I need an action plan for handling the hijacking/identity theft of my
email address to send globally directed spam.
Luckily I do not use this particular address much. However, I do not
want to be on the receiving end of any nastyness that will result from
the activities of these jerks.
The plan should be written at the level of someone who
has written web pages in the past, but who has been away a few years.
For instance, I do not know anything about the various private bodies
that try to fight this sort of thing or might be around to help.
I am now receiving email bounces, and nastygrams from innoncent people
who were spammed by these hijacker spammers.
My (innocent) domain is gosolveit.com and is for the most
part inactive. This is sadly, probably part of how you get
chosen for this nastyness.
The only things I know about the spammers are:
* they want to sell lists of leads (e.g. spam lists)
* they want people to call 1-512-970-8607 to buy their garbage
Clearly, I also need to know something of who these people are and
to whom I should complain (State DA, FTC).
Comments or help from the other google readers are appreciated, but
please do not do anything that would cause additional difficulties. |
Clarification of Question by
drpauljbrewer-ga
on
02 Jun 2003 14:52 PDT
This has been going on, I think, for about 3 days now.
So, a few more hours probably won't hurt.
Please try to summarize various courses of action in sequence,
One of my goals in paying $50 for advice is to try to save some time
as well as headaches further down the road.
|
Clarification of Question by
drpauljbrewer-ga
on
02 Jun 2003 16:13 PDT
Luckily my domain parking provider let me put up a warning message.
This message can now be seen at http://www.gosolveit.com though it
is unclear
whether it could be made clearer.
I wonder if this is sufficient to let others know that I am not the
source of this garbage.
|
Request for Question Clarification by
larre-ga
on
02 Jun 2003 16:43 PDT
Dr. Brewer,
Your question was initially locked by a special Google Answers robot
which flags and locks questions based upon certain word and phrase
criteria. The question has -just- been released to the Research
community as available for answer.
I am working on optimal phrasing for your parking page, which I can
post very shortly as an Answer, along with the immediate steps that
should be taken to halt further events. I have had firsthand
experience with this type of e-mail incident/event, however, several
years back. I will follow up with a complete action plan within a few
hours, however, I want to verify that the steps I recommend are still
"best practice."
Is this acceptable?
--larre-ga
|
Clarification of Question by
drpauljbrewer-ga
on
02 Jun 2003 17:22 PDT
This sounds ok.
I am able to have about 250 chars in the free text on the domain page
and I do not want to setup a fuller page just for this incident.
I am also able to use an autoreplier for email. I am able to specify
triggers for when to email the autoreply, based on
from/to/subject/body. If you send email to any address at the domain,
e.g. help@gosolveit.com, youll get the current autoreply.
I am especially interested in making sure that I am not the one sued
for the spam or any ripoffs these scammers may perpetrate. Of course,
you can't guarantee that but there ought to be a way to register the
problem. But who knows.
|
Request for Question Clarification by
larre-ga
on
02 Jun 2003 18:21 PDT
For your Parking page -
Our domain has been the victim of identity theft by email spammers. If
you've received one of these emails, please accept our apologies.
Please do not reply to the email. This just verifies your active email
address to the spammers, and overwhelms our mailbox. For more info you
may write newemailaddress@yourdomain.com.
You'd, of course, give a new e-mail address, with an autoresponder
explaining and apologizing in greater detail.
With the constraints you've mentioned, I think you'd be better served
by an answer from another researcher. My suggestions for handling the
event involve collecting and tracing email headers and preventing
further abuse by DNS reconfiguration of your e-mail, and other
practices that are generally employed by webmasters of operational
sites. Due to new privacy laws and concerns, you'd need permission
from the senders to use their email headers for tracing or reporting
purposes without their consent. My suggestions would not be most
appropriate in your case.
In order to best answer the query about reporting agencies, it would
be useful to know your state. Spam laws vary by jurisdiction. I will
release the lock and open the question to the entire researcher pool.
--l
|
Clarification of Question by
drpauljbrewer-ga
on
03 Jun 2003 10:40 PDT
I think you are on the right track, though I'm not sure that spam ads
with my name forged as the sender deserves any kind of privacy
protection on my part. I'm willing to use any data that I may have to
determine a source for the spam.
The problem, of course, is that the domain is not hosted in any
professional sense and the mail forwarding service I use does not seem
to preserve headers.
This leaves us with the phone number supplied in the ads, and any
header info in the bounce messages, as means for identitfying the
culprits for further action. Is there any reason to believe the phone
number isn't somehow stolen or forwarded through various anonymizing
devices, too?
For the person who suggested nothing could be done... that is always
an option, though not always the best option. If confronted by other
spam victims, I would like to be able to claim that I researched this
problem and did what I could.
|
