Basically, at 19.20, I made the following complaint to ICSTIS and The Telephone Preference Service in relation to a spammy text (SMS) message I received:

A SMS text message was sent at around 19:05 GMT (although the timestamp on the message reads 00:43:53 31-12-2003) from +08717120395 to my telephone preference service registered mobile phone (07732XXXXXX) with the message:
“You have 1 new BPQ voicemail message. Please call 0871 712 0395 to listen to it.”

When calling the number it says (in a format similar to a voicemail) “Sheila Brown of the BPQ awards department” tried calling and for me “reagrding an award prize which has to be claimed within 48hours” and for me to call 090 65393698 with NO cost of call disclosed.

It’s now 4 days on and I’ve managed to delete over 44,450 emails and there are another 47,552 still awaiting deletion. Yep – that’s over 90,000 emails in a space of a few days(!) I’ve spent most of today re-writing my email zapper (it’s called cleardemon.pl by the way) to be more efficient (previously it was making a separate connection to the mail server for each “attack name”: but now the last of “spammed addresses” is over 1,400 I needed to make it work on the mail as a group). But still running TOP on the emails in 1,000 blocks and then sending the DELETE command didn’t have much affect (it was taking around a quarter of a second to a second to send the delete command for each email: in that time 2 more emails came in!).

I’m now running a quick script to try and clear the POP3 mailbox down a bit more (by just sending 50,000 “DELETE” commands to the server), but I don’t hold up much hope. It’s looking like I’m going to have to give tech support a call tomorrow to get them just to flush my mailbox.

Why don’t I run something like SpamAssassin? Well, I would if I could. But it’s a “dialup/ADSL” POP3 email account, Demon don’t provide SMTP delivery to ADSL customers (but they do to conventional dial-up Modem users: go figure!) and I can’t change the MX records either. The good news is is that in the new year, they are introducing Brightmail filtering which should hopefully see spam drop (I’ve heard of figures between 75% and 98% with less than 1 in one million false positives!).

Ho hum. Oh, since typing the last two paragraphs I’ve now got 47,729 emails awaiting deletion: that’s nearly 200 emails in a matter of minutes(!).

[add] Actually, I’ve just taken a five minute average from 00:52 to 00:57 and I’m getting 16.6 emails per minute: that’s 996 per hour or 23,904 per day! Gulp!

Both were sent from were “injected” directly into my incoming SMTP server (instead of being sent via their ISP), both claimed to have been sent via Eudora, and both had incorrect/faked Message-Ids (that message ID’s were actually created by my mail server). Oh – and they were both in HTML format and had “web bugs” in them (images loaded from a remote server which would enable the spammer to see who opened the email and therefore whose email address was valid).

Needless to say, both spams got reported via Spamcop.net to their upstream providers.

Driveway.com spam email (my details XXXX’d out)

Return-path: <kq@freeality.com>
[snip]
Received: from [68.51.147.107] (helo=freeality.com)
by XXXXXwith smtp id 1AONaE-0002×7-Ah
for XXXX@XXXXX; Mon, 24 Nov 2003 20:45:22 +0000
From: Medical Miracle <VrCzJNd@freeality.com>
To: XXXX@XXXXX
Subject: Sexual Sensations come only once in a lifetime ..
Date: Mon, 24 Nov 2003 16:45:56 -0500
Mime-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Content-Type: text/html; charset=”iso-8859-1″
Content-Transfer-Encoding: 7bit
Message-Id:

<HTML>
<head>
<body bgcolor=”WHITE”>
</head>
<div ALIGN=’CENTER’><A HREF=”http://m3z.biz/vpoil/?eLRJ”><IMG ALT=”Loading..” SRC=”http://211.162.108.122/L/2/Zitx.gif” BORDER=’0′></A></div>
<br><br>
<DIV align=”CENTER”><A href=”http://211.162.108.122/o.html?gHezqi”>Stop</a> future announcements</DIV>
<br><br>
</BODY>
</HTML>

Sandbox.com spam email (again my details XXXX’d out)

Return-path: <mAWrV@kindredkonnections.com>
[snip]
Received: from [82.131.5.40] (helo=fotf.org)
by XXXXXX with smtp id 1AONfQ-0002z0-FH
for XXXX@XXXX; Mon, 24 Nov 2003 20:50:44 +0000
From: Medical Phenomenon <ZM@freeality.com>
To: XXXX@XXXX
Subject: Bedroom Sensations only come once
Date: Mon, 24 Nov 2003 16:51:18 -0500
Mime-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Content-Type: text/html; charset=”iso-8859-1″
Content-Transfer-Encoding: 7bit
Message-Id: <E1AONfQ-0002z0-FH@XXXX>

<html>
<HEAD>
<BODY BGCOLOR=”WHITE”>
</head>
<div align=’CENTER’><a HREF=”http://m3z.biz/vpoil/?IqquR”><IMG ALT=”Loading..” src=”http://211.162.108.122/L/2/KvHSxnx.gif” border=’0′></a></DIV>
<br><BR>
<DIV align=’CENTER’><A href=”http://211.162.108.122/o.html?sMzlVr”>Stop</a> future announcements</DIV>
<br><br>
</BODY>
</HTML>

Success! Just shows – if you complain to the right people you can get the scumbags removed! I’m just waiting for the response from The Telephone Preference Service and mwhhaa! I’ve actually just received a spam SMS text message to my mobile phone (which is registered with TPS) so I’ll be sending off another complaint in the next day or so.

Read on for a copy of the letter.

ICSTIS
The Independent Committee for the Supervision of
Standards of Telephone Information Services
4th Floor, Clover Building, 4 Maguire Street, London, SE1 2NQ
Tel: 020 7940 7474. Fax: 020 7940 7456
Press Office: 020 7940 7408
Email: secretariat@icstis.org.uk
Web: www.icstis.org.uk

Dr Mr xxxxxxx,

Unsolicited Telephone Marketing – prize competition

I am writing with reference to your complaint about the receipt of an unsolicited telephone call advising the recipient that they had won a prize and which asked them to dial a premium rate number in order to make a claim. Please accept my apologies for the delay in my reply that is unfortunately due to a backlog of complaints.

As you may now be aware, ICSTIS supervises both the content and advertising for premium rate services. ICSTIS develops and applies a Code of Practice to the companies that operate premium rate services (service providers). These companies are bound by their contract with the network operators such as BT, Cable & Wireless and Vodafone to comply with the requirements of this Code. Premium rate numbers are usually prefixed with the 090 code.

An investigation has been undertaken into the promotion of an unsolicited automated telephone message about which you have complained and the ICSTIS Committee has recently found breaches of the ICSTIS Code Of Practice. The promotion of a recorded competition information line was found have been done so inappropriately, as well as being found to be misleading. The promotion failed to meet a number of specific provisions that apply to competition services and the content of the recorded message was found to be unduly delayed. In view of the breaches found, the Committee decided that a fine of £10,000 should be imposed and that access to the service should be barred for twelve months.

Should you wish to purse redress or to ensure that your details have been removed from a company’s databases, we recommend that you contact the company responsible for the service and message directly. In this case, the details we have for the company in question are as follows:

The Prize Warehouse
PO BOX 6017
Basingstoke
RG21 4ZB

You can register your wish not to receive unsolicited telephone marketing calls by contacting the Telephone Preference Service (TPS) on 020 7291 3300.

Individuals whose numbers are already registered with the TPS should contact the Office of the Information Commissioner, the body that enforces data protection and privacy legislation, to register a formal complaint on 01625 545 700.

I hope that this is clear and we would like to thank you for taking the time to contact us.

Yours sincerely,

xxx xxxx
Case Officer

This wouldn’t be too bad apart from the fact Demon’s mail servers are suffering from the load – as Gradwell’s ISP Mail System Performance chart shows, emails sent to demon.co.uk email addresses are taking over 6 hours on average to arrive: and that’s just not good enough for me (plus the lack of “server side filtering” makes things even worse).

I’m still planning on keeping Demon for my ADSL connectivity at the moment (I haven’t got time to currently hunt ADSL providers that can offer over 3Gb/traffic per day), but I no longer trust them with my email.

However – the Gradwell chart shows that one of our (ie my employers) main rivals in one portion of their business – UK2.net – is just as bad as Demon. 5hours+ delays and 13 missing emails.

On seconds thoughts, it is a fun game – I scored 3,860 on my first go and 10,430 on my second. Once you get a machine gun or flame-thrower (yep, you can get “gun upgrades”) you can easily kill Sid straight away before he sends you any spam and get bonus points.

My spam levels have been quivering between only about a dozen a day (usually at weekends) to the deluge I got yesterday of around 800 I tend to report each “unique” message to Spamcop (selected on the criteria of “To:” address and “Subject:” being different from the spam I have in my mailbox at that time – some spammers send around 20 mails to the same address with the same subject: only one of those gets reported).

Ok, a month and a day ago (yep, I should have done this entry yesterday) I purchased 25Mb of “Spamcop reporting” (paying for membership just adds a few fancy things such as ‘past reports’ and ‘amount of spam reported’ – it also removes a few ads and the “parse” time delay). I now have just 10.3Mb left. Yep – in a month, I’ve reported just under 15Mb of spam. My “average usage rate” is 5.53bytes per second or 14.3Mb per month or a massive 174.4Mb per year (that’s an increase of 50.5Mb per year since 3 weeks ago).

At the moment, I seem to be reporting more like 10% of my spam to Spamcop – therefore I receive around 55.3bytes of spam EVERY SECOND: that’s 4.5Mb a day. A month, that’s 136Mb. So – therefore, I receive in the region of 1.63Gb of spam a year.

The good news is that after the well known spammer Alan Ralksy was featured on a Slashdot article (referring to a freep interview) several Slashdot visitors decided to “turn the tables” on him. They’ve signed him up with practically every form of “snail mail” to his home address of 6747 Minnow Pond Drive, West Bloomfield, Michigan, MI 48322, USA. Of course, the other Slashdotters were happy to hear this

Ralsky was actually sued by the Verizon company and is barred from sending their customers spam late in October… Ralsky doesn’t, however, seem too happy about people taking photographs of his house – Rich Clark has received some threatening phone calls within 24 hours of taking some quite nice photographs.

Oh – and AOL also won a spam case against the spammer outfit CN Productions and owner Jay Nelson.

Are the tables turning against the spammers after so long? I hope so…

What really got annoyed was the fact that they had sent 20 identical messages to the same email address each time. And they had an average size of 20.7Kb each. *Richy nashes teeth*

So, for your “amusement” and interest, I have “captured” one of the spams and “disassembled” it for you.

An anatomy of the spam I received….

Received: from punt-1.mail.demon.net by mailstore for submit@spamarchive.org
id 1038227951:10:13224:267; Mon, 25 Nov 2002 12:39:11 GMT

This, although it is the first Received: line, is technically the last one. This shows that one my POP3 mail servers (ya know, the servers which you ‘normally’ pick up your email from) received a message destined for my email address (here substituted with submit@spamarchive.org to try and catch spammers) at 12:39:11GMT on Monday.

Received: from [203.206.197.10] ([203.206.197.10]) by punt-1.mail.demon.net
id aa1018094; 25 Nov 2002 12:38 GMT

This line shows the mail server (punt-1.mail.demon.net) actually receiving the spam from the spammer’s server. You’ll notice that there are two sets of IP addresses shown: the first is what the sending mail server “claims” to be, the the second (in brackets) is what “my” mail server recognised the sending server as. Usually you may see something like “outbound.example.com ([127.0.0.1])” – this shows that the sending mail server claimed to be the server at “outbound.example.com” and “my” mail server detected its IP as 127.0.0.1 (which is wouldn’t do normally as the 127.x.x.x is a reserved “netblock” for loopback testing and hence shouldn’t be seen in “the wild”: other reserved netblocks are 10.x.x.x, 172.(16-31).x.x, and 192.168.x.x). Example.com is a “reserved” domain name as well.

Since I know I can “trust” punt-1.mail.demon.net to correctly report the IP address of the sending server and since this is the first Received: line, I know that the spam was sent for 203.206.197.10. Looking up the IP address via SamSpade reveals that it belongs to the netrange 202.0.0.0 to 203.255.255.255 which is suballocated by the APNIC (Asia Pacific Network Information Centre). So off we pop to their website do a quick WhoIs search and we find out that the sub-range 203.206.0.0 to 203.206.255.255 is allocated to “Flow Communications” in Sydney, Australia. So we’ll notify them of this abuse of their “Terms And Conditions Of Usage”

Checking the IP address against a the Multi-RBLs list of open relays reveals the company that uses 203.206.197.10 (as Flow Communications are just their ISP) are operating what is called an ‘open-relay’: a email server that will allow anyone to send email through it. In the early days of the internet, this was a good thing as mail would get to the destination no matter what: but they were so abused that running an open relay mail server is “bad” and there are a number of blacklists listing these abused servers.

Reply-To: <alerene22qxi328@example.com>

Many spammers use fake ‘Reply-To:’ and ‘From:’ lines to ensure that bounced mail and complaints don’t come back to them. If their product/service was so good, why go through the effort of hiding who you are? In this instance, we do not complain to “example.com” (not the original domain) as they are an innocent bystander who is probably already p—d off with the number of complaints they have received.

Message-ID: <031d55d43e2e$5838d4a5$7cc23bc1@owhsfv>

The message ID can be ignored 99.99% of the time – it is extremely rare that it provides any useful information – occasionally you may be able to recognise the “pattern” of the message ID and work out which item of SpamWare software the spammer is using to send the message, but even that information is near enough worthless.

From: <alerene22qxi328@example.com>

See “Reply-To:” above.

To: <submit@spamarchive.org>

Now, this is unusual – a “To: ” line with the email address that the spam was sent to correctly filled in! Usually, you may find a whole list of email addresses in this field (or the “CC:” field), or something like “Undisclosed Recipient” as the spammer used a similar system to BCC: (Blind Carbon Copy) to send out the spams. A “unique” To: line like this indicates that the spam was sent in a manner of one-at-a-time: for bulk emailing, this is slower (as instead of sending one spam to several million addresses, you send one spam to a single address repeated several million times), but it does get through some peoples spam filters (as they filter on the basis “Is my email address in to To: field”).

Subject: Need a Mortgage Loan That Works For You, 5.25% 30 yr. Fixed Rate.

A mortgage for 30years? *shudder* No thanks, my now 23 year mortgage is more than long enough! Plus, it’ll probably only be only applicable to US residents (although they sent the spam to email addresses ending in .co.uk)

Date: Mon, 25 Nov 2002 12:34:02 -0000
MiME-Version: 1.0
Content-Type: multipart/mixed;
boundary=”—-=_NextPart_000_00E3_62A22B6D.B7818C24″
X-Priority: 3 (Normal)

Standard email headers – but the multipart/mixed line indicates that this message could could have attachments to it.

X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
Importance: Normal

Whilst it is possible for someone to send bulk email using Microsoft Outlook Express, it isn’t conceivable that someone would do this as it would be too time-consuming. Therefore, it is common for spammers to set lines like X-Mailer: to ‘imitate’ or ‘fake’ a valid email program’s details: after all, lots of spam sent out tagged ‘X-Mailer: SpamWare 1.94 Super!’ would soon be filtered and blocked…

<html>

Nooo! HTML email! Do NOT ever send me HTML email: email was designed to be plain ASCII text which can be read by practically anything. HTML mail limits you to using things like Microsoft Outlook and similar programs which support HTML inline. If I decide to read my email “on the server” or via MailWasher, then I just get a bunch of HTML code.

Plus, the fact that HTML mail can contain web bugs – which are references to little images on the spammer’s server which will allow them to see who has ‘opened’ their email. Oh, and HTML mail could also include Javascript/ActiveX style components which could do all sorts of nasty things to your machine (see the KAK Worm for an example of this). Just to let you all know, I’ve disabled all ‘scripting’ components from running in my mail client (I personally would prefer to use ANT’s Marcel email client as it is a ‘no-frills’ package which doesn’t support HTML) and I’ve also limited the ports+machines my email client can attach to: therefore web bugs, “inline graphics” etc just will not run on my machine.

[snipped large chunk of email]
<a title=”http://rd.yahoo.com/468/103/*http://INNOCENT.EXAMPLE.com/m1000/”
href=”http://EXAMPLE.COM/d/mortgage3″>

Here we see signs of the spammer being crafty. The <a title> just acts as an indicator to where this link leads to: it will appear on the users screen and in their ‘status’ bar and is usually used for ‘informative’ items. However, in this case, the spammer is framing TWO innocent parters: Yahoo and “Innocent Example”.

For “user-tracking” purposes, Yahoo redirects people following certain links from their site through their “redirection” server http://rd.yahoo.com – however, it is easy to change the parameters of the “destination” the redirect is going to and hence anyone visiting that link will go to the http://innocent.example.com/ site via Yahoo!. However, and this is the sneaky part, spam complaints MAY get directed to Yahoo! as their URL is being “spamvertised” in this manner – luckily, SpamCop and many other semi-automated systems are “wise” to this trick and don’t send complaints to Yahoo.

The “real” URL of the spammers site is shown in the ‘href’ section – in this case it would be http://EXAMPLE.COM/d/mortgage3 (the real URL has now been shut-down by the spammer’s ISP).

Anti-SPAM Policy Disclaimer: Under Bill s.1618 Title III passed by the 105th U.S. Congress, mail cannot be considered spam as long as we include contact information and a remove link for removal from this mailing list. If this e-mail is unsolicited, please accept our apologies. Per the proposed H.R. 3113 Unsolicited Commercial Electronic Mail Act of 2000, further transmission to you by the sender may be stopped at NO COST to you! <a href=”mailto:chrisericson6@hotmail.example.com”>Remove</a>

Ok, first of all, I’m UK based so this is not relevant to me (but the UK Computer Misuse Act section 3.2 does apply to my systems – and I never authorised the spammer to use them!), secondly this was advertising a mortgage service and advertisements for said services in the UK need a disclaimer such as: “YOUR HOME IS AT RISK IF YOU DO NOT KEEP UP YOUR REPAYMENTS ON A MORTGAGE OR OTHER LOAN SECURED ON IT and thirdly – S1618 was never passed as a law!

Yep, that’s what – the spammer is lying to us “big time”, here’s the background:
The US Senate Bill 1618 (aka “S.1618″) had a section (301) referring to transmissions of unsolicited commercial email (aka “spam” to me). It was approved by the US Senate on the 12th of May 1998 and referred to the House Committee On Commerce on 21st October 1998. However, the Bill then “died” and did not become law. And as this article states, to actually comply with this non-existent law, spammers would have to include their name, physical address, email address and telephone number at the beginning of the email. So, bang, this email definitely does NOT comply with the law.

Continuing on “Per the proposed” – proposed: i.e. not law “further transmission to you by the sender may be stopped at NO COST to you“, so my bandwidth, time and storage (because I keep all copies of outgoing email) is no worthless? I think I can count all of those as valid costs…

It then gives me a “email drop box” address (on Hotmail) to send an email to if I want to get off their list (a list I never asked to be on in the first place). I have never responded in this manner for the reasons Abuse.net outlines: basically it is not in a spammers best interest for people to be able to remove their addresses and just going to their site/emailing them just confirms that somebody read their email. And anyway, the “default” Hotmail account size is just 2Mb: imagine if everybody sent a removal request to that account-it’ll soon fill up wouldn’t it? I doubt that this email address actually ever existed, and if it did Hotmail (again innocent “bystanders” just like Yahoo!) have probably shut it down by now anyway.

<!–START Zcounter.com COUNTER CODE, DO NOT MODIFY–>[snipped]
<a
href=”http://www.zcounter.com/c2/statsviewer.cgi?page=barrycooper”><img
src=”http://www.zcounter.com/c2/stats.cgi?page=barrycooper” height=”15″
width=”15″ border=0 alt=”View Stats”></a&gt

This is crafter- using a third party as a ‘web-bug’ host. Basically, every time this email is opened using a “HTML-aware” email client (such as Microsoft Outlook) it will try and fetch an image from Zcounter’s server (which appears to be dead at this moment in time) and it will “count” that the person has read the email. Therefore the spammer can work out some statistics such as ‘number of emails sent, number of emails read, number of responses’.

If they were crafter and could find a reliable webhost that was willing to become known as hosting spamvertised websites, then they could have set up a similar tracking system and find out exactly who read the email….

And there concludes “An Anatomy of a Spam”. Next time on “The Online School of Hard Knocks – Department Common Sense”, I will be telling you how it is a bad idea to get reaallllyyy drunk….

Now, remember that I only report an average of 6% to SpamCop, that means that I get around 65.5bytes of spam per second, 3.83Kb per minute, 230Kb of spam per hour, and 5.53 Mb of spam per day. That’s a lot of crap in my mailbox Now to escalate that up to a yearly figure and I receive around 2.02Gb of spam! Sheesh! That’s over 3 CDs full of spam. Take in to account all the bandwidth and storage fees – PLUS my time spent sorting through it all (you could also include the SpamCop reporting fee) and it does add up: so much for the spammers excuse that “you shouldn’t complain as it doesn’t cost you anything”….

Oh yes, and because of an article on Slashdot, I’m now CC’ing most of the reports I send to SpamCop to SpamArchive. I don’t know what they are planning on doing with all the spam that gets sent to submit@spamarchive.org, but at least they’re getting lots of it now

Now, if I could only get my hands on people like Alan Ralsky and Laura Betterly (two big time spammers) *grr*. If any spammers (or, if you must, “senders of unsolicited commercial or bulk email”) are reading this: I DO NOT buy ANYTHING that has been advertised via these methods and I DO report it to your ISPs. Please stop wasting my time, your time and your ISPs…

Oh, and yes, transcripts of all the documents he sent (all were JPG format) have been made – ideal if you are received the same files from the spammer and were doing a search to find some “background data”….

My emails to Jerry at jerry.duruibe@email.ro seem to be hitting delays while being delivered by HotMail to Jerry’s mail drop on Astral FreeMail, but after the delays he’s managed to get back to me with some “helpful” details.

First of all, I have a response from my day 5 message claiming that I my plane to New Zealand had been delayed by “mechanical failure”:

From : Jerry Duruibe
Subject : Pls Call Soonest
Date : Tue, 19 Nov 2002 01:53:50 +0200
MIME-Version: 1.0
X-Originating-IP: [216.139.170.12]
Received: from zerg.codec.ro ([193.230.240.30]) by mc1-f32.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Mon, 18 Nov 2002 15:52:15 -0800
Received: (from httpd@localhost)by zerg.codec.ro (8.11.6/8.11.4) id gAINro420272;Tue, 19 Nov 2002 01:53:50 +0200
Message-Id:
X-Mailer: freemail 0.9.8
X-User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; YComp 5.0.2.6)
X-Organization: ASTRAL FreeMail
Return-Path: jerry.duruibe@email.ro
X-OriginalArrivalTime: 18 Nov 2002 23:52:15.0353 (UTC) FILETIME=[85747E90:01C28F5D]

Dear Mr. Pilchard,

How are you? I believe by now you must have gotten my voice message. Please
endeavour to call me as soon as you are back from your trip and amny thanks for
your sincere mail.

I will fax over the documents to you as soon as I get to my office tomorrow,
the court held my whole day. Have you heard from the security company? Please
you must not respond them without reaching me first okay. I want us to work
closely in this pursuit.

Have a nice business time over. Anticipating your call.

Regards,

Jerry Duruibe ESQ.

> Dear Jerry,
>
> Luckily I’ve been informed that my plane’s been delayed by 12 hours due to
[snipped]

And then a little later on, true to his word, his responds to my “Re: Pls Confirm Safety” email also sent on day 5 (when I landed at “Pudnuowg Nibru” in New Zealand):

From : Jerry Duruibe
Subject : Documents
Date : Tue, 19 Nov 2002 20:28:09 +0200
MIME-Version: 1.0
X-Originating-IP: [217.117.9.86]
Received: from zerg.codec.ro ([193.230.240.30]) by mc8-f25.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Tue, 19 Nov 2002 10:27:25 -0800
Received: (from httpd@localhost)by zerg.codec.ro (8.11.6/8.11.4) id gAJISBC28451;Tue, 19 Nov 2002 20:28:11 +0200
Message-Id:
X-Mailer: freemail 0.9.8
X-User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)
X-Organization: ASTRAL FreeMail
Return-Path: jerry.duruibe@email.ro
X-OriginalArrivalTime: 19 Nov 2002 18:27:25.0835 (UTC) FILETIME=[4F35CDB0:01C28FF9]

Hello Rich,

I have been trying to send these attached files for the past five hours but the
Internet connection got so bad that it could come. Please find the attched
documents and please call me at any time to confirm the receipt.

I hope your day was good, I wish you best of the trip. When do feel you can be
back?

Expecting your response.

Regards,

Jerry.

> Hi Jerry,
>
> I haven’t long landed in Pudnuowg Nibru in New Zealand – why they have to
[snipped]

I don’t know exactly what went wrong on the email transmission, but the attached files he sent were slightly mangled and I had to download the raw email from HotMail and then use “munpack” to get hold of them. But here they are: certdep (certificate of deposit), deathcer (death certificate) and the will will1 and will2.

Stay tuned for what happened next…
[Back to day 5]

• certdep.jpg 80Kb (Certificate of Deposit)
  As you can see, it does look quite “official” and real looking doesn’t it. Well, I’ll hate the shatter any illusions, but as we know, there is no one could “Richard Pilchard” (as he’s an imaginary person created by me) and “Albert Doto Pilchard” on the certificate is a faked name (see day 1 for details). If “City Securities” did actually print this out and scan it, it must have cost them a whole 12p – after all, since these are scanned copies we can’t tell if the “microprint” on the certificate is actually real or if it’s just been printed on the paper after being reduced in something like Photoshop. And anyway, once it gets to the point where “City Securities/Jerry” have to start providing “evidence”, they are quite sure they’ve got a victim and are going to get quite a bit of money from them.

  I’ve transcribed the document as well as I can here:

  CITY SECURITIES LIMITED
  Certificate of Deposit

  City Securities Limited
  CSL00177813521/97
  XXBCSL0093411XB
  CODES XB00117D0Q93
  CBZ1400XXXB2

  No: CSLVD/007342219

  Name: ALBERT DOTO PILCHARD
  Address: NO. 48 THOMAS AKINJIDE STREET VICTORIA ISLAND LAGOS
  Telephone: 01 613663
  Fax: 01 613663

  This is to certify that the above firm/person(s) have deposited a consignment tagged B-GA 19391/97
  Declared as CASH DEPOSIT (MONEY) on this date mentioned 15TH OCTOBER 1997

  [signed] Depositor [signed] Witness [signed] For: City Securities Limited
  [ ] Thumbprint

  * This deposit is made and acceptable under the strict terms and conditions stipulated in the deposit agreement

• deathcer.jpg 45.6Kb (Death Certificate)
  I’ve got no idea what a Nigerian death certificate looks like, but I’m sure it looks better than this! Again, it does look officialish – complete with a “Sagbama Local Government Council Death Registration Dept” stamp on the bottom of it. But surely such an ‘official’ document (especially since it’s stamped ‘Original’) would have some sort of watermarking to make the word “Copy” or similar show up (usually in red) if it is copied – and surely the death certificate should of a ‘date and place of birth’ on it as well… Anyway, here’s the transcript:

  Form D.2
  ORIGINAL

  FEDERAL REPUBLIC OF NIGERIA
  SAGBAMA LOCAL GOVERNMENT COUNCIL
  SHOMOLUE, RIVER STATE-NIGERIA
  Birth/Death Registry
  DEATH CERTIFICATE

  Issued under the Births and Deaths Etc. (Compulsory Registration) Decree 69 of 1992

  Registration Centre SAGBAMA L.G.A. COUNCIL Certificate Number D NO: 648936
  Town/Village SHOMOLUG
  L.G.A. SAGBAMA L.G.A. Volume SLG018 YEAR 1998 ENTRY NO DR-969246
  State RIVERS STATE

  This is to certify that the death, details of which are recorded herein has been registered on
  28th Day APRIL Month 1998 Year
  at this Registration Centre

  1. Full Name: (surname First) (in block letters) PILCHARD D. ALBERT
  2. Sex: Male (M)
  3. Date Of Death 21st Day APRIL Month 1998 Year
  4. Age at Death: 57Yrs
  5. Place of Death: SAGBAMA L.G.A
  6. Full Address of Usual Place of Residence of Deceased: No 48 THOMAS
  AKINJIDK STREET VICTORIA-ISLAND LAGOS
  Place of Issue: SAGBAMA L.G.A. COUNCIL
  Name of Registrar: Rufus Okorie
  Date: 28/04/1998
  Signature of Registrar: [signed - dated 28-04-98]
  [stamp: SAGBAMA LOCAL GOVERNMENT COUNCIL DEATH REGISTRATION DEPT]

• will1.1.jpg 68.1Kb and 56.5Kb
  And a copy of Albert Pilchard’s Will:

  THE WILL AND TESTAMENT OF MR ALBERT PILCHARD
  I Mr. ALBERT PILCHARD of No 48 Thomas Akinjide Street, Victoria Island, and
  Lagos State hereby revoke all former testamentary disposition made by me and
  declare this to be my last will.

  (1) I appoint Mr. JERRY DURUIBE ESQ. OF OLISA AGBAKOBA &
  ASSOCIATES of 21 Ahmed Onibudo Crescent Victoria Island, Lagos State
  and Mr J.C. Okereke of 41 Ryle street Ikeja Lagos state (hereinafter called my
  trustees which expressions shall include the trustees for the time being here of]
  to be the executors and trustees of this my will

  (2) I give to my trustees all my real and personal property whatsoever and
  wheresover [including all entailed property of which I have power to expose
  by will] viz
  a) A deposit with city securities limited valued at $7,800,000 USD.
  b) One duplex unit situated at no 13 Ogundele Street Ikeja Lagos.
  c) One twin duplex at no 16 Whyte Street Port Harcourt Rivers state.
  d) Stocks with Mobil Nigeria Unlimited, Union Dicon Salt Limited, UAC
  PLC and First Bank plc. Valued at $180,000USD
  e) A deposit with Global Diplomatic Services – UK valued at £380,000.

  3) My trustees shall hold the said property upon trust to sell the same with power
  in the absolute discretion to postpone such sale for so long as they shall think
  fit without being liable for loss.

  4) My trustees shall hold the proceeds of sale on all unsold property and my
  ready money upon the following trusts.
  a) To pay my debts, funeral and testamentary expenses.
  b) Subject there to my wife VIRGINIA PILCHARD if she survives me one
  month after my death absolutely
  c) Subject there to my two children GERALD PILCHARD and ADLINE
  PILCHARD if they survive me one month after my death absolutely.
  d) Provided that if my two children already mentioned shall die in my life
  time or after my death under the age of eighteen years and unmarried
  then the said proceeds of sale and all unsold property shall be held for
  any person or group of persons my trustee deems appropriate absolutely

  

  5) Any trustee being a solicitor or other person engaged in any profession or business
  may be so employed or act and shall be entitled to charge and be paid all professional
  or other charges for all business or acts done by him in connection with the trust here
  of including acts which a trustee could have done personally.

  IN WITNESS whereof I have hereunto set my hand this 13th day of January 1998
  [signature] ALBERT PILCHARD

  SIGNED by the above- mentioned
  ALBERT PILCHARD as his last will in
  the presence of us present at the
  same time who at his request in
  his presence and in the presence
  of each other have subscribed
  our names as witness.

  IN THE PRESENCE of
  NAME: J.C.OKEREKE
  SIGNATURE: [signature]
  DATE: 13th January 1998
  ADDRESS: NO 41 Ryle Street Ikeja Lagos State.
  OCCUPATION: Stock broker

  IN THE PRESENCE of
  NAME: Mr.OKEY IKE
  SIGNATURE: [signature]
  DATE: 13th January 1998
  ADDRESS: NO 19 Boyle Street Apapa Lagos State
  OCCUPTION: Accountant.

  PREPARED BY: Mr. JERRY DURUIBE OF OLISA AGBAKOBA &
  ASSOCIATES (Legal Practitioner) of Anthony Village Lagos state Nigeria.

Return to navigation