Norwegian spammer at it again
I wrote about a Norwegian spammer a while back. He’s at it again. And this time he says it’s not spam. Here’s what he says verbatim:
NB! Denne email er ikke ”Spam”! Vi har til hensikt å nå innkjøpsansvarlig i alle Norske bedrifter i Norge. Vi har i den forbindelse innhentet email adresser til alle
selvstendig næringsdrivende i Norge. Skulle De allikevel ved en feil motta denne email som en privatperson. Vennligst slett Dem fra
distribusjonsliten ved å bruke alternativet nedenfor. Det kan opplyses at De muligens mottar email på Deres private email adresse, hvis
De har oppgitt den i forbindelse med Deres og/eller andres næringsvirksomhet.
This is in Norwegian, so I’ll summarize. He says it’s not spam. That they’re planning on reaching everyone in Norway that’s responsible for purchases for companies. They’ve gathered e-mail addresses for everyone who has a company in Norway. And then he goes on to say that if you should receive this e-mail as a private person, please remove yourself by using the alternative below.
He’s trying to bypass the Norwegian laws, that says that it’s (still) OK to contact a company, by using the company e-mail address. But it’s not OK to spam an employee at a company.
So, a lot of people will probably be fooled by this, but it’s still spam. I happen to have access to the logs of a multi-domain mailserver, and I tracked some addresses he sent this to. Some of those could NOT be found at the Norwegian registry for such information.
One of the addresses I tracked is an old address. It’s no longer in service. I can’t find it anywhere, so I can’t imagine how he could have gotten it the way he said he did.
Another address is for a sales representative for a large area, but not a company owner. He should not be on a list such as that.
Then there’s another company, where they sent e-mail to two addresses. One is listed on the central registry, the other is listed on another company search I’d never heard of. Both addresses are still active.
Another company had no e-mail address on their registration. But one employee could be found on their website as a contact e-mail. The way I read the Norwegian law, that address can’t be used to spam. You can use addresses from the company registration, and domain@domain.no, and possibly info@domain.no or post@domain.no (BTW, I advise you not to use those addresses, either in Norway or internationally. domain@domain.com, sales@domain.com, info@domain.com and webmaster@domain.com are generally spammed to death). Not exactly sure which ones are allowed. Anyway, I don’t see how they could finagle that this address was allowed. I also found another e-mail address at that company, that I can’t find on the company homepage, though the address is still active.
Finally, I’ll give you the full headers, munged:
Return-Path:
Received: (qmail 29703 invoked from network); 3 Dec 2005 18:37:57 -0000
Received: from munged (HELO munged) (munged0)
by 0 with SMTP; 3 Dec 2005 18:37:57 -0000
Received: from smtp1.uniweb.no ([195.159.128.247]) by munged with
InterScan Messaging Security Suite; Sat, 03 Dec 2005 20:06:38 +0100
Received: (qmail 31129 invoked by uid 210); 3 Dec 2005 22:04:41 +0100
Received: from 203.101.44.130 by smtp1 (envelope-from
0) with qmail-scanner-1.25st (f-prot: 4.6.0/3.16.7. perlscan: 1.25st.
Clear:RC:0(203.101.44.130):. Processed in 5.029382 secs); 03 Dec 2005
21:04:41 -0000
Received: from unknown (HELO Lars) (salg@exc-npi.no@203.101.44.130) by
smtp1.uniweb.no with SMTP; 3 Dec 2005 22:04:36 +0100
Reply-To:
From: “Vi dekker ditt behov!”
To: “Vi dekker ditt behov!”
Subject: =?iso-8859-1?Q?Til_innkj=F8psansvarlig?=
Date: Sun, 4 Dec 2005 00:19:43 +0530
Organization: Npi
MIME-Version: 1.0
Content-Type: multipart/related;
boundary=”—-=_NextPart_000_0096_01C5F86A.60826FB0″
X-Priority: 1 (Highest)
X-MSMail-Priority: High
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Importance: High
Thread-Index: AcX4N8hk8Lq+53RPQt2DXIeo2gj/3A==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Qmail-Scanner-Message-ID: <113364387891831123@smtp1>
Update: OMG, I just found something hilarious:
http://pluss.venstre.no/organisasjon/0000D38D-8000000B/0000DDC2-8000000B/
It’s apparently some sort of mail box belonging to a political organization. It popped up when I searched for the fax number of the spammer. So it was indexed by a search engine (not sure which). But this is a scandal by itself, though… Their web mail system is wide open!
Found an article about a loophole in the Norwegian spamming law. This is ancient news. But as I’ve pointed out in this post, the spammer who sent the spam above wasn’t too careful. He SAID he was sending the spam out according to the law, but in reality I couldn’t find that he had washed his list properly.
December 5th, 2005 at 3:31 pm
[…] e content and splogs Comment spam fraud » Norwegian spammer He’s at it again, December 3rd, 2005. New post about that spamrun. He […]
December 6th, 2005 at 10:26 am
Hi Ann!
Please help
When ever i visit any website .. it leave the below information in the log
HTTP_USER_AGENT: mesothelioma.net.in sent you a visitor today (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; mesothelioma.net.in sent you a visitor today) HTTP_REFERER:
I found that in a log for a new domain which i hosted… and i confirmed that its my browser which is leaving that information
I dont know what it is and from where it is getting that data and no domain is registred by that name… can you please help to rectify the same.
from where i can remove that entry, so that my browser donot leave that in the logs of the site i visit.
Its so frustrating when i dont know how to remove it and how do i ensure that it doesnot write on my browser again.
Any help would be appreciated
Thanx
Anish
December 6th, 2005 at 3:43 pm
Anish:
How about, you did it yourself? You’re surfing through a proxy. That in itself has all sorts of potentially ugly connotations.
Second, I saw that same IP address come to my site 5 hours earlier, with a normal user agent.
Either you picked up a nasty parasite, or you’re trying to game us. Either way, you’re on your own.
December 7th, 2005 at 3:12 pm
It is very interesting to know is the list of company emails that norwegian law allows to send to is closed (i.e. there is fixed list of particular $USER email parts) or not… I couldn’t find any english information about that (sorry, I don’t know norwegian language).
December 7th, 2005 at 3:30 pm
Basically, Norwegian companies are allowed to send unsolicited commercial e-mail to the contact address that is entered in a specific registry (and I’m not mentioning which one to foreigners, though Norwegians would know exactly which one I’m talking about), as well as obvious company e-mail addresses, like the ones I mentioned.
Stray outside of that, and you’ll face fines and up to 6 months prison time.