Need help with Spam!! Can someone try to figure out where it is coming from?

[LordJezo]

All of a sudden every day I am getting 10+ pieces of spam, which is up from 0 a day for the past 4 years.

I can tel each one is from the same place because they all contain the same little opening sentence:

You are receiving this email because you opted-in to receive special offers from (whoeverissendingspam) through one of our online affiliates.

Each also has this webaddress at the bottom to "unsubscribe", which I won't click because I know it might just get me more spam.

Anywho, here is the address at the bottom of every one of the spams:

http://64.119.218.139/cgi-bin/unsub.cgi?m=2277&e=myemailaddresswouldbehere

Can anyone pinpoint it or anything?

 

[Pepsi90919]

DoS

 

[dullard]

Honestly clicking unsuscribe will initially get you more spam. But if you keep it up (unsuscribing to the new spam it generates) it will go away. That is the only way to get rid of it without much work.

Since they aren't getting unsendable messages they already know your email account is working...

 

[LordJezo]

Originally posted by: dullard
Honestly clicking unsuscribe will initially get you more spam. But if you keep it up (unsuscribing to the new spam it generates) it will go away. That is the only way to get rid of it without much work.

Since they aren't getting unsendable messages they already know your email account is working...

Are you sure abotu that? That goes against everything I was ever taught about spam.. from what I have read and been told about for the past 6 years clicking it will only bring you more, and the only thing to do about it is to deal with it.

 

[dullard]

Are you sure abotu that? That goes against everything I was ever taught about spam.. from what I have read and been told about for the past 6 years clicking it will only bring you more, and the only thing to do about it is to deal with it.

Its worked in at least a dozen cases where people came to me with that problem (and I've never seen it fail). They are all down to zero spam (me included). Yes initially you will get more spam - which is what everyone has been saying. But eventually they get the clue and stop sending it.

Companies are willing to pay money for email addresses. But when they keep buying addresses from a place where everyone unsuscribes right away that company realizes they are buying from someone who is a spammer and thus the money they spend was a waste. Thus they stop buying from the spammers. If you don't unsuscribe, then they will assume they are buying valid email addresses, and will continue buying from that spammer and continue sending you those emails.

 

[Demon-Xanth]

For me, it worked for a while. But then the spammers who don't put VALID unsubscribe information still get through. And one I've unsubscribed from more than a dozen times.

 

[LordJezo]

Originally posted by: Demon-Xanth
For me, it worked for a while. But then the spammers who don't put VALID unsubscribe information still get through. And one I've unsubscribed from more than a dozen times.

That's what I am worried about.

 

[thenerdguy]

How many porn sites have you been to?

 

[Demon-Xanth]

Just checked my home email address. 8 spams. 3 are the same spam w/ different senders. 0 valid unsubscribes, only two bothered even putting a broken link.

 

[LordJezo]

Originally posted by: thenerdguy
How many porn sites have you been to?

That's the thing.. I never use this email address for anything on site that are shady. I have worthless hotmail accounts for that.

It's why I can't figure out how this address is getting so much spam.

 

[MrBond]

In my experience, those type seem like (more or less) legitimate companies who bought your name somewhere. Following the unsubscribe directions gets me off their list.

 

[Harvey]

Arin/Whois reports 64.119.218.139 is assigned to:

CustName: Martin St Cyr
Address: 111 Hekili St, Suite A, PMB 322
City: Kailua
StateProv: HI
PostalCode: 96734
Country: US
RegDate: 2003-05-13
Updated: 2003-05-13

NetRange: 64.119.218.128 - 64.119.218.159
CIDR: 64.119.218.128/27
NetName: IWAY-64-119-218-128
NetHandle: NET-64-119-218-128-1
Parent: NET-64-119-192-0-1
NetType: Reassigned
Comment:
RegDate: 2003-05-13
Updated: 2003-05-13

TechHandle: ZW85-ARIN
TechName: iWay Networks
TechPhone: +1-760-929-2650
TechEmail: ip@iwayhosting.net

The contact link on iwayhosting.net lists their toll-free numbers:

Tech Support: (866) 492-9662 = (866) IWAY-NOC

General Contact: (866) 438-4929 = (866) GET-IWAY

I just spoke with one of their support people. He said you should report that address, along with any other info about the spam, to support@iwayhosting.net and abuse@iwayhosting.net.

Death to spammers. Launch all missles.

 

[LordJezo]

Originally posted by: MrBond
In my experience, those type seem like (more or less) legitimate companies who bought your name somewhere. Following the unsubscribe directions gets me off their list.

Well, if it was legit, why does the URL give me no information on the guy and just send me to an apache web server default message? I would think that if it was legit I would get some kind of info on his "buisness"

 

[BillGates]

Post headers please.

 

[LordJezo]

Originally posted by: BillGates
Post headers please.

xxxx would be my email address



Return-Path: <bargainscentral-wddt@sky389.com>
Delivered-To:xxxx
Received: from nbcs-av6.rutgers.edu (nbcs-av.rutgers.edu [128.6.72.254])
by goshen.rutgers.edu (Postfix) with SMTP id 67FBF8EAE47
for <xxxx>; Tue, 20 May 2003 12:59:17 -0400 (EDT)
Received: from tie.rutgers.edu(128.6.76.198) by nbcs-av6.rutgers.edu via csmap
id 7737; Tue, 20 May 2003 13:00:12 +0100 (BST)
Received: from nbcs-av5.rutgers.edu (nbcs-av.rutgers.edu [128.6.72.254])
by rulink-mail.rutgers.edu
(iPlanet Messaging Server 5.2 HotFix 1.10 (built Jan 23 2003))
with SMTP id <0HF700ARP36QJW@rulink-mail.rutgers.edu> for
xxxx (ORCPT xxxx); Tue,
20 May 2003 12:59:15 -0400 (EDT)
Received: from unknown(64.119.218.139) by nbcs-av5.rutgers.edu via csmap id
20669; Tue, 20 May 2003 12:59:36 -0400 (EDT)
Date: Tue, 20 May 2003 15:00:41 -0800
From: Bargains Central <bargainscentral-katu@sky389.com>
Subject: Fw: Interested in a new Ford from FordDirect?
To: jpgeiger@rutgers.edu
Reply-To: bargainscentral-yayp@sky389.com
Message-id: <1053468041.7090@64.119.218.139.nnt6us.com>
X-Mailer: The Bat! (v1.53bis) UNREG / CD5BF9353B3B7091
Content-type: text/html

Return-Path: <bargainscentral-wddt@sky389.com>
Delivered-To: xxxx
Received: from nbcs-av6.rutgers.edu (nbcs-av.rutgers.edu [128.6.72.254])
by goshen.rutgers.edu (Postfix) with SMTP id 67FBF8EAE47
for <xxxx>; Tue, 20 May 2003 12:59:17 -0400 (EDT)
Received: from tie.rutgers.edu(128.6.76.198) by nbcs-av6.rutgers.edu via csmap
id 7737; Tue, 20 May 2003 13:00:12 +0100 (BST)
Received: from nbcs-av5.rutgers.edu (nbcs-av.rutgers.edu [128.6.72.254])
by rulink-mail.rutgers.edu
(iPlanet Messaging Server 5.2 HotFix 1.10 (built Jan 23 2003))
with SMTP id <0HF700ARP36QJW@rulink-mail.rutgers.edu> for
xxxx(ORCPT xxxx); Tue,
20 May 2003 12:59:15 -0400 (EDT)
Received: from unknown(64.119.218.139) by nbcs-av5.rutgers.edu via csmap id
20669; Tue, 20 May 2003 12:59:36 -0400 (EDT)
Date: Tue, 20 May 2003 15:00:41 -0800
From: Bargains Central <bargainscentral-katu@sky389.com>
Subject: Fw: Interested in a new Ford from FordDirect?
To: jpgeiger@rutgers.edu
Reply-To: bargainscentral-yayp@sky389.com
Message-id: <1053468041.7090@64.119.218.139.nnt6us.com>
X-Mailer: The Bat! (v1.53bis) UNREG / CD5BF9353B3B7091
Content-type: text/html

<!--/fs-bin/click?id=Fmc9WkY1lhA&offerid=38108.10000039&subid=18&type=4-->

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Fw: Interested in a new Ford from FordDirect?</TITLE>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1141" name=GENERATOR></HEAD>
<BODY><div align="center"><font size="1" face="Arial, Helvetica, sans-serif">You are
receiving this email because you opted-in to receive special offers from Bargains
Central through one of our online affiliates.

<font color="#FFFFFF">(wctrvtre^ehgtref(rqh). </font>


</font> </div>
<DIV align=center><A
href="http://64.119.218.139/cgi-bin/clickthru?c=736&m=2278&e=xxxx"><IMG
alt="FD Wht Back" src="http://64.119.208.4/ads/ford/2435_10000039.gif" border=0></A>
</DIV>
<p align="center">
<img src="http://64.119.218.139/cgi-bin/view?v=3&m=2278&e=jpgeiger@rutgers.edu">
<font size="1" face="Arial">If
you like to be removed from this list, please <a href="http://64.119.218.139/cgi-bin/unsub.cgi?m=2278&e=xxxx">click
here</a>.</font></p>
</BODY></HTML>

 

[Harvey]

Although it is worthwhile to follow up on the source IP addresse in headers, they can be spoofed. The IP address in the link, 64.119.218.139, is probably real because it is the action item the spammer wants you to follow. He may be using other IP's, as well, but pursuing this one will help the hosting company identify him.