This message just arrived a few minutes ago. It has several classic spam hallmarks, not the least of which is that I have no idea who the sender is or how he got my email address. The HELO is forged from sun.com. The sending IP is an ADSL line provisioned by bellsouth.net. The message was delivered to grizzly, which is our secondary MX, even though smokey, our primary, was up and running -- which Chris has shown to be an extremely reliable indicator of spam.
But the sender name is, by all appearances, real. There's a Baton Rouge address in the body of the message, and I used zabasearchZabaSearch to verify that a person with that name does live at the given address. DNS info for the originating IP address shows that the ADSL line is in Baton Rouge.
I don't want to call this a phishing message. The body of the mssage reads as follows:
Hello. My name is ----------. I live in Baton Rouge, Louisiana. I know by now, that everyone in the nation, and quite possibly the world, has heard about the disaster caused by Hurricane Katrina. Baton Rouge is located approximately 70 miles northwest of New Orleans. I have taken in 16 of my relatives from New Orleans who have lost literally everything that they owned. I could not let them be scattered to the wind by being dispursed to various shelters around the country. So, I opened my home to them. But, here is my dilemna. I have a wife and two children of my own, and had very limited resources even before this disaster occurred. So, it's been very hard to provide the necessities for my extended family. I have applied for help through the State of Louisiana, the Red Cross, and FEMA. But, I don't know when that will come, if it comes at all. We have witnessed the logistical problems associated with receiving help from our government. So, I decided to reach out to the good people here in the good old U S of A. Please help me by donating any amount you can spare. No amount is too small. Every little bit will be greatly appreciated. If you can't afford to send anything, I totally understand. I ask for your prayers to help me help my family through this difficult time. If you do have the means to assist me, please send all donations, in the form of check, money order, or cash to the following address:
For all I know, everything said in the message is true. For all I know, this is a good-hearted person trying in a very ill-advised way to help his family through a real crisis. But it is spam. It was clearly sent with a spamming tool. The headers include the following:
Searching for "qzsoft_directmail_seperator" (sic, by the way) on Google got several hundred hits, and every single one on the first page was a reference to a phishing message. Searching for qzsoft gets this page for the first hit, and the translated version reveals enough for me to conclude that it is a Chinese spamming tool:
You whether frequently in order to wants to promote your product using the electronic mail but also lacks the quantity huge Email mail tabulates worries? Whether you do want to have several inside one day million and even above surely the real effective Email address? Whether you frequently do want to the third party purchase mail to tabulate but also because the soaring price and the mail address reliability cannot guarantee retreats? If is such, then develops by the Shanghai high aspirations software company the high aspirations searches for postal is outstandingly skilled (SouMailc@qzsoft) 2002 edition is your best choice! After you only must input the electronic mail which you wants to search decorate like 263.net, etang.com and so on, searches for postal is outstandingly skilled can search under these mail servers for you all Email! SouMail based on Java and the SMTP technology development, has the movement is stable, needs not the user intervention, the multithreading (most greatly may achieve 512 lines regulations), the cross platform (supports platform and so on Windows, Linux, Solaris, Mac), the speed is quick nimbly (2000 / minutes to 15000 / minutes), the search mode is diverse and so on the characteristic. At the same time, because in SoMail set at the SMTP server, was allowed with the goal server direct communication, to guarantee all Email which searched all is real effective. And, SoMail used SmartSend+? The technology, effective avoided similar software often can by the mail server think was trash transmission (Spamer) is listed the blacklist the shortcoming.
I don't think it's being cold-hearted to say that this is wrong, even if all the circumstance really are exactly as described in the mssage. Frankly, my guess is that it's probably not that innocent, though -- even though the use of a real name and address makes it appear to be an amateurish job. Bellsouth and the authorities in Louisiana undoubtedly have better things to do right now than chase after spammers, but what if this is an organized effort to profit from charity? What if the real person whose name and address are given is actually the victim of an identity theft scheme? I've heard about cases where the criminal files a change-of-address form with the post office so that if anyone does send money in response to email, it goes to the criminal instead of to the given address. I'm undecided about whether or not to report this, but leaning toward doing so.
1. Chris Linfoot09/07/2005 05:35:31 AM
So turn off the SMTP listener on grizzly
You might say, keep your inbound SMTP listeners to the bear minimum (geddit? huh? huh?).
2. Richard Schwartz09/07/2005 10:03:03 AM
@Chris: Grrrrrrrr! We did cut off the third MX, provided by the ISP who maintains our DNS, because it had no blacklist support... but unfortunately that leaves us with two servers in two home offices and no guarantee of timely response to outages, so we choose to leave them both enabled.
3. Esther Strom09/07/2005 12:41:22 PM
On a somewhat unrelated note, I took a look at Zabasearch, which I'd never heard of before. I'm creeped out now. On the one hand, it was interesting to discover that there are quite a few other Esther Stroms out there. On the other hand, I'm not happy to know that there are records of my last three addresses, including the current one. I realize it's all public record, but it shouldn't be so easy for people to get hold of it. If someone with no right to my personal info wants it, I say they should have to work for it.
4. Richard Schwartz09/07/2005 02:12:45 PM
@Esther: Part of me very much wants to agree. I've used Zaba on several occasions, and it's very useful... but yes, it's scary. I've found the address trail of several people I've been out of touch with for years, who would probably be very surprised to hear from me. OTOH, I don't see a way for the privacy cat to ever be put back in the bag.
5. cmoutlet12/03/2014 03:16:17 AM