spammer_logic_0001 - 2004-03-01 spammer logic -
Toasted Articles

Home | Articles | Spams | 419 scams | Spambots | Deny list | Phone list | eMail list | FAQ | Forum
Remove requests | Decode 64 | Decode qp | Decode ip | Other sites | Spam SUCKS! | Formmail Scans
Logos | Phishing | Lottery Scams | Support | Network Testing Services | PushPinMap
(6347) toasted spam dot com
spammer_logic_0001 - 2004-03-01 spammer logic -

We received a spam from, one of those anonymous websites that lets you look for a mortgage online. Why anyone would trust an anonymous website to help them with a major loan is a completely other bizarre topic that we won't go into. But, there are a few things we'd like to examine in this particular case anyway.

Hey! They actually used their own domain name as the sending address. At least there is one thing commendable about this email. Well, actually two things. Assuming this is a trend they are going to keep up, we can easily block further transmissions right at the SMTP level by domain name. Kewl.

Not so cool. is our IP address. Presumably the number in brackets is the originating IP address. What they've done is told their SMTP server to use the recipient server's IP address as their host name. This is a rather sly bit of misdirection that could potentially be considered illegal. But, in the long run, it really doesn't matter one way or the other.

Is this a real address? Might be nice if it is. It would be unusual.

All right, on to the spam message itself:

It's a little crufty, but the links are still easy enough to find. The main link is the same domain name as the sender domain, so let's do a little whois lookup.


Administrative Contact:
Adray, Raymond
2nd Point Services
c/o Network Solutions
P.O. Box 447
Herndon, VA 20172-0447

This domain is a 'private registration' through Network Solutions. This means that the domain owners are hiding their identity. Any communication to this address gets processed by Network Solutions first and then only what they determine to be suitable gets passed on to the domain owners. Since probably the only communication they are likely to receive are spam complaints, most of it will be deemed unsuitable and won't be passed on.

The remove link is a different domain. Oddly enough, if you browse to root page of that domain name, it looks absolutely identical to the main link of the spam. Or maybe that's not so odd after all. If i wanted to get my email address removed from this spammers' list i'd certainly want to deal with the spammers, not some other third party. So why a different domain name? *shrug* Who knows how these spammers think, if they even do think. So in this case it probably is comforting that their respective websites look identical.

Just for completeness' sake, let's do a whois lookup on

Created on: 21-Feb-04
Expires on: 21-Feb-05
Last Updated on: 21-Feb-04

Administrative Contact:
Private, Registration
Domains by Proxy, Inc.
15111 N Hayden Rd., Suite 160
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax --

Well, what a surprise! It's another private registration. Looks like this sender really has a lot to hide.

Now, if we browse to their website, there is an intriguing little link at the bottom of the page that says "Anti Spam". It goes to . It contains this very helpful definition:

Well, this email was certianly unsolicited. We had never heard of this organization before so it is utterly impossible that we had requested this information. Nice of them to admit that they are spamming. And what is their suggested remedy?

Hmmmmm. So why suddenly do we need to address our email to this address? Why don't they handle this directly It's not that we have developed any particular trust for the domain name, but we have just about zero trust that has anything to do with the domain at all. Why should it? Maybe it's a dead address. Maybe it's a live address but belongs to someone completely unrelated. They could be trying to get everyone to send email to this address just to annoy that person. It's been done before.

So, we have an unsolicted email from a company that hides itself, gives no explanation of who they are or how to find them, uses more than one name, gives completely unbelievable contact information, and wants to handle your home financing. Would you trust them?

One more point. Let's compare two of the statements in their antispam page, one of which we've already seen:

Ouch, our brains hurt now. So, if someone receives an email that they did not request, but it contains a way to Opt-out, then it is both spam (by the first statement) and not spam (by the second statement). We guess that this demonstration of illogic pretty much sums up the mental state of an organization that expects anyone to trust their email drivel. toasted spam dot com