<quote>Just in case this may be true, I would like them to know that evolution will get rid of them as of all short-brained species...</quote>

Kyl01, although I'm not an evil wishing person, I sure hope you're right. :-) Maybe I was too evil thinking, writing my previous message. I was only trying to guess what goes on in peoples mind when they (probably very consciously) bother other people with spam. God, Allah, Buddha or The Universal Source Of Us All surely made some weird and sometimes rather annoying creatures...

kyr01 said in part (msg #58): ...the original spam message from himailer (which, sooner or later, someone even on this board should start getting...)

I have received this message on numerous occasions (20+ times) sent to my personal address, but I always delete them. I have not received it since receiving the ad_ad_path@ messages, so I don't have an example to look at.

However, I can say that I do have a Junk Mail Rule set up in Outlook which I faithfully add Junk Senders to. Seeing as when I do get a himailer message it always shows up in my Inbox, I guess it means that they consistently change the return address, which of course is not unusual. After adding Junk Senders to the Junk Senders List for about a year now (it's become a HUGE list), I still get about 2/3 of my junk mail in my Inbox. But I hate spam, so I keep it up. I guess that's how/why this is happening. Perhaps it got tiresome to generate the return address manually, so they came up with a simple subroutine to systematically join one prefix to a list of valid domains. (I'm only guessing here, but aren't most mailservers nowadays set to automatically filter out mail from invalid domains?) And I can only guess why, but there may be some benefit to using the same prefix - maybe for tracking purposes?

WileE

I've received the original Himailer spam before, addressed to one of my domain email addys (which catchalls to a yahoo addy). . . never paid them any heed and either reported them to yahoo as "This is Spam" or just deleted.

I do think they use phony return paths to avoid getting the thousands of emails asking to get off the list, many of which will be angry and/or hateful. They also avoid all the bounces. I'm not so sure they have any kind of counting contest going on or are watching.... I think they want response to their product.

So, if it is one of the reasons they use fake return paths, setting up an ad_ad_path@ addy for the affected domain and redirecting it to sales@himailer or whatever is found to be valid (OR to the admin name, etc on their domain registration --see aerospace in one of my earlier posts) would throw it right back at them.

If in fact, as someone wondered, their product does this same sort of thing as part of its process, then yeah, this **** will keep on going on, and we'll all figure out another way to deal with it.

Jip

Hi folks. Is it just for me, or did the ad_ad_path hurricane really pass all the "a" domains? I only got ONE today (almost 19.00 PM)... :-)
And actually, I just saw that this one is a delayed bounce from a mail from Febr. 24. So in fact none today.

[edited by: Walt_G at 6:26 pm (utc) on Feb. 27, 2003]

Nothing today for me too, and I have a 'c' domain. Who knows...

Ayuh, mine have slowed, too, for a 'b' domain. Weird that my domain beginning with 'a' was not touched by this.

I suspect that having their sites yanked had an effect. If they were moving on to c,d, and e domains we'd be seeing new posts, eh?

The only bounce notice I rec'd today was a duplicate from juno... new date, same bounce names.

Be interesting to see what develops out of this for new strategies, both for spammers to use and for those who fight 'em.

Jip

Oh... interesting too, in that none of us seem to have gotten any mail from those the spam did go out to with a return path including our domain names.

Hmm.

Jip

What a nice silence. Did they really stop everywhere? I don't receive anything anymore. :-)

Just got an ad from HiMailer. Not an undeliverable mail message, just an ad. So it seems that they're still at it. This time the 'sender' was asiaad@pchome.com.tw . They BCC the recipients, so I can't tell which of my addresses are on their list. For newer ones I've worked out a new tactic where the full address does not appear on the page and I would like to try to tell if it's working. I went to www.pchome.com.tw to see what was up and to possibly send an e-mail to the webster, but I don't read that language. Further fun from foriegn friends?

wilee

coupl'a things - HELO tells you what the machine identified itself as when it passed it off. here's a good link for that sort of info:

[stopspam.org...]

concerning HiMailer in particular, and Namesecure's relation to them -
Namesecure was their registrar. however, HiMailer was using DNS in Taiwan, which is pretty tough to fight. whichever company provides DNS is the company that can easily stop a domain name from spamming. for a registrar to react to spam complaints is not only unusual, it's difficult. once it became apparent that HiMailer was not only spamming, but using bogus Reply-To addresses, Namesecure reacted immediately. that's why you saw the bounces stop. once HiMailer realized their site was down, they stopped sending spam. because they're not sending it from the domain, Namesecure couldn't stop the spamming, but they could certainly effect the website, and so they did. from what i understand, HiMailer has now trasnferred their regsitration elsewhere. let's hope the new registrar is as quick as Namesecure to shut them down.

Looks like they're back. Just got an e-mail for "Hello Mailer", web site: en.hellomailer.com
The header of the e-mail indicates that they're using one of my domains as part of their mail forwarding scheme, however, it was sent to my e-mail address which is unrelated to this domain. A coincidence?

Details below; {my edits} in braces. Note: billing@mydomainname is a non-existent address.

Return-Path: <ahlmm@mlakn.www-mailserver.com>
Received: from mx4.uniserve.ca (mx4.uniserve.ca [216.113.192.45]) {The ISP for one of my domains}
by logan.netidea.com (8.12.3/8.12.3/Debian-5) with ESMTP id h2RJAIia014694 {The ISP for my e-mail account}
for <{my address}@netidea.com>; Thu, 27 Mar 2003 11:10:19 -0800
Received: from ns.myself2001.com ([210.154.150.66] helo=postmaster.myself2001.com)
by mx4.uniserve.ca with esmtp (Exim 4.04)
id 18yclb-0001cz-00
for billing@{my domainname}; Thu, 27 Mar 2003 11:10:23 -0800
Received: from {my domainname} {([xxx.xx.xx.xxx])} by postmaster.myself2001.com
(Post.Office MTA v3.5.3J release 223-101-J ID# 0-0U10L2S100V35)
with SMTP id com for <billing@{my domainname}>;
Fri, 28 Mar 2003 04:15:15 +0900
From: "FREE trial version" <hello@www-mailserver.com>
Subject: When budget is a problem, Hello-Mailer is no problem.
Content-Type: text/html
Date: Fri, 28 Mar 2003 02:49:45 +0800
X-Priority: 3
Message-Id: <E18yclb-0001cz-00@mx4.uniserve.ca>
Bcc:
X-Scanner: OK. Scanned in 0.04 seconds.
Status: