spam):
> 
> the web site is: c1010.hudjheuhfnnvgxvbchnfhfujryyfgbch.co.uk [Can you believe
that's for
real?]
> the site location is: Hong Kong
> the domain registrar's location is: Hungary
> the ISP is: iadvantage.net [whose ISP is hkt.net]
> the DNS provider is: virtualdelivery.net
> the domain registrar is: melbourneit.com.au
> 
> This is really aggravating, and completely unacceptable.  They were addressed
> to @hotmail.com accounts, but with my return address.  They also used my domain
> name as the "hostname" in the HELO when connecting to Hotmail's mail server.
> 
> Now, it's personal.
> 
> Any ideas or suggestions as to what I should do would be appreciated!  It
> seems that the Colorado laws might not apply to me since my equipment wasn't
> used in transmission or retransmission of these spams, and I only received the
> spams as a result of the original spams bouncing back to my mailbox.
> 
> Thanks,
> Jim
> 
> PS Spam headers below.
> 
> --
> Jim Ockers (ockers at ockers.net)
> Contact info: please see http://www.ockers.net/
> 
> Fight Spam! Join CAUCE (Coalition Against Unsolicited Commercial Email)
> at http://www.cauce.org/ .
> 
>  Received: from mc5-f20.law1.hotmail.com ([65.54.252.27]) by
mc5-s21.law1.hotmail.com with
Microsoft SMTPSVC(5.0.2195.4905);
>          Tue, 22 Oct 2002 12:16:45 -0700
>  Received: from ockers.net ([200.196.1.16]) by mc5-f20.law1.hotmail.com with
Microsoft
SMTPSVC(5.0.2195.4905);
>          Tue, 22 Oct 2002 12:16:43 -0700
>  Reply-To: <ockers at ockers.net>
>  Message-ID: <010c78d85b7e$2538a5d1$6eb37dc0 at fmquer>
>  From: <ockers at ockers.net>
>  To: <czsheng at hotmail.com>
>  Cc: <d1536 at hotmail.com>,
>         <czwx01 at hotmail.com>,
>         <d0n1c4 at hotmail.com>,
>         <d1149512 at hotmail.com>,
>         <d050599 at hotmail.com>,
>         <d0801 at hotmail.com>,
>         <d02s17 at hotmail.com>,
>         <d12sp at hotmail.com>,
>         <czjfm at hotmail.com>,
>         <d1640 at hotmail.com>,
>         <czzc3 at hotmail.com>,
>         <czxx2 at hotmail.com>,
>         <czout at hotmail.com>
>  Subject:
>  Date: Wed, 23 Oct 2002 01:14:57 +0900
>  MiME-Version: 1.0
>  Content-Type: text/html; charset="iso-8859-1"
>  X-Priority: 3 (Normal)
>  X-MSMail-Priority: Normal
>  X-Mailer: The Bat! (v1.52f) Business
>  Importance: Normal
>  Return-Path: ockers at ockers.net
>  X-OriginalArrivalTime: 22 Oct 2002 19:16:44.0037 (UTC)
FILETIME=[8EDE9B50:01C279FF]
> 
>  <spam>
> 
>  [Well there _ought_ to be a <spam> tag, anyway.]
> _______________________________________________
> CLUE-Talk mailing list
> CLUE-Talk at clue.techangle.com
> http://clue.techangle.com/mailman/listinfo/clue-talk
> 


---------------------------------------------
This message was sent using Endymion MailMan.
http://www.endymion.com/products/mailman/

More information about the clue-talk mailing list