Tuesday, December 26, 2006

Beautifulswiss.com - invading my emails means WAR

Dear spammers, the fact that you use MY email address in your spams reply-to field means war.

War, 8 AM on 26 December 2006.
My inbox :


From: Postmaster@post4.tele.dk
Subject: Mail System Error - Returned Mail
Date: December 26, 2006 8:50:43 AM GMT+00:00
To: [my email]
Reply-To: Postmaster@post4.tele.dk
Return-Path: <>
Received: from mac.com (smtpin11-en2 [10.13.10.81]) by ms121.mac.com (iPlanet Messaging Server 5.2 HotFix 2.08 (built Sep 22 2005)) with ESMTP id <0JAV005BHHXQ11@ms121.mac.com> for [my email]; Tue, 26 Dec 2006 00:51:26 -0800 (PST)
Received: from fep34.mail.dk (fep34.mail.dk [80.160.76.198]) by mac.com (Xserve/smtpin11/MantshX 4.0) with ESMTP id kBQ8oj0D023645for ; Tue, 26 Dec 2006 00:50:46 -0800 (PST)
Message-Id:
Mime-Version: 1.0
Content-Type: multipart/report; Boundary="===========================_ _= 6371765(15235)1167123043"; report-type=delivery-status
X-Brightmail-Tracker: AAAAAA==
X-Brightmail-Scanned: yes
Original-Recipient: [my email]

This Message was undeliverable due to the following reason:

Dansk forklaring, klik her:
http://tdc.mail.dk/cgi-bin/redirect.pl?MsLimitNumMsgs

The user(s) account is temporarily over quota.



Please reply to
if you feel this message to be in error.
Reporting-MTA: dns; fep34.mail.dk
Arrival-Date: Tue, 26 Dec 2006 09:50:42 +0100
Received-From-MTA: dns; fep24.mail.dk (211.59.78.182)

Final-Recipient: RFC822;
Action: failed
Status: 4.2.2

From: "Williams, Joyce"
Date: December 27, 2006 1:56:02 AM GMT+00:00
To: "Brown, Julie" , "Karen" < some user @post4.tele.dk>, "Lisa Davis" , "Smith, Margaret" , "Andrew" , "Anthony Brown" , "White, Brenda"
Subject: An Affordable Rolex [random letters]
Reply-To: "Johnson, Joseph"

High Quality Rro*ex Rep*ica

Worldwide Fast Shipping -- Meticulous Design -- Inexpensive

An additonal 15% off when you purchase two or more repl,ca watches.

http://hometown.aol.com/steed249/

Her vampire, ruling the world in the Shire, nicely nasty.
Her devil, crying in the toolbox, is silently piggy.

The paper, sitting under the roof, was briefly hellish.
His programmer, standing in your house, is quietly slim.
Her ancestor, stealing money in the shadows, isn't perseveringly yellow.

Your dancer, talking crap behind the window, wasn't generously barren.


War, 11 AM
My response :

From: [my email]
Subject: SPAM Fwd: Mail System Error - Returned Mail
Date: December 26, 2006 5:42:26 PM GMT+00:00
To: TOSREPORTS@aol.com, abuse@bol.com.br, support@namecheap.com
Mime-Version: 1.0 (Apple Message framework v752.2)
Message-Id:
Content-Type: multipart/alternative; boundary=Apple-Mail-1--130814484
References: <20061226085043.somenumbers.fep34.mail.dk@fep34>

I forward this spam report to you AOL Tosreports since it IS relevant.

Someone - user steed249 - is forging my email to be used for sending out these emails. the emails with forget details are in the bottom of this email.
I have received several of these emails today.

The URL http://hometown.aol.com/steed249/ is in this spam advertising.
User steed249 is breaking his TOS.
The site is forwarding to replicas of brand products and that is a violation of your TOS, http://help.aol.com/aimhelp/search.do?cmd=displayKC&docType=kc&externalId=http--helpchannelsaolcom-kjumpadparticleId219305&sliceId=&dialogID=63390544&stateId=1%200%2063416598

Needless to say, I am angry that my email is used in these spams as reply-to.

And bol.com.br and the bulk domain support used for registering these domain are in to field too.
I would think that the TOS of cheapnames.com would also prohibit this spamming activity; http://www.namecheap.com/legal/reg-agreement.asp has : "Your WG Domain or the content found at any associated IP address infringes upon or conflicts with the legal rights of any third party or any third party's trademark or trade name. You also warrant that neither the WG Services nor WG Domain(s) will not be used in connection with any illegal or morally objectionable activity (as defined below in section 5), or, in connection with the transmission of unsolicited commercial email ("Spam"). "
Cheapnames.com, please consider canceling the account of this user. The domain is selling illegal products, and clearly violates your TOS by sending SPAM.

Here are the registrant details I have found out using whois searches for who registered the domains that website redirects to :

Domain Name: FINESWISS.NET
Registration Service Provided By: NameCheap.com
Contact: support@NameCheap.com
Visit: http://www.namecheap.com/

Domain name: fineswiss.net

Registrant Contact:
Merengue do Brasil Ltda
Marco Maduro (mmaduro2007@bol.com.br)
+55.4330267732
Fax: +1.
R Marcel Proust, 54
Apucarana, ST 86010
BR

Administrative Contact:
Merengue do Brasil Ltda
Marco Maduro (mmaduro2007@bol.com.br)
+55.4330267732
Fax: +1.
R Marcel Proust, 54
Apucarana, ST 86010
BR

Technical Contact:
Merengue do Brasil Ltda
Marco Maduro (mmaduro2007@bol.com.br)
+55.4330267732
Fax: +1.
R Marcel Proust, 54
Apucarana, ST 86010
BR

Status: Locked

Name Servers:
ns1.mygoodswiss.net
ns2.mygoodswiss.net

Creation date: 30 Oct 2006 12:12:26
Expiration date: 30 Oct 2007 12:12:26

It also redirects to :
Domain Name: BEAUTIFULSWISS.COM
[whois.enom.com]
=-=-=-=
Visit AboutUs.org for more information about beautifulswiss.com
a href="http://www.aboutus.org/beautifulswiss.com"AboutUs: beautifulswiss.com/a

Registration Service Provided By: NameCheap.com
Contact: support@NameCheap.com
Visit: http://www.namecheap.com/

Domain name: beautifulswiss.com

Registrant Contact:
Merengue do Brasil Ltda
Marco Maduro (mmaduro2007@bol.com.br)
+55.4330267732
Fax: +1.
R Marcel Proust, 54
Apucarana, ST 86010
BR

Administrative Contact:
Merengue do Brasil Ltda
Marco Maduro (mmaduro2007@bol.com.br)
+55.4330267732
Fax: +1.
R Marcel Proust, 54
Apucarana, ST 86010
BR

Technical Contact:
Merengue do Brasil Ltda
Marco Maduro (mmaduro2007@bol.com.br)
+55.4330267732
Fax: +1.
R Marcel Proust, 54
Apucarana, ST 86010
BR

Status: Locked

Name Servers:
ns1.beautifulswiss.com
ns2.beautifulswiss.com

Creation date: 25 Dec 2006 14:49:57
Expiration date: 25 Dec 2007 14:49:57
=-=-=-=
The data in this whois database is provided to you for information
purposes only, that is, to assist you in obtaining information about or
related to a domain name registration record. We make this information
available "as is," and do not guarantee its accuracy. By submitting a
whois query, you agree that you will use this data only for lawful
purposes and that, under no circumstances will you use this data to: (1)
enable high volume, automated, electronic processes that stress or load
this whois database system providing you this information; or (2) allow,
enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations via direct mail, electronic
mail, or by telephone. The compilation, repackaging, dissemination or
other use of this data is expressly prohibited without prior written
consent from us.

[and in the bottom the full full headers and full text of the spam I had bounced in my email inbox]

Regards,

ME

----- to be continued as soon as I get answers for this spam.

2 comments:

Anonymous said...

Anna,

I love the "Spamtertainment." Getting these folks indexed via your blog will surely cause them a hassle, sooner or later. Also (just a hint), if you want to stop those URLs from trapesing across your sidebar, set your overflow to "hidden."

Cheers,

Michael

Anna said...

.. hey :)
How can I add a line in the headers to force the main texts to use that?