>I have an e-mail address of a former employee of a client of mine that I use
>(with permission) to monitor spam since this address receives MUCH spam. Of
>course, it is within the realm of possibility that some of this was actually
>subscribed to, but most of it is spam. Therefore, this account has value to
>me, but is not to be confused with a real spam trap.
>
>Today, this address received a spam which claimed that it was subscribed to,
>but it...
>
>(1) looks spammy
>
>(2) contains spammy obfuscation... if they are so legit, why do they have to
>obfuscate? That has always been a red flag
>
>(3) and... the spam contains threats to anyone who might blacklist them (and
>I take offense at the tone of these threats... especially since the text of
>the actual thread is full of obfuscated words... wouldn't you take offense?)
>
>Of course, if my recipient address was a true spamtrap address, this would
>be a no-brainer... but since it wasn't a true spamtrap address, am I
>actually putting myself at legal risk if I were to list this spammer on
>SURBL and URIBL?
>
>Also, another idea is to contact them and challenge them to provide the IP
>address and date/time stamp of the supposed request from my client's former
>employee. If the date/time stamp they provide is **recent**, they'd be
>caught "red handed" as well... but the problem here is that I would then
>have provided this e-mail address to the spammer for listwashing...
>something I'm reluctant to do.
>
>Any comments/suggestions welcome!
>
>Rob McEwen
>PowerView Systems
>[EMAIL PROTECTED]
>(478) 475-9032
>
File everywhere, then sue them.
>
>HERE IS THE SPAM:
>(I replaced some text with "ANOMOMIZED" anywhere where the original message
>might have given away the original recipient e-mail address)
>
>Received: from mail7.mdx.safepages.com ([216.127.133.22])
> by ANOMOMIZED (ANOMOMIZED) with ESMTP (SSL) id ANOMOMIZED
> for <ANOMOMIZED>; Sat, 4 Mar 2006 ANOMOMIZED
>Received: by mail7.mdx.safepages.com (Postfix, from userid ANOMOMIZED)
> id 82BB91BCBFA; Sat, 4 Mar 2006 13:35:05 +0000 (GMT)
>Received: from walla.com (71-214-97-102.ptld.qwest.net [71.214.97.102])
> by mail7.mdx.safepages.com (Postfix) with ESMTP id ANOMOMIZED
> for <ANOMOMIZED>; Sat, 4 Mar 2006 13:35:04 +0000 (GMT)
walla.com is an Israeli company and doesn't use a Qwest line. The
IP for walla.com is 192.118.82.148, "Teletel Communication Channels" in
Tel Aviv - so much for no fraudulent headers. Looks like a fraudulent
EHLO argument to me (i.e. fraud in California, your state may vary).
>Message-ID: <ANOMOMIZED>
>From: [EMAIL PROTECTED]
>To: ANOMOMIZED
>Subject: This is Lisa Sorensen, trying to reach you?
>Date: 04 Mar 2006 ANOMOMIZED
>MIME-Version: 1.0
>Content-Type: text/html;
> charset="iso-8859-1"
>Content-Transfer-Encoding: quoted-printable
>
><HTML>
><HEAD>
><TITLE>Is it working for you?</TITLE>
><META NAME=3D"generator" CONTENT=3D"ToniArts EasyHtml v.2.2">
></HEAD>
><BODY>
><font color=3D"#0000A0" face=3D"verdana" size=3D"2 pts"><b>
>Hello<br><br>
><p>
>I want to talk with you on a personal level.<br>
>About the company you're currently involved with,<br>
>or the online program you're working.</p>
><p>Or, maybe you're just tired of your J.O.B. (Just Over Broke).</p>
><p>
>I'm just going to come right out and ask you.</p>
><p>
><font color=3D"#FF0000">IS IT WORKING FOR YOU?</font></p>
><p>
>Are you fed up with the LIES and the Get Ri*ch Quick Sch*emes,<br>
>Or tired of working to put mo*ney in someone ELSE'S pocket?</p>
><p>I know how you feel. I have been there too.</p>
><p>There is HOPE.</p>
><p>
>If you're ready to make some real mo*ney and work with a real </p>
><p>
>Heavy Hitter, Follow Me! I help my downline. In fact,</p>
><p>
>this mai*ling is for them:-) I will do it for YOU TOO!</p>
><p>Cl*ick The "Help Me Succeed Lisa Below to get started now</p>
>
><a href=3D"http://xoomaworldwide.com/lisalisa";><font color=3D"#FF0000">Help
>=
>me Succeed Lisa!</font></a><br>
><a href=3D"http://xoomaxooma.com";><font color=3D"#FF0000">Visit our Support
>=
xoomaworldwide.com's Whois/registration record contains a URL for
an email link (i.e. invalid) - So bogus registration too. They also use
the domain name thninc.com. Of course, you too can sell Snake-oil^W
"Sellness products" and get rich quick.
>Site for Testimonials</font></a><br>
>
><br><br>
>Moonlit Enterprises<br>
>POB 2726<br>
>La Pine, OR<br>
>97739<br><br>
>
Oregon!? Well the email did come from a Qwest line in or near
Portland, but the domain registrations are in Virgina (except the fraudulent
walla.com in Israel).
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br>
>If you no longer wish to share infomation,<br>
>and followup from me, please re*ply with NoThankYou in the subject,<br>
>or click this self re*moval link: mailto:[EMAIL PROTECTED]
>=3DNoThankYoualpha<br><br>
Remove from an Oregon email about a company in Virgina by email to
Israel - Sure, why not, the email addresses are valid. Of course, walla.com
is a "Free Mail" provider, like Hotmail, Yahoo! or Gmail (see www.walla.com).
>
><font color=3D"#FF0000">W*ARNING: There will be a $500 fine PER INCIDENT
>for=
> False Sp*am accusations,<br>
>resulting in loss of bu*siness for us. This is a serious offense.<br>
>All of our ma*iling files include recipients ma*iling address, telephone,
>me,<br>
>and IP address at the time they requested more information from a 3rd party
>=
>vendor.<br>
>Can and will be provided upon request.<br>
>To find out what sp*am IS and what sp*am is NOT, please visit:<br>
><a href=3D"http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.htm";>Federal
>=
>Can Sp*am Act</a><br>
What do you think "telephone,me" is? And on what basis can they
"fine" you? You think they mean to sue and the english is wrong (possibly
written or copied from some other language source). Oh yeah, and what ever
they do have was "requested more information from a 3rd party", so they are
admitting they have no prior relationship with the addressee - That's spam.
>We do NOT ha*rvest e*mails, use false headers, mislea*ding subjects, and we
>=
>do<br>
>provide re*moval instructions. This is NOT SP*AM.<br>
No they buy email lists, use fraudulent headers, misleading subjects
(notice the spelling must be corrected, I'm sure they don't use "mislea*ding"
anything as defined by statute or dictionary). And the "Subject:" line
contains no hint that the message is commercial - I don't see anything above
which states the email is an advertisement, so there goes the argument for
CAN-SPAM compliance (nice that the CAN-SPAM link is actually valid:)
>I am a real person helping real people everyday. Please just hit your
>de*let=
>e key or follow re*moval info<br>
>if not interested.</font>
Hiding behind "Free Mail" accounts, a P.O. Box and incomplete or
false domain registrations, fraudulent email headers and threats; But
otherwise, just like you or me.
><br>
>Please be patient, it may take up to 24 hours for me to receive your
>request=
>.<br>
>Thankyou, ALL requests honored.<br>
>
></font></b>
>
></BODY>
></HTML>
>
>
>
Make sure to send this one to the FTC also - normally [EMAIL PROTECTED]
is just a waste (though *I* do forward things there), in this case the very
explicit threat of a "fine" might make them take interest.
For anyone who hasn't figured it out yet, this is a MLM scheme which
tries to sell "health/dietary" products.
Paul Shupak
[EMAIL PROTECTED]
