What to do about websites that spam

**Chatmaster** · 18-Feb-08, 01:16 PM

Dave have you checked the message properties to confirm the path the email took to your mailbox? The thing is Gmail cannot be used for anonymous spam as far as I know, because it requires a login and password regardless of where you send the mail from. Under View->options in MS Outlook.

**Dave A** · 18-Feb-08, 02:17 PM

Here is the message envelope - I've just edited where my email address shows:

Return-path: <atractnews@gmail.com>
Envelope-to: my email addy
Delivery-date: Mon, 18 Feb 2008 09:25:18 +0200
Received: from mx6.vodamail.co.za ([196.11.146.165] helo=vodamail.co.za)
by server1.za-dns.com with esmtp (Exim 4.68)
(envelope-from <atractnews@gmail.com>)
id 1JR0NA-0005ny-1t
for my email addy; Mon, 18 Feb 2008 09:25:18 +0200
Received: from localhost (localhost [127.0.0.1])
by mx2.vodamail.co.za (Postfix) with ESMTP id 00F7717FB0E
for <my email addy>; Mon, 18 Feb 2008 09:20:32 +0200 (SAST)
Received: from vodamail.co.za ([127.0.0.1])
by localhost (mx1.vodamail.co.za [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 05290-01-4 for <my email addy>;
Mon, 18 Feb 2008 09:20:32 +0200 (SAST)
Received: from vc-196-207-33-198.3g.vodacom.co.za (unknown [10.71.191.64])
by mx2.vodamail.co.za (Postfix) with SMTP id B23E717D517
for <my email addy>; Mon, 18 Feb 2008 09:20:14 +0200 (SAST)
From: "todays news" <expose.news24@gmail.com >
To: "dave" <my email addy>
Subject: Internet tv news station 24/7
Date: Mon, 18 Feb 2008 09:22:19 +0000
Organization: BBC
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0000_01C6527E.AE8904D0"
Message-Id: <20080218072019.B23E717D517@mx2.vodamail.co.za>
X-Virus-Scanned: amavisd-new at vodamail.co.za
X-Spam-Status: No, score=-0.4
X-Spam-Score: -3
X-Spam-Bar: /
X-Spam-Flag: NO

It's not being sent from gmail - it's just claiming to be from a gmail account.

If you try to send a message to this email address, you get

This is the Postfix program at host ctb-mesg7.saix.net.

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can delete your own text from the attached returned message.

The Postfix program

<atractnews@gmail.com>: host gmail-smtp-in.l.google.com[64.233.183.27] said:
550 5.1.1 No such user c5si2891136nfi.2 (in reply to RCPT TO command)

**Dave A** · 18-Feb-08, 02:38 PM

Here's the actual email content - less the link to the site.

We spent one night in Hillbrow, the heart of Johannesburg nightlife and the New York of Africa. We filmed two sets of policemen taking bribe money from illegal immigrants.

Andre reports on the freedom of the press that is under threat in South Africa. This is scary!

One of our viewers told us he did some research and that our web broadcast station is unique.

We are truly international and our hits keep growing hthanks guys.

Scroll down and have a look at the map that shows wher our hits come from. You will be amazed

(link to spamming site)

Reporting without bias and without fear

**Chatmaster** · 18-Feb-08, 02:57 PM

You can read this article for assistance. I have only done this once before and for some reason cannot figure out your source IP, hopefully you have more luck than me.

**Dave A** · 18-Feb-08, 05:01 PM

Basically, that means the spammer was using the vodamail SMTP service to send the message. So Vodacom should be able to trace the subscriber/s who sent the emails then.

**daveob** · 18-Feb-08, 06:03 PM

You do realise the task you're about to undertake ?? -- to get a competant vodacom person ( a REAL person, not an IVR system ) to actually agree to help YOU ( assumably ) a non-vodacom client, and then convince them to take action or give you the details of the sender of the mail ?

Good Luck Dave !!!

**Dave A** · 18-Feb-08, 07:33 PM

Technically, I suspect they're obliged to follow through in terms of the ECA legislation. I'm not going to put any resources into it though; the trail is unlikely to lead back to the site. More likely it's a compromised computer enslaved in a spam botnet.

So the question about what, if anything, can be done about the site remains unanswered so far. As the only beneficiary of clearly illegal volume spamming techniques - what measures can be taken against the site?

So far they've lost what actually would have been a regular visitor - if not promoter - if they hadn't gone about things the wrong way.

**Chatmaster** · 18-Feb-08, 08:54 PM

I suspect this guy sent the email from his local host (based on the IP "127.0.0.1") which makes it possible that Vodacom might be able to trace him. The reason I had trouble reading it is I am not sure whether or not the mail was sent to your vodacom email address or received through it.

**Dave A** · 18-Feb-08, 09:37 PM

Vodacom wasn't a part of my receiving it and it came off my company domain server, server1.za-dns.com.

I should think Vodacom will have no problem tracing the source connection out of their logs. And with it being a Vodacom connection, it's unlikely to be off a server - the trail should lead directly to the service subscriber.

It's interesting that collecting the mail off the server doesn't generate an entry in the envelope.

**Dave A** · 19-Feb-08, 10:20 AM

After getting yet another email this morning, I felt motivated enough to start the ball rolling.

It has come to my attention that the Vodamail service is being used illegaly for the propogation of spam emails. I have received three unsolicited emails, the content of which is near identical, with a clear attempt to conceal their source. Following the promoted link, it is clear from the content of the site that I am not alone in being unhappy that the site appears to be using illegal spamming techniques to promote their site.

Following is the content of the email:
~begin
(content of email already posted here)
~end

The following are the contents of the mail envelopes:

~begin1
(I won't bore you with the details here)
~end1

~begin2
more boring detail
~end2

~begin3
and even more
~end3

I request that you investigate this matter, and would also appreciate any feedback you could give me on this.

This issue is being discussed at the following link, and I think it would be helpful if I could give some feedback there as to whether an ISP is able to assist in matters such as these.
(link to this thread on TFSA)

Yours sincerely

Dave Alcock.

If I get any news, I'll let you know.

**Dave A** · 19-Feb-08, 05:28 PM

Now in terms of the fine print, I'm not supposed to share this with you. But I'm sure Vodacom will excuse me this one time, especially as this is essentially going to be a compliment:

Dear Dave

Thank you for your e-mail communication to Vodacom.

We have logged an official query to our Advanced Data Support Desk who will investigate and contact you with feedback. The reference number is (etc)

They're taking it seriously.

I'd better ask for permission once we start getting to the meaty stuff. One thing's for sure (and I've said it before), Vodacom doesn't stuff around.

**Dave A** · 20-Feb-08, 10:00 AM

Another update:

I got a call from a Vodacom staffer this morning. They have traced the source (apparently there have been other complaints too), and are pursuing legal action against the subscriber.

Just to clarify one point discussed and relevant to my copy of the message to Vodacom - It's not Vodacom that has performed an illegal act, it is the subscriber that has contravened the ECA.

It seems the spamming was no small operation. The volume was sufficient to affect their system performance - so they're feeling pretty motivated.

**Chatmaster** · 20-Feb-08, 10:06 AM

Originally posted by Dave A

Just to clarify one point discussed and relevant to my copy of the message to Vodacom - It's not Vodacom that has performed an illegal act, it is the subscriber that has contravened the ECA.

As far as I know the ECA has a lot of holes in it, unless there has been another amendment to the act that I do not know of. Did they give you any information on exactly what grounds they would like to pursue legal action? It would be very interesting to know.

**Dave A** · 20-Feb-08, 10:23 AM

Originally posted by Chatmaster

Did they give you any information on exactly what grounds they would like to pursue legal action?

No.

They asked me why I had claimed it was illegal - I pointed out the lack of unsubscribe option, the invalid sender and return email addresses, deliberate concealment, and my inability to establish/ask where the spammer got my email address from.

We also covered the fact that it was definitely sent from SA, so SA law has jurisdiction.

I'm also interested on what their legal foundation will be in the end, but I think we might have to keep an eye on the news for that.

What to do about websites that spam

What to do about websites that spam

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment