Toonbots -- ALL YOUR SPAM ARE BELONG TO US

toonbots home ] [ the toon-o-matic ] [ forum ]
So today, one Tammy Lewis appears to have thought I wanted help advertising Toonbots. Shyeeah. Tammy most definitely isn't cool enough. Here's the lame spam she sent:
Hi
We are responding to your request for FREE analysis of your site:
http://www.vivtek.com/toonbots/
We feel there is very substantial potential to promote your site on the Internet. That is what we do - we bring traffic to our client's websites. We have proprietary software and assortment of other Internet tools designed to make your site popular and bring traffic that is interested in your product area. This can put dollars in your pocket.

Many of our clients initially thought it would be better for us to be paid in a percentage of profits. Thank goodness for them they choose a flat fee instead. They have enjoyed an enormous increase in traffic.

Please REPLY to this email and include your:

Full Name:

Telephone #:

WEB site :

I think you will be very surprised by the detail and results of our analysis.
Tammy Lewis
Flight Promotions

If we received your request by mistake, click reply and type remove in the subject line.

Right. Those of you in the know, know that I didn't request a free analysis from Tammy, right? Why is that?
  1. I am in the frickin' Internet business, thus can do this myself, and
  2. Toonbots is not what you would call my major profit center, right?

So the lie there really ticked me off. So I decided to get off my duff and do something about it. First things first: a look at the headers.
Received:from www.u-u-u.net (rsvp-208-187-150-38.ac19.rcrd.eli.net [208.187.150.38]) by techspex.com (8.9.1/8.9.1) with
SMTP id HAA15547 for <toonbots@vivtek.com>; Fri, 23 Mar 2001 07:50:08 -0500 (EST)
Message-ID: <200103231250.HAA15547@techspex.com>
From: "Tammy Lewis" <tammylewis@ematic.com>
To: <toonbots@vivtek.com>
Subject: I went to your web site
Sender: "Tammy Lewis" <tammylewis@ematic.com>
Mime-Version: 1.0
Date: Fri, 23 Mar 2001 00:37:41 -0800
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by techspex.com id HAA15547
Content-Type: text/plain; charset="ISO-8859-1"
Content-Length: 941
Status:
From these headers, we can see that at least Tammy isn't using any spamware, and she's sending straight from her dialup to my mail server. She gives a return address of tammylewis@ematic.com (not that I'm encouraging other Web address harvesters to harvest that address or anything, that would plainly be wrong, eh?)

Since she wants orders to come via return mail, she obviously really is at that address. More advanced spammers know that including a dropbox in your spam is a quick way to lose your address, so Tammy's new at this. Most spammers use an unlisted fax number for their orders, because tracing it is far harder and phone companies don't care nearly as much as ISPs do if you spam.

So I took at look at ematic.com. Cute little service, offers merchant services, email, website tools, that kind of stuff. And it has an acceptible use policy at http://www.ematic.com/policy/policy.html (March 31: they've moved it to http://www.ematic.com/information/policy/policy.html) which includes the following rather nice quote:

The biggest no no that will result in immediate termination of your account privileges include:
No spamming (sending of unsolicited email);
... and some other stuff, but note that spamming is first. OK. Nearly all ISPs have this, by the way. So I check their contact pages. No abuse address, so I'll copy to help and miscellaneous as well.

On to that dialup. The first Received: header is the key one -- in fact, in this mail it's the only one, so it's obviously key. The first address-looking thingy is what the mailer said it's name was. The IP address in [square brackets] is the IP address the SMTP connection came from, and the second address-looking thingy is what reverse DNS told us is the real name of the address. From the form, it's a dialup (because of all the numbers in it) and it belongs to eli.net. So we toddle off there, and find a rather nice acceptible-use policy (AUP) at http://www.eli.net/techsupport/aup.shtml. Sure enough, they don't like spam either. (Nobody does).

So now we have enough information to compose a nice LART (that stands for Loser Attitude Readjustment Tool, by the way), as follows:

EMATIC.COM:
I received the attached spam this morning. As the spammer requests a reply, I would imagine that tammylewis@ematic.com is indeed the perpetrator. From a quick check of your site, I found your policy page at http://www.ematic.com/policy/policy.html, which right up at the top notes that spamming will result in immediate termination of the account. Please do so. Normally I would simply recycle this spam for statistical purposes at despammed.com, but as Tammy lied (saying that I'd requested a free assessment when I did *not*, as I am a consultant in Internet usage and hardly need the "services" of a spamming incompetent) I find that my dander is up.

Terminate her account, please.

By the way, you don't list an abuse@ address. I suggest you do so. I've copied this complaint to help@ and miscellaneous@ in the hopes of getting it to the right person.

ELI.NET:
Good AUP statement at http://www.eli.net/techsupport/aup.shtml. This dialup is one of yours, but of course I have no good way of knowing if it's leased or not. If possible, terminate the dialup account; otherwise please forward this complaint to the proper people and encourage them to do so.

Tammy Lewis:
Look, lady, normally I just take a low-key approach to spam fighting, but this one just really ticked me off. I didn't request an analysis for indexing of my online comic of all things, and we both know that the only reason you would say that I did is so you can claim this isn't unsolicited bulk mail. You're a liar and you've broken two agreements (with ematic.com and your dialup provider) just by sending this spam. You're probably naive and you just want to make a buck on the Internet that everybody says is so lucrative, but let me tell you, there just ain't no free lunch. The termination of a couple of accounts which *you* brought upon yourself by breaking your word will hopefully serve as a wake-up call.

It's very possible that someone else has persuaded you that this would be a good idea as a business. You may even have invested in this scam. If so, please help me find that person and nail the slime -- now wouldn't that be a nice revenge? See, you just stand to lose a dialup account -- but if the originator of the scheme lied to you (and certainly did if they said spamming was a good marketing tool) then the FTC may be able to take legal action. *You* may be able to take legal action. And that could be fun. You could be a hero.

Interested?

Michael Roberts -- yeah, I do a comic. Wanna make something of it?
Vivtek

And after that, of course, I attach the headers and the body of the spam. We'll see what happens. Hopefully we'll get some nice responses. I'm hoping ematic.com responds well, because if they don't, their upstream provider, Digital Island, has a nice anti-spam policy at http://www.digitalisland.net/support/antispam.shtml. (In case you're wondering, traceroute is the wonder tool that can allow you to find out who leases bandwidth from whom. On Windows, I like CyberKit, a free set of Net tools including traceroute, all in a nice GUI package.)

Mar 31, 2001:
Well, I never got any actual responses from anyone on this one (par for the course) but there is no Tammy Lewis to be found at ematic.com. Coincidence? I don't think so. Bye, Tam. We hardly knew ye.






Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.