View Full Version : Spam - feeling rather harassed

Jul 26th, 2002, 08:16 PM
[email protected] <= the addy is likely false...:rolleyes:

I'm getting these mails to address's on my site, the headers are as so:
Return-path: <[email protected]>
Delivery-date: Fri, 26 Jul 2002 16:53:52 +0100
Received: from [] (helo=yahoo.com)
by hespera.uk.clara.net with smtp (Exim 3.36 #4)
id 17Y7PZ-000EQF-00; Fri, 26 Jul 2002 16:53:51 +0100
Received: from unknown (
by rly-xw01.otpalo.com with NNFMP; Fri, 26 Jul 0102 22:53:42 -1100
Received: from unknown (HELO asy100.as122.sol-superunderline.com) (
by pet.vosni.net with QMQP; Fri, 26 Jul 0102 11:43:55 +1100
Received: from ([]) by rly-xw05.oxyeli.com with SMTP; Fri, 26 Jul 0102 22:34:08 -0700
Reply-To: <[email protected]>
Message-ID: <[email protected]>
From: <[email protected]>
To: <[email protected]>,
<[email protected]>
Subject: I saw your email
Date: Fri, 26 Jul 0102 12:39:20 +0300
MiME-Version: 1.0
Content-Type: text/plain;
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Internet Mail Service (5.5.2650.21)
Importance: Normal
X-RBL-Warning: (relays.osirusoft.com) (2002/07/22) Open Proxy: http(80)
X-RBL-Warning: (bl.spamcop.net) Blocked - see http://spamcop.net/bl.shtml?
X-Envelope-To: [email protected]
X-claradeliver-Version: 4.14.8
X-UIDL: 1027698833.55618.hespera.uk.clara.net
X-RCPT: alex
Status: U I've tried to track the IP but got no result, not sure how to read these headers either :confused:

Quiet Storm
Jul 26th, 2002, 11:46 PM
You could put a link to my page - might tick off the spambot's owner.

Placed somewhere on the top of your page like so:

<A HREF="http://angelfire.com/mo2/cbch21/email.html">.</A>

... or you could make your own.

The idea is that spambots will follow the link looking for more email addresses. When it visits my email page, it will get all the email it wants - maybe more! The spammer will then use these emails, but then be flodded with "cannot deliver" returns.

My list is from the ones who spam me. :D

Jul 27th, 2002, 12:05 AM
Quiet Storm's method is not recommended, and really doesn't do anything these days, clogging a list no longer renders the list unusable...if you are serious, then you need to block spammers from harvesting your site, but then again, your Domain Registration information is always available for sale (whether you like it or not), so you are going to also get spammed from that.

Anyways... is an Asian Pacific network block, which means this is definitely knowing US-law violating spam (if it comes from APRNIC or KRNIC, you've got one of the most common spamming methods hitting you). It also means you probably won't be able to nail them, because ARPNIC is a system-wide handler for thousands of IPs, and they usually do not investigate complaints you send them well enough for them to figure out who did the spamming down the line and send the complaint on...they're just coordinators. They're bouncing it off ghosts and dummy accounts from textile manufacturers (probably), and you're basically toast.

You need to protect your email addresses. For example, shadowstorm has an automated system I wrote that handles my dummy email addresses. I have thousands of aliases, each one unique to a service I sign up with, so that if I get spam on an address, I know I gave that address to whatever company and whatever company only...thus I know who's selling me and I can kill that email address and never hear from them again. You can also use places like hotmail for catchalls.

Also, as I said, consider protecting your site from harvesters, but remember that if you are the site owner and registered domain owner, your information is not considered private and is sold almost daily by internet registrars.

Philip M
Jul 28th, 2002, 10:10 AM
I have reduced my spam by 90% by simply adding *@yahoo.com
to my blocked senders list.

I have never ever received an email originating from yahoo.com which was not spam. If everyone followed this plan yahoo would soon be forced to clean up its system.

I also use Mailwasher to filter out unwanted stuff, and provide another layer of protection against viruses, Nigerian scams, mortgage offers and other malicious or unwanted mail.

Jul 28th, 2002, 10:24 AM
I use Hotmail's "Exclusive" Junk mail Filter. That works really great. Only addresses in my Address Book or Safe List are allowed in my Inbox. The rest go to my Junk mail folder where I can just empty it at a click of a button. There's also a "This is not Junk Mail" button to automatically add it to the Safe List. Possibly the best anti-spam feature on the web! :thumbsup:

Jul 28th, 2002, 07:59 PM
Concerning the IP address, this isn't the originating address. The last "Received" header in the list shows the originating IP (unless the headers have been faked), which is - registered to Xerox...

Xerox Palo Alto Research Center (NET-XEROX-NET)
3333 Coyote Hill Road
Palo Alto, CA 94304

Netname: XEROX-NET
Netblock: -

Farrar, Keith (KF357-ARIN) [email protected]
650-812-4292 (FAX) 650-812-4106

Domain System inverse mapping provided by:


Record last updated on 17-Dec-2001.
Database last updated on 27-Jul-2002 17:42:00 EDT.

Feyd, long time no view-text (I was Christopher Pike in the 'OLD' forum)...

...not sure what you mean about "clogging a list no longer renders the list unusable...". However, if a spammer gets a flood of bounces from non-existant addresses it's wasting the spammers time, and if they pass the list on then at least it's wasting other spammers time. The more fake addresses that get passed around on lists, the less spam people will get (unless the spammers increase their output to compensate). It may not stop you getting spam, but anything that makes spammers have to work harder is good. :)

I agree that you do need to protect your e-mail addresses. When signing up for something I use a hotmail account, and I never (at least not any more, as far as I'm in control of) allow my e-mail address to be displayed on any Webpages.


Jul 28th, 2002, 10:27 PM
Recently I've been getting email which spoofs my address in the header. Example:

From popserve Sat Jul 27 04:20:33 2002
Return-Path: <[email protected]>
Received: from mailin-2.iastate.edu (mailin-2.iastate.edu [])
by pop-2.iastate.edu (8.12.0/8.12.0) with SMTP id g6R9KXDg004872
for <[email protected]>; Sat, 27 Jul 2002 04:20:33 -0500
Received: from ol220-85.fibertel.com.ar( by mailin-2.iastate.edu via csmap
id 20740; Sat, 27 Jul 2002 04:17:09 -0500 (CDT)
From: [email protected]
Message-Id: <[email protected]>
Date: Sat, 27 Jul 2002 05:17:44 -0500
MIME-Version: 1.0
Reply-To: [email protected]
Received: from iastate.edu by BO9AH.iastate.edu with SMTP for [email protected]; Sat, 27 Jul 2002 05:17:44 -0500
To: [email protected]
X-Encoding: MIME
X-Priority: 3 (Normal)
Content-Type: multipart/alternative; boundary="----=_NextPart_794_37834352240333
Content-Transfer-Encoding: Quoted-Printable
X-Sender: [email protected]
Subject: You're Paying Too Much
Okay, not too hard to find the originating IP. What really gets me is this little paragraph at the end:

This email was sent to you via Saf-E Mail Systems.&nbsp; Your email address was automatically inserted into the To and From addresses to eliminate undeliverables which waste bandwidth and cause internet congestion. Your email or webserver IS NOT being used for the sending of this mail. No-one else is receiving emails from your address. You may utilize the removal link below if you do not wish to receive this mailing.
What a crock. Seems to me nothing more than a scheme to get around spam filters. :mad:

Jul 28th, 2002, 10:48 PM
Speaking of spam, a few weeks ago a got a barrage of some pretty strange ones. Each one very similar in that they (essentially) wanted me to transfer 'large' amounts of money to my account to hold it for them :confused: . However, they all came from different people...very suspicious and I don't know what to make of them. I have gotten them at 2 different accounts. Here's one of them exactly as I received it. I would normally delete names and phone numbers, but in this case I don't see what it could hurt to leave them intact. Anyone know what to make of this one or received any similar messages?

Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


Satellite Telephone: 00 871 762 919 ***
Satellite Facsimile: 00 871 762 919 ***

Dear Sir,

I am Moustapha Abacha, the second surviving son of the late General Sani Abacha.

We hereby acknowledge the receipt of your mail to my mother with thanks,

May Allah reward you greatly for your decision to assist us
in this mutually beneficial transaction;

My mother has insisted that I deal with you directly at this crucial
stage in this issue rather than the family lawyer.

As my mother has rightly informed you,we are seriously in distress
as all our saved money abroad totaling over Us$700M has been
confiscated by the Nigerian government.

If you have been following my family's profile in the news lately,
you would have read all this things up.

I wish to inform you at this time that my mother will be reaching you Based on the fact that she would really want to establish a
relationship based on mutual trust and understanding.

So many people have disappointed us home and abroad, even people who benefited from my fathers regime have all bitten the finger that once fed them, that is why we had to throw caution to the wind and trust you a stranger who we had never met all our lives.

Dear Friend, as much as we recognize that a lot of wonders happen these days, you do not have to doubt the authenticity of my mothers mail to you, because we are really oppressed, and we need the assistance of a God fearing person and a good natured man like you to help us clear our funds from a security company, and bank it up for us while we make arrangements to travel and join you up once the surveillance on us is reduced.

For security purposes, I shall be coordinating the Business
transaction as tight security is presently placed on my mother, we cannot afford to Lose the only remaining US$40.30 Million, of all that my fatherleft for us. At the moment, the funds are in a security company and were deposited As African Artworks in some luggage. As soon as we are sure that we can trust you,we shall go ahead to send you the Certificate of deposit and the
luggage numbers and security code numbers.

For the purpose of security and confidentiality, I would require that You and I proceed with this business with telephone and fax
communication, as I would not want to discuss this transaction on The Internet for
security reasons.

So I would suggest that we conduct this business through telephone and fax communication, while my mother will be reaching you via e-mail as security agents bug her telephone line.

As, as soon as I hear from you through my Satellite Telephone numbers and email Address as above, I shall furnish you with the whole details of how to Finalize the transaction and other information you might require or other things you might need to know and also you should be rest assured that this transaction is 100% risk free and success guaranteed.

There are documents backing the legitimacy of this transaction that will convince your bank or any other bank that might doubt the authenticity of these funds.

Also I will send you more information and other information you might require via fax immediately I hear from you on my telephone.

I look forward to your urgent response, as my mother and the rest of the immediate family genuinely need your help.

Truly Yours,


Just to be clear on this, I DID NOT make any contact with him or his mother...lol. This is the first I've heard of him or anything about his 'matter' :confused: .

Edit: On afterthought, I decided to remove the last 3 digits in the phone number, just to be consistant with privacy issues ;).

Jul 28th, 2002, 11:23 PM
Catman, they're right about Internet congestion. You're right about it being another spammer trick too.

boxer_1, those e-mail scams are everywhere now, I read somewhere recently that quite a few people have been sucked in too.

Jul 29th, 2002, 01:17 AM
Originally posted by Pikeus
boxer_1, those e-mail scams are everywhere now, I read somewhere recently that quite a few people have been sucked in too.

Hey Chris...good to see (read) you again and thanks for the info :). I guess I've just been fortunate enough not to have received those spam scams until recently. I can see how it would be easy enough for some people to get sucked into those scams, especially people who are relatively new to the wonderful world of the internet/email and are not yet aware how full of scam oriented people are out there. It's quite pathetic actually :rolleyes: .

Graeme Hackston
Jul 29th, 2002, 09:42 AM
I'm obviously missing something as no one has suggested this. What about using document.write to piece together email address on the fly?

Jul 29th, 2002, 09:58 AM
Originally posted by Graeme Hackston
I'm obviously missing something as no one has suggested this. What about using document.write to piece together email address on the fly?

That is a fairly common practice and works well to prvent your email from being harvested from your source code:

<script language="javascript" type="text/javascript">
document.write('<a href="'+'mailto:'+'boxer_1_2000'+'@'+'hotmail.com'+'">'+'boxer_1_2000'+'@'+'hotmail.com'+'</a>');

Too bad there are so many other ways to get a hold of your email address. Never reply to the 'Click here to unsubscribe' trick. That just lets the spammers know that they've hit a valid email address ;).

Jul 29th, 2002, 10:52 AM
Hey box, it's been a while!

I use the JavaScript method of breaking up my e-mail address, but I mainly use a mailform at my site, that way only people that go out of their way can e-mail you. Even most of the spammers Websites will have one.

Jul 29th, 2002, 06:02 PM
This is my favorite footer to a spam... because we don't want "junk mail" we're hurting the economy and our children!!!

This e-mail is NOT spam! If you received this email, you were on a permission based list. This e-mail was sent by Dialcentric Inc. 3A Professional Park Dr. Maryville IL 62062 phone: 618-288-6661. We are dedicated to saving the global economy by helping small companies with cost effective advertising. If you attempt to stop bulk email, you are damaging the economy and threatening our children's future. To be taken off ALL of our list Click Here

Philip M
Jul 29th, 2002, 08:45 PM
Boxer_1 - You have received one of the many Nigerian Scam emails. I have received upwards of 60 this year alone, often two on the same day.

I am told that a lot of people have fallen for this trick, and the originators make hundreds of thousands of dollars a year. I have to say that I find this rather hard to believe. Is any one really dim enough to believe that someone wants to pay him (and only him) $X million dollars to use his bank account for a crooked enterprise? Or that lots of guys in Africa all want to do the same??

I know that you can only fool some of the people all the time. These are the ones that the Nigerians try to concentrate on.

Jul 30th, 2002, 12:28 AM
Finaly some-one suggested the document.write method.

I use this an all the sites I do and monitor the results, to date - very high success rate of spam free sites.

I have left one site without this method as a "control" I get 10 to 15 spams a week on the control site and around1 to 3 on the document.write sites.

The Nigerian scam has been around for a while though.

We received a new one in the mail the other day, it was a photocopied letter asking us to quote on producing thousands of post it note pads for some company in Asia. They said they would supply all the machinery etc at no charge.

The sales team were estatic!!!!

until I pointed out the letter was not signed, - just a photocopy signiture, - the company was not registered and no web site. Besides, the machinery would be worth tens of thousands of dollars, and when was the last time a customer offered to supply machinery to do the job. - I wouldn't -.. I told them if they replied we would then be asked for a "Deposit" for something, and if we were stupid enough to pay it - that would be the last we would hear of them.

They didn't beleive me, so I got one of the sales guys to ring our export agency, and sure enough, they were know to the NZ Government as a scam!!!!!


Jul 30th, 2002, 01:29 AM
Don't rely on document.write or any other 'weak' attempt at obfuscation to protect an email address...most of the newest gen of harvesters can recognize appropriate information and decode it if need be. And it should be noted that the best harvestres are not the ones that advertise (as in cherry, siphon, etc.)...I've seen more than a few in-house programs that will pick apart a site like you wouldn't believe and dig out email addresses hidden or otherwise. (and most harvesters will filter out all fake email addresses within reason, and the professional harvesters do MX record lookups, so clogging a list with 50,000 fake addresses doesn't work neccessarily work, but it does make you feel better and doesn't NOT necessarily work either...but if you rely on that to protect yourself, your dillusionary :) )

The only safest method is not to display email addresses inline on your site, period. (of course, there are other ways one's email address can be made public)

Alex Vincent
Jul 30th, 2002, 02:13 AM
Take it from one who's already doomed himself to spam for all eternity. The advice already given is good.

I'm not one to like the Exclusive setting on Hotmail -- as occasionally my e-mail address for Hotmail I have posted on articles (including, possibly, Website Abstraction articles). However, I love the feature that sends that junk mail direct to the trash can. Makes sense, too.

One reason I like web-based e-mail accounts is I can delete a whole bunch of them without my e-mail program trying to download them. The only bad part is that if I don't clean out my e-mail every three days, Hotmail shuts down on me...

Jul 30th, 2002, 02:37 AM
I always check my email every day and I get around 20 emails daily. If I didn't check it that often, I'd be overwhelmed with emails. The Exclusive function is a bit annoying, but as time goes on, more addresses are added to my safe list and pretty soon, I'll be able to set it to automatically delete junk messages. I don't communicate with people over email. I have the CodingForums alerts in my safe list, so I always get those. Then I have things I've signed up for on the list also. Once they delete automatically, it will help out with the space limit.

I don't recommend using the Exclusive feature if you have your email address on a website, because you'd be constantly adding addresses as safe. It's primarily for people that only want to get messages from specified addresses (like [email protected], the address that delivers the new post alerts)

This method works great for me, but it isn't for people that receive non-spam messages from new addresses on a daily basis.

<edit my="post" />
Oops. I forgot the word receive above.

Jul 30th, 2002, 05:28 AM
I'm in charge of the generic email at our company - everything that gets sent to the wrong person @ourcompany lands in my mail box.
So far I collected 93 of those scams, and they just keep coming in.

I should be able to retire soon....All those millions, just there for the asking!


Jul 30th, 2002, 09:55 AM
I agree Feyd, using document.write isn't bulletproof, but it will help keep your spam down if you need to have your e-mail address displayed on a page. Some apps will check for obfuscated addresses, some won't. The best thing to do is use a mailform on your site.

If spam harvest applications spend time going out and collecting addresses, and then have to filter out the bad from the good: then the more bad addresses they have, the more of their time it's wasting. Some spammers will use top-of-the-range apps that will perform this process in seconds, but not all of them. I still think it's worth doing.

There is a process where you can add "+++ATH0" to your e-mail address (or fake address list), such as "[email protected]+++ATH0oft.com" and mention on your site for people to remove "+++ATH0".
+++ATH0 is a Hayes modem escape sequence to hang up the modem. Probably won't affect most spammers, but still worth a shot.

Nothing in this world is guaranteed, but some people would rather do something than nothing. If doing these things never worked then it would be futille.

Jul 30th, 2002, 10:05 AM
Originally posted by Philip M
I have reduced my spam by 90% by simply adding *@yahoo.com to my blocked senders list.


Tempting, though I'd block my brother in the process.

Something to be wary of is any free email service who offers automatic forwarding (there aren't many of them now). Any forwarding address you give them is almost guaranteed to get sold and spammed.

Jul 31st, 2002, 05:45 AM
@ the risk of sounding just a dumb® /me can relate to this 'spamcop' stuff...
whattt /me has just a learned® is thattt spamcop is just a service/program® isps 'subscribe' tooo...
nowww...say someone tries to email /me from some isp thattts in the spamcop database??? thennn myyy isp's maleserver which uses the service of spamcop??? will go...nope naddda n' bounce it back...unlesss you put in permissions to the filtering program on the isp receiving maleserver saying...heyyy thiswhatever.com domain wants to receive emale from whomever from wherever??? you can let it pass for onlyyy thattt domain and still have the spamcop work to filter/stop the spam from being sent to other domains just a lso® on your servers...

n' since isps can be deleted/added onto this list many times/week/day??? sometimes the recipients will just a receive® email sent outtt from the 'blocked' domain ifin' it twas just a unblocked® @ the time they tried to send out email...

Jul 31st, 2002, 05:53 AM
Originally posted by Catman
Recently I've been getting email which spoofs my address in the header.

wasnt that just a virus® where it would pick up just a ny® id from the infected users just a ddress® book??? n' insert it into its 'sent from field'???
for some reason /me seems to remember going to my hoster...heyyy /me didnt send this out!!!
n' him saying...nope you probably didnt...however youuur emale just a ddy® is more than likely in someones just a ddress® book who IS infected n' the virus/worm decided to just a choose® yourrrs to be inserted into the from field...:O(((

Jul 31st, 2002, 10:55 AM
Particularly impressed with the effort that went into this:
"This email is sent in compliance with strict anti-abuse and NO SPAM regulations. The message was sent to you
as a response to your ad, an opt-in opportunity, your address was collected as a result of you posting to one of
my links, reviewing your web site, you answering one of my classified ads, you have sent me an E-mail, or you
unknowingly had your e-mail added to an opt-in mailing list. You may remove your E-mail address at no cost to
you whatsoever, simply click on Reply button and put "Remove Me" in the subject line"
I use my [email protected]?subject=remove email address for the removal vehicle.

"Per the proposed H.R. 3113 Unsolicited Commercial Electronic Mail Act of 2000,
further transmissions to you by the sender may be stopped at NO COST to you by
replying to REMOVE type REMOVE in the subject line and you will be removed

This is not spam as we have included contact information & a remove link in accordance with the Unsolicited
Commercial Electronic Mail Act of 2001.

Refer to: http://www.spamlaws.com/federal/summ107.html ":rolleyes:

Jul 31st, 2002, 11:46 AM
There's a PHP method which occured to me the other day - I can't see any obvious flaws with this:


$browser = (ereg("Mozilla",$user) || ereg("Opera",$user) || ereg("Konqueror",$user) || ereg("Lynx",$user));

if($browser) { print '<a href="mailto:[email protected]">email me</a>'; }


Roy Sinclair
Jul 31st, 2002, 06:27 PM
Originally posted by brothercake
There's a PHP method which occured to me the other day - I can't see any obvious flaws with this:


$browser = (ereg("Mozilla",$user) || ereg("Opera",$user) || ereg("Konqueror",$user) || ereg("Lynx",$user));

if($browser) { print '<a href="mailto:[email protected]">email me</a>'; }


The obvious flaw is when the spammer has his search agent pretending to be a real browser by spoofing a common browser. I think the document.write method may work better but I'd suggest not assembling the email address except as a result of a user action. A spambot that runs any scripts on a page wouldn't necessarily press all the buttons or run through all the scripted links on a page too. Also making it very hard to detect the building of an email address should be helpful.

var a = 'myname'
var b = 'someisp'
var c = 64

<a href="#" onclick="alert('My e' + 'ma' + 'il is ' + a + String.fromCharCode(c) + b + '.' + b)">Contact Me</a>

Whatever you do, you should try to make it unlike any other method you've seen. Any method which becomes common will probably be accounted for by the spammers.

I once submitted a javascript to a free site and my email address which had been in use for several years spam free was placed into that script and before I finally abandonded that address I was getting a mass of spam every day.

Jul 31st, 2002, 07:21 PM
Originally posted by justame
wasnt that just a virus® where it would pick up just a ny® id from the infected users just a ddress® book??? n' insert it into its 'sent from field'???Judging from the last paragraph of the message, I don't think so.

Jul 31st, 2002, 08:14 PM
What annoys me is this; my host has a list of all hosted sites, a spider must have got my site within days of launch. :mad:

Might try brothercake's method.

Aug 1st, 2002, 01:57 AM
Originally posted by Catman
Judging from the last paragraph of the message, I don't think so.

/me just a hmmmsss® ...possibly...orrr the worm is just a great® 'coveringup' paragraph writer tooo...hehehe

Aug 1st, 2002, 06:56 PM
Originally posted by mouse
What annoys me is this; my host has a list of all hosted sites, a spider must have got my site within days of launch. :mad:

Might try brothercake's method.

Mouse, internet registrar's sell all the contact information of all registered site owners on a regular basis (hell, I can remember when you could download the entire list freely). Your information is not protected by any privacy laws, at least as far as it applies in the US (and most other countries, you'd have to check in your co, though). No matter how you lock down your site, the email addresses used in your registration for your domain name will get out...no matter what. (Although there is a growing push to have these records protected as a matter of privacy).

Aug 3rd, 2002, 09:46 AM
Originally posted by Roy Sinclair
Whatever you do, you should try to make it unlike any other method you've seen...

came up with this method late last night...


var fakeemail="[email protected]";

var realemail=fakeemail.charAt(6);

link='<a href="mailto:'+realemail+'">'+realemail+'</a>';


its differant... try it :)