This page is a continuation of the article, Handling 'Spam
Spoofers' -- What to Do When Someone Steals Your E-Mail Address or URL to Send Junk
Mail by Barbara Brabec
How Two Web Entrepreneurs
Handled Their E-Mail Identity Theft Problem
"Someone stole my e-mail address and the problem escalated to the point where I was
getting dozens of returned e-mail messages apparently sent from my URL," writes Nora Creeach
(now retired from the Web).
"I was working with a lot of kid crafts and
maintaining a child friendly site at the time, so the X-rated messages were particularly
disturbing to me.
"I notified my
ISP and my site host and we were able to trace the sender back through a
number of fake e-mail addresses that ended in Russia (not able to trace
past that). Notifying the ISP and my Web host (including copies of the
returned e-mail, with extended headers), prevented my site and e-mail
privileges from being terminated. In notifying your ISP, look for an
address that will be looked at by a human. If the humans responsible for
the site (ISP) of the returned mail know of the problem and the steps
taken to stop it, there is less likelihood that your domain will be put on
the banned or bounce list.
"I also called the local police and made an identity
theft report, but was advised there was nothing they could do except put my
report on file in case there were any repercussions. My next move was to
place a message on my home page stating that I do not send spam and
actively fight it, but that my name was being used by someone else. I
posted to all the lists I could, explained what was happening, and asked
that they forward any messages they received (with the extended
to me so we could stop the abuse. It took almost a month of several hours
a day to stop the porn and greatly reduce the spam. I wouldn't bother for
the occasional spam message, but the flood of porn meant I needed to be
more aggressive. I continued to monitor this problem. Once in a while, I'd get an e-mail return with my domain name, and when this happened, I
immediately reported this unauthorized use of my name or domain to my
I asked Nora what good it did to report e-mail identity theft to the
police if there was nothing they could do about it. "This will be
helpful in stopping pornographers from using your e-mail identity"
she explained. "If you can track down the individual who has stolen
your e-mail identity, it carries considerable weight if you e-mail them
back saying you have reported them to the police. Since pornographers do
everything possible to avoid the police, my telling them that the police now
have a file on them has been enough to stop some them from using my name."
Since robots and spiders routinely search the Web for e-mail addresses,
Web site owners need to take steps to protect the addresses used on their
sites. Some website owners show their email address as a graphic image, which
people can read and hand-type into their email client. For other methods you can
How to Make Your E-Mail Address Invisible to Spam Bots.
"I was the victim of e-mail forgery about a year and a half
ago," writes Jeanne Baratta. "Overnight my inbox was flooded with
looked as if they were coming from my Web site–emails with revolting sexual subjects advertising
pornographic sites. I was completely flabbergasted by this and the fact that people--maybe even
some I know–were receiving this mail and thinking it was coming from me!
At one point, I was receiving at least 300 undeliverable messages each day, so I could
only imagine how many were being delivered!. However, I only received one
complaint from a lady who wrote to me telling me to stop sending her porn.
I sent her a long apology explaining my situation and
assuring her it was not me. I even offered her a discount at my Web site.
She was very sweet and thanked me for explaining the situation.
"My ISP (MSN) gave me no help in this matter whatsoever. They merely
told me that ‘email spoofing’ was fairly common and simple to do.
Initially concerned that my passwords had been stolen, I was assured that
passwords were not necessary to spoof someone's email. I next went to the
Professional Crafters Mailing List for help, and one of the list members,
who called himself a 'white hat hacker' (someone who hacks only for the
good of others), came to my rescue. I forwarded a bunch of
the ‘filth’ to this fellow, and he was able to pinpoint the ISP and IP
address of the perpetrator. He instructed me to send all the returned
emails to my ISP with a letter explaining the spoofing. After doing this,
I immediately received a letter from MSN stating that the person would be
banned from their service.
"I didn’t file a report with my local police, but I did file a
report with the FBI Internet crimes division. I filled out a lengthy
report, chronologically listing all events, contacts and email addresses,
attaching copies of all correspondence and files. I did receive a timely reply from
the FBI saying that my report was received and being investigated. After
about a month things went back to normal as far as my email was concerned,
and I never heard anything else from the FBI."
Not content with the action she had taken, Jeanne did one other thing
she later admitted was dumb on her part. Armed with the IP address of the
email sender, she easily found the name, address and telephone number of
the person who was illegally using her email address. "Don't ask what
I was thinking--I am still not quite sure what possessed me to do
this--but I called this person," she said. "I’m not sure what
I expected to accomplish, but I felt a little better after confronting
him. I will spare you the details of our conversation, but I decided to
hang up (read: came to my senses), when he started calling me some
Confronting such people in person is not a good idea. If you can
find them, they can also find you and, when they do, they might do something far worse than
spoofing your email address.
[Back to TOP]
[Back to part one of this
[Back to Computertalk
Copyright © 2000-2013
by Barbara Brabec
All Rights Reserved
Barbara Brabec's World