Welcome to Saturday

Some days it doesn’t pay to get up.

Take this morning, for instance.  I came into my office to check my email and found I had received 173 returned messages, supposedly sent from info @ thefunaddicts.com.  All of them (and I did read through all of them) had the subject "36 hours of freedom …" and all were advertisements for Cialis.  Now I like Cialis, but I don’t sell it, and I don’t ever send email from that address.   That address is only used to receive mail for a web site that will soon be taken down, and the registration for that domain will be allowed to expire.  So I knew that someone was using that address to send out spam.  If I received 173 messages that didn’t get through, I can only guess how many such messages did get through. 

I exported all those messages and zipped them up and sent them off to the ISP that handles that domain to make sure that no outgoing traffic had been sent from that site.  But I know that those messages didn’t come from my machine or from that address, since I log onto the Internet from a different ISP and therefore the ISP that hosts that domain would not permit anything to be sent from my machine because I am not ever logged into it.  All that aside, someone is using that address to send out their spam. 

If there is an upside to this whole fiasco, it proved to be a learning experience.   I examined the email headers for the messages that came back to that address.  I already knew something about how such headers are formed, but just to be sure, I researched how to read an email header and found several good explanations on the Internet.  Here is a link to an excerpt from one of them that did what I thought was a thorough job of explaining clearly how to read them.  Just the first paragraph of the explanation is quoted, but you will find it educational to read the whole thing because it will help you understand how mail is sent from one place to the next through the ‘net.

This document is intended to provide a comprehensive introduction to the behavior of email headers. It is primarily intended to help victims of unsolicited email ("email spam") attempting to determine the real source of the (generally forged) email that plagues them; it should also help in attempts to understand any other forged email. It may also be beneficial to readers interested in a general-purpose introduction to mail transfer on the Internet.

Reading Email Headers

I was able to identify the common elements in all the returned messages I received.  They all had the same message ID, the same X-mailer, the same mail server, and, of course, had the same subject and body.  The IP address for each of the messages was different, so I was unable to locate the actual originating source by using a reverse DNS lookup. 

So I have spent the first 3 hours of my day dealing with this issue, and except for enjoying the process of researching and learning about the issues involved, I’d have to say it was time I didn’t intend to devote to this activity.  Still, I learned a few things, and I suppose I’ll choose to be grateful for that.  

technorati tags: , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s