Press "Enter" to skip to content

Spam: Customer Data, Let’s Sell It!

My system has just tagged that Driveway.com (aka IBackup.com) and Sandbox.com have sold on their mailing lists with one of my email addresses to a spammer. I receive almost identical emails to two tagged addresses: one I used on driveway.com, the other sandbox.com: contents follow….

Both were sent from were “injected” directly into my incoming SMTP server (instead of being sent via their ISP), both claimed to have been sent via Eudora, and both had incorrect/faked Message-Ids (that message ID’s were actually created by my mail server). Oh – and they were both in HTML format and had “web bugs” in them (images loaded from a remote server which would enable the spammer to see who opened the email and therefore whose email address was valid).

Needless to say, both spams got reported via Spamcop.net to their upstream providers.

Driveway.com spam email (my details XXXX’d out)

Return-path: <kq@freeality.com>
[snip]
Received: from [68.51.147.107] (helo=freeality.com)
by XXXXXwith smtp id 1AONaE-0002×7-Ah
for XXXX@XXXXX; Mon, 24 Nov 2003 20:45:22 +0000
From: Medical Miracle <VrCzJNd@freeality.com>
To: XXXX@XXXXX
Subject: Sexual Sensations come only once in a lifetime ..
Date: Mon, 24 Nov 2003 16:45:56 -0500
Mime-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Content-Type: text/html; charset=”iso-8859-1″
Content-Transfer-Encoding: 7bit
Message-Id:

<HTML>
<head>
<body bgcolor=”WHITE”>
</head>
<div ALIGN=’CENTER’><A HREF=”http://m3z.biz/vpoil/?eLRJ”><IMG ALT=”Loading..” SRC=”http://211.162.108.122/L/2/Zitx.gif” BORDER=’0′></A></div>
<br><br>
<DIV align=”CENTER”><A href=”http://211.162.108.122/o.html?gHezqi”>Stop</a> future announcements</DIV>
<br><br>
</BODY>
</HTML>

Sandbox.com spam email (again my details XXXX’d out)

Return-path: <mAWrV@kindredkonnections.com>
[snip]
Received: from [82.131.5.40] (helo=fotf.org)
by XXXXXX with smtp id 1AONfQ-0002z0-FH
for XXXX@XXXX; Mon, 24 Nov 2003 20:50:44 +0000
From: Medical Phenomenon <ZM@freeality.com>
To: XXXX@XXXX
Subject: Bedroom Sensations only come once
Date: Mon, 24 Nov 2003 16:51:18 -0500
Mime-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Content-Type: text/html; charset=”iso-8859-1″
Content-Transfer-Encoding: 7bit
Message-Id: <E1AONfQ-0002z0-FH@XXXX>

<html>
<HEAD>
<BODY BGCOLOR=”WHITE”>
</head>
<div align=’CENTER’><a HREF=”http://m3z.biz/vpoil/?IqquR”><IMG ALT=”Loading..” src=”http://211.162.108.122/L/2/KvHSxnx.gif” border=’0′></a></DIV>
<br><BR>
<DIV align=’CENTER’><A href=”http://211.162.108.122/o.html?sMzlVr”>Stop</a> future announcements</DIV>
<br><br>
</BODY>
</HTML>

One Comment

  1. I noticed thet yesterday too. Also an address used at weblogs.com is being pelted recently too.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.