If you've been spammed by e-mail, and you think 'hsh.com' or 'bestrates.com' did it, please read this.
We did not spam you. 'Bestrates.com' is a domain of HSH® Associates, Financial Publishers. We did not send the spam, nor was it relayed through our site. We do not send e-mail from BestRates.com. HSH.com has no connection to the outfits which spammed you.
We caught a spammer! Read all about it!
Have you received one of these spams? |
|
"Shop hundreds of lenders... ...with just one click!" |
"Let Banks Compete For Your Mortgage!!" |
Examine
the e-mail closely. It is not from 'bestrates.com' -- read on. | |
What's going on:
Spammers are using different ways to blame the spam on us.
1. The 'Forged Headers' Approach.
Although the sender used "bestrates.com" in his spam, take a look at the message header. It will clearly show that our domain (IP address: 165.254.xxx.xxx) was not involved in the transmission of the spam in any way. The spammer(s) use different IP addresses; some are in the "12.64.xxx.xxx" range (which points to someone in the AT&T dialin network) or the " 32.102.xxx.xxx" range (somewhere in the IBM Global Services network). IP addresses are very difficult to forge in e-mail... but domain names are easy to forge.
A check of the domain via WHOIS (or via a Website such as http://www.swhois.com) will confirm this.
Let's dissect a mail header. This is an actual spam; note that the IP address is not that of 'bestrates'. You can do the same with the headers on the spam you received. Spammers hope that unwary readers will blame us for sending the spam. (You can also be sure that the so-called sender's e-mail was faked, as was 'coolrates.net'.
Return-Path: <htnpehrwel@Kebi.com>
Received: from tjjnser.tjjninvest.com.cn ([203.207.136.97] verified) by dc-mx05.
cluster1.charter.net (CommuniGate Pro SMTP 3.4.6) with ESMTP id 18631397 for
jeff@charter.net; Tue, 08 Jan 2002 14:00:09 -0500
Received: from mx3.bestrates.com (slip-12-64-198-240.mis.prserv.net [12.64.198.240])
by tjjnser.tjjninvest.com.cn with SMTP (Microsoft Exchange Internet Mail
Service Version 5.5.1960.3) id C39GR85N; Wed, 9 Jan 2002 02:34:33 +0800
Message-ID: <000042d86bfe$00004dbe$000030c2@mx4.coolrates.net>
To: <Lucky Day>
From: htnpehrwel@Kebi.com
Subject: Is your interest rate as low as 6.4???????
In other words, the spammer "spoofed" the message to make it appear as though it came through us -- it's like identity theft. That's one of the ways that spammers hide their real identity.
What you can do: |
| 1. Send the e-mail -- and your complaints -- to the people responsible for the actual IP address. (Yes, it takes work. So did writing this explanation for you.) Here's how: |
| 2. Paste the IP address into the 'Traceroute' at UXN Spam Combat, an excellent source of Web-based tools. |
| 3. McAfee, which bought NeoTrace, offers a couple of shareware programs which are even better at this. |
Further reading: Reading E-mail Headers; Finding Hidden Senders in All That E-mail Gobbledygook (NYT)
2. The Subdomain Blame Game.
A domain can have "subdomains" -- such as 'people.yahoo.com'.
The actual domain (the 'home' of the site) is 'yahoo.com,' while the subdomain
is 'people.'
Here's the trick: any site can use anything as a subdomain.
Examine the e-mail closely. If it says, for example, http://bestrates.81832.com (this is the actual site of a known spammer) then it's from the domain "81832.com" -- not 'bestrates.com'.
| Look Closely! | |||
| http:// | www. | bestrates | .com |
| http:// | bestrates. | 81832 | .com |
The red part indicates is the website domain. Please note that "81832.com" is a DIFFERENT domain. It is NOT "bestrates.com". It is NOT our website.
Further reading: How to track the source of spam. Here's a whole page of links about this topic.
What you can do: |
| 1. Follow the money. The "From" e-mail address may be forged, but the whole idea is to get you to go to their website. So go there, and use their form to complain. Repeatedly. (Hey, they want responses, right?) |
| 2. Want to learn more about them? UXN Spam Combat is an excellent source of Web-based tools to find 'em. |
| 3. Don't waste time with the "unsubscribe" instructions. At best, the e-mail address is phony; at worst, you'll just confirm that you're a live patsy, ripe for spamming. |
| 4. Send us the spam, with a polite note, complete with the headers. We have our suspicions as to who is trying to cream us with their spam, and our investigation is ongoing. Copies of the spam will aid in our investigation and legal action, if warranted. Please send to spamfight@hsh.com. |
Thank you for your help -- and your understanding.
Update: We no longer accept e-mail addressed to 'bestrates.com'. See this page. To communicate with us, please use this form.
More Assistance:
"How to Short Circuit Junk E-Mail", by Marc Eisenson.
CAUCE
(Coalition Against Unsolicited Commercial E-mail)
Junk Snail Mail:
The 'Big 3' credit reporting agencies maintain an "Opt Out"
database which you can join; call 888-5-OPTOUT (888-567-8688). However, you'll still get plenty of stuff from banks and other companies you now do business with. Read this FTC article for more information.
This page copyright © Tuesday, 09-Feb-2010 09:42:12 PST by HSH® Associates, Financial Publishers. Permission to reprint the HSH-authored contents of this page is granted to other spam-fighters. Fight the good fight.
