Can someone (anyone) find the logic here for me? A colleague recently received a number of emails from various mailer daemons stating that the email that she sent to [EMAIL PROTECTED] could not be delivered -- returning with it, in many cases, the original text of the email.
Two points of interest to her: First, the original message was a "How To Mass E-Mail Your Product" advertisement that could be yours for only $100 if you'd just be so kind as to call the number below. Second, she never sent these messages to anyone. After a little header pondering, it seems that someone (or someones) has been using an SMTP server from earthlink.net to send out the original letters. This SMTP "use" is pretty clearly misuse, since her (my colleague) email address was listed as the sender(!) in the original "From:" field. (Another interesting point was that there was also an email address provided in the often-ignored "Errors-To:" field -- pointing, in each case, to addresses at the Excite portal.) Even though I'm a spam neophyte, I can imagine that the forging of SMTP headers is the standard -- it only makes sense if you're covering your tracks. But I don't understand (here's where the logic erodes) why they would include my colleague's address as the "From:". Aside from the implication of additional fraud (on the part of the real sender), it kicks up a lot of attention with all the bounced email messages to the victim -- thirty some and counting in this case. And that kind of behaviour can't be good for someone trying to just market a disk. Is this appropriation of someone else's real email address a common-place activity? Am I seeing an example of extremely sloppy hack work where they just don't realize what's happened? Am I missing some point of discussion on the net that tracks these chains as they run their course like a virus? (I suggest this because I found the phone number from this particular email in CVS as part of a regular expression for spamfilter -- but it's so hard to have a discussion on CVS...) It seems that this low-grade identity theft is easy to commit and difficult from which to recover. This email was sent (juding from the superfluous header information) by two different users on two different ISPs. Yet both masquerade under my colleague's address and deliver an almost exact duplicate email body. Who would be able to (or care to) use such information to prosecute this act, since both ISPs work under their own privacy rules and won't exchange information to see if the user accounts belong to the same person. Same thing goes for the accounts opened at Excite. Not only is it somewhat exhaustive to compile this info and report it to these authorities -- it seems the best that can happen is that the individual accounts will be terminated. But whoever is behind this is still free, one would assume, to begin the process anew. The victim now has a reputation of marketing some pretty seedy merchandise. (The only upside, it would seem, is that the recipients of the original mail are likely pretty well distributed from lists, and may not personally know the victim.) This is the first I've ever heard of someone else's (real) email address used so crudely in a marketing scam. And if this is a trend, I fear greatly for those users who are the same victims of email trojans and the like -- those who just wanted the computer to do email... Thoughts? - Dale _______________________________________________ spamcon-general mailing list [EMAIL PROTECTED] http://mail.spamcon.org/mailman/listinfo/spamcon-general#subscribers Subscribe, unsubscribe, etc: Use the URL above or send "help" in body of message to [EMAIL PROTECTED] Contact administrator: [EMAIL PROTECTED]
