Really Getting Upset – Spam Under My Name

It’s no secret that much, possibly most, of the spam today originates from infected PC’s. Instead of spammers renting 3rd world server space (China and Taiwan had been the leaders in this field), they just buy access to zombified PC’s and let loose&#185.

I’m not sure why, but most of these spam programs try to get a bit of legitimacy by forging quasi-real return addresses. That, unfortunately, is where I come in. The last 48 emails I’ve received, and 147 of the last 148 have been spam!

Most of those have actually been bounced mails – spam sent to non-existent mailboxes, or refused for other reasons. They come to me because I own their return address.

Here’s an example:


Received: from ( [])

by (8.12.1-20030924/8.12.1) with ESMTP id i5K0jq1g010036

for ; Sun, 20 Jun 2004 02:45:55 +0200 (MET DST)

X-Authentication-Warning: Host [] claimed to be

X-External: man_on_the_moon_ex

Keywords: CERN SpamKiller Note: 43 Charset: west-latin

X-Filter: CERNMX06 SMTPGW CERN Spam Sink v1.0

Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.0);

Sun, 20 Jun 2004 02:45:08 +0200

Received: from (HELO (; Sun, 20 Jun 2004 10:42:27 -0700


Reply-To: “Rhoda Gill”

From: “Rhoda Gill”



Subject: get your die t me ds here

The originator of the emails claims to be: “Rhoda Gill” . Of course, there is no Rhoda Gill and no email address The return email addresses are an alphabet soup, always ending with “,” and each a random combo. seems to be an Internet Service Provider in Hong Kong.

PCCW-HKT Datacom Services Limited (NETVIGATOR-DOM)

39/F PCCW Tower Taikoo Pl. 979 Kings Rd

Taikoo Place

Hong Kong

Quarry Bay 00000


This isn’t Netvigator’s fault (though they certainly could and should stop it). It is someone’s home or office computer that’s become infected.

It is driving me nuts. And, if it’s driving a little guy like me crazy – imagine the strain on a large business or ISP whose accounts have been forged this way.

We can’t continue like this. I have said before, the proliferation of spam will be the death of email. We need to do something sooner, rather than later. It’s going to have to be a total change from our current method of mail service, where everyone is trusted to be who they say they are.

Since I began this blog entry I have received 7 more spams!

&#185 – This is the topic for another day, but some virii or malware, often downloaded with what seems like an innocent program, can also install unwanted software on your machine. All of a sudden, your PC is a zombie, doing the bidding of someone else – probably sending spam or infected email.

Ees No My Yob

After I emailed the note to Meredith, concerning their server which was sending bounce messages to me – hundreds of them – even though they knew (or should have known) I wasn’t the culprit, I got this response (I have not corrected the spelling):

Geoff, Thanks for raising the issue of the SoBig virus infection. From the information that you have provided, it does look like the infected machine is located at Jeter Cook & Jepson Architecs, Inc. of Harford, CT. Their contact information is provided below. Have your IT technical staff contact the admistrative contact or the technical contact below. They may not realize that they have a SoBig infected machine and that it needs to be cleaned.

Jeter Cook & Jepson Architects, Inc. (JCJ4-DOM)

450 Church Street

Hartford, CT 06103


So, I wrote back:


You misunderstand. In my case, Meredith is the guilty party. You are the

ones sending these hundreds of emails to me. And, you’re sending them to me

even though both you and I know they are coming from JCJ.

Why should I be the person contacting JCJ? I have nothing to do with this

at all. It is your server which is improperly set to respond to these

messages that you know are bogus.

You must take action to stop this before close of business today.

Geoff Fox

Maybe I should just forward all the messages to him? I’m not sure what to