

Ask HN: Want to help me root out some spammers? - techiferous

Starting at 4AM this morning, I've been getting a lot of email spam from discokenny.com.  One of their email messages has this at the bottom:<p>"If you do not wish to receive further communications from Escher Internet Services please click here to unsubscribe or call the number below. Escher Internet Services | 2657 Windmill Pkwy #398 | Henderson, NV 89074 | 888-709-9804"<p>Googling the address led me to find out that SpamHero is at suite #175 of the same building.  So I think that this SpamHero company may be sending out spam in order to boost its anti-spam product (but I don't know that for certain).<p>What would you do?  Any advice?  I want to fight this.
======
patio11
There is a word called "joe job" for when spammers impersonate another person
so that vigilante action targets them. Occam's razor suggests that this is
more likely than a double secret hush hush plan by an anti-spam company to
drum up business by firing .0000000001% more email into the global spam
delivery network.

~~~
techiferous
Thanks. I'd like to have more certain info on the link between SpamHero and
this spam.

I don't think it's a "joe job" because I had to do some digging to find the
connection to SpamHero. What I suspect is that they are sending out a bunch of
spam, then collecting email addresses from those who opt out, then following
up sometime later by sending them an email advertising their service. That's
my guess.

Also, the SpamHero company site does not display anyone's name, which is a
little shady, but they claim to have a team of "real people".

------
spamhero
Hello, this is Curtis O'Reilly of SpamHero. I got a Google Alert this evening
notifying me of this thread mentioning SpamHero. You can rest assured that we
are in no way affiliated with discokenny.com nor would we ever send spam to
anyone. We are honest people. Feel free to give us a call at the phone number
listed on our contact page (toll free) and you can talk to me in person. As
for the address listed, it is a PO Box that we are renting from the UPS Store.
Apparently the individual or company that is harassing you also rents a box
there. Then again, they could be lying about their address. Spammers are
pretty devious. Good luck on hunting them down. If we can help in any way,
feel free to contact us. :-)

------
thinkbohemian
This happens to be my specialty. There are some legal recourses that you can
take, from the CAN-SPAM act
[http://www.ftc.gov/bcp/edu/pubs/business/ecommerce/bus61.sht...](http://www.ftc.gov/bcp/edu/pubs/business/ecommerce/bus61.shtm)
it is illegal for companies to not honor opt-out requests. Unfortunately it is
not illegal to sell your email address( hasn't been tried in a court of law ).
Though if it is true that SpamHero is using deceptive practices they may be
held accountable for their practices.

If you really want to take legal action, first prove that the email originated
from SpamHero. I would suggest you generate a disposable email address from my
spam tracking service <http://whyspam.me> and give it to SpamHero only, if you
receive emails at that address from discokenny.com or any other mass mailer,
you will know in-fact that it originated from SpamHero.

If you do this, I'll be happy to supply the you with your server-log entries
or other documents you may need in a court of law.

Once you've got the info you would need to contact a lawyer because i'm not
one, and you need someone who can give you official legal advice.

~~~
techiferous
Thank you!

So far I've contacted their domain registrar (moniker.com) and reported them
to their service provider (abuse@cogentco.com). Hopefully that will work. I'm
going to try your fake email suggestion now.

~~~
thinkbohemian
Good luck, if you have any questions about the service (first watch the videos
^_^ ) let me know. You can also send me a direct message from the link on my
contact page if you need any more information from me, though i'll only give
you the logs data for your account, and you will need to prove your ownership
of the account.

------
lisper
Get a spam filter. I know that's not the answer you were looking for, but the
effort it would require to figure out who is actually behind this spam would
be vastly more than it would be worth. Life is short.

------
tshtf
Address is UPS Store #1390:

<http://www.theupsstorelocal.com/1390/>

I believe they rent out mail boxes.

~~~
techiferous
Actually, there are a lot of businesses with that address:

[http://maps.google.com/maps?f=q&source=s_q&hl=en&...](http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=2657+Windmill+Pkwy,+henderson,+nv&sll=42.372781,-71.112099&sspn=0.009242,0.019162&ie=UTF8&hq=&hnear=2657+Windmill+Pkwy,+Henderson,+Clark,+Nevada+89074&z=16)

------
jacquesm
report them to the FTC:

<http://www.ftc.gov/spam/>

and to spamhaus:

<http://www.spamhaus.org/>

~~~
techiferous
The FTC website is careful to say you should report email that is "deceptive".
This is simply unwanted email, so I'm not sure they would do anything. I'm
going to look into spamhaus--thanks.

~~~
techiferous
It turns out you can't report spam to spamhaus, but they do provide info on
where you can:

[http://www.spamhaus.org/faq/answers.lasso?section=Generic%20...](http://www.spamhaus.org/faq/answers.lasso?section=Generic%20Questions#103)

------
ryandvm
I thought Internet vigilantism was Reddit's thing...

~~~
techiferous
I'm not looking for an angry mob, just advice and information! :)

------
wendroid
The only part of an email you can trust are the headers you or your ISP add
when it arrives, which is going to be something like :

    
    
        Received: from farlep.net (unknown [89.105.247.162])
            by mail.techiferous.net (Postfix) with ESMTP id B1E30EC456E
            for <info@techiferous.net>; Fri, 14 May 2010 10:24:22 +0100 (BST)
    

_everything else_ \- especially the RCPT TO, MAIL FROM, From: and To: cannot
be trusted (unless the message is signed etc.).

I administer the mail for 10k domains, finding 1 spammer and doing something
about it is hard work.

Spamassassin, SPF, DKIM are all good tools against SPAM, I can recommend using
them all in combination; 90% of all our incoming mail is refused / tagged in
this way.

I would review your assumptions too :

    
    
        % host discokenny.com
        Host discokenny.com not found: 2(SERVFAIL)
    

If they tried to send it to me, I'd never even know.

~~~
techiferous
Thanks! I did check the mail headers, and it actually came from
discokenny.com.

By the way, this is what I get:

    
    
      $ host discokenny.com
      discokenny.com has address 38.106.76.52
      discokenny.com mail is handled by 10 namednsservers.com.

~~~
wendroid
hmm, maybe it is in your DNS cache or utterly firewalled from the UK

    
    
        % whois discokenny.com
        ... snip ...
        NS1.NAMEDNSSERVERS.COM         38.106.76.52
        NS2.NAMEDNSSERVERS.COM         38.106.76.53
    
        % traceroute 38.106.76.52
        ...snip...
        4  vlan128.10ge.lon3.uk.griffin.com (217.79.112.98)  21.697 ms  19.927 ms  19.757 ms
        5  vl423.mpd01.lon01.atlas.cogentco.com (149.6.2.177)  28.760
        ...snip...
        9  te4-2.mpd01.ewr03.atlas.cogentco.com (154.54.1.30)  219.641 ms 
        10  38.104.188.146 (38.104.188.146)  97.547 ms  109.962 ms  96.691 ms
        11  38.106.76.52 (38.106.76.52)  100.634 ms  99.136 ms  99.728 ms
    
        % host discokenny.com 38.106.76.52
        ;; connection timed out; no servers could be reached
        % host discokenny.com 38.106.76.53
        ;; connection timed out; no servers could be reached
    
        # nmap -PN  38.106.76.52
        All 1715 scanned ports on 38.106.76.52 are filtered

~~~
wendroid
Oh and running mail _and_ DNS on the same box. I hope they know how to
administer secure installations. It's not a risk I would be taking.

