Log in

No account? Create an account

> Recent Entries
> Archive
> Friends
> Profile

April 15th, 2004

Previous Entry Share Flag Next Entry
01:30 pm - JOE-JOBBED!
Recently I noticed a spike in the number of "Undeliverable" messages being dropped in my inbox. I've been getting maybe two or three a day now, and I just got three in the last few hours alone. Normally I don't touch 'em and just delete them outright, because the last time this happened, it was due to a virus sending out fake bounce messages with the payload in an attachment. Shrug, says, I, and just delete em.

Only today I bothered to open one and read it. It was a legitimate bounce, all right ("no such user exists at this address") and was sent to a gibberish username on my hosted domain (as spatch.net is a catch-all for email, all mail sent to anything@spatch.net will come directly to me.)

This was the headers on the mail that they bounced back to me:
Received: from scl8vwall01.int.exodus.net ([]) by
    ussc8bh02.Global.Cwintra.Com with Microsoft SMTPSVC(5.0.2195.5329);
         Thu, 15 Apr 2004 05:20:53 -0700
Received: from by scl8vwall01.int.exodus.net (InterScan E-Mail
    VirusWall NT); Thu, 15 Apr 2004 05:20:53 -0700
Received: from ([])
        by usrp1ry01-int.global.cwintra.com (8.12.9/8.12.9) with SMTP id
        for <jeremiel@cwusa.com>; Thu, 15 Apr 2004 05:20:32 -0700 (PDT)
Date: Thu, 15 Apr 2004 05:20:28 -0700 (PDT)
From: "Hamlet Boganski" <nmrakvpakykmbn@spatch.net>
X-Mailer: The Bat! (v1.53d)
Reply-To: "Hamlet Boganski" <nmrakvpakykmbn@spatch.net>
X-Priority: 3 (Normal)
Message-ID: <8949925454.20040415072035@spatch.net>
Subject: dr..ugstor..eoffer ##.. che.apmedicine ..... 3  !
Now here's where I get mad. If you can't decipher it, that's all right. Here's what's happening.

The spammers have grabbed my domain, spatch.net, and thrown it into a program that generates fake email headers, inserting my domain into the From:, Reply-To: and Message-ID: headers (you can tell I did not send the message due to the IP and host, exodus.net, in the first "Received:" line there.)

The worthless spammers are now doing their job hidden under my domain's name, as well as, one can imagine, the domains of many other innocent people. Instead of your email address being harvested just to sell to, now your address can be harvested and exploited as well! My god, I love technology.

Now I wonder how many catch-all automatic "we don't care, the name was on it" blacklists my domain's been placed on (sup SPEWS, you completely fucking worthless service) and how many email messages may have potentially never gotten to their intended destination because of this. If I've lost even one potential job offer because my emailed resume was never received, then that's grounds for nothing but sheer and unrestrained anger.

I mean, it's one thing to grab my email address and send me ads I don't want. Big deal. I delete 'em, they don't bother me. I get annoyed if the signal:noise in my inbox goes above comfort levels, but still, I can just add some more procmail recipes or something if it really gets bad. But to have my domain used by spammers? Even if in name only? To have my domain misrepresented and exploited so that, with one more layer of subterfuge, they remove themselves from the heavy burden of receiving "undeliverable" bounce messages? That's when I get mad.

Only I can't do anything. Tracking one dood down by his IP and yelling at his ISP won't do me a damn lick of good. He'll just find another provider, or go to another account already set up. There's no legal recourse (oh, how laughable) and no way of getting any kind of satisfaction or justice from this. All I have is cheap obscenity-tinged "fleas on amoebas on rats" rhetoric and not much else, besides the mental image of "bulk email deployment specialists" being taken out onto the street and given curbies, American History X style.

Good god, I'm pissed. SMTP seems useless nowadays. I mean, it wasn't created with the abusive kinds of personalities in mind. It worked far better when everybody actually used it properly. I think it's time to shut down the Intar Web and start all over again.

(12 comments | Leave a comment)


Date:April 15th, 2004 11:06 am (UTC)


Welcome, Brother!

I see that all the time here at work. Our domain (fredlaw.com) has been besieged by these bouncebacks for the past year. And that's on top of the spam we receive as well.

Out of 20,000 messages daily, 82% are garbage.
[User Picture]
Date:April 15th, 2004 12:06 pm (UTC)

company for your misery

that's funny, i just noticed the same thing today. a bounce from some ISP, but i was going, "wait a minute, i didn't email that address ... did i?" and then i was thinking, wait, someone is going to think i'm sending them spam! but even worse, what -if- people have my domain on their kill lists? it's almost as bad as identity theft lately. i was thinking, "can't anything be done to stop all this?" it's enough to make you want to become an internet refusenik.
Date:April 15th, 2004 12:22 pm (UTC)

Re: company for your misery

Hear hear! Refuseniks represent.
[User Picture]
Date:April 15th, 2004 12:43 pm (UTC)

Re: company for your misery

This happened to me a few months ago. As I don't host my own domain, i went to dreamhost and asked what they could do to stop it. Nothing, they said. So yeah. GREAT VENGEANCE AND FUUUURIOUS ANGER.
[User Picture]
Date:April 15th, 2004 12:57 pm (UTC)


Blacklists work by IP, not by whatever words are stamped in the message. In fact, you can't even look up "spatch.net" on the SPEWS site - it tells you to check by IP instead.

...and apparently, "spatch.net" is, which is actually "starchild.astral.net", and SPEWS has dinged it as "spammer-tolerant hosting". So, yes, you're in the RBL's, but not because you've been joe-jobbed: SPEWS thinks your ISP is a naughty boy. Find out more at http://www.spews.org/html/S2100.html.

...holy crap, I'm in there too! They've dinged all of Hurricane Electric, which hosts astral.net and dyndns.org. Jesus, SPEWS, can you be any more indiscriminate?

Well, I haven't noticed any mail being rejected, and I'm on the same SPEWS record and I've been joe-jobbed for a lot longer than you. So don't panic.
[User Picture]
Date:April 15th, 2004 01:10 pm (UTC)

Re: Blacklists

SPEWS is completely worthless as anything but epenis++ games between the maintainers at this point.
[User Picture]
Date:April 15th, 2004 01:51 pm (UTC)
As handy as it is to get mail to anything@yourdomain, your blood pressure might appreciate locking it down to some actual addresses that exist, because of things like this.
[User Picture]
Date:April 15th, 2004 02:29 pm (UTC)
It's happening at davii.com and joelies.com.

The joelies.com one REALLY ticks me off because I haven't done jack or shit with that domain until the last few months, and no e-mail address there has been published anywhere on the intarweb. Or used for any reason. Those bastardly bastard bastards.
[User Picture]
Date:April 15th, 2004 05:10 pm (UTC)
They just straight up stole my dad's email account for spam. I think they got Chuk too.

These people are meat to be wasted.
[User Picture]
Date:April 15th, 2004 06:43 pm (UTC)
This has been happening at my e-mail address on aol.com, as well (hey, don't judge the AOL!). Now that even AOL has been blocking what seems to me to be about 98% of spam, they need to come up with soe other way of annoyng the holy hell out of us. This crosses the line, though.

Spammers deserve to be shot.
Date:April 15th, 2004 07:27 pm (UTC)


Have you considered finding them and beating the ever-lovin' crap out of them? I've found that to be an effective deterrent.
Date:April 15th, 2004 08:09 pm (UTC)
I purposely deleted all the mailboxes on my oldest domain precisely because of this: along with apalling levels of spam, I was getting bounce messages out the wazoo thanks to some endearing UBE senders and their dictionary attacks. Also, my internet provider, SPEWS says, is a spamhaus (intriguing, as I get access from MY UNIVERSITY), so mail from me never seems to arrive, unless I use a yahoo! account. The ironing.

News on "improved" STMP trickles down every so often (usually it's challenge/response based crap), but then again, news about cryogenic freezing also trickles, and I have yet to see the RFC for that.

> Go to Top