A spammer is forging my address in the 'from' line of his spam. As a result, my email address is being blacklisted in some places, and I've received about a thousand bounce messages in the last hour.
For the life of me, I can't think what to do about it….
Update: From a first look, the mail is coming from 80.225.253.178 (for which there is no meaningful whois contact data) and it's advertising a web site owned by this owner:
Domain ID:D9457357-LRMS
Domain Name:PINOMEDS.INFO
Created On:22-Jan-2005 14:49:19 UTC
Last Updated On:22-Jan-2005 17:02:21 UTC
Expiration Date:22-Jan-2006 14:49:19 UTC
Sponsoring Registrar:R139-LRMS
Status:ACTIVE
Status:OK
Registrant ID:C8594388-LRMS
Registrant Name:Ms. Alexandrina Sirakova
Registrant Organization:V+D Auto GmbH
Registrant Street1:Postfach 25 Sofia
Registrant City:Sofia
Registrant State/Province:na
Registrant Postal Code:BG-1407
Registrant Country:BG
Registrant Phone:+3.5928614244
Registrant FAX:+3.5928614244
Registrant Email:lora_2005@inorbit.com
Admin ID:C8594388-LRMS
Admin Name:Ms. Alexandrina Sirakova
Admin Organization:V+D Auto GmbH
Admin Street1:Postfach 25 Sofia
Admin City:Sofia
Admin State/Province:na
Admin Postal Code:BG-1407
Admin Country:BG
Admin Phone:+3.5928614244
Admin Email:lora_2005@inorbit.com
Billing ID:C8594388-LRMS
Billing Name:Ms. Alexandrina Sirakova
Billing Organization:V+D Auto GmbH
Billing Street1:Postfach 25 Sofia
Billing City:Sofia
Billing State/Province:na
Billing Postal Code:BG-1407
Billing Country:BG
Billing Phone:+3.5928614244
Billing Email:lora_2005@inorbit.com
Tech ID:C8594388-LRMS
Tech Name:Ms. Alexandrina Sirakova
Tech Organization:V+D Auto GmbH
Tech Street1:Postfach 25 Sofia
Tech City:Sofia
Tech State/Province:na
Tech Postal Code:BG-1407
Tech Country:BG
Tech Phone:+3.5928614244
Tech Email:lora_2005@inorbit.com
Name Server:NS2.PINOMEDS.INFO
Name Server:NS1.PINOMEDS.INFO
But that doesn't really help much…
Second Update: the flood has stopped, or something upstream of me has stopped it.
Third update: Not. Getting. Any. Mail.
Fourth update (@ 11:30pm, which is to say several hours later): New mail is now getting through. No idea what happend to any mail sent in last four hours or so except that I didn't get it.
I also was a Joe-job target of this spammer. The spammer is E.V.A Pharmaceutics. I have not been able to obtain any credible contact information yet. I too have received hundreds of bounces from this spammer. BTW, I found your site by doing a google search on lora_2005 who is listed in the whois info.
There is a `real’ “V & D Auto” in Sofia, but the are unconnected to that registration. The previous poster
was correct with his comment about “E.V.A Pharmaceutics” – they use many fraudulent registrations and as
you know, forge the headers. The most recent siting is “goodwebmeds.info” – same false registration data,
headers from some poor schmoo “buster (at) dbzmail.com” whose account has already been suspended.
Reference to `real’ company: http://www.vdauto.com
P.S. “Joe Job” refers to when they want to atck you personally for a reason (the original was “joe.com”),
not when they pick you at random (as has happened to me also).
triamed.biz offers something similar too. They also are “Copyrighted E.V.A. Pharmaceutics”.
At first, I thought it was a real website, well done and with all the pages complete… Anyway, a Google Search “E.V.A. Pharmaceutics” brought me here.