[BBLISA] Someone is out to get me - spam pretending to be from me
Paul Beltrani
beltrani at lokahisystems.com
Fri Jan 14 13:46:27 EST 2005
On Fri, 2005-01-14 at 12:10 -0500, alex at basespace.net wrote:
> Hi folks. I was very disturbed to have forwarded to my abuse address a spam
> message which appears to have been sent by a random 3rd party claiming to be
> from and advertising the domain of one of my customers. I'm wondering if
> anyone has seen anything like this before, and if so what to do about it.
>
> The relevant parts of the message:
>
> >Received: from info.lifename.com ([151.203.48.240]) by mc12-f16.hotmail.com
> >with Microsoft SMTPSVC(5.0.2195.6824); Thu, 13 Jan 2005 08:15:15 -0800
> >Received: from lifename.com (info.lifename.com [192.168.2.7])by
> >info.lifename.com (8.11.6/8.11.6) with SMTP id j0DGEvv11122for
> ><blockg at hotmail.com>; Thu, 13 Jan 2005 11:15:05 -0500
> >
> >...advertises http://www.lifename.com/
> >
> >invasion of your privacy, we sincerely apologize. To be permanently
> >removed from our mailing list, please send mailto:remove at lifename.com
> >or go to http://www.lifename.com/unsubscribe .
>
> lifename.com is a customer in my data center. Their IP address is
> 38.113.6.53. However the mail came from 151.203.48.240, a random Verizon IP
> address. So it looks like someone set up a reverse DNS record for
> 151.203.48.240 that claimed it pointed to info.lifename.com (a name which
> did not have a forward lookup at all until I set one up 10 minutes ago) and
> then sent the mail out from there spamvertizing the lifename.com URL and
> email address. I can only assume they did this in order to get my customer
> and me in trouble with the spam authorities.
As others have already pointed out, The name "info.lifename.com" can
come from sources other than reverse DNS including outright forgery of
the email headers.
>
> I'm not a spammer, nor am I a spammer haven. I'm just a guy living in a
> townhouse in Cambridge with a data center in my basement. I depend on a good
> reputation to gain and retain customers. You folks know that, since I show
> up to BBLISA meetings once in a while and many of you know me personally.
> But spam authorities don't know that.
>
> The only evidence I can think of that this spam was not initiated by me/my
> customer is that it came from a different IP address with the reverse lookup
> pointing at me, while the forward lookup for that IP does not point to that
> name. Presumably if I was a spammer I would control the forward zone as well
> and have the appropriate link.
Few spammers use their own servers to push out spam. It's much easier
to let someone else foot the bill and deal with the bandwidth costs,
bounces, black listing, ill will etc.
> Thoughts? Advice? I am a bit worried about this.
...
Is it possible your customer is the spammer?
- Paul Beltrani
More information about the bblisa
mailing list