TSGL: Spoofed email - Fight Back!

Dave heydave at pacbell.net
Sat Jul 3 16:19:18 EDT 2004 

Believe it or not, the FTC is actually prosecuting spammers & spoofers 
these days, but they need evidence to validate their court cases.

Don't just simply delete spam messages, but instead forward them to
Federal Trade Commission <uce at ftc.gov>
You will not get an acknowledgment or other reply, but your complaint 
will be added to their statistics to prove violations of the Federal 
anti-spam and anti-pornography regulations by originators.

It is important to include the FULL headers, which  may not be  prefixed 
using the FWD key, (my own method is to use the REPLY button,   delete 
the "TO" address and substitute the uce at ftc.gov in its place, then 
copy/paste the full headers from the offending email at the top of the 
"reply" message.

Here is an excellent summary of how to view & copy  full headers in 
various common email clients:
http://128.175.24.251/headers.htm
  [Just discovered by poking around that the U of D Police site has 
other excellent resources for cyber-crime information 
http://128.175.24.251/default.htm]

If in the full header you see a line "

"X-Header-Overseas: Mail.from.Overseas.source" followed by a foreign IP 
number, this does not necessarily mean that the actual offender is 
outside the jurisdiction of the FTC and other USA enforcement agencies 
[for those of you who are outside the USA, please advise your own 
country's appropriate reporting & enforcement addresses, if 
available!].  If the message is particularly offensive or a blatant 
fraud,  if you have the time and energy, right-click on the links (often 
hidden within graphics)
copy the link, then paste that into your forwarded complaint to provide 
additional evidence for the FTC or FBI.  I've determined a great deal of 
scams, though apparently being mailed from overseas, actually originate 
in Florida and a smattering of other states.

All the above also applies to your case of spammers spoofing your email 
address and/or domain identity.  With some effort the actual source can 
be traced, but unless you report it, nothing will ever be done about it.  

As has been discussed here before, when sending email to multiple 
recipients, /always /use BCC, and in the case of mailing lists, send 
them also using BCC.
Here's another University (Rutgers, this time) on this methodology:
http://www.cs.rutgers.edu/~watrous/bcc-for-privacy.html

In summary: FIGHT BACK!  Send a complaint to the domain that permitted 
the open-relay that delivered the message to you, normally found in this 
line of the full header:
"X-Originating-IP: [###.###.###.###]"   
                                (#'s = IP number).
Also, take the time to write your representatives and senators to demand 
stronger anti-spam and privacy enforcement laws!  Use snailmail for 
this. Email is ignored!

hth
dave r

.



Lyn Blyden & Les Ungerleider wrote:

>
>  Help! I use full zone alarm, paid edition, a linksys router, and am
>  on a small, but good ISP in Seattle. I run Ad-Aware, Spy-bot,
>  reg-healer, easy clear and Norton (with all updates) each week. I
>  have my own domain which is on the ISP server.
>
>  I am getting more and more spoofed e-mail going out under my domain.
>  I don't think it is going out from my one and only machine, but I get
>  the rejected e-mail messages, and the names it is sent under are not
>  the names my wife and I use.
>
>  How do I stop my domain from being use for spam? Any other ideas or
>  suggestions? Any comments?
>
>  Thanks for the help
>
>  Les Ungerleider slu at pupik.com
>
>
>
>
>
>
>  _______________________________________________ Tech Support Guy
>  Mailing List http://www.tsgserver.com/list/
>

-------------------------
FULL HEADER of your TSGL post:
~~~~~~~~~~~~~~~~~~~~~~~~~~~

 From - Sat Jul 03 10:35:30 2004
X-UIDL: 035B415D295D3FAFC8C17E4E51D249E5
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Received: from mtac3.prodigy.net by yipvma with SMTP; Sat,  3 Jul 2004 
11:10:36 -0400
X-Originating-IP: [24.137.9.11]
Received: from ns1.cermaktech.com (ns1.cermaktech.com [24.137.9.11])
    by mtac3.prodigy.net (8.12.10/8.12.10) with ESMTP id i63FAZjO029955
    for <heydave at pacbell.net>; Sat, 3 Jul 2004 10:10:35 -0500 (CDT)
Received: from [127.0.0.1] (helo=ns1.cermaktech.com)
    by ns1.cermaktech.com with esmtp (Exim 4.34)
    id 1Bgm9J-0007YJ-UZ; Sat, 03 Jul 2004 11:09:54 -0400
Received: from [216.162.192.5] (helo=jetspin.drizzle.com)
    by ns1.cermaktech.com with esmtp (TLSv1:AES256-SHA:256) (Exim 4.34)
    id 1Bgm9G-0007Y1-6L
    for List at tsgserver.com; Sat, 03 Jul 2004 11:09:50 -0400
Received: from S0027665741 (moist11.drizzle.com [216.162.216.11])
    by jetspin.drizzle.com (8.12.8/8.12.8) with ESMTP id i63F9eEK014485
    for <List at tsgserver.com>; Sat, 3 Jul 2004 08:09:43 -0700
Message-Id: <200407031509.i63F9eEK014485 at jetspin.drizzle.com>
From: "Lyn Blyden & Les Ungerleider" <slu at pupik.com>
To: "'Tech Support Guy Mailing List'" <List at tsgserver.com>
Date: Sat, 3 Jul 2004 08:09:40 -0700
MIME-Version: 1.0
Content-Type: text/plain;
    charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
In-Reply-To: <6.1.0.6.1.20040703102748.0279eeb0 at pop.earthlink.net>
Thread-Index: AcRhCl/qlnWL/ITAQq2w9gkertpWIQABGTzQ
Subject: TSGL: Spoofed email
X-BeenThere: List at tsgserver.com
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Tech Support Guy Mailing List <List at tsgserver.com>
List-Id: Tech Support Guy Mailing List <list_tsgserver.com.tsgserver.com>
List-Unsubscribe: 
<http://tsgserver.com/mailman/listinfo/list_tsgserver.com>,
    <mailto:List-request at tsgserver.com?subject=unsubscribe>
List-Archive: </pipermail/list_tsgserver.com>
List-Post: <mailto:List at tsgserver.com>
List-Help: <mailto:List-request at tsgserver.com?subject=help>
List-Subscribe: <http://tsgserver.com/mailman/listinfo/list_tsgserver.com>,
    <mailto:List-request at tsgserver.com?subject=subscribe>
Sender: List-bounces at tsgserver.com
Errors-To: List-bounces at tsgserver.com
X-AntiAbuse: This header was added to track abuse, please include it 
with any abuse report
X-AntiAbuse: Primary Hostname - ns1.cermaktech.com
X-AntiAbuse: Original Domain - pacbell.net
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - tsgserver.com
X-Source:
X-Source-Args:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
X-Source-Dir:

More information about the List mailing list