Email Forgery
Spam 'n' Scam
Copyright © 2001 by David Harper and L.M. StockmanDesigned and maintained by Obliquity
http://www.obliquity.com/computer/spambait/theft2001.html
Spammers routinely forge the From: line in their junk emails,
causing the inevitable flood of bounces, auto-acknowledgements and complaints
to land in some innocent third-party's inbox. Like so many other domain
names, obliquity.com is sometimes used in these forgeries.
In June and August of this year, someone sent out junk emails advertising
a CD-ROM containing 12 million email addresses and personal contact details
of owners of domain names ending with com, org and
net. Some of these junk emails contained our
"webmaster" address in the Reply-To: line.
This spammer also attacked Studio42 as well as many others.
The only authentic contact details were telephone and FAX numbers in the 401 area code in the United States. This is the area code for the state of Rhode Island. We filed a formal complaint with the Attorney General of Rhode Island since the perpetrator appeared to be operating within his jurisdiction.
This time, no contact details were given given in the message. Apparently this spammer had been chased off so many ISPs that he was forced to advertise his wares by telling his potential customers (themselves spammers) to search for his product on major search engines. In a change of tactics, this spammer also fraudulently submitted our email address to a number of mailing lists. Fortunately, some of these mailing lists use the confirmed opt in strategy whereby
This protects both the mailing list and innocent third parties from the kind of misuse this spammer is attempting to perpetrate against us. Unfortunately, many mailing lists are not so discriminating and do not bother to confirm that the address has been submitted by its owner.
Email addresses of innocent third parties have been deleted from these headers to preserve their privacy.
X-Track: 902: 2
X-Rocket-Spam: 200.31.35.243
X-YahooFilteredBulk: 200.31.35.243
Received: from 200.31.35.243 (EHLO nautilus.asmar.cl)
(200.31.35.243) by mta550.mail.yahoo.com with SMTP; 20
Jun 2001 12:52:39 -0700 (PDT)
Received: from neptuno.asmar.cl (NEPTUNO [130.1.1.4]) by
nautilus.asmar.cl with SMTP (Microsoft Exchange Internet
Mail Service Version 5.5.2650.21) id NBYKWB7H; Wed, 20
Jun 2001 05:33:42 -0400
From: [deleted]
To: [deleted]
Reply-To: [our webmaster address]
Subject: MasterCD2001 - Ebiz Purchasing etnkz
Received: from mail.team.cl.inter.net (ip14-ifx.leased.cl.inter.net
[206.48.148.14]) by pompano.ithink.com (Rockliffe SMTPRA
3.4.6) with ESMTP id <B0015211328 @ pompano.ithink.com> for
[deleted]; Thu, 21 Jun 2001 01:18:27 -0400
Received: from ifmxi.prospectpipeline.net (rt.cl.inter.net
[206.48.148.1]) by mail.team.cl.inter.net (8.11.1/8.11.1)
with SMTP id f5L6jWO23981; Thu, 21 Jun 2001 02:45:32 -0400
Date: Thu, 21 Jun 2001 02:45:32 -0400
Message-Id: <200106210645.f5L6jWO23981 @ mail.team.cl.inter.net>
From: [deleted]
To: [deleted]
Reply-To: [our webmaster address]
Subject: MasterCD2001 - Ebiz Purchasing avoeo
Received: from [pop.compuserve.com] by <web1> (MailGate
3.4.163) with POP3; Fri, 17 Aug 2001 07:12:22 +0200
Sender: [deleted]
Received: from relay27.jaring.my (relay27.jaring.my
[192.228.128.138]) by siaag1ab.compuserve.com
(8.9.3/8.9.3/SUN-1.12) with ESMTP id AAA08518; Fri,
17 Aug 2001 00:34:50 -0400 (EDT)
From: [deleted]
Received: from gilwf.microsoft.com (j139.jhb36.jaring.my
[161.142.134.153]) by relay27.jaring.my (8.9.3/8.9.3)
with SMTP id MAA27937; Fri, 17 Aug 2001 12:34:20 +0800
(MYT)
Date: Fri, 17 Aug 2001 12:34:20 +0800 (MYT)
Message-Id: <200108170434.MAA27937 @ relay27.jaring.my>
To: [deleted]
Reply-To: [out webmaster address]
Subject: Great Info About Internet Companies on Internet dbsjp
Received: from <pop3.mweb.co.za> id=toprock by 1st Up Mail
Server v4.1.7 on Fri Aug 17 08:55:48 2001
Return-path: [deleted]
Received: from msg-proxy4.mweb.co.za ([196.2.128.8]) by mweb.co.za
(Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10)
with ESMTP id <0GI700MYZ9L20F @ mweb.co.za> for
[deleted]; Fri, 17 Aug 2001 08:48:39 +0200 (GMT-2)
Received: from host.whytheinternet.com (host.whytheinternet.com
[209.239.61.208]) by msg-proxy4.mweb.co.za (iPlanet
Messaging Server 5.1 (built May 7 2001)) with ESMTP id
<0GI700EAS9DMZ6 @ msg-proxy4.mweb.co.za> for [deleted]
(ORCPT [deleted]); Fri, 17 Aug 2001 08:44:14
+0200 (SAST)
Received: (from toprocks@localhost) by host.whytheinternet.com
(8.10.2/8.10.2) f7H6i8w07090 for [deleted]; Fri, 17
Aug 2001 02:44:08 -0400
Received: from relay27.jaring.my (relay27.jaring.my
[192.228.128.138]) by host.whytheinternet.com
(8.10.2/8.10.2) with ESMTP id f7H6i6r07086 for
[deleted]; Fri, 17 Aug 2001 02:44:06 -0400
Received: from ukjbx.microsoft.com (j139.jhb36.jaring.my
[161.142.134.153]) by relay27.jaring.my (8.9.3/8.9.3)
with SMTP id OAA20564; Fri, 17 Aug 2001 14:42:14 +0800
(MYT)
Date: Fri, 17 Aug 2001 14:42:14 +0800 (MYT)
From: [deleted]
Subject: Great Info About Internet Companies on Internet dpovf
To: [deleted]
Reply-To: [our webmaster address]
Message-id: <200108170642.OAA20564 @ relay27.jaring.my>
Received: from neutron.nectec.or.th (neutron.nectec.or.th
[202.44.204.10]) by mx2.daemonmail.net (8.11.1/8.11.1)
with ESMTP id f7I1Ioq05369 for [deleted]; Fri,
17 Aug 2001 18:18:50 -0700 (PDT)
Received: by neutron.nectec.or.th id IAA0000015142; Sat, 18 Aug 2001
08:15:58 +0700 (GMT+0700)
Date: Sat, 18 Aug 2001 08:15:58 +0700 (GMT+0700)
From: [deleted]
Message-Id: <200108180115.IAA0000015142 @ neutron.nectec.or.th>
To: [deleted]
Reply-To: [our webmaster address]
Subject: Great Info About Internet Companies on Internet konpf
Email Forgery
Spam 'n' Scam
Copyright © 2001 by David Harper and L.M. Stockman