anti-spam banner
  Kelly Freehold Your Internet Service Provider And Web Hosting

In our investigations, as near as we have been able to determine the reason for this "Joe Job" is a result of the following events.

On January 25, 2001 48 hours on CBS ran piece on cyber fraud with Global Prosperity being the topic. Kelly Freehold was targeted do to a webpage that was archived on Kelly Freehold that questions the legalities of Global Prosperity after several demands to do so. The domain mention by CBS that is running an anti-Global Prosperity Web site was also hit at the same time, from the same point of injection, and is currently off line as of this date (Sunday, February 04, 2001 05:34 PM) due to "spam complaints" to his ISP.

For more information regarding the policies, and feelings about spamming of Kelly Freehold, view the anti-spam banner in the upper corner of this page, or visit our personal anti-spam webpages at http://www.kellyfreehold.com/spam/ which has been in place for years, the same as our anti-spam policy.

After five days of being continually bombarded with "spam complaints", re-directs, phone calls, ping and hacking attacks on our servers, we have decided that we cannot continue to archive the anti-global prosperity page in question while being attacked from both sides. The side that committed the "joe job" and those that react to it without doing any research to make sure they are not attacking an innocent party. It would appear that those that are behind this "joe job" have succeeded in their objective, with the help of those that claim to be fighting net abuse.

Some suggested that we take legal action, and we have not yet figured just who we should bring action against, the spammer, or those that have tried to close us down in the name of netiquette because they did not take the time to do their research; jumping to conclusions that being kellyfreehold.com was mention in the body of the spam, kellyfreehold.com had to be the spammer.

As one "anti-spammer" wrote, "Isn't it funny though, that they are sending out mail PROMOTING your site and services? And you claim to have nothing to do with it? Kinda hard for a reasonable person to believe... but then again, I might have fallen off the turnip truck last week."

My reply to that? "No. It's not a damn bit funny".

The bottom line? One ruined the reputation of this company, the other, denial of service in the form of retaliation for "spamming". That, I guess is why it is called a "joe job".

Therefore, we are asking once again that you bare with us, as we work to clean up this ungodly mess.

The Abuse Continues

I would like to add, since that date, we have received a number of spams where the spammer has used "mail.kellyfreehold.com" and "kellyfreehold.com" as their "HELO", that is who they claim to be, i.e. "mail.kellyfreehold.com" or kellyfreehold.com. These HELO's have been challenged by what is called an rDNS which verifies the IP of the point of injection, or point of origin was not connected with kellyfreehold.com, or mail.kellyfreehold.com [205.160.14.22] in any way shape or form.

The following headers are actual headers of several of these spams that have been received here at Kelly Freehold as examples these forgery, and an example of how big a liar spammer are, and the lengths they will go to retaliate, and "get even" with anyone, or any organization that stands against their abusive behavior.

Example 1

Return-Path: <missbwell@excite.com>
Received: from mail.kellyfreehold.com (208.180.93.232) by pageplanet.com
           with SMTP (Eudora Internet Mail Server 3.0.1) for
bsp;        <xxxxx@kellyfreehold.com>; Mon, 5 Feb 2001 22:29:58
           -0500
From: missbwell@pageplanet.com
Date: Mon, 05 Feb 2001 21:31:26
X-Mailer: Prospect Mailer 2000
To:xxxxx@kellyfreehold.com
Subject: INCREDIBLE $0 TO $50,000 IN 90 DAYS!!
MIME-Version: 1.0
Content-Type: text/plain;charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <1230692298-7426257@pageplanet.com>

Example 2

Received: from mail.kellyfreehold.com (207.41.119.194) by pageplanet.com
           with SMTP (Eudora Internet Mail Server 3.0.1) for
nbsp;        <xxxx@kellyfreehold.com>; Wed, 7 Feb 2001 14:29:29
           -0500
From: Valentine in Cancun@pageplanet.com
Date: Wed, 07 Feb 2001 14:26:28
X-Mailer: Prospect Mailer 2000
To:xxxx@kellyfreehold.com
Subject: Your Valentine!
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_ZBQDCHHROE"
Content-Transfer-Encoding: 7bit
X-Mailer: Prospect Mailer 2000Message-ID: Prospect Mailer 20002:26:28 PM
Message-ID: <1230548327-16086182@pageplanet.com>

Example 3

Return-Path: <stopspam@urs2.net>
Received: from mail.urs2.net (206.170.197.13) by pageplanet.com with SMTP
           (Eudora Internet Mail Server 3.0.1) for <xxxxx@kellyfreehold.com>; Sat,
           7 Apr 2001 05:51:32 -0400
Received: from kellyfreehold.com ([206.170.197.17]) by mail.urs2.net
           (Post.Office MTA v3.5.3 release 223 ID# 0-67419U3000L300S0V35)
           with SMTP id net for <xxxxx@kellyfreehold.com>;
Sat, 7 Apr 2001 02:16:01 -0700
To: xxxxx@kellyfreehold.com
From: stopspam@urs2.net
X-Mailer: 215AF902.72E0B699.3f522d5e158024dd91f5b8a6076305f8
Subject: Stop getting junk e-mail TODAY! and never get a Virus
Organization:
Date: Sat, 7 Apr 2001 02:16:01 -0700
Message-ID: <20010407091601937.AAA1592@mail.urs2.net@kellyfreehold.com>

In the above example that were actually recieved the rDNS showed they were sent from the following, in order:

Example 1

Received: from mail.kellyfreehold.com (208.180.93.232) by pageplanet.com
           with SMTP (Eudora Internet Mail Server 3.0.1) for
nbsp;        <xxxxx@kellyfreehold.com>; Mon, 5 Feb 2001 22:29:58
           -0500

nslookup 208.180.93.232
Canonical name: cdm-93-232-fran.cox-internet.com
Addresses: 208.180.93.232

Example 2

Received: from mail.kellyfreehold.com (207.41.119.194) by pageplanet.com
           with SMTP (Eudora Internet Mail Server 3.0.1) for
         <xxxx@kellyfreehold.com>; Wed, 7 Feb 2001 14:29:29
           -0500

nslookup 207.41.119.194
Canonical name: proxy.rcsltd.com
Addresses: 207.41.119.194

Example 3

Received: from mail.urs2.net (206.170.197.13) by pageplanet.com with SMTP
           (Eudora Internet Mail Server 3.0.1) for ; Sat,
           7 Apr 2001 05:51:32 -0400
Received: from kellyfreehold.com ([206.170.197.17]) by mail.urs2.net
           (Post.Office MTA v3.5.3 release 223 ID# 0- 67419U3000L300S0V35)
           with SMTP id net for <xxxxx@kellyfreehold.com>;

nslookup 206.170.197.17 No reverse DNS (WSANO_DATA)

Query 206.170.197.17
Registry whois.arin.net
Results
Pacific Bell Internet Services,Inc. (NETBLK-PBI-NET-1) PBI-NET-1
           206.170.0.0 - 206.171.255.255
ch bruce, LLC (NETBLK-PBI-CUSTNET-878) PBI-CUSTNET-878
           206.170.197.0 - 206.170.197.255

I guess what really puzzles us here at Kelly Freehold is the fact that for reason unknown we are targeted for these "Joe Jobs". As a small ISP, it would appear we have somehow really made a dent in some ones apple and it doesn't look as if this abusive behavior is going to stop any time soon. So, if you have been "blessed" with one of these spams, and you are here to search out this spammer, rest assured, it not this domain that has spammed you. We are as much a victim of this abuse as you are.





Back To Kelly Freehold Home Page




Created: Feb 3, 2001 22:39:20
Last Update: Sunday, April 08, 2001
By: Duane K. Kelly -
Copyright ©