IP: My world on this Sunday afternoon... Spam hunting!

[Dave Farber <dave () farber net>]

------ Forwarded Message
From: Gunnar Helliesen <gunnar () bitcon no>
Date: Sun, 10 Mar 2002 13:41:14 +0100
To: "'Dave Farber'" <farber () cis upenn edu>
Subject: My world on this Sunday afternoon... Spam hunting!

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Prof. Farber,

About that discussion on IP a little while back re the origin of
spam.

I just logged on to check my email and found:

3 real emails from real people
15 spam emails

and all these are new since I last checked my email aboout 14 hours
ago.

This is getting out of hand. I feel that you are wrong in saying that
almost all spam originates outside the US, so I decided to
investigate on my recent sample.

Using SpamCop (http://spamcop.net/), traceroute, whois and a web
browser I traced each and every SPAM to determine their origin and
whether they were relayed through some open mail server somewhere:

1. Subject: re: order
Relay: earthlink.net (Los Angeles, CA. US).
Origin: ev1.net (Houston, TX. US).

2. Subject: DVD Movie Lovers
Relay: chinanet.cn.net (Zhengzhou city, Henan Province, China).
Origin: bellsouth.net (Atlanta, GA. US).

3. Subject: (something in unknown charset) [Virus Free]
Relay: None.
Origin: asianet.co.th (Nontaburi province, Thailand).

4. Subject: Fire your boss
Relay: stockstar.com (Shanghai, China).
Origin: bellsouth.net (Atlanta, GA. US).

5. Subject: Invite: Your American Green Card Application
Relay: None.
Origin: 012.net.il (Petach-Tiikva, Israel).

6. Subject: With SmutScope.com, no more video rentals!
Relay: None.
Origin: intrapower.net.au (Fortitude Valley, QLD, Australia)

7. Subject: Copy Any DVD onto CDR!  $24.95
Relay: att.net (Middletown, NJ. US).
Origin: bellsouth.net (Atlanta, GA. US).

8. Subject: Invite: Your American Green Card Application
Relay: None.
Origin: 012.net.il (Petach-Tiikva, Israel).

9. Subject: Invite: Your American Green Card Application
Relay: None.
Origin: 012.net.il (Petach-Tiikva, Israel).

10. Subject: Invite: Your American Green Card Application
Relay: None.
Origin: 012.net.il (Petach-Tiikva, Israel).

11. Subject: Secretly Monitor Your Child or Spouse
Relay: None.
Origin: att.net (Peachtree City, GA. US).

12. Subject: fire your boss..work from home...>>17809
Relay: None.
Origin: gb.com.cn (Yu hong distict, Shenyang, China).

13. Subject: >>Best Grandfather Clock Sale Ever! London Clocks &
Curio LTD.
Relay: online.sh.cn (Shanghai, China).
Origin: Level3.net (Stamford, CT. US).

14. Subject: Marketing Power
Relay: None.
Origin: comcast.net (Pontiac, MI. US).

15. Subject: Re: Can men live like kings in their own home?
Relay: None.
Origin: exodus.net (Boston, MA. US).

While I was investigating this list I of course received yet another
SPAM:

16. Subject: PostCard
Relay: None.
Origin: detesat.net (Tashkent, Republic Uzbekistan).

What surprises me is that quite a few of these do not hide behind
relays, they are in fact quite brazen about it. Several of the
originating machines are not dial-up hosts and were still online and
busy spewing out spam when I checked. Some of them were quite hard to
identify, both in terms of upstream provided and in terms of
owner/operator.

My conclusion: The spammers are getting more professional and
serious.

Gunnar

- -- 
Gunnar Helliesen   | Bergen IT Consult AS  | Open Source activist
Systems Consultant | Bergen, Norway        | Jaguar enthusiast
gunnar () bitcon no   | www.bitcon.no/~gunnar | Märklin collector

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPItU7o8xsDV17sjHEQKGmwCg4PSrkp6fGPJ1FMLaAtpiQvB3W68AnjpH
GUfaftVGyFRRF2p+Z/KH6hSs
=NL04
-----END PGP SIGNATURE-----


------ End of Forwarded Message

For archives see:
http://www.interesting-people.org/archives/interesting-people/