I am NOT a Spammer!
A spammer has violated baekdal.com to send out spam emails in my name. This is something that I am very angry about, since I hate spam as much as anyone else. And, let me assure you that I am not the sender of these emails.
About a week ago, a spammer decided to use my email address to send out spam emails, and my inbox suddenly flooded with "delivery failure" notices.
At first, I didn't pay much attention to them, it was annoying but it seemed to stop as quickly as it had started. Now it turns out that the problem was much bigger than that. It didn't stop and many people have received spam emails from "baekdal.com".
But...
I AM NOT A SPAMMER! I will never, ever send out spam emails - not even if the world had stopped spinning, nor if hell had frozen over. I HATE SPAM and I hate spammers.
So, if you have received an email from me - about "business loans" - I can assure you that that email has been sent by somebody else using my email.
This is one of the emails I have received when it couldn't be delivered:
- The first obvious thing to notice is the "from" name "Ruth Shirley" - using my email address. I am sure this is just some random name the spammer has used, since the other emails use a different name.
- Then there is the link that is included with the email which directs you to some Chinese domain.
- In the "header" information there is also a number of issues. One is that it was originally sent from "116.127.115.165", which is located in Korea (I have also seen emails sent from India). My email server is located at GoDaddy (USA), and I live in Europe.
You could claim that I hacked into a computer in Korea and sent the emails from there. But, even though I think I am a pretty smart guy, I am not that smart - nor am I that stupid.
I do know a lot about the web - especially when it comes to creating web applications - but I know nothing about hacking. I do not know how a spammer hacks into another computer. And if I was that smart (which I am not), surely I would not be so stupid as to use my own personal email address.
I think my email address was either used by coincidence, or maybe it is a form of revenge. I have been writing several articles about how to prevent spam.
So in short, I am sorry that anyone has received these emails. I can, again, assure you that I am not the sender. I have a very strict Privacy Policy (and opinion about privacy), and I really hate spammers.
Comments
Thomas Baekdal - Mar. 16, 2008
Hey Ali, Thanks for your support. I of course fully agree with you.
The problem is that a number of people have contacted my ISP and asked them to shut me down, so I had to do something...
I already forwarded the "evidence" so I do not expect anything to happen to my domain :)
Blaise Kal - Mar. 16, 2008
Spammers often use a random email address from their database as a sender.
Quite some effort to prove that you're not the sender. You could just have said that "sender addresses in emails can be easily spoofed and that's what happened here". Your readers probably know that already and they also know you're not going to send spam.
I think you gave this unfortunate incident just a little bit too much attention ;-)
Thomas Baekdal - Mar. 16, 2008
Blaise, I think so too, but I felt that I had to do something "drastic" when GoDaddy (my host) started recieving complaints.
And... am I not worried about my readers. I too think that they already know how easy it is to spoof sender information :)
I am concerned about those people that do not know who I am and comes to my site to check up on me. I wanted to tell these new-comers that I am one of the good guys.
Coincidently, GoDaddy have just closed the case:
The complaint volume, at this time, is not enough to cause a major concern and this, coupled with your explanation of the situation is reason enough for Go Daddy to consider this matter closed.
Jonathan - Mar. 19, 2008
Commiserations. The same thing happened to my domain a few years ago. I then investigated SPF. While SPF does no in itself prevent the kind of abuse you have suffered (the jargon for which is a "joe job"), it can at least help you prove that you were not the sender. I now configure all my domains with SPF. The down side to this is that anyone sending legitimate mail on your domain must do so via a nominated server (I use SMTP auth for this in fact). Using Gmail to send mail from your domain is also a bit of a no-no I suppose, although I do it from time to time.
Jonathan - Mar. 19, 2008
The perils of not having a preview button. The above should have read:
"I use SMTP auth for this in fact"
Let's see if that works...
Thomas Baekdal - Mar. 20, 2008
Jonathan, SPF is indeed a good thing and I wish that everyone would use it. ....and I already use SMPT auth :)
Christophe Denbuziere - Mar. 23, 2008
Yes, SPF is a good thing but many, many emails plateforme doesn't use it.
Gmail for example doesn't care about (but greatly figth spam)
Msn/live mail have his property "sender id" (if someone have successfulled use it ....).
I've had the same probleme on one of my domain, maybe the SPF resolve it, but maybe the spammer stops ... :(
Mike C - Mar. 25, 2008
I was wondering how you got it to stop because I have the same problem and though I have a completely different password another one went out later, I have a .edu account and contacted the schools tech support and ran spyware programs but other than that I have no real idea how to deal with this
Thomas Baekdal - Mar. 25, 2008
Mike, The spam emails are not sent from your account. Neither your password nor your computer has been compromised.
The spammer simply sends out an email from "his" computer (or most likely a bot) with your email as the sender. Like the email in the article above (which was sent from a computer in Korea).
mike C - Mar. 25, 2008
gothca, thanks a lot
Published: Mar. 16, 2008 in notes
FaceBook
Twitter
LinkedIn
YouTube
Flickr
Ali - Mar. 16, 2008
People have to stop thinking of email as a reliable, private and authentic way of communication.
They need to understand that anyone and I mean anyone can use anyone else's email address as the "from" address. This is high profile hack or an underground tip, it's just the way it is, the mail protocol is a stupidly simple, plain text based, 5 steps protocol where anyone can send as anyone.
If I'm not a reader of this site and I'd received an email from this domain, I would check out the website first, see what is it all about and then judge. If I am a reader of this site then I wouldn't have any argument what so ever, in my humble opinion :)