Clever Spam I Can’t Seem to Stop

I’ve been getting the following spam, one per day, over the past several months:

we email advertise your charity web site to 7,500,000 people. free.
http://www.emailsolutioncorp.com

I was receiving spam to the address I had on file with GoDaddy for my domain names, so I changed it, and included “nospam” in it, hoping that the spamming software would filter it out as being invalid. The very next day I was receiving spam to the new email address from this same spammer. Amazing. I know there are privacy options for domain registration, but it would cost me $500+ per year given the amount of domains I have, so it’s not really an option.

So what about local blocking of the spam? The problem is that the header is constructed in such a way that there’s no sender information whatsoever. Check this out (I’ve purposefully broken the email address used):

Return-path: <87[[email protected]>
Envelope-to: 87[[email protected]
Delivery-date: Thu, 22 Mar 2007 10:49:51 -0600
Received: from [70.113.28.110] (helo=cpe-70-113-28-110.austin.res.rr.com)
by rampart.thoughtsmedia.com with smtp (Exim 4.63)
(envelope-from <87[[email protected]>)
id 1HUQU3-0000fR-3s
for 87[[email protected]; Thu, 22 Mar 2007 10:49:51 -0600
To: 87[[email protected]

Outlook 2007 can’t spam block it because there’s no sender email address or domain. I also can’t create a rule because the email has to have a subject or sender. That IP address traces back to the Road Runner network, meaning it’s someone’s PC with a cable modem, likely infected by a bot and sending out spam without the user knowing (people like that should be blocked from accessing the Internet at all until they’ve fixed the problem).

Other than pressing the delete key, I’m out of ideas. I’m just thankful there aren’t more spammers out there doing this!

  • I suffer a similar problem with the news submission form at PocketGamer. Despite putting virtually indecipherable CAPTCHA on the submission form we get three news submissions advertising DVD ripping software.

    They originate from Chinese IP addresses and have poor English, and I suspect someone is night after night sitting down and hand filling in our form. I think it’s quite funny, really, as it must take them ages to fill in the form and upload screenshots for each of their three pieces of software – and they’re automatically deleted on the server now.

  • Yup. There’s no way to stop someone from filling out the form by hand – we get some of that as well.

  • idawgik

    I’ve been getting the same email for the last few months as well, but the spam filters with my host are catching it. Annoyingly enough though, they send me an email saying they found a spam message and giving me the option to look at it, so even though it’s being caught, I’m still getting an email about it. Quite annoying.