<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.24.1">
</HEAD>
<BODY>
-------- Forwarded Message --------<BR>
<B>From</B>: John Simpson <<A HREF="mailto:John%20Simpson%20%3cjms1@jms1.net%3e">jms1@jms1.net</A>><BR>
<B>Reply-to</B>: qmail-patch@jms1.net<BR>
<B>To</B>: <A HREF="mailto:qmail-patch@jms1.net">qmail-patch@jms1.net</A><BR>
<B>Subject</B>: Re: [qmail-patch] Reminder: Please Respond to jaspal's Invitation<BR>
<B>Date</B>: Wed, 7 Jan 2009 06:59:48 -0500<BR>
<BR>
<PRE>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2009-01-07, at 0134, jaspal singla wrote:
>
> jaspal singla wants you to join Yaari!
i doubt it.
this "yaari.com" site is known for highjacking peoples' gmail address
books.
        <A HREF="http://blogs.sun.com/arungupta/entry/boycott_yaari_com_spam_2">http://blogs.sun.com/arungupta/entry/boycott_yaari_com_spam_2</A>
i did some digging through the logs on my own server (which was kind
of interesting because i try to keep as few logs as possible.)
the address "<A HREF="mailto:jaspal@tetrain.com">jaspal@tetrain.com</A>" subscribed to the list on 2008-08-17,
but has never posted.
the "<A HREF="mailto:jaspal.singla@gmail.com">jaspal.singla@gmail.com</A>" address tried to subscribe at the same
time, but never finished the process. google's outbound mail doesn't
always use the same source IP address, and at the time i had been
testing the "grey3" idea and hadn't whitelisted messages sent to the
list, so the retries never happened (or they did, but because they
happened "from" a different IP address, grey3 thought it was another
"first" message.)
i think what happened here is that this person signed up for this
"yaari.com" web site, and in the process of his signing up, that web
site stole his gmail address book (which contained the "qmail-patch"
and "qmail-patch-subscribe" addresses) without his knowledge, and
these "yaari.com" a**holes are trying to spam every email address they
found.
the spam message itself was sent from the IP address 63.167.241.174,
which is "yaariinvites.com". rather STUPID for a spammer to use his
own server, unless they truly are trying to be legitimate in how they
do business... but of course if that were the case, they wouldn't be
sending unsolicited advertisements in the first place. and given the
fact that they're stealing peoples' address books, i think we can
assume that these people are scumbags and deserve to die a slow
painful death.
i have added 63.167.241.0/24 to my private blacklist, and i recommend
that others do the same. a scan of the reverse-DNS names in that block
leads me to believe that the entire block is used for hosting spam
services. even the name of the company who "owns" it, "frontier vision
technologies", sounds like a made-up name to try and make a spamming
company sound legitimate. and their upstream provider, sprint, has a
history of not caring what their customers do, so long as the bill
gets paid and the phone doesn't ring constantly for support.
unfortunately, the damage is done. the list address is now on their
spamming list, which means we'll probably see more of these messages,
and if they're true scumbags, they'll give or sell those addresses to
other spammers and we'll start seeing more random addresses subscribe
and start sending spam.
if this happens, i will switch the list policy to "subscription
moderated", and require a turing test (i.e. prove to me that you're
human and you're not a spammer) before approving any new
subscriptions. i hate to have to do it, but i happen to think that
having a spam-free list is a good thing.
i also have reason to suspect that the "<A HREF="mailto:jaspal.singla@gmail.com">jaspal.singla@gmail.com</A>" email
address has been compromised, or that its owner did this deliberately.
this address subscribed to both the qmail-patch and qmail-patch-
announce lists on 2009-01-06, and then this spam was sent the very
next day. as a precaution, i am manually removing this email address
from the list after sending this message, and adding it to my
badmailfrom file. i'm pretty sure the legitimate owner, if there is
one, has the other email address- if they really need for this gmail
address to be on the list, they can contact me directly, using the
email address at the bottom of every page on my web site.
for those of you who are curious, THIS is ultimately the responsible
party, the woman who owns "yaari.com".
        <A HREF="http://www.theculturalconnect.com/magazines/desi/2006-12-12/pro">http://www.theculturalconnect.com/magazines/desi/2006-12-12/pro</A>
if anybody is in atlanta, "358 angier av" is the registered address of
"Yaari Inc.", and is also the address listed in the state filings for
"Prerna Gupta" and "Parag Chordia", the officers in that corporation.
it's about two blocks east of the civic center- according to google
maps' street view it's a little yellow house with a driveway leading
up to the side of the building. if you get a chance to go by there,
knock on the door and see if she's there. if so, tell her i said to
kiss my a**.
> If you have any concerns
> regarding the content of this message, please email <A HREF="mailto:abuse@yaari.com">abuse@yaari.com</A>.
> Yaari LLC, 358 Angier Ave, Atlanta, GA 30312
there really IS a "Yaari LLC", or at least there was. the state of
georgia has a web site where you can check the details, and download
copies of the actual filing documents involved in creating and
maintaining a corporation. i have done this, and it turns out that on
2008-08-12, "Yaari LLC" was converted to "Yaari Inc." (i.e. it's now a
for-profit corporation.) which means that the required legal notices
in the message (and on the web site) are WRONG, they identify the
message as having been sent by a non-existent entity. which means they
have zero protection under the "you CAN-SPAM" act.
i don't want to spend the time going after these people and having
charges brought up against them... i've done it before (successfully)
and i know it to be a major headache, with little or no satisfaction
to be found at the end of the process, especially if the scumbag
you're suing is able to just dissolve an LLC and walk away without
ever having to pay a dime of the court-ordered award and fees.
i just want them to never send spam to my server again.
- ----------------------------------------------------------------
| John M. Simpson --- KG4ZOW --- Programmer At Large |
| <A HREF="http://www.jms1.net/">http://www.jms1.net/</A> <<A HREF="mailto:jms1@jms1.net">jms1@jms1.net</A>> |
- ----------------------------------------------------------------
| <A HREF="http://video.google.com/videoplay?docid=-1656880303867390173">http://video.google.com/videoplay?docid=-1656880303867390173</A> |
- ----------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAklkmTQACgkQj42MmpAUrRpwuQCgisFGp9gLuF2igNERfILqnULH
5RIAn2QyA8iQ1Tyvx132U8E1zxfUekGc
=MkA/
-----END PGP SIGNATURE-----
</PRE>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
-- <BR>
John Wesley Simpson Hibbs <<A HREF="mailto:john@swajime.com">john@swajime.com</A>><BR>
SwaJime's Cove
</TD>
</TR>
</TABLE>
</BODY>
</HTML>