[BBLISA] Someone is out to get me - spam pretending to be from me
alex@basespace.net
alex_aminoff at alum.mit.edu
Fri Jan 14 12:10:46 EST 2005
Hi folks. I was very disturbed to have forwarded to my abuse address a spam
message which appears to have been sent by a random 3rd party claiming to be
from and advertising the domain of one of my customers. I'm wondering if
anyone has seen anything like this before, and if so what to do about it.
The relevant parts of the message:
>Received: from info.lifename.com ([151.203.48.240]) by mc12-f16.hotmail.com
>with Microsoft SMTPSVC(5.0.2195.6824); Thu, 13 Jan 2005 08:15:15 -0800
>Received: from lifename.com (info.lifename.com [192.168.2.7])by
>info.lifename.com (8.11.6/8.11.6) with SMTP id j0DGEvv11122for
><blockg at hotmail.com>; Thu, 13 Jan 2005 11:15:05 -0500
>
>...advertises http://www.lifename.com/
>
>invasion of your privacy, we sincerely apologize. To be permanently
>removed from our mailing list, please send mailto:remove at lifename.com
>or go to http://www.lifename.com/unsubscribe .
lifename.com is a customer in my data center. Their IP address is
38.113.6.53. However the mail came from 151.203.48.240, a random Verizon IP
address. So it looks like someone set up a reverse DNS record for
151.203.48.240 that claimed it pointed to info.lifename.com (a name which
did not have a forward lookup at all until I set one up 10 minutes ago) and
then sent the mail out from there spamvertizing the lifename.com URL and
email address. I can only assume they did this in order to get my customer
and me in trouble with the spam authorities.
I'm not a spammer, nor am I a spammer haven. I'm just a guy living in a
townhouse in Cambridge with a data center in my basement. I depend on a good
reputation to gain and retain customers. You folks know that, since I show
up to BBLISA meetings once in a while and many of you know me personally.
But spam authorities don't know that.
The only evidence I can think of that this spam was not initiated by me/my
customer is that it came from a different IP address with the reverse lookup
pointing at me, while the forward lookup for that IP does not point to that
name. Presumably if I was a spammer I would control the forward zone as well
and have the appropriate link.
Thoughts? Advice? I am a bit worried about this.
- Alex
More information about the bblisa
mailing list