stevesearle.com
Home
Champions
Techie Stuff
Downloads
Spam
Viewable With Any Browser

Valid HTML 4.01!
© Steve Searle 1999, 2006
Created and maintained using
Vim
Spam Email which Originates from stevesearle.com

(Or rather, which appears to originate from stevesearle.com)

Introduction

I am aware that many people are receiving unsolicited electronic mail messages (known as "spam") commonly advertising pharmaceutical selling web sites, which appear to have been sent by someone with a stevesearle.com email address. Recent examples of such addresses include PYXTTOVLL@stevesearle.com and mmkwazu@stevesearle.com - however a wide variety of fake addresses have been used. As a general rule, email addresses used within the stevesearle.com domain are usually a user's real name (or an abbreviation). They don't include numbers or look random - it's fairly safe to assume that any "stevesearle.com" addresses that do are false, and therefore forged.

Whilst it is impossible to be certain without seeing full copies of individual messages, it is highly unlikely that this spam actually originated from stevesearle.com.

None of the sender addresses on messages that have been forwarded to me are genuine electronic mail addresses for users at stevesearle.com.

I can say with a reasonable degree of certainty that these email messages did not originate from stevesearle.com. In addition, the sender address on a message is no real indication of where an electronic mail message has actually come from.

Finding out where messages really come from

Unfortunately it is relatively easy to forge the sender address on an electronic mail message (in much the same way as you could stick any sender address on a real letter. As a result, it is possible to make an email message initially appear to have come from just about anywhere.

If you really want to find where a message has come from, it is possible to trace the path across the internet that the message has taken from its sender, to you. Email messages do not travel directly from the sender's computer to your desktop - they're passed between mail servers, with each stage of this path being recorded. Each email message you receive will have its path displayed in the message headers - you may need to explicitly ask your email program to show full message headers to see these.

The message headers will contain a series of lines begining with the word Received, which trace the path of the message, with the most recent stages being added at the top of the list. An example is shown below... 

Received: from localhost (localhost.localdomain [127.0.0.1])
        by emma.stevesearle.com (8.11.6/8.11.6) with ESMTP id h5J938h10272
        for <steve@localhost>; Thu, 19 Jun 2003 10:03:15 +0100
Received: from pop3.uklinux.net [80.84.72.21]
        by localhost with POP3 (fetchmail-5.9.0)
        for steve@localhost (multi-drop); Thu, 19 Jun 2003 10:03:15 +0100 (BST)
Received: from internal.mail.demon.net (internal.mail.demon.net [193.195.224.3])
        by s1.uklinux.net (8.11.6p2/8.11.6) with ESMTP id h5J8xP125805
        for <mail@stevesearle.com>; Thu, 19 Jun 2003 09:59:25 +0100
Received: from gwhdemnts03.server.demon.net (gwhdemnts03.server.demon.net [193.195.224.75])
        by internal.mail.demon.net with ESMTP id h5J90cR04527;
        Thu, 19 Jun 2003 09:00:38 GMT
Received: by gwhdemnts03.server.demon.net with Internet Mail Service (5.5.2653.19)
        id <K8H1YX1H>; Thu, 19 Jun 2003 09:59:14 +0100
Here the message, which was sent from within the Demon Internet, has passed through three servers within Demon's mail system before being received by UK Linux who passed it onto stevesearle.com where it was received by a machine named emma.stevesearle.com which passed it on for delivery. By examining the Received headers you can check the path the message took to reach you.

Unfortunately, even these message headers cannot be relied on completely - the first step can often be faked to disguise the true origin of a message.

It is also possible to send email messages through any unsecured mail relay with the result that often innocent, if slightly careless, companies or service providers appear to be responsible for sending spam.

What you can do about it

If you have tracked down the originating network from the message headers you can complain to them. They have either allowed a user to send out unsolicited bulk email, or have an insecure mail relay which has been used for bulk sending.

However, it's worth stressing that this will require no little effort on your part, and is unlikely to elicit any satisfactory response. As irritating as these messages are, and as offensive as they may often be, the simplest approach is usually just to delete them and forget about it.

Can't stevesearle.com or its ISP stop this happening?

No. They come from other ISPs networks over which we have no control.

Is it just stevesearle.com that has this problem?

No. The many other domains are regularly abused in this way too.


Page last modified on Sunday February 06 2005