Did you receive an unsolicited e-mail (UCE/spam) or a virus from a rump.dk-user?
This page is divided in to a few sections with the following headlines, which I hope you are able to use:
First I (as Postmaster and Webmaster for rump.dk) would like to say that if you did receive an unsolicited e-mail/UCE/spam from a rump.dk-user, I would be the first to make sure the person will never do it again! Because I do not support spamming and do not tolerate spam - and that is why I have to make this page - the spammers don't like me! :-)
A virus is (almost) just as bad! People should understand how to protect their system and keep it up to date - or stay off the Internet! I know these are very harsh words, but this is the (Internet) world today!
Please note: This page will not give you any detailed information! There are a lot of resources on the Internet which you may find using the search engines which may tell all the small details about your system. I know that there is so much to read - but there is no easy way out if you want to understand what is going on! Sorry! Please, if the next paragraphs are too technical for your liking, please jump further down this page, where I give you some guidelines.
The first thing you should know is that the From- and Reply To-address in an e-mail may be forged and thereby cannot be trusted! To verify the validity of the reply address you need to check the e-mail headers, which contains information about how the e-mail got from the sender to you. If you don't know what the e-mail headers is or how to find them, please Read The Manual ("RT*M") to your system! As I wrote in the paragraph above this page does not give detailed information - find it yourself and learn! I'll give you one hint: The header contains at least one (long) Received:-line!
You then need to understand the headers and verify the information! To tell the truth! That is even too complicated for me!
That is why systems like SpamCop have been implemented. If you paste the header into the textbox and press Process Spam, SpamCop will check the header and tell you which Internet Service Provider (ISP) the sender used - or abused - for sending the mail! You may actually paste the whole e-mail (header and content) into the textbox and get SpamCop to process it. If it is spam - you may even ask SpamCop to notify the ISP directly using only a few clicks on the mouse button! If this gets to complicated contact your ISP and give them the mail - including the headers.
Well spammers and virus writers are malicious people and they may use any reply address they like!!! And they do!!! rump.dk from time to time receive thousands of mails during one day (our current record is 10 mails a minute, i.e., around 9.000 mails per day - for two weeks!)! These mails often turn out to be bounces (which is a return mail containing information to the "sender" from a mail server which could not deliver the mail) because the spammer specified a bogus address. Unfortunately the spammer specified rump.dk-addresses as the reply address to cheat servers that check if the sending domain exists! This is called a Joe Job. Why are they doing this? Well the spammer apparently want to get back on our fight against spam!
It's that simple! I hope the above paragraphs gave you a little insight in the complicated life on the Internet. If you still think a user at rump.dk is spamming you please feel free to send an e-mail to firstname.lastname@example.org or email@example.com with your complaint. Please remember to include the header and the original content of the spam and we will make sure the right people get informed/punished!
Below you will find a few but (hopefully) good advises about e-mail and a description of my own experiences with spammers!
Never - ever - trust an e-mail! Not even from your closest friends! The rest of this page should show that you cannot trust anything you receive from an e-mail - unless you verify that the information is correct either through other independent sources or by using electronic signature of e-mail - and the code has not been stolen!
In most cases your mail will bounce - because the spammer never created the mailbox in the first place or worse your e-mail will go to an innocent person - like us at rump.dk! The spammer usually want you to give him your information through his website, phone or snail mail (delivered by the official post office employee)! In the few cases where the spammer do have an active e-mail address he may - and probably will - use your reply to prove that the e-mail address you use is alive and read - and probably sell it to other spammers!!!
This rule now unfortunately also applies to virus-infected e-mails! Do not reply to virus-infected mails you may have received unless you know which virus you received! The Klez-virus and its "descendants" pick other peoples e-mail address from the infected system and use that as the From-address, i.e., a third party may be blamed for sending out virus-infected files!!! The only way to find the infected machine are by looking at the header of the mail and inform the Internet Service Provider (ISP) about the infected computer!
During the night on April 22, 2002 e-mail suddenly startet pouring in! I quickly realized that the e-mail was not meant for me or any other at rump.dk. It was e-mail to users at for instance: AOL and CompuServe, which could not be delivered because the user did not exist! The mail server therefore returned the e-mail to the "sender" - at rump.dk! The table at the end of this page shows the number of e-mails that was rejected - and as you can see the flood continues even several months after the attach started - but in a much smaller scale - but there are still spam coming in from the same spammer - as far as I know!
It took me several days to get a hold of this flood of messages which changed: sender-address, receiver-address, subject and content, i.e. it was not possible to create a filter that could sort the flood of rejected spam from the rest of the wrongly addressed e-mail to rump.dk which we receive from time to time!
It didn't take long to realize that the spammer used open relays and proxies all over the world to hide his tracks so it was not possible to figure out which ISP who provided his internet connect which he used for sending the spam. But the spam contained a link to his homepage so I figured it would be easy to get it closed down - oh boy was I wrong!!! :-)
The homepage address was - and (as we say in Denmark) keep your tongue straight in your mouth: http://www.04-romance.category.unique.zaam.net [%01%14%14%14] .co.fr [%14%02%14%05%14%7C] https.am2002.goopt.com:8095/index.html - the numbers in the square brackets was the values of the character codes that was in the URL - the URL was in other words completely unreadable and it was not possible to enter it manually but browsers would allow you to follow the link.
That meant that it was very difficult to use some of the normal spam-fighting tools used to find spammers! But fortunately I was not the only one fighting against this spammer! There were a lot of people who received his spam and others, like me, who also experienced the Joe Job, created by this spammer. In UseNet-groups for spam-fighters there where quite a few people working to break the case and fairly quickly we found the information needed to report him for spamming.
Included in the spam was a telephone number: +1 877 879-6509, which I traced to a company which I think is/was called "U Reach Technology" - that was at least what they called themselves until they closed for calls from outside USA. Some of the spam I have received later on contains no links to homepages(!) but yet another telephone number: +1 877 892-7570. The other number is now used as a fax-number.
The spammer go under the name Empire Towers and is very well known in spammer fighting groups - as the worst spammer in the world! It is amazing that I managed to step on his toes so severely that he wanted to retaliate like this!
Because it was my first (real) Joe-Job I called a lot of people!
I have reconstructed the "event". I didn't write down what happened when and where in the beginning and in the end I let the spammer play for (read: with) himself - I did not want to waste more time on him!
This page is maintained by firstname.lastname@example.org.
Created May 9, 2002; Updated November 27, 2003 .
[ Top | Home ] [ Dansk | English ] [ History | Events | Links | rump.dk | Addresses | Homepages ]
Copyright: © 1998 - 2016 The Rump family.