Quick Tour

Product Info

  Freeware eMail CRM Maximize the life-time value of your clients and getting them to smile at you Art of eMail CRM Applying minimum efforts for maximum result, at the shortest time? emails eMail Bolts & Nuts Interesting emails stuff that you should  know eMail Broadcast FAQ's eMail Marketing Tips
Great email strategies to help you increase sales
Email Spam tracking 101 - Meaning of email headers
Email Spam tracking 102 - The many uses of DejaNews
Email Spam tracking 103 - The WHOIS database
Email Spam tracking 104 - A spammer unmasked

Thinking of bulk emailing - Consequences of spamming?

Figuring out fake eMail - Deciphering fake email or posting?

Spam-tracking 104:
A spammer unmasked
by Bill Mattocks

This is an actual case study of a spam that I received today and tracked to the source. It is intended as a lesson in spam-tracking for the uninitiated or the beginner in spam-tracking. It shows that with patience, all things are possible.

Are you sitting comfortably?
Good, then I'll begin.

Today I got spam. That's nothing new, I get spam everyday. But this spam was from Wisconsin, and I happen to live in Wisconsin. I feel a powerful need to get rid of spam in Wisconsin. So, here is what happened and what I did about it.

This is the spam I got:

>Received: from mail.tds.net (unverified []) by mail.comp-sol.com
>(EMWAC SMTPRS 0.83) with SMTP id <B0000040843@mail.comp-sol.com>;
> Mon, 06 Oct 1997 15:55:11 -0500
>Received: from Comp1 (mewi0-a10.midway.tds.net [])
>by mail.tds.net (8.8.5/8.8.5) with SMTP id PAA03860;
>Mon, 6 Oct 1997 15:19:42 -0500 (CDT)
>Date: Mon, 6 Oct 1997 15:19:42 -0500 (CDT)
>Message-Id: <199710062019.PAA03860@mail.tds.net>
>From: webbs@tds.net
>Subject: Your Home And Family

eMail Bolts & Nuts FAQ's
How to manage and clean bounced or undelivered emails? Understand why emails get bounced
How to use your desktop PCs as an email server and bypass your ISP email server, a simple process using a free mail server program
How to test your message and see if it gets deleted by broad based anti-spam filters?
A one page email course. Everything you wanted to know about emailing in a "nut shell"
Quick guide to: dig finger traceroute ping whois nslookup IP block FTP SMTP relay TCP/IP Port
How to embed email tracking code into your email? Invisible counters, codes, scripts to track viewer
Send HTML or TEXT email using formatted HTML email, you can send an entire webpage
How to embed images into HTML email for faster emailing? Prevent displaying linked-site in recipient email client status bar
RFC defined ESMTP, SMTP Status Email Error Codes? These codes are used to provide informative explanations of error conditions
How email works?  Delivery of each email is done
by your ISP mail server, first establishing a conversation through your recipient port 25
Some spiders visit site after site, collecting email addresses and controlling these rogue spiders spam bots or email harvesters with robot.txt
About TCP/IP and mail server port numbers? It is a number between 1 and 65535 which identifies to the receiving computer what function you want to perform


>Now available, (Your Home and Family), the consumer guide
>everyone has been asking for.

>This guide is filled with information every household should be
>aware of. Protect yourself and your family, be informed of the
>real life events that can happen to you and your household.

>Read about wills and trusts (don’t let the government take

>Parents worst fears- (Drug Abuse, maybe its already there)!
>Be informed!

>Dealing with divorce “Get It Together” “Not The End”.

>Safeguards against rape....Don’t let it happen to you, worse yet
>a member of your family!

>Household: Don’t let your house get the better of you,

>This guide is packed full of important information that you will
>want to share with friends and other family members.


>Send for your copy today! Here is how to order: Send check or
>money order for $29.95 (shipping and handling included in price)

>Affordable Services
>PO Box 352
>Medford, WI 54451

>PS: You won’t believe the startling information in the guide!
>Order an extra report for your friends and neighbors! Give
>yourself a little piece of mind.

eMail Bolts & Nuts FAQ's
The function of URL or Uniform Resource Locator?
A command for your email address, some mail clients may not be able to translate it into an email address
A standard client server protocol for receiving email. POP3 is use for retrieving Internet email from ISPs mail server...
Collections of important useful emails related sites? Free email stuff, real cool, give it a try
Advanced DNS (dig) for the DNS records of a host or domain showing all the DNS records
All about IP Addresses, DNS, Internet addressing. Serious stuff, perfect remedy if you can't sleep
Email history, email netiquette, improving email presentation, email with sound, pictures--give it a try
101 Email spam tracking and meaning of message header? 102 DejaNews the most powerful dedicated spam-tracker's tool 103 The spam tracker tools: Whois, nslookup, traceroute, dig 104 Spam tracking
Never use ISPs that hosts your web site to send out newsletter. If they cancel your account, you will lose all your web pages
Warning: If you publish an online newsletter or email to any opt-in list (including your own list), it is critical that you read this
The history of Spam starts with Monty Python's Flying Circus and Vikings singing Spam
A list of return error codes by Windows Sockets API returned by WSAGetLastErrorcall with descriptions
Meet The Kings of SPAM - You don't need rocket science to figure out how to send spam emails

Normally, this is the most innocuous type of spam. It purports to sell a report, but it is not MLM, a pyramid scheme, or a chain letter. The sender appears not to have hijacked a mail server to send the spam. The return address could even be legitimate, for all I know.

Therefore, it is not illegal on its face. Sending spam itself is legal, so it would appear that no laws were broken, except that I was unhappy over having gotten the spam in the first place.

So, I sent a letter of complaint to the postmaster at TDS.NET, letting them know that they are harboring a spammer. If they don't permit spamming, they may well terminate the begger.
If I never get spam from him again, that should be the end of it, right?


I also did a little checking. Curious sort, am I. I used DejaNews to check out the city of Medford, WI (that's where I'm supposed to send the money for the report to, right)? Here is what I got back:

>1. 97/10/05 028 [email] (UCE) Your Home news.admin.net-abus "Nasty Mama"

Ok, so it appears that Nasty Mama has also gotten this spam and has taken some action. But wait, there's more:

>10. 97/09/23 026 [email] Pyramid Sche#1/2 news.admin.net-abus Todd C. Lawson

Oh-ho! Pyramid scheme, eh?
Well, let's just take a look!

>Subject: [email] Pyramid Scheme from newnorth.net (Your Free Report)
>From: Todd C. Lawson <tlawson@amug.org>
>Date: 1997/09/23
>Message-Id: <v03110703b04d9662ef4b@[]>
>Newsgroups: news.admin.net-abuse.sightings
>[More Headers]

>X-Reply-to: news.admin.net-abuse.email
>Abuse-spotted-in: mailbox tlawson@amug.org
>Abuse-Subject: Your Free Report
>Type-of-abuse: Unsolicited Email, Pyramid Scheme
>Description: Pyramid Scheme

Spam-tracking 103 WHOIS tool nslookup and traceroute freeware download
whois.internic.net or network solutions are network registries to find out contact info for current domain or IP address
nslookup a DNS tool that Perform forward and reverse DNS queries for the current address (this will usually give you the IP address of a hostname)
traceroute finds the route packets take between you and the selected address
Email in a "nut shell" a one page course about emailing. Everything you wanted to know about emailing.
How email works? Delivery of each email is done by your ISP mailserver establishing a conversation through (port 25) of your recipient mail server
Free2-Try 100% effective. The easiest way to Stop Spam getting into your PC. I recommend it. stop spam
Free eBook Sun Tzu Art of War Commanders without thoughtful strategy invite defeat.

Sun Tzu

Free eBook Great online Stealth Marketing strategies to help you increase sales email tips
[snip] - VERY excellent information from Todd Lawson on
what a pyramid scheme is, and why it is illegal. For a copy of his
report, take a look at it. Use DejaNews and search for Todd Lawson.]

>Return-Path: webbs321@newnorth.net

Whups, not from TDS.NET, but from NEWNORTH.NET, which is another local ISP in rural Wisconsin. Ok, so maybe this guy got bounced based on Todd's complaint. Notice the similarity in user names, though (webbs vs. webbs321).

[snip rest of headers]

>Free Report

>Students! Professionals! Unemployed! Absolutely anyone can use this
>information to make cash anytime they want. Read and save this
>report to use time and >time again

[snip much pyramid stuff, we've all seen it.]

>This program has remained successful
>because of the
>HONESTY Integrity the participants.

[Well, not only does our unknown spammer send illegal pyramid schemes, but he is also a liar, as I will also show!]

[snip - more pyramid stuff]


>1. R.D.Haar, 1628 Hillcrest St. Mesquite, TX 75149 Fargo, USA

>2. James Shanahan, 2/16 Myola St., Mayfield 2304, Australia

>3. Diane Wicke, PO box 32, Jump River, WI 54434, USA

>4. Affordable Services, PO Box 352, Medford, WI 54451, USA

[But wait - here is the man who sent me the UCE! ^^^^^^^ ]

>5. Scott Webster, 939 High Street #102, Rib Lake, WI 54470, USA

[And who could this be???]

>Mail $1.00 to each of the 5 names listed above. SEND CASH ONLY
>(Total investment:

[snip - more pyramid scheme]


[yet another exhortation to BE HONEST!!!]

Ok, so now we know that webbs@TDS.NET sends UCE and pyramid scheme UCE. We could stop there and just mail a copy of this pyramid scheme to:


And we'd be done with it. But I'm just a curious guy, so I took the very last step in identifying this spammer. I called the US Post Office in Medford, WI at (715) 748-3981. Remember, if the holder of a US Post Office Box lists their PO Box as being used for business, the information is open to the public.

If they check off the little box that says that they are NOT doing business with the public, then you can't get the info, but then they are committing perjury (PO Box applications are legal documents). It seems our spammer DID want to be just a little bit honest though, because the post office told me who he is (drum roll, please):

Scott's Affordable Services
939 High Street
# 102
Rib Lake, WI 54470

Oh gee. Seems like Mister Scott Webster from our pyramid scheme above and Affordable Services from the same list are indeed the same person. On top of that, I would venture a guess to say that webbs and webbs321 both mean Scott Webster, huh?

So, same person all the way around. He just could not restrain himself from cheating on his very own pyramid scheme, the one he warns people NOT to cheat on. Shame, shame, Mr. Webster.

Now, I complain to his ISP. I print a copy of the pyramid scheme that was previously posted to news.admin.net-abuse.sightings by Todd Lawson, and I send it to the postmaster at Rib Lake, WI, and Medford, WI.

Our nasty little spammer is going to stop bouncing from ISP to ISP, because he is going to jail.

Thus ended the lesson.

Best Regards, Bill Mattocks, CIIU

Derived from an HTML translation by Marek Jedlinski www.lodz.pdi.net/~eristic of a usenet post by Bill Mattocks

Email Spam tracking 101 - Meaning of email headers
Email Spam tracking 102 - The many uses of DejaNews
Email Spam tracking 103 - The WHOIS database
Email Spam tracking 104 - A spammer unmasked <This site

Thinking of bulk emailing - Consequences of spamming?

Figuring out fake eMail - Deciphering fake email or posting?
Dolly Kee Managing Director
Image Power

eMail CRM maximize
the life-time value of  my customers, I recommend it.

Freeware for home, office PC



Bounce eMail

"A valued contribution that
I and the rest of my team sincerely appreciate it. We have checked your software twice and it is good." Alex



Sun Tzu Art of War "Leaders who takes on the role of the commander without understanding the strategy of warfare, invite defeat." Free eBook



100% effective.
I recommend it.

  The easies way to stop email spam, virus getting
into your PC


Can't find
what you want?

Try Google...