[Dshield] victim of spam-trash

Ed Truitt ed.truitt at etee2k.net
Fri Mar 8 15:54:47 GMT 2002

Do you have one or two of the original bounce messages (which should include
the original email sent by the spammer) with ALL headers intact?  If so, you
can send them to me off-list, and I'll see if I can help you identify the
originator.  Then, you can forward a complaint to the originator's ISP (or
upstream provider).  Also, if the originator's IP or netblock is consistent,
then you may be able to set your filters to reject anything originating from

Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

----- Original Message -----
From: "Martin Müller" <mueller at webpartner.de>
To: <list at dshield.org>
Sent: Friday, March 08, 2002 8:56 AM
Subject: [Dshield] victim of spam-trash

> Hi all,
> we have the following problem.
> A spammer is sending tons of emails with the email-adress
> eddiecandy2782 at sse.de as reply-to or mail from in the header.
> The Domain sse.de belongs to a customer from us. (Which isn't the spammer)
> We get serveral thousands emails a day from all in the world with
> errormessages that the mail(spam) isn't delivered because of "unkown user,
> or something else"
> I think the maillist from the spammer is very old.
> In other words, the spammer is sending with our
> emailadress/domain(eddiecandy2782 at sse.de) to i.e. asdf at yahoo.com and yahoo
> is sending the mail to me, that the asdf at yahoo.com is i.e. unkown. The
> yahoo-email-adress is only for example.
> The only thing is, that i have configured this emailadress to be rejected,
> but this does not solve the problem, because with this we are rejecting
> return mails from great companys like yahoo or msn or something else and
> the spammer himself.
> Ive got much emails from concerned users because of spamming, but the spam
> isn't from us.
> What can i do? Has somebody a great idea?
> I have viewed much of this spam, but in all mails is no hint, who it could
> be.
> In the Internet i have found this text
> http://archives.neohapsis.com/archives/crypto/2001-q3/0307.html
> which is one of the contents of the mail(but there are much much more)
> The Email-Adress at the end is a fake too, i think.
> Thanks in advance,
> Martin Mueller
> ---------------------------------------
> Webpartner Kommunikationsdienste GmbH
> Metzstrasse 14b
> 81667 Muenchen
> [[ Attachement of type text/html deleted]]
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:

More information about the list mailing list