I also received three copies through the ASA list. These chain
letters are illegal in the United States. I have already printed
out a copy (with the scam participants' addresses highlighted)
and sent it to the U.S. Postal Inspector's office.
> It is sent from mailer298@usa.net, and it seems that
> it reaches me via this ASA listserver.
"mailer298@usa.net" is a forgery. The "from" address of E-mail is
trivially forged and cannot be trusted in general. To track these
mails you must configure your mailer to show the "Received:" lines
in the header. As they appeared here, the "Received:" lines
contained (roughly) the following information:
] Received: from [calvin.edu] by [stassen.com]
] Received: from cobra.simplecom.net ([208.220.30.2]) [...by calvin.edu]
] Received: from [209.89.144.38] by cobra.simplecom.net
] Received: from user20345-04.mci.net(204.293.458.2) by [.. mailer13.usa.net]
These are read from top to bottom. My machine says it received the
E-mail from calvin.edu. calvin.edu, which we can trust, says that
it received the mail from simplecom.net. Simplecom.net, which may
or may not be trustworthy, says that it received the mail from
209.89.144.38... which turns out to be "dialin38.netmatrix.net."
The fourth one is a forgery, because (1) the fourth line's destination
should match the third line's origin (i.e., it should be a received
line for netmatrix.net and it isn't), and (2) the numbers 293 and 458
in the IP address are out of the legal range (0 through 255).
The junk mail probably originated at netmatrix.net and was sent by
hijacking simplecom.net's mail server. It also could have originated
at simplecom.net, if both of the bottom "Received:" lines are forgeries.
(But junk mailers rarely forge "Received:" lines that match up, so
it's much more likely that netmatrix.net is involved.)
> Anyone who knows how to stop this ?
I've already sent E-mail notices to simplecom.net (that their
SMTP server is not secure and has been abused), and netmatrix.net
(that they are probably harboring a junk E-mailer and should pull
his/her account).
Once "asa@calvin.edu" is on junk mailers' lists, a steady flow of
this trash will be sent to that address -- no matter how many
individual "junk E-mailers" get disconnected. On other mailing
lists, "junk E-mail" is kept from getting to the receipients by
delaying list submissions from non-members. (They are not sent
to the list until the list administrator checks them out, and the
list admin can throw away junk E-mail.) I don't know if that is a
practical solution for this list or not.
-- Chris (chris@stassen.com)