Spam: Customer Data, Let’s Sell It!

November 24th, 2003 by Richy B. Leave a reply »

My system has just tagged that Driveway.com (aka IBackup.com) and Sandbox.com have sold on their mailing lists with one of my email addresses to a spammer. I receive almost identical emails to two tagged addresses: one I used on driveway.com, the other sandbox.com: contents follow….

Both were sent from were “injected” directly into my incoming SMTP server (instead of being sent via their ISP), both claimed to have been sent via Eudora, and both had incorrect/faked Message-Ids (that message ID’s were actually created by my mail server). Oh – and they were both in HTML format and had “web bugs” in them (images loaded from a remote server which would enable the spammer to see who opened the email and therefore whose email address was valid).

Needless to say, both spams got reported via Spamcop.net to their upstream providers.

Driveway.com spam email (my details XXXX’d out)

Return-path: <kq@freeality.com>
[snip]
Received: from [68.51.147.107] (helo=freeality.com)
by XXXXXwith smtp id 1AONaE-0002×7-Ah
for XXXX@XXXXX; Mon, 24 Nov 2003 20:45:22 +0000
From: Medical Miracle <VrCzJNd@freeality.com>
To: XXXX@XXXXX
Subject: Sexual Sensations come only once in a lifetime ..
Date: Mon, 24 Nov 2003 16:45:56 -0500
Mime-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Content-Type: text/html; charset=”iso-8859-1″
Content-Transfer-Encoding: 7bit
Message-Id:

<HTML>
<head>
<body bgcolor=”WHITE”>
</head>
<div ALIGN=’CENTER’><A HREF=”http://m3z.biz/vpoil/?eLRJ”><IMG ALT=”Loading..” SRC=”http://211.162.108.122/L/2/Zitx.gif” BORDER=’0′></A></div>
<br><br>
<DIV align=”CENTER”><A href=”http://211.162.108.122/o.html?gHezqi”>Stop</a> future announcements</DIV>
<br><br>
</BODY>
</HTML>

Sandbox.com spam email (again my details XXXX’d out)

Return-path: <mAWrV@kindredkonnections.com>
[snip]
Received: from [82.131.5.40] (helo=fotf.org)
by XXXXXX with smtp id 1AONfQ-0002z0-FH
for XXXX@XXXX; Mon, 24 Nov 2003 20:50:44 +0000
From: Medical Phenomenon <ZM@freeality.com>
To: XXXX@XXXX
Subject: Bedroom Sensations only come once
Date: Mon, 24 Nov 2003 16:51:18 -0500
Mime-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Content-Type: text/html; charset=”iso-8859-1″
Content-Transfer-Encoding: 7bit
Message-Id: <E1AONfQ-0002z0-FH@XXXX>

<html>
<HEAD>
<BODY BGCOLOR=”WHITE”>
</head>
<div align=’CENTER’><a HREF=”http://m3z.biz/vpoil/?IqquR”><IMG ALT=”Loading..” src=”http://211.162.108.122/L/2/KvHSxnx.gif” border=’0′></a></DIV>
<br><BR>
<DIV align=’CENTER’><A href=”http://211.162.108.122/o.html?sMzlVr”>Stop</a> future announcements</DIV>
<br><br>
</BODY>
</HTML>

This post is over 6 months old.

This means that, despite my best intentions, it may no longer be accurate.

This blog holds over 12 years of archived content - during that time, I may have changed my opinion of something, technology will have advanced (and old "best standards" may no longer be the case), my technology "know how" has improved etc etc - it would probably take me a considerable amount of time to update all the archival entries: and defeat the point of keeping them anyway.

Please take these posts for what they are: a brief look into my past, my history, my journey and "caveat emptor".

1 comment

  1. Chris says:

    I noticed thet yesterday too. Also an address used at weblogs.com is being pelted recently too.

Leave a Reply

gamy-dance
%d bloggers like this: