[BBLISA] Someone is out to get me - spam pretending to be from me

Daniel Feenberg feenberg at nber.org
Fri Jan 14 13:16:05 EST 2005 

First, you aren't in trouble yet. I just checked http://rbls.org and your
customer doesn't appear on any blacklist at the moment.

I think the major blacklists must have figured this one out, and you
should just keep an explanation around to send to anyone complaining
directly to you.

You might also complain to verizon, but don't hold your breath.

Dan Feenberg

On Fri, 14 Jan 2005, alex at basespace.net wrote:

> 
> Hi folks. I was very disturbed to have forwarded to my abuse address a spam
> message which appears to have been sent by a random 3rd party claiming to be
> from and advertising the domain of one of my customers. I'm wondering if
> anyone has seen anything like this before, and if so what to do about it.
> 
> The relevant parts of the message:
> 
> >Received: from info.lifename.com ([151.203.48.240]) by mc12-f16.hotmail.com
> >with Microsoft SMTPSVC(5.0.2195.6824); Thu, 13 Jan 2005 08:15:15 -0800
> >Received: from lifename.com (info.lifename.com [192.168.2.7])by
> >info.lifename.com (8.11.6/8.11.6) with SMTP id j0DGEvv11122for
> ><blockg at hotmail.com>; Thu, 13 Jan 2005 11:15:05 -0500
> >
> >...advertises  http://www.lifename.com/
> >
> >invasion of your privacy, we sincerely apologize. To be permanently
> >removed from our mailing list, please send mailto:remove at lifename.com
> >or go to http://www.lifename.com/unsubscribe .
> 
> lifename.com is a customer in my data center. Their IP address is
> 38.113.6.53. However the mail came from 151.203.48.240, a random Verizon IP
> address. So it looks like someone set up a reverse DNS record for
> 151.203.48.240 that claimed it pointed to info.lifename.com (a name which
> did not have a forward lookup at all until I set one up 10 minutes ago) and
> then sent the mail out from there spamvertizing the lifename.com URL and
> email address. I can only assume they did this in order to get my customer
> and me in trouble with the spam authorities.
> 
> I'm not a spammer, nor am I a spammer haven. I'm just a guy living in a
> townhouse in Cambridge with a data center in my basement. I depend on a good
> reputation to gain and retain customers. You folks know that, since I show
> up to BBLISA meetings once in a while and many of you know me personally.
> But spam authorities don't know that.
> 
> The only evidence I can think of that this spam was not initiated by me/my
> customer is that it came from a different IP address with the reverse lookup
> pointing at me, while the forward lookup for that IP does not point to that
> name. Presumably if I was a spammer I would control the forward zone as well
> and have the appropriate link.
> 
> Thoughts? Advice? I am a bit worried about this.
> 
>  - Alex
> 
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa
>

More information about the bblisa mailing list