The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]

Things look quiet here. But I've been doing a lot of blogging at dan.langille.org because I prefer WordPress now. Not all my posts there are FreeBSD related. I am in the midst of migrating The FreeBSD Diary over to WordPress (and you can read about that here). Once the migration is completed, I'll move the FreeBSD posts into the new FreeBSD Diary website.

Which BSD site is sending out spam? 28 February 2001
Need more help on this topic? Click here
This article has no comments
Show me similar articles
I was surprised by some spam I received tonight.  It was the sender and subject matter which caused me the most concern.  It was the first time I'd ever been spammed about BSD.  Usually it's some pyramid selling scheme which promised riches beyond your wildest dreams or a sure fire way to make money by selling bogus reports to other gullible fools.  But this spam was different.  It was advertising a BSD site. 

It wasn't just one message.  They sent me four messages, one via the freebsd-chat mailing list, and three directly to nz.freebsd.org and two to freebsddiary.org.  I would imagine they obtained a list somewhere and I can't believe they're stupid enough to think that spam is acceptable, especially within the BSD community.  It will only serve to alienate them.  In the mail headers, I notice this:

X-Mailer: Postlister 1,16

A quick search revealed nothing of interest, but this mailing list archive message leads me to believe it's a PHP based tool.

So who did the spamming?
The spam originated within arpnetworks.com, which is registered to:

Dolley, Garry (GD6096) gcd@SILICON.NET
ARP Networks
146 S. Adams #10
Glendale , CA 91205
818-246-8721

They appear to be a web design / software house.  For someone in the business of the Internet they appear to know very little about netiquette.

The spam was advertising BSDSearch.com which claims to be a "new search engine for BSD users around the Glove [sic]".   Apparently, they have a list and they have included removal instructions.   This appears to be a non-opt-in list.  Such lists are usual spammer tools.   Opt-in lists, such as those run by the FreeBSD project are those which you subscribe to, they send you an email, you reply to it, and you're on the list.  There is no doubt with such a setup that you have voluntarily joined the list.  With a spammer's "list", such as the one run by BSDSearch.com, is the wrong way to do things.

BSDSearch.com is registered to:

Dolley, Garry garry@arpnetworks.com
24424 Vanowen St.
West Hills, CA 91307
US
818-843-4247

This name appears regularly in one of the BSDSearch forums.

It appears that the owner of the domain from which the spam originated is also the owner of the domain which was being touted in the spam.  Mail for both of these domains is handled by mail.filetron.com:

# host bsdsearch.com
bsdsearch.com has address 206.171.92.96
bsdsearch.com mail is handled (pri=10) by mail.filetron.com

# host arpnetworks.com
arpnetworks.com has address 206.171.92.98
arpnetworks.com mail is handled (pri=10) by mail.filetron.com

The IP addresses in question are owned by filetron:

# whois -h whois.arin.net 206.171.92.98
Pacific Bell Internet Services,Inc. (NETBLK-PBI-NET-1) PBI-NET-1 206.170.0.0 - 206.171.255.255
filetron l.l.c. (NETBLK-FILETRON-NET-1) FILETRON-NET-1 206.171.92.0 - 206.171.92.127

Complaints to postmaster@arpnetworks.com bounced with this message:

Hi. This is the qmail-send program at penguin.filetron.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<postmaster@arpnetworks.com>:
vdeliver: Invalid or unknown virtual user 'postmaster'

The spam
Here's one message:

Received: from devil1.arpnetworks.com (IDENT:qmailr@devil1.arpnetworks.com [206.171.92.96])
    by ns1.unixathome.org (8.11.1/8.11.1) with SMTP id f1S62I677197
    for <feedback@freebsddiary.org>; Wed, 28 Feb 2001 19:02:18 +1300 (NZDT)
    (envelope-from root@devil1.arpnetworks.com)
Received: (qmail 26162 invoked by uid 501); 28 Feb 2001 06:12:38 -0000
Date: 28 Feb 2001 06:12:38 -0000
Message-ID: <20010228061238.26161.qmail@devil1.arpnetworks.com>
To: feedback@freebsddiary.org
Subject: BSDSearch.Com - !New! Search Engine for BSD Users
From: bsdjesus@bsdsearch.com
X-Mailer: Postlister 1,16

BSDSearch.com http://www.bsdsearch.com is a new search engine
for BSD
Users around the Glove. It aims to be the largest
indexed directory on
the 'net for BSD Users. BSDSearch is by far the easiest way to find
resources for iBSD, FreeBSD, NetBSD, OpenBSD and Anything Related to
BSD. For more information contact bsdjesus@bsdsearch.com,
webmaster@bsdsearch.com or reply to this e-mail. To be removed from
the list,simply reply with remove in the subject head and we will
remove your name. http://www.bsdsearch.com

--
BSDSearch.com
The
Worlds Largest Directory and Search Engine for BSD.

I won't bore with the details of the other messages, but the message ids were:

20010228061239.26165.qmail@devil1.arpnetworks.com
20010228061217.26026.qmail@devil1.arpnetworks.com
20010228061402.26661.qmail@devil1.arpnetworks.com

They also spammed the following mailing lists (perhaps there are more, but these are what I know of now):

I also know of  people who received this spam on every BSDi address they own, including aliases, and on every mailing list.

The bottom line
It certainly looks like this spam was sent by and behalf of BSDSearch.com.   It appears to have originated from within the umbrella of BSDSearch and its owner or his company.  There is the possibility that this was an act of terrorism against the BSDSearch people.  But if it was, it was an inside job.   I did a simple relay test on their smtp server.  It did not allow relay.

I am quite sad that this came from a BSD site.  Garry is obviously working hard to support the BSD community and to make a contribution.  However, spam is not the way to go.  Regardless of how well intentioned this act was, there are no circumstances under which it can be condoned.

When I originally wrote this article, I was going to wait 24 hours for a reply to my complaints.  I've reconsidered that given the total lack of response I've seen over the past 10 hours.  Garry is alive and active: I've seen him post a message to on of his forums.  I'm just very disappointed he hasn't bothered to reply.  Perhaps he is just working through the complaints and will get to mine eventually.

In any case, I eagerly await Garry's explanation regarding this spam bombing incident.   His complete lack of response is certainly not encouraging.  But again, he may be busy.


Share
Need more help on this topic? Click here
This article has no comments
Show me similar articles