Deadbeats' Hall of Lame, Anti-Spammer Training Sessions
Studio42 is not just about flaming spammers. We feel that being educated on how to properly read headers is very important to fighting spam. This site serves to vent, amuse, entertain and educate. This is proof to Studio42's commitment to educating the internet.
Cheri here started out as relatively clueless, but took it upon herself to get more information. Here you can see our transcripts.
- Cheri asks how she got onto a spamming list
- I respond and give some reasons why she's being spammed
- Cheri responds thanking me for the help
- I respond, telling her to hang onto my email address in case she needs help
- Cheri emails me in regards to a spam we have both received. She's asking for some assistance.
- Of course, I help. The headers are broken down and should provide an easy to follow format.
- Cheri thanks me for my help, and grants me permission to use all of these emails for exactly this sort of purpose.
- I respond keeping the offer for help open. Of course, my "next weekend" statement turned into almost 6 months.
- Cheri forwards me a spam, and since I remember I offered to help, I provide assistance.
- Unfortunately help wasn't immediate. I try and make an effort to immediately respond to all email received. Cheri hit me while I was in the middle of a anti-spam project.
- Help is provided a short time later.
- This time Cheri gets a porno spam. I also received this one.
- Expert help is provided as usual.
- Cheri pays me 2 compliments. The first being a Hotmail kill. Yes, I know Hotmail kills are no big deal, but a kill is a kill, and she did it on her own, which is why this is a compliment to my help to her. The second is her saying she things Hotmail should list my site.
- Cheri's Guestbook entry. Hey, just stroking my ego here. Yes, this is how it looks when you make a guestbook entry when I get mailed the entry.
Julie stopped by after being the victim of a drop-box attack. This follows the entire course of the situation, but ends with the spammer still at large and a hijacked site taking action to prevent this from happening again. Julie, who uses Hotmail, is also a victim of typical spammer behavior.
- This is here initial request for help
- Here is her follow-up. Unfortunately, my reply was lost. My fault.
- Proof of attack showing the spammer using her email address for undeliverables.
- My confirmation of the above.
- A suspicious email and I also LART such messages.
- My educated guess as to the true purpose of the above message.
- Julie being attacked again
- Dana Jones is responsible for this attack.
- A follow-up based on help I provided, providing a complete picture.
- My response
Kyle Brody stopped by and requested some assistance. I'm long since lost the initial request for assistance, but it is nice to see that manners still exist. So, we'll just cut out some initial chit chat and get right to the bulk of it.
- Kyle sending me a bunch of headers to analyze. He left out the bodies, but that's OK.
- My response to Kyle's requests. All headers looked up.
- Kyle giving permission to use this thread.
Scott Huffman is a system administrator. We first crossed paths under very bad circumstances. One of his customers hired a spamming company to promote a web site. I complained to Scott's domain because of this. Scott and I disagree on what should be done, but since it is HIS web hosting service, I have no choice but to accept his decision. Scott appears to be very intelligent but is getting spams of a more complex nature, stumping me for the most part as well. Currently I'm providing help and no charge, mainly since for the most part I'm dealing with spam he is personally receiving. We both seem to be getting the same spams, which makes things easier. Scott is also sending not only the complete headers, but also the entire spam. This is helping me providing a more complete picture on specific spammers.
As I said, Scott and I didn't see eye to eye on an earlier issue. Here is that transcript:
At this point, I did not respond, figuring the best way to resolve this issue was to just let it drop. At this point I was annoyed and didn't want to do anything stupid or foolish, so I'd just not respond to the message and let the thread stop. Clearly Scott and I had very extreme differences of opinion on how to handle this issue. I was rather extreme and I'm not a trusting individual. It's Scott's network, and at this point I must accept Scott's decision, regardless of how I feel. I hope for Scott's benefit that he is right and I am wrong. Hey, it could happen. If it happens that I am wrong, then I'll be happy to say that a internet newbie has been educated.
- Scott's BIG response to the complaint. I received this twice only because I received the spam on two different accounts of mine. This is in regards directly to this spam and indirectly to that spam.
- Scott's correction to his previous email. Smart move on his part. Like the above message, I received this one twice, for the same reason as above.
- My response, with a section regarding how to responded to the complaint.
- Scott responding and defending his customer, which still encouraging me to go after the actual spammers.
- My response as to why I am not going after the actual spammers, due to legal issues
- Scott presenting an interesting challenge in acquiring log entries, as well as acknowledging why I won't go after the actual spammers.
Fortunately, Scott has emailed me back, which I am glad about. I was worried I may have angered him, but he seems to be the understanding sort. This is an interesting transition because based on his original lack of action against a customer of his, I was dreading his next volley of emails. After the 3rd interchange, I was actually enjoying conversing with him.
- Scott asking for help in regards to a relaying server.
- My response, rather long, but wanted to give Scott a lot of ideas.
- Scott reporting a Fire Power spam.
- My reponse, as these headers are tricky.
- Scott reporting another Fire Power spam. Seems these jerks have been quite busy.
- My lookups again, showing CompuServe as the originating point.
- Scott reporting a Canus.Net scam spam. I also got one of these. Scott also sent me his response along with it.
- My comments since Scott seemed to have done the rest of the work correctly. This is an experience issue. This shows Scott is picking up things fast.
- Scott reporting yet another Fire Power spam. That means we've both received 3 of these weekend.
- Minimal response in regards to the headers, but advice on dealing with overseas servers, especially on a weekend.
- Scott reports that one of the admins that he complained to has revealed the location of the spammer. This is proof that some administrators will assist when asked.
- My reply. I'm fairly sure Scott can collect a kill on this one.
- Scott gets one of those investigator spams and is really asking to help confirm things.
- Seems to me that Scott did a pretty good investigation. My investigation matched his investigation, although we differed on a telnet issue. Scott's making good progress at this point, even successfully breaking a forgery.
- Scott receives one of those "big companies owe public money" scams. I received it a few days later.
- I went ahead and investigated this one and sent it along with my suggestions. I'm guessing he's comparing my work-up with his and see if we agree.
- Scott poses an interesting point about relaying. This is an important one to see if you're relatively new.
- There is no relaying in this spam, but rather a local abuser using the local server to do the spamming. At this point, due to my increasing work load and spam load, I had to discourage some of his emails. Personally, I'd rather educate others, but my current load is simply not allowing that. Hopefully Scott will start to visit the web board top get help, where lots of visitors would also jump at the chance to assist.
Joseph Thomas caught me in a VERY bad mood when he asked for help. Seeing as how I may have on average over 5000 emails a day(most of which going to invalid addresses on my domain), I can not possibly remember ANYONE. Seeing as how his email came in after my server was being THROTTLED with spam, topped with Pacific Bell decided "crappy connection day", you could most likely see the veins in my forehead pulse in my anger at spammers. I know this will be my eventual undoing, but I decided to help out Mr. Thomas anyways, even though later on he reminded me I had said I would help him. To ensure this problem doesn't happen again, I've created a filter to flag Mr. Thomas's messages as "help"
At this point it is too bad Jason is sending me spams that are more advanced. It would be nice to start him slowly, but the spammers are moving onto new methods of stealing service.
- His first request for help involves some misreading of headers due to forgeries and therefore making assumptions.
- I show him that the server is mis-configured, masking the true originating point.
- This one involves relaying, but also following the trend of hijacking the LAN server to get to the outgoing server.
- Unfortunately this is another case of a poorly configured server.
- A very offensive spam forwarded to me by Mr. Thomas. I'm proud to see how he has benefitted from this site. This message proves to me he has learned a great amount, and that this spam definately deserves to be posted here to warn others. Thanks Joseph!! Hopefully someone will benefit from this.
- The Driver's License Spam is Mr. Thomas's lastest spam.
- I attempt to answer his questions as best as I can. The spammer is a persistent problem to the internet.
Dr. Jakobsen started things out in a very positive manner by leaving some wonderful comments in the guestbook. He had some questions, so I responded to his guestbook entry via email and volunteered to help him investigate this spammer.
The Flintberg File: These are so old I forgot about them, so I'm adding them many years after the fact and it will have to stand on its own.
- Dr. Jakobsen's response to my email, which also contained a text file attachment that was the spam. I included the spam in the "body" of his message for ease of correspondence.
- My response and investigation back to him. Hopefully he discovered the same thing I did.
- His thanks on the above. Always a pleasure to be able to help others.
- His Initial Email regarding a spammer.
- His following Email regarding a spammer.
- My Reply to his emails.
From time to time, people need help. Ask and you shall receive. To save time and space, I'm presenting these ina slightly different manner. Here you will see the question and answer on the same web page. Ideally, this is perfect for the Anti-Spam Web Board, but that's OK.
Questions to the Spam Hater:
- Digicom Nationwide Services spammers question
- A follow-up on the above
If you are one of the dilweeds who sent me unsolicited email or are someone thinking about it, drop dead.
Also, if you've got a complaint about my anti-spam feelings or want to scold me for being justifiably sick of spam, I have the following words of wisdom for you:
BLOW IT OUT YOUR ASS!
Anyone else, I'd like to hear from you. Click below and drop me a line.
Anti-Spam Site administrator