I've been receiving some emails from myself... Does anyone know of a way to block this BS? I've looked at this below and should I just block the IP 212.249.12.194 or is there more to this? Too bad only a few people know what MGCJerry even means... :)

Does anyone else get this kind of crap?


From abuse@aol.com Fri Jun 14 17:53:01 2002
Return-path: <abuse@aol.com>
Envelope-to: mgcjerry@2thextreme.org
Delivery-date: Fri, 14 Jun 2002 17:53:01 +0100
Received: from [212.249.12.194] (helo=localhost1611.com)
by hazel.vosn.net with smtp (Exim 3.35 #1)
id 17IuHe-0007Zb-00
for mgcjerry@2thextreme.org; Fri, 14 Jun 2002 17:50:52 +0100
From: "mgcjerry" <mgcjerry@2thextreme.org>
Reply-To: "mgcjerry" <mgcjerry@2thextreme.org>
To: mgcjerry@2thextreme.org
Date: Fri, 14 Jun 2002 12:53:23 -0400
Subject: 6/14/2002 12:53:23 PM
X-Mailer: Microsoft Outlook Express 5.00.2919.1990
MIME-Version: 1.0
X-Precedence-Ref: 1234056789zxcvbnm
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Message-Id: <E17IuHe-0007Zb-00@hazel.vosn.net>

looks like someone who has your address in their address book got whacked with the Klez virus. It's pretty much the MO of this one. It collects an e-mail address from the book before it sends itself so it can hide somewhat.

I've had a few people contact me asking what this odd e-mail was. The first time I went pale, checked my virus definitions then ran a full scan... twice. Was all clear.

About all you can do do is make sure your backyard is clean. :)

Greg Moore

Well... At least you have an idea what it might be, but it was a nice HTML advertisment for a "email mailing list", so I said the heck with this, since I will never email myself, I blocked anything from mgcjerry@2thextreme.org in cPanel. This wasnt my first one of these.

Either way

:uzi: SPAMMERS

:uzi: KLEZ

*gasp* me in someone's addressbook... :eek2: Well, theres always a first to everything. :)

well you might have ended up on someone's list I suppose. I know a few ass-scratches have added my personal address to spam lists for whatever reason, as well as our support address - I'm presuming people canned for spamming, or enquires along the same lines. Possible that address is being used as a bounce?

Spammers are filthy dirtbags and I have no doubt they'd jump at the chance to use a legit address to whore their wares, as long as it doesn't get back to them :rolleyes:

Greg Moore

Regarding Klez, by the way -- and no, that doesn't look like a Klez email header to me, several of the lines don't fit the mold, but since it was mentioned -- you don't have to be in someone's address book in order to be the recipient of "from:" address in their Klez-generated mail. The program will search for email addresses in other places too, most importantly perhaps in your browser cache. So if your address is on a web page and someone who has visited that page has Klez active on their machine, your address could be one that is used.

Well I did a run to spamcop, and found that IP 212.249.12.194 was blacklisted, but I don't know if I did the right IP..

212.249.12.194 is and should be listed.

Did I lookup the right IP, (I will block this IP if I did the lookup right ;) )

So far though, I havent received anymore from myself yet :)

Blocking the IP address (which is correct) might do some good, but I don't know how much.

Looks like someone doing some retaliation against "monkeys.com" as they provide the "WPoison" script -- it provides dummy addresses to Spam Bots.

whois for 212.249.12.194 : mwurth@access.ch
Using last-resort contacts:mwurth@access.ch
Whois found: mwurth@access.ch
[show] "nslookup 194.12.249.212.formmail.relays.monkeys.com" (checking ip) not found
[show] "nslookup 194.12.249.212.proxies.relays.monkeys.com"

Most likely, they are using a script to provide phony "From" addresses and trying to hide themselves. Mind you, "ch" which is China, is well known for using Servers (with approval) for Spamming.

I too, have received Email using my Domain Name as the "From" and "To" addresses, but I was able to track it down to an ISP with an open relay. Someday, all open relays will be closed. It's shame really, when the Internet protocols were being put together and people thought it would be used with integreity by all, they didn't think about not everyone having the same frame of mind. Oh well.

hmmm... I think may mate has got sometihng like that before, and as far as I know blocking the IP address doesn;t have any affect :rolleyes: