Forest Software

Web, SEO and IT & Business Advice for the Smaller Business

Attention visitors to Forest Software!:
Like me, you may be the victim of a Spammer. Towards the end of June 2003, someone began forging my domain name (forestsoftware.co.uk). The spammer forged the From: and Reply-To: fields of his/her spam messages. The spam in question advertised adult web sites and Viagra". Update image As of the end of September 2010 I am getting reports of this happening yet again.

Attention system administrators/spammer victims:
I assure you, and the administrators of your ISP/domain, that I did not send you any spam email. It is very likely that the email in question was spam sent by someone who forged my email address/domain. These messages did not come from me. Someone else was forging my email address to send their SPAM. I first learned about this spammer, and the domain forgery, on the 26th June 2003. If you've received a spam message with my domain name in the From: or Reply-To: field, I would appreciate it if you could forward the entire message, with the full header intact to us with a subject of "forged email". The message content and headers are essential in tracking down the individual(s) responsible for forging my email address/domain. I do not want anyone sending SPAM with my name on the message. See my contact page for contact information.
(Continued below)

 

Why would a spammer forge header data?: Spammers forge email header data like the From: and Reply-To: lines because they do not want to receive complaints (or complaints to their ISP). They just want your money. Unfortunately email forgery is simple and commonplace. Forgery of email header data makes it nearly impossible for the average email recipient to complain or report spam effectively. If you can't figure out who really sent you the spam, you can't get them shut down.What I am doing about it: As a company/web site administrator, you can't prevent spammers from forging your email address/domain in the spam that they send. You can't conceal your email addresses and only reveal them to trustworthy individuals. Your clients, isitors, and friends need to be able to contact you. All you can do is react when a spammer forges your name/domain on a piece of spam. I ame doing my best to figure out who is forging my domain/email address. I regularly contact ISP's and other system administrators in an effort to find out who is forging my domain/email address. I know how to detect header forgery, how to de-obfuscate encoded URL's, and how to track ISP/web host contact information. I use all the skills at my disposal, to track down the guilty party, and in the end, determine who is responsible for this forgery and identity theft. More specifically;
  1. I have already notified the system admins of AOL and other large ISP's. I do not want Forest Software blocked, because of complaints from people who didn't realise that the spammer was forging my domain/email address.
  2. I have published this explanation, describing the circumstances surrounding the incident. That way annoyed spam recipients that come to our web site will understand what happened, and that I am not responsible for the spam message(s) he/she received.
  3. I am continuing to collect evidence (printed and electronic copies of complete emails, including all headers) in case it becomes necessary, to either pursue the spammer through the courts, or convince a sceptic that I didn't send the spam.

I currently have documented evidence of at least 829 instances where spammers have forged my domain on an email address.

How can you be sure we were not responsible for the spam?: Every email sent over the internet contains information called header data. Some of that header data can be forged, some of it cannot. Spammers typically forge a large percentage of their header data If you receive/have received an email (allegedly from me), I encourage you to examine the full headers. Most email clients (software like Microsoft Outlook) have a 'show full headers' feature/capability. Examine the IP addresses in the header, you will likely find that much of the data is forged, and you will also find that the header data does not point back to me or my mail server(s). If you are unsure how to read/interpret the header data, I encourage you to do a little research. You can start by reading a brief tutorial on email header data.

So what should you do with this spam?: If you've received some of this spam email. I would ask you to do two things. First, send an abuse report via email, to the ISP that relayed the email to your email server / service. I can guarantee it's not my email server/service. Secondly, send a copy to me. Please be sure to include the full header and mark the subject to include the words 'forged email'. As I stated earlier; the message content and headers are essential in tracking down the individual(s) responsible for forging my email address/domain, and sending the spam.

What should you do about spam in general?: The simplest thing to do is just delete it. Replying directly to the forged From: or Reply-To: address is ineffective, as either (a) the From: or Reply-To: addresses are forged, or (b) your email address will be used to harvest a list of 'Working email addresses', which the spammer can use to optimise his or her operations, or sell to other spammers.

What else?;

  1. Try to avoid loading spam in an HTML capable email client which automatically loads images. Spammers often encode your email address in the URL used to retrieve those images. By examining their web server logs, they can determine if you received the email, and whether you read it.
  2. For the same reason, don't click on any links in the email. Doing so will only confirm your email address as 'Live prey'!
  3. If you want to do some detective work, look at SamSpade.org ( who have a very good downloadable tool) or the UXN Spam combat page, both of which have a collection of online tools for deciphering URLs, tracing website ownership, and researching ISP contact information. But be careful! It's all too easy to point the finger at the wrong person. Spammers try to cover their tracks, and more than one of the email headers will typically be forged.
  4. And obviously, never buy anything from a spammer. You don't really think your credit card information is safe with somebody who forges emails for a living, do you?
Authentication and Identification: How do you know I am who I say I am? When communicating via email,I take several measures to authenticate and identify myself. These measures can easily be detected in my email headers, and are extremely difficult to forge. I doubt any spammer would go through the trouble of trying. If you receive an email which is allegedly from me, but doubt it's authenticity, we urge you to forward a copy to me. For information on how to contact Forest Software please see my contact page.

A portion of the material above is quoted/adapted (with permission) from a web page posted by Robert L Vaessen in 2003. He had a similar experience with a spammer.

Follow us on Twitter