The Rump Family coat of arms

Den danske udgave af teksten
The English version of the text

The Rump family history
Events in the Rump-family
The Rump family links
The Rump family website
(Some of the) Rump family addresses
(Some of the) Rump family homepages


on the Internet


[ Bottom | Home ] [ Dansk | English ] [ History | Events | Links | | Addresses | Homepages ]

Did you receive an unsolicited e-mail (UCE/spam) or a virus from a

I don't think so! But please read this page and you may understand why.

This page is divided in to a few sections with the following headlines, which I hope you are able to use:

But first: Why don't I think that you have received an unsolicited s-mail (spam) or a virus from a

First I (as E-mail Postmaster and E-mail Webmaster for would like to say that if you did receive an unsolicited e-mail/UCE/spam from a, I would be the first to make sure the person will never do it again! Because I do not support spamming and do not tolerate spam - and that is why I have to make this page - the spammers don't like me! :-)

A virus is (almost) just as bad! People should understand how to protect their system and keep it up to date - or stay off the Internet! I know these are very harsh words, but this is the (Internet) world today!

Please note that the views on this page is E-mail mine and mine only, but that all users of must follow the rules for usage of

Please note: This page will not give you any detailed information! There are a lot of resources on the Internet which you may find using the search engines which may tell all the small details about your system. I know that there is so much to read - but there is no easy way out if you want to understand what is going on! Sorry! Please, if the next paragraphs are too technical for your liking, please jump further down this page, where I give you some guidelines.

The first thing you should know is that the From- and Reply To-address in an e-mail may be forged and thereby cannot be trusted! To verify the validity of the reply address you need to check the e-mail headers, which contains information about how the e-mail got from the sender to you. If you don't know what the e-mail headers is or how to find them, please Read The Manual ("RT*M") to your system! As I wrote in the paragraph above this page does not give detailed information - find it yourself and learn! I'll give you one hint: The header contains at least one (long) Received:-line!

You then need to understand the headers and verify the information! To tell the truth! That is even too complicated for me!

  • A mailserver which has not been set up properly may be used as an "open relay" by everyone on the internet so everybody may send e-mail to everyone - without revealing their one e-mail address and/or getting registered allowing other to trace the sender.
  • FormAmil (an e-mail program to collecting and sending of form-data entered into homepages) may be an "open proxy" if it doesn't check the information "entered". By cheating the program everybody may use it for sending out their own material without getting registered.
  • ...

That is why systems like SpamCop have been implemented. If you paste the header into the textbox and press Process Spam, SpamCop will check the header and tell you which Internet Service Provider (ISP) the sender used - or abused - for sending the mail! You may actually paste the whole e-mail (header and content) into the textbox and get SpamCop to process it. If it is spam - you may even ask SpamCop to notify the ISP directly using only a few clicks on the mouse button! If this gets to complicated contact your ISP and give them the mail - including the headers.

NOTE: Use a throwaway account (e.g., HotMail) when using SpamCop - the spammer may get your reporting address from a clueless ISP!

Why am I telling you all this?

Well spammers and virus writers are malicious people and they may use any reply address they like!!! And they do!!! from time to time receive thousands of mails during one day (our current record is 10 mails a minute, i.e., around 9.000 mails per day - for two weeks!)! These mails often turn out to be bounces (which is a return mail containing information to the "sender" from a mail server which could not deliver the mail) because the spammer specified a bogus address. Unfortunately the spammer specified as the reply address to cheat servers that check if the sending domain exists! This is called a Joe Job. Why are they doing this? Well the spammer apparently want to get back on our fight against spam!

Here are a few simple rules, which applies to spammers! :-)

  • Rule 0: Spam is theft, thus, spammers are thieves.
  • Rule 1: Spammers lie.
  • Rule 2: Recursive, if spammer seems to be telling the truth, see Rule 1.
  • Rule 3: Spammers are stupid.

It's that simple! I hope the above paragraphs gave you a little insight in the complicated life on the Internet. If you still think a user at is spamming you please feel free to send an e-mail to E-mail or E-mail with your complaint. Please remember to include the header and the original content of the spam and we will make sure the right people get informed/punished!

Below you will find a few but (hopefully) good advises about e-mail and a description of my own experiences with spammers!

A few word of advice!

Never trust an e-mail!

Never - ever - trust an e-mail! Not even from your closest friends! The rest of this page should show that you cannot trust anything you receive from an e-mail - unless you verify that the information is correct either through other independent sources or by using electronic signature of e-mail - and the code has not been stolen!

Never reply to spam!

In most cases your mail will bounce - because the spammer never created the mailbox in the first place or worse your e-mail will go to an innocent person - like us at! The spammer usually want you to give him your information through his website, phone or snail mail (delivered by the official post office employee)! In the few cases where the spammer do have an active e-mail address he may - and probably will - use your reply to prove that the e-mail address you use is alive and read - and probably sell it to other spammers!!!

This rule now unfortunately also applies to virus-infected e-mails! Do not reply to virus-infected mails you may have received unless you know which virus you received! The Klez-virus and its "descendants" pick other peoples e-mail address from the infected system and use that as the From-address, i.e., a third party may be blamed for sending out virus-infected files!!! The only way to find the infected machine are by looking at the header of the mail and inform the Internet Service Provider (ISP) about the infected computer!

Why did I write this page?

Because drowned in e-mail!!!

During the night on April 22, 2002 e-mail suddenly startet pouring in! I quickly realized that the e-mail was not meant for me or any other at It was e-mail to users at for instance: AOL and CompuServe, which could not be delivered because the user did not exist! The mail server therefore returned the e-mail to the "sender" - at! The table at the end of this page shows the number of e-mails that was rejected - and as you can see the flood continues even several months after the attach started - but in a much smaller scale - but there are still spam coming in from the same spammer - as far as I know!

It took me several days to get a hold of this flood of messages which changed: sender-address, receiver-address, subject and content, i.e. it was not possible to create a filter that could sort the flood of rejected spam from the rest of the wrongly addressed e-mail to which we receive from time to time!

It didn't take long to realize that the spammer used open relays and proxies all over the world to hide his tracks so it was not possible to figure out which ISP who provided his internet connect which he used for sending the spam. But the spam contained a link to his homepage so I figured it would be easy to get it closed down - oh boy was I wrong!!! :-)

The homepage address was - and (as we say in Denmark) keep your tongue straight in your mouth: [%01%14%14%14] [%14%02%14%05%14%7C] - the numbers in the square brackets was the values of the character codes that was in the URL - the URL was in other words completely unreadable and it was not possible to enter it manually but browsers would allow you to follow the link.

That meant that it was very difficult to use some of the normal spam-fighting tools used to find spammers! But fortunately I was not the only one fighting against this spammer! There were a lot of people who received his spam and others, like me, who also experienced the Joe Job, created by this spammer. In UseNet-groups for spam-fighters there where quite a few people working to break the case and fairly quickly we found the information needed to report him for spamming.

Included in the spam was a telephone number: +1 877 879-6509, which I traced to a company which I think is/was called "U Reach Technology" - that was at least what they called themselves until they closed for calls from outside USA. Some of the spam I have received later on contains no links to homepages(!) but yet another telephone number: +1 877 892-7570. The other number is now used as a fax-number.

Empire Towers

The spammer go under the name Empire Towers and is very well known in spammer fighting groups - as the worst spammer in the world! It is amazing that I managed to step on his toes so severely that he wanted to retaliate like this!

Because it was my first (real) Joe-Job I called a lot of people!

I have reconstructed the "event". I didn't write down what happened when and where in the beginning and in the end I let the spammer play for (read: with) himself - I did not want to waste more time on him!

ISP Date of spam-rapports Comments April 23, 2002 - almost end of April, 2002 Complete confusion! The spammer seemed to be hosted by 3 ISP's at the same time! It turned out that he was but we managed to get him thrown out by all three!
genuity April 23, 2002 - almost end of April 2002 April 23, 2002 - April 29, 2002 End of April 2002 - May 7, 2002 But the spammer had already made preparations at another ISP! But after some hard work also closed the spammer's homepage. May 9, 2002 - ???, 2002 This the spammer apparently hadn't anticipated so it took him a few days before he was back up again and he apparently haven't had time to cover his tracks so the first spam report went to the spammer himself! May 11, 2002 - May 24, 2002 When I realized that I sent the spam reports to his ISP's - yes there was more than one! And apparently had forgotten that they have thrown him off their net once! May 13, 2002 - May 24, 2002 May 24, 2002 - May 28, 2002 But again we succeeded in getting the homepage closed.
??? ??? - ??? There are still Joe Job spam coming in from what appears to be the same spammer because the telephone number in the spam is the same. But I don't want to play anymore and there are no homepages to close!

Number of e-mails to non-existing accounts

Date (yyyy-mm/dd)Number of bounces


This page is maintained by E-mail

Created May 9, 2002; Updated November 27, 2003 .

[ Top | Home ] [ Dansk | English ] [ History | Events | Links | | Addresses | Homepages ]

Copyright: © 1998 - 2016 The Rump family.