|spammer_logic_0001 - 2004-03-01 spammer logic - 2ndpointsvc.net|
We received a spam from 2ndpointsvc.net, one of those anonymous websites that lets you look for a mortgage online. Why anyone would trust an anonymous website to help them with a major loan is a completely other bizarre topic that we won't go into. But, there are a few things we'd like to examine in this particular case anyway.
Hey! They actually used their own domain name as the sending address. At least there is one thing commendable about this email. Well, actually two things. Assuming this is a trend they are going to keep up, we can easily block further transmissions right at the SMTP level by domain name. Kewl.
Not so cool. 18.104.22.168 is our IP address. Presumably the number in brackets is the originating IP address. What they've done is told their SMTP server to use the recipient server's IP address as their host name. This is a rather sly bit of misdirection that could potentially be considered illegal. But, in the long run, it really doesn't matter one way or the other.
Is this a real address? Might be nice if it is. It would be unusual.
All right, on to the spam message itself:
disulfide burley congresswoman polymer dogging develop mignon dodge bethought danube eventful acm drui d bashaw dystrophy presbytery cornelia misogynistfrontier showboat aba biddygrocery vulpine demark savoyard shine camouflage army bo sch dramiblqkgyvdumkl ?
It's a little crufty, but the links are still easy enough to find. The main link is the same domain name as the sender domain, 2ndpointsvc.net so let's do a little whois lookup.
Domain Name: 2NDPOINTSVC.NET
Adray, Raymond email@example.com
2nd Point Services
c/o Network Solutions
P.O. Box 447
Herndon, VA 20172-0447
This domain is a 'private registration' through Network Solutions. This means that the domain owners are hiding their identity. Any communication to this address gets processed by Network Solutions first and then only what they determine to be suitable gets passed on to the domain owners. Since probably the only communication they are likely to receive are spam complaints, most of it will be deemed unsuitable and won't be passed on.
The remove link is a different domain. Oddly enough, if you browse to root page of that domain name, it looks absolutely identical to the main link of the spam. Or maybe that's not so odd after all. If i wanted to get my email address removed from this spammers' list i'd certainly want to deal with the spammers, not some other third party. So why a different domain name? *shrug* Who knows how these spammers think, if they even do think. So in this case it probably is comforting that their respective websites look identical.
Just for completeness' sake, let's do a whois lookup on catalysminds.com
Domain Name: CATALYSMINDS.COM
Created on: 21-Feb-04
Expires on: 21-Feb-05
Last Updated on: 21-Feb-04
Private, Registration CATALYSMINDS.COM@domainsbyproxy.com
Domains by Proxy, Inc.
15111 N Hayden Rd., Suite 160
Scottsdale, Arizona 85260
(480) 624-2599 Fax --
Well, what a surprise! It's another private registration. Looks like this sender really has a lot to hide.
Now, if we browse to their website, there is an intriguing little link at the bottom of the page that says "Anti Spam". It goes to http://2ndpointsvc.net/antispam.html . It contains this very helpful definition:
Spam is any unsolicited email. Any promotion, information or solicitation that is sent to a person via e-mail without their prior consent is Spam.
Well, this email was certianly unsolicited. We had never heard of this organization before so it is utterly impossible that we had requested this information. Nice of them to admit that they are spamming. And what is their suggested remedy?
Hmmmmm. So why suddenly do we need to address our email to this address? Why don't they handle this directly @2ndpointsvc.net? It's not that we have developed any particular trust for the 2ndpointsvc.net domain name, but we have just about zero trust that firstname.lastname@example.org has anything to do with the 2ndpointsvc.net domain at all. Why should it? Maybe it's a dead address. Maybe it's a live address but belongs to someone completely unrelated. They could be trying to get everyone to send email to this email@example.com address just to annoy that person. It's been done before.
So, we have an unsolicted email from a company that hides itself, gives no explanation of who they are or how to find them, uses more than one name, gives completely unbelievable contact information, and wants to handle your home financing. Would you trust them?
One more point. Let's compare two of the statements in their antispam page, one of which we've already seen:
Ouch, our brains hurt now. So, if someone receives an email that they did not request, but it contains a way to Opt-out, then it is both spam (by the first statement) and not spam (by the second statement). We guess that this demonstration of illogic pretty much sums up the mental state of an organization that expects anyone to trust their email drivel.
TOASTEDspam.com toasted spam dot com