Spoutin' Off: Hijackers illegally using address

By Michael E. Rau

February 14, 2005

Okay... This is getting ridiculous. Someone's hijacked my website address and they're using it to send spam... Apparently LOTS of spam... And after trying to figure out what I can do about it for the last few days, I'm stumped.

Here's why: It has NOTHING to do with me, my computer system, my website host's system, or anything else over which I have any control or influence.

As opposed to a virus or worm, which hijacks your email program, or spyware, which hijacks your computer's browser, this is theft of an identity; of a brand.

My email address suffix could have been chosen by a human or an automated program. Now, some other program is generating untold pieces of spam by apparently auto-generating a string of gibberish, followed by the "at sign" (@), and then my URL.

So how do I know this is happening? It's simple. In the last few days I've received thousands of auto-responses from email servers informing me that these emails have been recognized as spam and been rejected by the server. Thousands! And if that's the case, how many more thousands are actually getting through?

I'm so embarrassed...

I've gone to extraordinary lengths to own a secure system. I am 100% Microsoft-free. I work on a Mac running OSX 10.3; I use Safari for a browser and MacMail for email running behind two industrial-strength firewalls. I have three separate spam filters running. Even with virtually no risk, I regularly scan my system for viruses and spyware.

My website, as well my clients', are hosted on Linux servers with all the security bells and whistles, including SpamAssasin running on the email servers.

What more can I do?

For the source code savvy user, they can look at the raw code of these emails, trace the routing, and know that they're not from me. But that's my company brand, even though stolen, and I take that seriously.

So what recourse do I have? None, really. There are no laws to address the criminal nature of such piracy. Even if there were, from what I've been able to discern, these emails are originating overseas, so it would be an international issue.

In theory, there would be a strong case for civil action if I could actually identify the culprits and prove damage, but the complexity of such a civil case would strain the resources of a large corporation. How can a one-man shop like mine possibly combat such piracy?

The answer is: I can't... I'm utterly at their mercy... And the people who represent me in government couldn't care less.

Yes, there have been a couple of high-profile prosecutions of domestic spammers which certain politicians have tried to portray as being a big deal. But whether you're a home user or an IT manager for a big firm, ask yourself this: Is the problem of spam getting any better? Do you feel that anyone in government is trying to address this issue?

How much Internet bandwidth is consumed by the millions of pieces of spam sent each day? How many man-hours wasted processing it? How much spent on software and infrastructure to combat it?

It only makes sense for corporate America to step up and take the lead in prosecuting spammers, for their own welfare, if not the public's. And let's face it If the tech sector contributors who now fund a large chunk of our political system started pushing the government for solutions, I can't help but think solutions would come.

While we wait, there is something every IT manager, web space host, and email provider can do: Go to the Spamhaus Project and learn how to use their realtime databases of known spammers and exploiters to block access. If enough email servers start doing this, the servers which accommodate spammers would soon become non-functional and the companies which enable them would fail. This is how the marketplace should work.

I'm willing to do my part, but I'm only one guy.

In the meantime, if you received an email from my company asking if you want to illegally buy drugs from an offshore pharmacy to treat erectile dysfunction, I swear I didn't send it!

(Mike Rau runs a small mass communications consulting firm in Virginia Beach. You can reach him at mike@asoundidea.com [Don't hijack it!])

Copyright © 2005, Daily Press