Attention visitors to Forest Software!:
Like me, you may be the victim of a Spammer. Towards the end of June 2003, someone began forging my domain name (forestsoftware.co.uk). The spammer forged the From: and Reply-To: fields of his/her spam messages. The spam in question advertised adult web sites and Viagra". As of the end of September 2010 I am getting reports of this happening yet again.
Attention system administrators/spammer victims:
I assure you, and the administrators of your ISP/domain, that I did not send you any spam email. It is very likely that the email in question was spam sent by someone who forged my email address/domain. These messages did not come from me. Someone else was forging my email address to send their SPAM. I first learned about this spammer, and the domain forgery, on the 26th June 2003. If you've received a spam message with my domain name in the From: or Reply-To: field, I would appreciate it if you could forward the entire message, with the full header intact to us with a subject of "forged email". The message content and headers are essential in tracking down the individual(s) responsible for forging my email address/domain. I do not want anyone sending SPAM with my name on the message. See my contact page for contact information.
(Continued below)
- I have already notified the system admins of AOL and other large ISP's. I do not want Forest Software blocked, because of complaints from people who didn't realise that the spammer was forging my domain/email address.
- I have published this explanation, describing the circumstances surrounding the incident. That way annoyed spam recipients that come to our web site will understand what happened, and that I am not responsible for the spam message(s) he/she received.
- I am continuing to collect evidence (printed and electronic copies of complete emails, including all headers) in case it becomes necessary, to either pursue the spammer through the courts, or convince a sceptic that I didn't send the spam.
I currently have documented evidence of at least 829 instances where spammers have forged my domain on an email address.
How can you be sure we were not responsible for the spam?: Every email sent over the internet contains information called header data. Some of that header data can be forged, some of it cannot. Spammers typically forge a large percentage of their header data If you receive/have received an email (allegedly from me), I encourage you to examine the full headers. Most email clients (software like Microsoft Outlook) have a 'show full headers' feature/capability. Examine the IP addresses in the header, you will likely find that much of the data is forged, and you will also find that the header data does not point back to me or my mail server(s). If you are unsure how to read/interpret the header data, I encourage you to do a little research. You can start by reading a brief tutorial on email header data.
So what should you do with this spam?: If you've received some of this spam email. I would ask you to do two things. First, send an abuse report via email, to the ISP that relayed the email to your email server / service. I can guarantee it's not my email server/service. Secondly, send a copy to me. Please be sure to include the full header and mark the subject to include the words 'forged email'. As I stated earlier; the message content and headers are essential in tracking down the individual(s) responsible for forging my email address/domain, and sending the spam.
What should you do about spam in general?: The simplest thing to do is just delete it. Replying directly to the forged From: or Reply-To: address is ineffective, as either (a) the From: or Reply-To: addresses are forged, or (b) your email address will be used to harvest a list of 'Working email addresses', which the spammer can use to optimise his or her operations, or sell to other spammers.
What else?;
- Try to avoid loading spam in an HTML capable email client which automatically loads images. Spammers often encode your email address in the URL used to retrieve those images. By examining their web server logs, they can determine if you received the email, and whether you read it.
- For the same reason, don't click on any links in the email. Doing so will only confirm your email address as 'Live prey'!
- If you want to do some detective work, look at SamSpade.org ( who have a very good downloadable tool) or the UXN Spam combat page, both of which have a collection of online tools for deciphering URLs, tracing website ownership, and researching ISP contact information. But be careful! It's all too easy to point the finger at the wrong person. Spammers try to cover their tracks, and more than one of the email headers will typically be forged.
- And obviously, never buy anything from a spammer. You don't really think your credit card information is safe with somebody who forges emails for a living, do you?
A portion of the material above is quoted/adapted (with permission) from a web page posted by Robert L Vaessen in 2003. He had a similar experience with a spammer.