« Alienware Off, Dell Back | Main | A Shameless Political Hack Grows in Nassau, or How Not to Write a Brief, Kids »

Spam Sleuthing

Around noonish today, I check my email and find a couple dozen copies of the same spam email. Normally I'd just throw it out, but since I'd been doing some research on the relationship between spam and trespass to chattels, I thought I'd conduct a little experiment: how difficult would it be to actually figure out who this spammer is and get him on the phone? After all, the tough part about prosecuting spammers is usually finding out where one can serve process. Shockingly enough, I actually managed to get the culprit on the phone.

Normally I'd not waste my time, but this opportunity seemed fairly unique. For one thing, the spammer seems to be local, a New York citizen, instead of some far-flung type I'd never manage to contact. For another, I'd already tried to remove one of my other domain names from this spammer's address book two months ago, when he'd sent me half a dozen copies of the same email. (He is as persistent in his nagging as he is incompetent in his emails: today's missives had the same address in the TO field have a dozen times each.)

As you can see from the link above (where another blogger has recreated the spam in its entirety), Mr. Spamalot is hawking his bulk-emailing services. The link in the email takes you to http://p7.hostingprod.com/@boostingyourtraffic.com/cher, which then pops up a nifty javascript warning stating "Your IP Address [number], date and time have been captured only as proof of your request for more information. Click OK to continue." I have no idea what that's supposed to accomplish, but the page then forwards you to Planet-Target.com. Based upon the email I'd received, they may be the least competent spammers ever, but boy do they make it hard work to find them.

Sure, you can enter your email address in their contact form, but I'd tried that and it hadn't worked. According to their website, their address is 35 Rawson Street, Boston MA 02125 USA. But a quick look at Google Maps suggests that the company's building isn't the same as the one they present to users, and besides, there's no phone number.

So let's try WHOIS. According to Register.com, the domain name hostingprod.com was registered by MarkMonitor.com (which seems odd, since that's an anti-phishing and marketing site) and the Administrative contact is Yahoo.com. That seemed . . . well, less than believable, so I looked at planet-target.com. Their WHOIS lookup was even better:

Whois Privacy Protection Service, Inc.
Whois Agent
PO Box 841
Yarmouth, NS B5A 4K5
CA
Phone: +1.9027492060
Fax: +1.9027495405
email: nksmxtsygt@whoisprivacyprotect.com

Well, that certainly didn't look promising. Have you ever seen a bigger "don't try to contact us" red flag? I tried the phone number. Needless to say, it went straight to voice mail.

So electronic tracks had pretty much been covered. How might I find this guy? My next instinct said follow the money. I tried contacting Yahoo--they're listed as the hosts for all these sites--but was told that they couldn't give me any contact information. I could, of course, write to their anti-spoofing department (which I did, even though I wasn't asking about spoofing), but I've not heard anything back, and to be honest I doubt I will.

And yet there's more to the money trail. Planet Target is a business, after all. So I did a little prospective spamming. I went through their process for ordering a campaign right until the point that I'd have to pay. They use Paypal, and one very nice feature of Paypal is the Member Information page that pops up whenever you try to pay something. And here things got interesting.

It seems that if I want to spam the world multiple times through Planet Target, I need to pay OnlyPCTools.com. This vendor offers programs to do keyboard tracking, avoid phishing schemes, remove spyware... everything except avoid spam, it seems. The company is located at 2566 Bronxwood Ave, Bronx, New York 10469. That sounds somewhat local to the address in my original spam email: 250 W. 46th Street, New York, NY 10018. And if you look them up through Paypal, they have a phone number right there.

Having finally found a phone number, I hoped against hope, punched in the numbers. . . . and once again went straight to voicemail. This time, however, I left a message: just my phone number and a request to call me. Maybe he'd think I was a customer.

At 7:11 this evening, I got the call. The voice on the other end of the line wouldn't give me a name, but confirmed that he was the agent of both OnlyPCTools and Planet-Target. I gave him my email domains, and he's claimed he'll remove it. But even better, a reverse directory lookup of the number he used to call me confirms that the number is registered to one of the addresses above.

That's enough for me. I proved that I could find him--although now I'm probably going to receive even more spam. But in the meantime, I've found the spammer and left this information on this webpage. Maybe it will prove useful to some other spamming victim.

Posted by Anthony on May 8, 2006 7:19 PM |

Comments

interesting work, Tony Regards Andi N.

Posted by: Andi | May 14, 2006 2:41 PM

Amazing how life works, I too am fed up with these spammers. Great job tracking them down Anthony. If you don't mind I'm copying this article and posting it at my site in the hopes it creates a public awareness to these creeps and finally they are brought down. Regards, Ken

Posted by: Ken | May 27, 2006 10:06 PM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

NOTICE TO SPAMMERS, COMMENT ROBOTS, TRACKBACK SPAMMERS AND OTHER NON-HUMAN VISITORS: No comment or trackback left via a robot is ever welcome at Three Years of Hell. Your interference imposes significant costs upon me and my legitimate users. The owner, user or affiliate who advertises using non-human visitors and leaves a comment or trackback on this site therefore agrees to the following: (a) they will pay fifty cents (US$0.50) to Anthony Rickey (hereinafter, the "Host") for every spam trackback or comment processed through any blogs hosted on threeyearsofhell.com, morgrave.com or housevirgo.com, irrespective of whether that comment or trackback is actually posted on the publicly-accessible site, such fees to cover Host's costs of hosting and bandwidth, time in tending to your comment or trackback and costs of enforcement; (b) if such comment or trackback is published on the publicly-accessible site, an additional fee of one dollar (US$1.00) per day per URL included in the comment or trackback for every day the comment or trackback remains publicly available, such fee to represent the value of publicity and search-engine placement advantages.

Giving The Devil His Due

And like that... he is gone (8)
Bateleur wrote: I tip my hat to you - not only for ... [more]

Law Firm Technology (5)
Len Cleavelin wrote: I find it extremely difficult to be... [more]

Post Exam Rant (9)
Tony the Pony wrote: Humbug. Allowing computers already... [more]

Symbols, Shame, and A Number of Reasons that Billy Idol is Wrong (11)
Adam wrote: Well, here's a spin on the theory o... [more]

I've Always Wanted to Say This: What Do You Want? (14)
gcr wrote: a nice cozy victorian in west phill... [more]

Search


Choose Stylesheet

What I'm Reading

cover
D.C. Noir
My city. But darker.
 cover
A Clockwork Orange
About time I read this...

Shopping

The 3YoH Store

Projects I've Been Involved With

A Round-the-World Travel Blog: Devil May Care (A new round-the-world travel blog, co-written with my wife)
Parents for Inclusive Education (From my Clinic)

Syndicated from other sites

The Columbia Continuum
Other Blogs by CLS students