Which BSD site is sending out spam?I was surprised by some spam I received tonight. It was the sender and subject matter which caused me the most concern. It was the first time I’d ever been spammed about BSD. Usually it’s some pyramid selling scheme which promised riches beyond your wildest dreams or a sure fire way to make money by selling bogus reports to other gullible fools. But this spam was different. It was advertising a BSD site.
It wasn’t just one message. They sent me four messages, one via the freebsd-chat mailing list, and three directly to nz.freebsd.org and two to freebsddiary.org. I would imagine they obtained a list somewhere and I can’t believe they’re stupid enough to think that spam is acceptable, especially within the BSD community. It will only serve to alienate them. In the mail headers, I notice this:
X-Mailer: Postlister 1,16
A quick search revealed nothing of interest, but this mailing list archive message leads me to believe it’s a PHP based tool.
So who did the spamming?The spam originated within arpnetworks.com, which is registered to:
Dolley, Garry (GD6096) gcd@SILICON.NET
146 S. Adams #10
Glendale , CA 91205
They appear to be a web design / software house. For someone in the business of the Internet they appear to know very little about netiquette.
The spam was advertising BSDSearch.com which claims to be a "new search engine for BSD users around the Glove [sic]". Apparently, they have a list and they have included removal instructions. This appears to be a non-opt-in list. Such lists are usual spammer tools. Opt-in lists, such as those run by the FreeBSD project are those which you subscribe to, they send you an email, you reply to it, and you’re on the list. There is no doubt with such a setup that you have voluntarily joined the list. With a spammer’s "list", such as the one run by BSDSearch.com, is the wrong way to do things.
BSDSearch.com is registered to:
Dolley, Garry firstname.lastname@example.org
24424 Vanowen St.
West Hills, CA 91307
This name appears regularly in one of the BSDSearch forums.
It appears that the owner of the domain from which the spam originated is also the owner of the domain which was being touted in the spam. Mail for both of these domains is handled by mail.filetron.com:
# host bsdsearch.com
bsdsearch.com has address 220.127.116.11
bsdsearch.com mail is handled (pri=10) by mail.filetron.com
# host arpnetworks.com
arpnetworks.com has address 18.104.22.168
arpnetworks.com mail is handled (pri=10) by mail.filetron.com
The IP addresses in question are owned by filetron:
# whois -h whois.arin.net 22.214.171.124
Pacific Bell Internet Services,Inc. (NETBLK-PBI-NET-1) PBI-NET-1 126.96.36.199 – 188.8.131.52
filetron l.l.c. (NETBLK-FILETRON-NET-1) FILETRON-NET-1 184.108.40.206 – 220.127.116.11
Complaints to email@example.com bounced with this message:
Hi. This is the qmail-send program at penguin.filetron.com.
I’m afraid I wasn’t able to deliver your message to the following addresses.
This is a permanent error; I’ve given up. Sorry it didn’t work out.
vdeliver: Invalid or unknown virtual user ‘postmaster’
The spamHere’s one message:
Received: from devil1.arpnetworks.com (IDENT:firstname.lastname@example.org [18.104.22.168])
by ns1.unixathome.org (8.11.1/8.11.1) with SMTP id f1S62I677197
for <email@example.com>; Wed, 28 Feb 2001 19:02:18 +1300 (NZDT)
Received: (qmail 26162 invoked by uid 501); 28 Feb 2001 06:12:38 -0000
Date: 28 Feb 2001 06:12:38 -0000
Subject: BSDSearch.Com – !New! Search Engine for BSD Users
X-Mailer: Postlister 1,16
BSDSearch.com http://www.bsdsearch.com is a new search engine
Users around the Glove. It aims to be the largest
indexed directory on
the ‘net for BSD Users. BSDSearch is by far the easiest way to find
resources for iBSD, FreeBSD, NetBSD, OpenBSD and Anything Related to
BSD. For more information contact firstname.lastname@example.org,
email@example.com or reply to this e-mail. To be removed from
the list,simply reply with remove in the subject head and we will
remove your name. http://www.bsdsearch.com
Worlds Largest Directory and Search Engine for BSD.
I won’t bore with the details of the other messages, but the message ids were:
They also spammed the following mailing lists (perhaps there are more, but these are what I know of now):
- OpenBSD misc
I also know of people who received this spam on every BSDi address they own, including aliases, and on every mailing list.
The bottom lineIt certainly looks like this spam was sent by and behalf of BSDSearch.com. It appears to have originated from within the umbrella of BSDSearch and its owner or his company. There is the possibility that this was an act of terrorism against the BSDSearch people. But if it was, it was an inside job. I did a simple relay test on their smtp server. It did not allow relay.
I am quite sad that this came from a BSD site. Garry is obviously working hard to support the BSD community and to make a contribution. However, spam is not the way to go. Regardless of how well intentioned this act was, there are no circumstances under which it can be condoned.
When I originally wrote this article, I was going to wait 24 hours for a reply to my complaints. I’ve reconsidered that given the total lack of response I’ve seen over the past 10 hours. Garry is alive and active: I’ve seen him post a message to on of his forums. I’m just very disappointed he hasn’t bothered to reply. Perhaps he is just working through the complaints and will get to mine eventually.
In any case, I eagerly await Garry’s explanation regarding this spam bombing incident. His complete lack of response is certainly not encouraging. But again, he may be busy.