About AHC


SPAM :-(

Since around february 8th, 2002, someone somewhere has been using the domain ahc.dk as a fake sender address for SPAM (unsolicited email).

At the time of this writing I have received two complaints from receivers, but in the week since this started I have also logged more than 80,000 attempts from around the world to contact invalid accounts on my mail server. Since my system can't even create an account with one of the names these invalid addresses have, I am unable to find out just what they are trying to send, but my best guess is that these mails would just be "message undeliverable" errors resulting from the spammers attempting to send spam mails to addresses that don't work around the world. If that is correct, I dare not think exactly how many people have actually received the spam mails!

As owner of the domain ahc I am deeply upset by the fact that spammers have abused my domain name like this, and despite the fact that I am normally a calm person, if it goes on for much longer I will consider suing the companies using the spam mails for damage to my reputation and for overloading both my server and internet connection for several days due to the large number of attempts by servers around the world to return undeliverable mails, and the hours of work it has cost me to be completely sure that my system has not been compromised and to respond to complaints from innocent receivers of the spam mails. Unfortunately the claims in the spam mails I have seen do not prompt me to believe the people sending them will ever be rich enough to pay for the damage...

If you are reading this, you might be one of the victims of a spam mail apparently sent from an account in my domain. Please be assured that the mail did, in fact, NOT originate in my domain OR on my server. I have been closely monitoring my server since this started, and I am positive that no email has left ahc.dk that has not been written by myself or someone in my household for personal or business purposes (and I do not consider spam a valid form of business).

For starters, all accounts that I know of having been used for spamming so far have names starting with a number. There are no users with account names starting with numbers on ahc.dk, nor will there ever be. If you receive a spam mail from an address like that, you can assume right away that the sender address is forged.

Second, AHC will never, repeat, NEVER, send out unsolicited mails to, or give any addresses of customers to any third party without prior permission. Nor will I expose email addresses of customers on my web page without permission. I am currently receiving 3-8 spam mails a day myself and I know how it sucks!

What to do?

Most people will react to spam either by deleting it or by trying to report the spammer to whomever they believe to be responsible. Unfortunately, the apparent sender of the mail is usually forged. Emails contain additional information apart from the obvious "From:", "To:" and "Subject:" header fields that modern graphical mail clients such as Outlook and Outlook Express show you. The additional information may provide more information about the true origin of the mail. If you forward a mail without those extra header fields, the recipient of the forward is unable to do anything except check his/her logs to see if the address in the "From:" field is someone on his/her system - which is usually not the case.

If you want to assist in finding the spammers, you have to examine the extra fields and report the incident to the people on whose systems the mail originated. I am, unfortunately, unable to do anything since I don't know where these mails are sent from.

Where to go?

I recommend http://spamcop.net. They have a free spam analyzing and reporting tool that you can use to analyze the additional header fields in order to track down the true origin of the spam and to compose a complaint to that site. Spamcop also has a guide to how you get the full header fields from a lot of popular mail clients.

You can also take a look at www.ordb.org - the Open Relay Database, and www.orbz.org - the Open Relay Blackhole Zones (note: These two sites are no longer active) Both are databases listing so called open relays, sites that by way of faulty configurations or bad policy keep their mail servers open to use by whoever tries to use them. Those servers are often used by spammers since that allows them to spam virtually without being tracked. Visiting these sites and reading their information might give you an insight into the way these things work.

I hope this page has clarified the issues for you, and that you will participate in tracking down the people responsible for this spam incident.

Allan Høiberg

Added 2002-02-18:

It seems the traffic is slowing; yesterday I only logged 189 attempts at contacting invalid accounts. I am now up to 84,068 attempted mails to invalid accounts and three complaints.

The last complaint drew my attention toward an additional resource, The Network Abuse Clearinghouse at http://abuse.net. They have a lot of links to tools and information, and offer an easy way to send a complaint through them. I suggest a visit.

While you're surfing, you might find something useful at The Network Abuse Clearinghouse's sister site, http://spam.abuse.net or at CAUCE, The Coalition Against Unsolicited Commercial Email at http://www.cauce.org/.

Added 2002-09-13:

Today I received the first complaint in the newest wave of spam sent during the last two weeks. There have been smaller waves of spam with forged ahc.dk-addresses since february, but this time it seems to be going on and on. So far, I have received 15,000 error mails... :-(

Anti-spam banner