(A little background: These pages used to be heavily SSI [Server-Side Include], a technology that allowed for pages to be postprocessed by the server; since disabled because it put an unnecessary strain on the host. At the bottom of each page was a little blurb saying “Send spam mail here,” with a link back to the machine from which the browser was running. There’s nothing anyone can do about it: this information is public and easily captured. After all, the server needs to know where to send you the pages you request. Some people, however, just don’t get the concept…)
Woke up one morning to find this gracing my mailbox:
From: Paul K Date: Wed Dec 04 07:48:39 AM To: Wabewalker Subject: abuse e-mail address
It has come to my attention that you are displaying firstname.lastname@example.org to report spam email. How could this possibly be the case when we own the domain dummysportzbet.com?
Please could you:
A: Remove the link and any other references to the dummysportzbet.com domain that you have on your site.
B: Explain why in fact you have references to our domain without any previous written permission?
I get one of these messages every two or three months, usually from a confused administrator that has just set up a private domain for their company. It’s a bit confusing, I admit; however, as part of my ongoing campaign of “spammer jamming” I’ve found it remarkably effective. I’ve actually received compliments on how simple yet intuitive it is.
I have, of course, also gotten a lot of complaints from spammers.
This is the standard boilerplate I return. I include the line about sending spam to give spammers a hint that they’re treading on thin ice:
From: Wabewalker Date: Wed Dec 04 12:09:12 PM To: Paul K Subject: Re: abuse e-mail address
The return address for the spamtrap is automatically generated from the host from which the HTTP request is generated. It defeats harvesters.
If somebody sent you spam after harvesting my page, you know they were operating out of your domain.
From: Paul K Date: Thu Dec 05 12:17:31 AM To: Wabewalker Cc: David O Subject: RE: abuse e-mail address
This still does not explain why you are advertising/displaying a domain name that you do not own.
Please remove all references to the dummysportzbet.com domain asap.
He doesn’t get it, does he? Probably a lawyer or some other web amateur. The site in contention is in the gray market: something to do with offshore betting or free money laundering or some other quasi-legal activity.
I decide to let his local admin handle the explanation by telling him to do something that will give the admin a chuckle or two:
From: Wabewalker Date: Thu Dec 05 07:14:29 AM To: Paul K Subject: Re: abuse e-mail address
Tell your system administrator to remove the errant PTR records from your DNS server. That will fix the problem.
From: Paul K Date: Thu Dec 05 08:33:05 AM To: Wabewalker Cc: David O Subject: RE: abuse e-mail address
The PTR records are in order. The domain belongs to our company, PLEASE REMOVE ALL REFERENCES TO DUMMYSPORTZBET.COM FROM YOUR WEBSITE.
Please see below:
(WHOIS record clipped for privacy)
OK, he knows about WHOIS records, but not the difference between WHOIS and DNS; this suggests he took a crash course like Dot-Coms for Dummies. And this David person seems a bit mute on the subject… he’s probably too busy laughing.
I give up. I try one last time to explain what’s going on. Anything else I get from this guy is going directly into the bit bucket.
From: Wabewalker Date: Thu Dec 05 08:45:44 AM To: Paul K Subject: Re: abuse e-mail address
OK, let's go through this one more time:
Spam harvesters do not harvest pages where there is an e-mail reference to the domain in which the harvester is running. This is to avoid setting off alarms at their ISP.
Therefore, to cut down on harvesters and the amount of UCE mail I receive, I included a small script that asks the DNS server to give me the domain from which the harvester originated. I then include that generated abuse address on the page to stop the harvester.
The only reason you're seeing your domain on my page is because you are visiting the site. If you don't want your domain to appear on web pages that do this, you need to remove your DNS PTR record.
Or stop visiting the site. Your call.
* PLONK *
Hee hee hee. This is way too entertaining for me. I gotta go sit in a quiet place and calm down…