[Dshield] victim of spam-trash

John Sage jsage at finchhaven.com
Fri Mar 8 16:55:38 GMT 2002

It's very hard to uncover the *source* of spam, but often it's
possible to discover the subject: low interest loans, penis
enlargement, h0t chix, etc etc..

Is there absolutely no information (IP address, phone numbers) that
tells you who is supposed to be benefiting from the spam?

Do you have the full contents of the spam to examine.

There should be some clue as to what it's really about; OTOH it could
be an attack, simply an attempt to discredit the owners of the domain


> [[ Attachement of type text/html deleted]]

this may keep us from being able to help you.

Convert the attachment or give it an extenstion *.txt, not *.html and
maybe we can look at it...

- John 
Most people don't type their own logfiles;  but, what do I care?

On Fri, Mar 08, 2002 at 03:56:27PM +0100, Martin Müller wrote:
> Hi all,
> we have the following problem.
> A spammer is sending tons of emails with the email-adress
> eddiecandy2782 at sse.de as reply-to or mail from in the header.
> The Domain sse.de belongs to a customer from us. (Which isn't the spammer)
> We get serveral thousands emails a day from all in the world with
> errormessages that the mail(spam) isn't delivered because of "unkown user,
> or something else"
> I think the maillist from the spammer is very old.
> In other words, the spammer is sending with our
> emailadress/domain(eddiecandy2782 at sse.de) to i.e. asdf at yahoo.com and yahoo
> is sending the mail to me, that the asdf at yahoo.com is i.e. unkown. The
> yahoo-email-adress is only for example.
> The only thing is, that i have configured this emailadress to be rejected,
> but this does not solve the problem, because with this we are rejecting the
> return mails from great companys like yahoo or msn or something else and not
> the spammer himself.
> Ive got much emails from concerned users because of spamming, but the spam
> isn't from us.
> What can i do? Has somebody a great idea?
> I have viewed much of this spam, but in all mails is no hint, who it could
> be.
> In the Internet i have found this text
> http://archives.neohapsis.com/archives/crypto/2001-q3/0307.html
> which is one of the contents of the mail(but there are much much more)
> The Email-Adress at the end is a fake too, i think.
> Thanks in advance,
> Martin Mueller

More information about the list mailing list