Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Want to help me root out some spammers?
14 points by techiferous on May 19, 2010 | hide | past | favorite | 21 comments
Starting at 4AM this morning, I've been getting a lot of email spam from discokenny.com. One of their email messages has this at the bottom:

"If you do not wish to receive further communications from Escher Internet Services please click here to unsubscribe or call the number below. Escher Internet Services | 2657 Windmill Pkwy #398 | Henderson, NV 89074 | 888-709-9804"

Googling the address led me to find out that SpamHero is at suite #175 of the same building. So I think that this SpamHero company may be sending out spam in order to boost its anti-spam product (but I don't know that for certain).

What would you do? Any advice? I want to fight this.



There is a word called "joe job" for when spammers impersonate another person so that vigilante action targets them. Occam's razor suggests that this is more likely than a double secret hush hush plan by an anti-spam company to drum up business by firing .0000000001% more email into the global spam delivery network.


Thanks. I'd like to have more certain info on the link between SpamHero and this spam.

I don't think it's a "joe job" because I had to do some digging to find the connection to SpamHero. What I suspect is that they are sending out a bunch of spam, then collecting email addresses from those who opt out, then following up sometime later by sending them an email advertising their service. That's my guess.

Also, the SpamHero company site does not display anyone's name, which is a little shady, but they claim to have a team of "real people".


That depends in large part on what they do with the addresses they've got.

The connection is dubious at best, it could be worse.

Joe Jobs usually tie in to large ISPs, not to anti-spam software sellers, especially not such small ones.

Those you get 10 a day (if you're lucky), but this seems to be a bit different.


Hello, this is Curtis O'Reilly of SpamHero. I got a Google Alert this evening notifying me of this thread mentioning SpamHero. You can rest assured that we are in no way affiliated with discokenny.com nor would we ever send spam to anyone. We are honest people. Feel free to give us a call at the phone number listed on our contact page (toll free) and you can talk to me in person. As for the address listed, it is a PO Box that we are renting from the UPS Store. Apparently the individual or company that is harassing you also rents a box there. Then again, they could be lying about their address. Spammers are pretty devious. Good luck on hunting them down. If we can help in any way, feel free to contact us. :-)


This happens to be my specialty. There are some legal recourses that you can take, from the CAN-SPAM act http://www.ftc.gov/bcp/edu/pubs/business/ecommerce/bus61.sht... it is illegal for companies to not honor opt-out requests. Unfortunately it is not illegal to sell your email address( hasn't been tried in a court of law ). Though if it is true that SpamHero is using deceptive practices they may be held accountable for their practices.

If you really want to take legal action, first prove that the email originated from SpamHero. I would suggest you generate a disposable email address from my spam tracking service http://whyspam.me and give it to SpamHero only, if you receive emails at that address from discokenny.com or any other mass mailer, you will know in-fact that it originated from SpamHero.

If you do this, I'll be happy to supply the you with your server-log entries or other documents you may need in a court of law.

Once you've got the info you would need to contact a lawyer because i'm not one, and you need someone who can give you official legal advice.


Thank you!

So far I've contacted their domain registrar (moniker.com) and reported them to their service provider (abuse@cogentco.com). Hopefully that will work. I'm going to try your fake email suggestion now.


Good luck, if you have any questions about the service (first watch the videos ^_^ ) let me know. You can also send me a direct message from the link on my contact page if you need any more information from me, though i'll only give you the logs data for your account, and you will need to prove your ownership of the account.


Get a spam filter. I know that's not the answer you were looking for, but the effort it would require to figure out who is actually behind this spam would be vastly more than it would be worth. Life is short.


Address is UPS Store #1390:

http://www.theupsstorelocal.com/1390/

I believe they rent out mail boxes.


Actually, there are a lot of businesses with that address:

http://maps.google.com/maps?f=q&source=s_q&hl=en&...


report them to the FTC:

http://www.ftc.gov/spam/

and to spamhaus:

http://www.spamhaus.org/


The FTC website is careful to say you should report email that is "deceptive". This is simply unwanted email, so I'm not sure they would do anything. I'm going to look into spamhaus--thanks.


It turns out you can't report spam to spamhaus, but they do provide info on where you can:

http://www.spamhaus.org/faq/answers.lasso?section=Generic%20...


I thought Internet vigilantism was Reddit's thing...


I'm not looking for an angry mob, just advice and information! :)


Especially against spammers...

http://www.reddit.com/r/reportthespammers/

(Disclaimer: I mod the subreddit, I just figured it was somewhat relevant.)


The only part of an email you can trust are the headers you or your ISP add when it arrives, which is going to be something like :

    Received: from farlep.net (unknown [89.105.247.162])
        by mail.techiferous.net (Postfix) with ESMTP id B1E30EC456E
        for <info@techiferous.net>; Fri, 14 May 2010 10:24:22 +0100 (BST)
everything else - especially the RCPT TO, MAIL FROM, From: and To: cannot be trusted (unless the message is signed etc.).

I administer the mail for 10k domains, finding 1 spammer and doing something about it is hard work.

Spamassassin, SPF, DKIM are all good tools against SPAM, I can recommend using them all in combination; 90% of all our incoming mail is refused / tagged in this way.

I would review your assumptions too :

    % host discokenny.com
    Host discokenny.com not found: 2(SERVFAIL)
If they tried to send it to me, I'd never even know.


Thanks! I did check the mail headers, and it actually came from discokenny.com.

By the way, this is what I get:

  $ host discokenny.com
  discokenny.com has address 38.106.76.52
  discokenny.com mail is handled by 10 namednsservers.com.


hmm, maybe it is in your DNS cache or utterly firewalled from the UK

    % whois discokenny.com
    ... snip ...
    NS1.NAMEDNSSERVERS.COM         38.106.76.52
    NS2.NAMEDNSSERVERS.COM         38.106.76.53

    % traceroute 38.106.76.52
    ...snip...
    4  vlan128.10ge.lon3.uk.griffin.com (217.79.112.98)  21.697 ms  19.927 ms  19.757 ms
    5  vl423.mpd01.lon01.atlas.cogentco.com (149.6.2.177)  28.760
    ...snip...
    9  te4-2.mpd01.ewr03.atlas.cogentco.com (154.54.1.30)  219.641 ms 
    10  38.104.188.146 (38.104.188.146)  97.547 ms  109.962 ms  96.691 ms
    11  38.106.76.52 (38.106.76.52)  100.634 ms  99.136 ms  99.728 ms

    % host discokenny.com 38.106.76.52
    ;; connection timed out; no servers could be reached
    % host discokenny.com 38.106.76.53
    ;; connection timed out; no servers could be reached

    # nmap -PN  38.106.76.52
    All 1715 scanned ports on 38.106.76.52 are filtered


Oh and running mail and DNS on the same box. I hope they know how to administer secure installations. It's not a risk I would be taking.


it's back % host discokenny.com discokenny.com A 38.106.76.52




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: