I know forging e-mail headers is quite common place, but I didn't realize the actual SMTP servers can be forged (unless the sender doesn't have an account with that ISP/provider and uses the SMTP server to illegally "relay" their direct mail messages to recipients). If this is the case and spammers have actually begun using other peoples' real e-mail addresses when forging mail headers, we've got a real problem on our hands. It's definitely identity theft. Any chance of the F.B.I. getting involved in that sort of thing?
The only thing I can suggest is perhaps someone that holds a grudge against your colleague misused her e-mail address when sending out the unsolicited commercial e-mail, advertising 'seedy' products. It could be also simply a HUGE coincidence that they got 'lucky' and actually used a valid Yahoo! ID to falsify the mail headers. Solution? If it was just a case of the spammers getting 'lucky' and using a valid Yahoo! ID, the only thing I can suggest is have your friend sign-up for a free disposable e-mail address from SpamCon Foundation at http://dea.spamcon.org/ when she posts to Usenet newsgroups, etc. I signed up for one earlier today, I haven't had much time to test it but it seems to be a great service. They also offer a fee-based service, which has loads of additional features. *shameless promotion for SpamCon Foundation* I hope this information finds you well. :) Regards, Doug Mehus [EMAIL PROTECTED] Help stop spam -- Join SpamCon Foundation, http://www.spamcon.org ----- Original Message ----- From: "Dale Geddes" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, May 06, 2002 9:22 PM Subject: [spamcon-general] But I Didn't Send You That > Can someone (anyone) find the logic here for me? > > A colleague recently received a number of emails from various mailer daemons stating >that the email that she sent to [EMAIL PROTECTED] could not be delivered -- >returning with it, in many cases, the original text of the email. > > Two points of interest to her: > > First, the original message was a "How To Mass E-Mail Your Product" advertisement >that could be yours for only $100 if you'd just be so kind as to call the number >below. > > Second, she never sent these messages to anyone. > > After a little header pondering, it seems that someone (or someones) has been using >an SMTP server from earthlink.net to send out the original letters. This SMTP "use" >is pretty clearly misuse, since her (my colleague) email address was listed as the >sender(!) in the original "From:" field. > > (Another interesting point was that there was also an email address provided in the >often-ignored "Errors-To:" field -- pointing, in each case, to addresses at the >Excite portal.) > > Even though I'm a spam neophyte, I can imagine that the forging of SMTP headers is >the standard -- it only makes sense if you're covering your tracks. > > But I don't understand (here's where the logic erodes) why they would include my >colleague's address as the "From:". > > Aside from the implication of additional fraud (on the part of the real sender), it >kicks up a lot of attention with all the bounced email messages to the victim -- >thirty some and counting in this case. And that kind of behaviour can't be good for >someone trying to just market a disk. > > Is this appropriation of someone else's real email address a common-place activity? >Am I seeing an example of extremely sloppy hack work where they just don't realize >what's happened? Am I missing some point of discussion on the net that tracks these >chains as they run their course like a virus? (I suggest this because I found the >phone number from this particular email in CVS as part of a regular expression for >spamfilter -- but it's so hard to have a discussion on CVS...) > > It seems that this low-grade identity theft is easy to commit and difficult from >which to recover. This email was sent (juding from the superfluous header >information) by two different users on two different ISPs. Yet both masquerade under >my colleague's address and deliver an almost exact duplicate email body. Who would >be able to (or care to) use such information to prosecute this act, since both ISPs >work under their own privacy rules and won't exchange information to see if the user >accounts belong to the same person. Same thing goes for the accounts opened at >Excite. > > Not only is it somewhat exhaustive to compile this info and report it to these >authorities -- it seems the best that can happen is that the individual accounts will >be terminated. But whoever is behind this is still free, one would assume, to begin >the process anew. The victim now has a reputation of marketing some pretty seedy >merchandise. (The only upside, it would seem, is that the recipients of the original >mail are likely pretty well distributed from lists, and may not personally know the >victim.) > > This is the first I've ever heard of someone else's (real) email address used so >crudely in a marketing scam. And if this is a trend, I fear greatly for those users >who are the same victims of email trojans and the like -- those who just wanted the >computer to do email... > > Thoughts? > > - Dale _______________________________________________ spamcon-general mailing list [EMAIL PROTECTED] http://mail.spamcon.org/mailman/listinfo/spamcon-general#subscribers Subscribe, unsubscribe, etc: Use the URL above or send "help" in body of message to [EMAIL PROTECTED] Contact administrator: [EMAIL PROTECTED]
