Last week my broadband was out for almost 18 hours so I opened an AOL account as a backup (hey, 45 free days). Almost from the first day I began receiving "MAILER-DAEMON@aol.com" returns, spam that I never sent. Not only was it spam, but it was the very grossest porn spam.

I began complaining immediately to AOL TOSemail1, and had an online conversation with a tech rep. AOL claims that it must be a trojan horse on my system (eTrust EZ scan says no) stealing my password. Unfortunately I used "Andilinks" in part of the screen name and it is the main name, so I can't change the name. Needless to say I'm distressed that my name is associated with these mailings. I've changed the pw twice and these returns seem to be tapering off, but now another variety is appearing. Short of cancelling AOL is there anything I can do about this? I would have cancelled the AOL immediately but doubt that it would stop the use of my name, just stop the returns.

Andi (most recent below...)

X-Track: 0: 100
Return-Path: <andilinks02@aol.com>
Received: from 200.161.76.95 (HELO aol.com) (200.161.76.95)
by mta517.mail.yahoo.com with SMTP; 16 Sep 2002 00:43:23 -0700 (PDT)
Received: from unknown (46.203.232.180)
by mx.loxsystems.net with smtp; Mon, 16 Sep 2002 14:41:25 -0300
Received: from unknown (175.17.24.91)
by smtp4.cyberecschange.com with smtp; Mon, 16 Sep 2002 11:28:26 -0400
Reply-To: <andilinks02@aol.com>
Message-ID: <024a47e65b4a$4485e6c1$3cc47cc7@xyvbfo>
From: <andilinks02@aol.com>
To: <famholmes@yahoo.com>
Cc: <ewrigbr549@yahoo.com>,
<elaine-hsu@yahoo.com>,
<emmanuelcc@yahoo.com>
Subject:
Date: Mon, 16 Sep 2002 08:13:09 -0100
MiME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_00C5_20C43A2E.B6201A22"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: AOL 7.0 for Windows US sub 118
Importance: Normal

------=_NextPart_000_00C5_20C43A2E.B6201A22
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: base64

I have an AOL account that I keep for a dial-up backup($4.95/month) and I was tired of all the spam I constantly get, so I set up my mail to only let aol members I select send me mail.First day BANG! I get a spam from myself! From me to me,(forged "from" address) and as usual it was of the porn variety. What can ya do? %)

What can ya do? I cancelled yesterday

What CAN you do? What about when there is a URL involved in the email? I did a whois on the URL in the email... of course I didn't open the site, but how can someone forge their email and their web site? Who should I complain to and how with the information provided in the WHOIS info below??


Registrant:
netvisions enterprises (NETVISIONSENTERPRISES-DOM)
3645 Clearview Pkwy
Atlanta, GA 30340
US

Domain Name: NETVISIONSENTERPRISES.COM

Administrative Contact:
netvisions enterprises (V17201-OR) bhart@theheadoffice.com
netvisions enterprises
3645 Clearview Pkwy
Atlanta, GA 30340
US
na fax: 123 123 1234
Technical Contact:
Hart, Bill (BH17543) billh@netvisionsenterprises.com
Netvision
3645 Clearview Pkwy
Atlanta, GA 30340
US
na 123 123 1234

Record expires on 30-Mar-2003.
Record created on 30-Mar-2001.
Database last updated on 21-Sep-2002 12:59:20 EDT.

Domain servers in listed order:

SHARK.NETVISIONSENTERPRISES.COM 206.128.145.33
WHALE.NETVISIONSENTERPRISES.COM 206.128.145.34

Hello Tim,

I'm assuming the domain netvisions.com was contained within the URL in the mail you received?

If the owners of the domain are spamming you, or forging your email address, then you clearly don't want to report to them. You need to find out who is providing their connectivity services and submit a complaint to the provider of their connectivity.

First I would find out the IP address of the website. I personally recommend the tools at SamSpade.org, but there are many other ways to do this as well.

I find that the IP address for that website is 206.128.145.15.
Next, do a netblock lookup on the IP address to see who is providing their connectivity. You can do a netblock lookup at arin.net.

I get the following results:


Cable & Wireless CW-BLK (NET-206-128-0-0-1)
206.128.0.0 - 206.128.255.255
IOM, Inc./Netvisions Enterprises CW-206-128-145 (NET-206-128-145-0-1)
206.128.145.0 - 206.128.145.255

This says to me, that they are getting their connection from Cable & Wireless, so complain to them.

Further lookups on C & W at arin.net show:

OrgName: Cable & Wireless
OrgID: CWUS

NetRange: 206.128.0.0 - 206.128.255.255
CIDR: 206.128.0.0/16
NetName: CW-BLK
NetHandle: NET-206-128-0-0-1
Parent: NET-206-0-0-0-0
NetType: Direct Allocation
NameServer: NS.CW.NET
NameServer: NS2.CW.NET
NameServer: NS3.CW.NET
NameServer: NS4.CW.NET
Comment:
RegDate: 1995-05-10
Updated: 2002-08-23

TechHandle: IA3-ORG-ARIN
TechName: Cable & Wireless US
TechPhone: +1-800-977-4662
TechEmail: ipadmin@clp.cw.net

OrgAbuseHandle: SPAMC-ARIN
OrgAbuseName: SPAM COMPLAINTS
OrgAbusePhone: +1-800-977-4662
OrgAbuseEmail: spamcomplaints@cw.net

OrgNOCHandle: NOC99-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-800-977-4662
OrgNOCEmail: trouble@cw.net

OrgTechHandle: UIAA-ARIN
OrgTechName: US IP Address Administration
OrgTechPhone: +1-800-977-4662
OrgTechEmail: ipadmin@clp.cw.net

OrgTechHandle: GIAA-ARIN
OrgTechName: Global IP Address Administration
OrgTechPhone: +1-919-465-4096
OrgTechEmail: ip@gnoc.cw.net


How nice, they provide reporting addresses. I would suggest the one for spam complaints above.

Good luck,

Originally posted by sheila:
Hello Tim,

I'm assuming the domain netvisions.com was contained within the URL in the mail you received?

How nice, they provide reporting addresses. I would suggest the one for spam complaints above.

Good luck,

Wow, thanks! You'd make a good Spam Cop! ;-)
Information worth saving.
Tim

Old Ben Franklin wasn't even online when he said,
" He that lieth down with Dogs, shall rise up with Fleas"
That spam that was forging my email address did have an associated website, but since I just cancelled, why bother...

I have better things to do than pick fleas off the internet, there are so many of them.

Maybe randomly generated email addresses that you can change periodically at will while automatically notifying your real correspondents is one answer and just sidesteps the whole issue, both of forged addresses and incoming spam.

It would only work among small groups, but why not software that would do the updating within the group of private users? A no spam club...

Andi

I have been harassed by this bunch for the past few weeks and now I've set Outlook to forward all emails back to Netvision (2 addresses) as well as the emails addresses that one of the people posted above for a total of 6. This method seemed to work with the others that I was receiving spam from in the recent past. I'm not getting nearly as much as before. Also, upon looking up the address for the company in Networksolutionsa.com, I also send a complain to the local Police Department with the all of the information that I could find. Seems to be working...

Marc