Edgars Spam

My Trouble with Spammers

Like many people I have a lot of problems with spammers. If you want to see where my spam is coming from have a look at my collected headers. Perhaps also some legit mails are included. But it's easy to declare a legit mail as spam once in a while if you get a lot of this stuff

For a while now I receive more and more of spam with generated addresses to my domain. The bad part is that this costs me time and money. The good part is that's easy to filter mails to invented addresses.

Some of the spamheaders are secondary spam. Which means that sombody generates addresses at my domain and uses it as a sender address for his spam. So if the mail is rejected for some reason I get the reply :-( In this case I replaced the domain by 'stop.spam' to avoid this generated address being harvested by other spammers.

When you have a look at the size of the monthly spam header files you can see that spam is increasing :-(

Also some people are spamming some of my forums by automatically sent postings. They even post to forums that don't exist anymore. Only the script receiving the spam is still there :-) And because the script can get the senders IP this could make a nice honeypot.

So what I'm about to do ?

I collect the headers of the spam I receive and will put them online every month. So I and other people perphaps can analyse them and at least find the spamming (or at least last relaying) mail server IP address. The rest of a header could be forged.
I started in May 2004 to also archive not only the headers but also spam bodies. You can save a lot of spam on a DVD nowadays.
My idea would be to create my personal hall of fame of spamming mail servers based on this data and publish them some day.

Spam headers
2003
Aug 2003 34K (just 2 days)
Sep 2003 975K
Oct 2003 1382K
Nov 2003 1398K
Dec 2003 1499K
2004
Jan 2004 1896K
Feb 2004 2262K
Mar 2004 2470K
Apr 2004 3971K
May 2004 3316K

Some domains which were advertised for with generated addresses from my domain

http://www.eibs3.com/host/default.asp?ID=omni
http://www.remarkhere.com/host/default.asp?ID=omni
http://www.account7x24.com/host/default.asp?ID=omni
http://www.region365.com/host/default.asp?ID=omni
http://www.banke4.com/host/default.asp?ID=omni
http://www.coolfee1.com/host/default.asp?ID=omni
http://www.currency4.com/host/default.asp?ID=omni
http://www.donat43.com/host/default.asp?ID=omni
http://www.copyrighte.com/host/default.asp?ID=omni
http://www.refer34.com/host/default.asp?ID=omni
http://www.cardcheaper1.com/host/default.asp?ID=omni
http://www.payment33dd.com/host/default.asp?ID=omni
http://www.account45.com/host/default.asp?ID=omni

BTW, these addresses are belonging to

gui zhou
guang zhou
1799 huang pu rd
guangzhou Guangdong 510735
China
tel: 86 020 82061321
fax: 86 020 82061321
liuqinhou23@yahoo.com.cn

chong qing
chongqing
50 da shi rd. nan an
chongqing Chongqing 400060
China
tel: 86 023 62803275
fax: 86 023 62803275
rudaifu1@yahoo.com.cn

So if you know them please tell them to stop. I tried it by email but the addresses given above didn't work.

BTW, if you want to find out who's behind some domain names and IPs to complain you can get help by e.g. Sam Spade and GeekTools .

Porn spammers

Already for a while somebody is spamming my forums with child pornographic links. It was hard work to delete this rubbish all the time. Finally I wrote a filter and automatically forwarded the postings to the police. If you are interested in more have a look at childporn.Mail