If you've come here, you probably received spam claiming to be from me or somebody at my domain. Alas, all you will find here is another victim. I hate spam as much as you do. Perhaps more, because they are hiding behind my name when they do it! I have never and will never send out spam of any sort. I religeously scan my computers for viruses and hackers to prevent them from using my computers to send out spam. Believe me, the spam isn't coming from me! However, there has recently been a significant increase in the amount of spam claiming to come from my domain. So I thought it would be helpful to put up this page to at least explain why I'm not the guy to be mad at.
What is happening is called "Joe Jobbing" in Internet jargon. Here is a definition from Wikpedia. Basically it is a spammer using somebody else's name to send out their spam. Not only does this give them an identity to hide behind, but it also means the bulk of hate mail gets sent to the person who was Joe Jobbed. While I consider spammers a subhuman life form worthy of extinction, one of them that allows innocent people to get blamed for their actions is the kind that I would really like to see behind bars for a very long time.
Starting in mid-April, I started getting bounced e-mails from somebody using my domain in the From: and Reply-To: fields of their e-mail spam. This pissed me off, but it isn't the first time that it has happened and, unfortunately, won't be the last. So I tried to be philosophical about it and just go on with my life as though slugs like that didn't exist.
But the number of bounced messages continued to increase and they all had the same format (a .gif image of text about a great stock to buy). It became apparent that this was the work of a single spammer, and the amount of spam being sent out was large and increasing.
I started looking for a way to find out who this was so I could report them to their ISP. In doing some web searching based on clues I had seen in the e-mails, I came across a page with comments from fellow sufferers from this attack.
This has been the most insideous spam attack using my domain name that I have ever seen. And apparently, I'm not alone. In the past month and a half, I've received over 557 bounce messages. These are messages that a mail server sends back when it is unable to deliver a message (e.g., the user no longer has an account on the system or a typo in the name). Since the spammer has forged the headers to claim his spam came from me, the server sends me the message that it didn't get delivered. So that means 557 messages were sent to no longer valid e-mail addresses. Imagine how many that implies got sent to valid e-mail addresses — like yours! And that's just the spam sent out using my domain name.
By the way, if you think 557 spams in six weeks is a lot, realize that my spam filters collect approximately 1500 spams a week. The number varies week to week, almost never less than 1000, and as high as 3000. Like I said earlier: I HATE SPAM!
No doubt there are still a few gentle readers of this page who think the above is just another ploy by a spammer to deflect blame. That I'm really the evil bastard who is sending this stuff out. Or maybe I'm just a schmuck with a Windows machine infected with viruses that are allowing the spam to get sent out from my machines. Let me try to explain how to recognize some of the obvious ways to detect forged headers.
E-mail is, in many ways, like regular postal mail. When I write the return address on an envelope, I can put down anything I want. I could fill in the name and address of anybody I wanted to. How would the person receiving the letter know it wasn't from that person?
One clue might be the cancellation stamp put on by the Post Office. In addition to preventing the stamp from being reused, this also has the identity of the Post Office branch where the mail was processed. So if I send a letter with a return address from someplace that doesn't match the location of the Post Office branch in that same place, that would be a clue that the return address was a forgery.
Some people may think that e-mails, because they are handled by compters, are immune from such forgery. However, that isn't the case. For better or worse, the Internet and many of its mechanisms were developed in a time when the idea of security and protection from strangers wasn't the concern it is today. As a result, most of the information contained in an e-mail is trusted to be accurate by the computer passing them on. Very little checking goes on.
What some of you might not realize (since many "modern" e-mail programs hide the fact) is that e-mails contain more than just To, From, and Subject headers. While many programs only display these particular ones by default, it is usually possible to display the full e-mail headers. Consult the documentation for whatever program you use for the way to do this. You can also go to your favorite web search engine and enter the name of your e-mail program and "full headers" to find instructions for this. These extra headers (particularly the Received: header) allow you to spot forged headers.
Oh, what the hell, after the third attempt to describe header tracking in a clear, concise way, I've decided there are much better descriptions on the web already. We don't need my feeble attempt added. Search for "spam" and "forged headers" and similar items and you'll find lots of information on the web about how to spot spam.
First and foremost, never, and I mean never, reply to spam. Not even to select the "unsubscribe" option. At best this will accomplish nothing. More likely, it will indicate to a spammer that your e-mail address is a valid address and you will just get more spam. There are probably still a few clueless legitimate companies out there that send out spam and would truely remove you from their distribution list if you asked. But the number is becoming vanishingly small. Any reputable company on the Internet nowadays knows that they should be using "opt-in" mailing lists (i.e., you have to request being added to the list rather than having to request being removed).
When I say never reply to spam, I also mean never give them what they want. Never visit a web site, or request information, and for God's sake, don't ever buy anything from somebody sending you an unrequested e-mail. Spam is profitable or it wouldn't exist. Because it costs nearly nothing to send out a million spam messages, it takes hardly anybody responding to generate profits.
You may have noticed I haven't told you how to stop getting spam. Sorry,
you aren't going to get rid of it. The best you can do is get yourself a really
good spam filter program and have it at least keep you from dealing with the
bulk of it.