« Alienware Off, Dell Back | Main | A Shameless Political Hack Grows in Nassau, or How Not to Write a Brief, Kids »

Spam Sleuthing

Around noonish today, I check my email and find a couple dozen copies of the same spam email. Normally I'd just throw it out, but since I'd been doing some research on the relationship between spam and trespass to chattels, I thought I'd conduct a little experiment: how difficult would it be to actually figure out who this spammer is and get him on the phone? After all, the tough part about prosecuting spammers is usually finding out where one can serve process. Shockingly enough, I actually managed to get the culprit on the phone.

Normally I'd not waste my time, but this opportunity seemed fairly unique. For one thing, the spammer seems to be local, a New York citizen, instead of some far-flung type I'd never manage to contact. For another, I'd already tried to remove one of my other domain names from this spammer's address book two months ago, when he'd sent me half a dozen copies of the same email. (He is as persistent in his nagging as he is incompetent in his emails: today's missives had the same address in the TO field have a dozen times each.)

As you can see from the link above (where another blogger has recreated the spam in its entirety), Mr. Spamalot is hawking his bulk-emailing services. The link in the email takes you to http://p7.hostingprod.com/@boostingyourtraffic.com/cher, which then pops up a nifty javascript warning stating "Your IP Address [number], date and time have been captured only as proof of your request for more information. Click OK to continue." I have no idea what that's supposed to accomplish, but the page then forwards you to Planet-Target.com. Based upon the email I'd received, they may be the least competent spammers ever, but boy do they make it hard work to find them.

Sure, you can enter your email address in their contact form, but I'd tried that and it hadn't worked. According to their website, their address is 35 Rawson Street, Boston MA 02125 USA. But a quick look at Google Maps suggests that the company's building isn't the same as the one they present to users, and besides, there's no phone number.

So let's try WHOIS. According to Register.com, the domain name hostingprod.com was registered by MarkMonitor.com (which seems odd, since that's an anti-phishing and marketing site) and the Administrative contact is Yahoo.com. That seemed . . . well, less than believable, so I looked at planet-target.com. Their WHOIS lookup was even better:

Whois Privacy Protection Service, Inc.
Whois Agent
PO Box 841
Yarmouth, NS B5A 4K5
Phone: +1.9027492060
Fax: +1.9027495405
email: nksmxtsygt@whoisprivacyprotect.com

Well, that certainly didn't look promising. Have you ever seen a bigger "don't try to contact us" red flag? I tried the phone number. Needless to say, it went straight to voice mail.

So electronic tracks had pretty much been covered. How might I find this guy? My next instinct said follow the money. I tried contacting Yahoo--they're listed as the hosts for all these sites--but was told that they couldn't give me any contact information. I could, of course, write to their anti-spoofing department (which I did, even though I wasn't asking about spoofing), but I've not heard anything back, and to be honest I doubt I will.

And yet there's more to the money trail. Planet Target is a business, after all. So I did a little prospective spamming. I went through their process for ordering a campaign right until the point that I'd have to pay. They use Paypal, and one very nice feature of Paypal is the Member Information page that pops up whenever you try to pay something. And here things got interesting.

It seems that if I want to spam the world multiple times through Planet Target, I need to pay OnlyPCTools.com. This vendor offers programs to do keyboard tracking, avoid phishing schemes, remove spyware... everything except avoid spam, it seems. The company is located at 2566 Bronxwood Ave, Bronx, New York 10469. That sounds somewhat local to the address in my original spam email: 250 W. 46th Street, New York, NY 10018. And if you look them up through Paypal, they have a phone number right there.

Having finally found a phone number, I hoped against hope, punched in the numbers. . . . and once again went straight to voicemail. This time, however, I left a message: just my phone number and a request to call me. Maybe he'd think I was a customer.

At 7:11 this evening, I got the call. The voice on the other end of the line wouldn't give me a name, but confirmed that he was the agent of both OnlyPCTools and Planet-Target. I gave him my email domains, and he's claimed he'll remove it. But even better, a reverse directory lookup of the number he used to call me confirms that the number is registered to one of the addresses above.

That's enough for me. I proved that I could find him--although now I'm probably going to receive even more spam. But in the meantime, I've found the spammer and left this information on this webpage. Maybe it will prove useful to some other spamming victim.


TrackBack URL for this entry:


interesting work, Tony Regards Andi N.
Amazing how life works, I too am fed up with these spammers. Great job tracking them down Anthony. If you don't mind I'm copying this article and posting it at my site in the hopes it creates a public awareness to these creeps and finally they are brought down. Regards, Ken

Post a comment

NOTICE TO SPAMMERS, COMMENT ROBOTS, TRACKBACK SPAMMERS AND OTHER NON-HUMAN VISITORS: No comment or trackback left via a robot is ever welcome at Three Years of Hell. Your interference imposes significant costs upon me and my legitimate users. The owner, user or affiliate who advertises using non-human visitors and leaves a comment or trackback on this site therefore agrees to the following: (a) they will pay fifty cents (US$0.50) to Anthony Rickey (hereinafter, the "Host") for every spam trackback or comment processed through any blogs hosted on threeyearsofhell.com, morgrave.com or housevirgo.com, irrespective of whether that comment or trackback is actually posted on the publicly-accessible site, such fees to cover Host's costs of hosting and bandwidth, time in tending to your comment or trackback and costs of enforcement; (b) if such comment or trackback is published on the publicly-accessible site, an additional fee of one dollar (US$1.00) per day per URL included in the comment or trackback for every day the comment or trackback remains publicly available, such fee to represent the value of publicity and search-engine placement advantages.

Giving The Devil His Due

Choose Stylesheet

What I'm Reading

D.C. Noir

My city. But darker.
A Clockwork Orange

About time I read this...


Projects I've Been Involved With

A Round-the-World Travel Blog: Devil May Care (A new round-the-world travel blog, co-written with my wife)
Parents for Inclusive Education (From my Clinic)

Syndicated from other sites

The Columbia Continuum
Other Blogs by CLS students

De Novo
Theory and Practice
Liberal Federalism?
Good News, No Foolin'

Nancy Pelosi covers her head and visits the head of John the Baptist.
Vlogging in from Austin.
Omikase/"American Idol"

Jeremy Blachman's Weblog: 2007
Happy Passover
Looking for Advice re: LA
Google Books

Stay of Execution
What I've Learned From This Blog, or My Yellow Underpants
The End
Mid Thirties

Legal Theory Blog
Program Announcement: Summer Programs on the Constitution at George Washington
Book Announement: Political Foundations of Judicial Supremacy by Whittington
Entry Level Hiring Report

The Volokh Conspiracy
Making the Daily Show:
Civil unions pass New Hampshire House:
Profile of Yale Law Dean Harold Koh:

Crescat Sententia
Hillary II
Politics and Principal/Agents

Law Dork
Election Approaches
Following Lewis
New Jersey High Court: 'Same Rights and Benefits'

Surveying the revival
Birds of paradise

Half the Sins of Mankind
Cheney Has Spoken Religious conservatives who may ...
Does Ahmadinejad Know Christianity Better Than MSN...
Borders as Genocide In discussions of climate chan...

For lovers of garden gnomes...and any China-freaks out there
We Interrupt Your Regularly Scheduled Programming

Does SOX explain the flight from NY?
More Litvak on SOX effect on cross-listed firms
What did the market learn from internal controls reporting?

The Yin Blog
Iowa City = Riyadh
Jeffrey Rosen's "The Supreme Court"
Geek alert -- who would win between Battlestar Galactica and the U.S.S. Enterprise?

Letters of Marque
And there we are

Signing Off

Dark Bilious Vapors
Jim (The Waco Kid): Where you headed, cowboy?
Bart: Nowhere special.
Jim: Nowhere special. I always wanted to go there.
Bart: Come on.
--"Blazing Saddles"

Technical Difficulties... please stand by....
The Onion should have gotten a patent first....

Legal Ethics Forum
Interesting new Expert DQ case
Decency, Due Care, and The Yoo-Delahunty Memorandum
Thinking About the Fired U.S. Attorneys

Ex Post
Student Symposium- Chicago!
More Hmong - Now at Law School
Good Samaritan Laws: Good For America?

Appellate Law & Practice
Those turned over documents
CA1: courts can’t help people acquitted of crimes purge the taint of acquitted conduct
CA1: restrictions on chain liquor stores in Rhode Island are STILL okay

the imbroglio
High schoolers turn in plagiarism screeners for copyright infringement
Paris to offer 20,600 bikes at 1,450 stations to rent by the end of the year

The Republic of T.
The Secret of the Snack Attack
links for 2007-04-04
Where You Link is What You Get

Distractions for stressed law students

The Other Side: Twisted AnimationsSomething Positive, a truly good webcomic

Syndicate This Site



Stop Spam Harvesters, Join Project Honey Pot