For the last few weeks, I've been getting spam email addressed to my work account with the "from:" field set to my work address. That allows it past our companies spam filters. The subject line is usually something liken "January 79% OFF" and the message body contains a few images, some oddly worded links, and some boiler plate text about receiving this mailing because I am "subscribed to MSN Featured Offers".
The images are blocked by our central spam filter, which means they are being hosted on a known site for spamming. I haven't verified that with our IT manager, but it's a safe assumption.
I'm going to block this message at my email client (Outlook 2007), but first I'm going to send a message to the ISP that is hosting the machine that sent the email. The first thing to do is to see where the images and links are pointing to. With Outlook, if you right click in the body of the message and select "View Source", Outlook will create a file named email.txt and launches it with the app registered to handle text files. That's usually notepad, but YMMV.
For this message, I saw something that looked very much like the spam that was reported to the new.admin.net-abuse.sightings newsgroup in this post.
Most of the links were junk, but there was a link to "s y l l a b l e h e a v y . c o m" (I added spaces to prevent it from being a live link and inflating it's Google ranking).
A quick search in the Internic registry brings up the following results:
Domain Name: SYLLABLEHEAVY.COM
Registrar: XIN NET TECHNOLOGY CORPORATION
Whois Server: whois.paycenter.com.cn
Referral URL: http://www.xinnet.com
Name Server: NS.XINNETDNS.COM
Name Server: NS.XINNET.CN
Name Server: NS2.XINNETDNS.COM
Name Server: NS2.XINNET.CN
Status: ok
Updated Date: 19-feb-2008
Creation Date: 16-jan-2008
Expiration Date: 16-jan-2009
That tells us a couple of things. One, the website is registered by a Chinese registrar. Two, it was created about a month ago. The next step is to track down the Registrar, Xin Net. A quick search on Xin Net, gives us some more information:
Registrar Name: XIN NET TECHNOLOGY CORPORATION
Address: 1st Floor,2nd Building Section A,BDA BeiGongD, Beijing, China 100176, CN
Phone Number: 86.1058022118
Email: domainadmin@xinnet.com
Whois Server: whois.paycenter.com.cn
Referral URL: www.xinnet.com
Admin Contact: cody zhou
Phone Number: +86.10.58.22266-551
Email: tech@xinnet.com
Admin Contact: xiaorui wang
Phone Number: +86.1058022118-205
Email: admin2@xinnet.com
Admin Contact: Baosheng Jiang
Phone Number: +86.1058022118-623
Email: admin1@xinnet.com
This gives a whole bunch of email addresses to complain to. What I did was to send a polite message to all of the addresses listed above. I sent the following:
Hello,
Please excuse this unsolicited message, but I have been receiving numerous spam emails and they link to a site, syllableheavy.com, that you are listed as the registrar of. This site probably violates your terms of service and I am sure that you do not want to be associated with it. The message did not originate from that site, but it is using that site.
I then included the message header and the message source. I doubt that they will do anything, but if they do take action, it takes a spam site offline.
The next thing to do is block additional messages like that.
- From the Outlook menu, I selected "Tools->Rules and Alerts" to create a new junk mail filter.
- In the "Rules and Alerts" dialog, I clicked "New Rule...".
- Under "Start from a blank rule", I selected "Check messages when they arrive", and then clicked the "Next" button.
- Under "Which condition(s) do you want to check?", I selected "with specific words in the sender's address"
- For the "with specific words in the sender's address", I entered my address. I rarely send myself email from my work account. When I do, Exchange just uses my first and last name, not the SMTP address. Then I clicked "Next"
- Under "What do you want to do with this message", I selected "move it to the specified folder" and "mark it as read". I selected "Junk E-mail" as the selected folder. I then clicked the "Next" button.
- I clicked the "Next" again to skip over the exceptions to this rule.
- I gave it a name and set the checkboxes to run it on messages already in the inbox and to enable the rule and clicked finish.
- Clicked "Apply" and then"OK" and we are done.
That will permanently take that style of junk mail out of my in box. I didn't permanently delete the message. About once a week, I take a quick peek in the junk e-mail folder just in case a false positive hit grabs a legitimate email.
