# Danger: spam email from [email protected], do not click on link!



## Greg Elmassian (Jan 3, 2008)

Email sent today at 3:43 am from [email protected] (obviously he has had his account or computer hijacked)

It has a single link on it, the email subject is Hi)) How are you doing?

I cannot determine the extent of the number of people this was sent to, but it's a few.

The people on the copy I got were: [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]

But I'm sure there were multiple emails sent to various people. 


DO NOT click on the link!

Regards, Greg

(yeah yeah, someone will take offense to this posting... but since there's probably a ton of train people in his address book, this is a public service)


----------



## Dave Meashey (Jan 2, 2008)

Thanks Greg! Since I get their merchandise news, I'll be on the lookout for this email, so I can delete it right away. 

Yours, 
David Meashey


----------



## Pterosaur (May 6, 2008)

I will take a chance and believe it is indeed spam as I do not believe Mr. Polk would write you to say "HI, how are you doing"! 

Please note "smiley".


----------



## Curmudgeon (Jan 11, 2008)

The actual e-mail (which I got this morning) is from Africa. 
If you know how, you can find where it came from, and report it, which I did: 

[email protected] 

And, they responded, which is good from Africa, Romania, and China, in that usually they come up with some reason for rejecting SPAM and abuse reports.


----------



## Curmudgeon (Jan 11, 2008)

I forgot to add...this has been going around for some time. 
It LOOKS like yahoo e-mail accounts were hacked, as they all seem to originate from a yahoo account. 
Once they hack your yahoo-hosted adress book, they have everybodies addresses, and sell the list to spammers. 

Happens on vintage H0 forums, facebook, etc. 

I NEVER put my address book on-line. 
EVER.


----------



## Greg Elmassian (Jan 3, 2008)

Wise idea, I personally dislike not only having my address book on someone's server, but all my emails too. 

You never know when someone will get hold of them. 

This one was really from web65109.mail.ac2.yahoo.com but I did not want to confuse anyone, since most people don't know how to find the REAL addressing. 

The yahoo mail engine that sent it to me was in sunnyvale.. but that's neither here nor there. 

Anyway... 

Greg


----------



## Curmudgeon (Jan 11, 2008)

According to yahoo, that's the last link. 
Hotmail has the same issue. 

Look down a bit on properties to "originating IP", if you got the same one I did: 

Received: from [41.135.79.104] by web65107.mail.ac2.yahoo.com via HTTP; Tue, 12 Oct 2010 03:37:47 PDT 
X-Mailer: YahooMailClassic/11.4.9 YahooMailWebService/0.8.106.282862 
Date: Tue, 12 Oct 2010 03:37:47 -0700 (PDT) 
From: [email protected] 
Reply-To: [email protected] 


That 41.135.79.104 is in Africa. 

The African SPAMmers use yahoo, Hotmail, and such as a link. 

That's what yahoo and Hotmail told me when I tried to report things to them.


----------



## Curmudgeon (Jan 11, 2008)

inetnum: 41.132.0.0 - 41.135.255.255 
netname: MWEB-NET-BLK-04 
descr: MWEB Connect (Pty) Ltd 
country: ZA 
admin-c: GP4-AFRINIC 
tech-c: KC4-AFRINIC 
org: ORG-MA20-AFRINIC 
status: ALLOCATED PA 
mnt-by: AFRINIC-HM-MNT 
mnt-lower: MWEB-CONNECT-MNT 
source: AFRINIC # Filtered 
parent: 41.0.0.0 - 41.255.255.255 

organisation: ORG-MA20-AFRINIC 
org-name: MWEB CONNECT (PROPRIETARY) LIMITED 
org-type: LIR 
country: ZA 
address: Private Bag x001 
address: N1 City 
address: Cape Town 7463 
e-mail: [email protected] 
e-mail: [email protected] 
e-mail: [email protected] 
phone: +27 21 596 8300 
phone: +27 21 596 8472 
phone: +27 21 596 6472 
admin-c: NOC1327-AFRINIC 
tech-c: NOC1327-AFRINIC 
mnt-ref: AFRINIC-HM-MNT 
mnt-ref: MWEB-CONNECT-MNT 
mnt-by: AFRINIC-HM-MNT 
remarks: abuse e-mail: abuse-at-mweb-dot-com,, phone: +27 21 596 8300 
source: AFRINIC # Filtered 

I had to enter the reporting address with "-at-" and "-dot-", the software stripped it out.


----------



## Greg Elmassian (Jan 3, 2008)

You are right...actually found it before, but the search tool said that ip was in the US... I'm still fighting outlook 2010, so it was a struggle to even find the info... in a few more years the user interface will be indistinguishable from a video game. (And will require the same intelligence to operate it).. 

Sigh... 

Greg


----------



## Curmudgeon (Jan 11, 2008)

http://centralops.net/co/DomainDossier.aspx 

Free tool. 
Just copy and paste the address, click the domain and network whois, hit go, find out all you need to know. 

Been having a week of horrible spam, even bypassing filters, all emanation from Romania. 
The registrant is GoDaddy. 

So, you report it to the originating IP, and within minutes the SPAM quadruples. 
So, all of it goes off to GoDaddy as the registrant.......and it all shut off like a square turd.


----------



## stanman (Jan 4, 2008)

Thanks for the helpful link!


----------



## Curmudgeon (Jan 11, 2008)

Been using it for years. 
And years. 

Stops a whole lotta SPAM.


----------

