2 weeks ago I started receiving spam emails.
In the "from" feild is my own email address.
It shows as coming from info * offshoreelectrics.com (I replaced @ with *).

Is it truly coming from there?

Here is the email info. Its all Greek to me :smile:
I replaced @ with * in all instances.


Received: from mx07.gis.net ([208.218.130.51]) by mail.gis.net; Fri, 26 Dec 2008 12:31:24 -0500
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.0-gis (2005-09-13) on
spamassassin2.gis.net
X-Spam-Level: *******
X-Spam-Status: Yes, score=7.1 required=4.5 reject=8.5
tests=HTML_IMAGE_ONLY_04,HTML_MESSAGE,HTML_SHORT_L INK_IMG_1,
MIME_HTML_ONLY,NO_REAL_NAME,URIBL_JP_SURBL version=3.1.0-gis
X-Spam-Report:
* 0.6 NO_REAL_NAME From: does not include a real name
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 2.9 HTML_IMAGE_ONLY_04 BODY: HTML: images with 0-400 bytes of words
* 3.4 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
* [URIs: cluelite.com]
* 0.3 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image
Received: from vps.offshoreelectrics.com ([216.246.63.111]) by mx07.gis.net; Fri, 26 Dec 2008 12:31:17 -0500
Received: from [87.68.127.1] (helo=afbsnet.com)
by vps.offshoreelectrics.com with smtp (Exim 4.69)
(envelope-from <info * offshoreelectrics.com>)
id 1LGGUz-0006rL-Tc
for info * offshoreelectrics.com; Fri, 26 Dec 2008 12:29:25 -0500
To: <info * offshoreelectrics.com>
Subject: [SPAM?] Gain additional centimeters
From: <info * offshoreelectrics.com>
MIME-Version: 1.0
Importance: High
Content-Type: text/html
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps.offshoreelectrics.com
X-AntiAbuse: Original Domain - offshoreelectrics.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - offshoreelectrics.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-Rcpt-To: <stevenv * gis.net>
X-Spam-Prev-Subject: Gain additional centimeters
Message-ID: <123031268401 * mx07.gis.net>
Return-Path: <info * offshoreelectrics.com>
Date: Fri, 26 Dec 2008 12:31:25 -0500
X-DPOP: Version number supressed
X-UIDL: 1230313308.663290
Status: U

You gave yourself a virus man! :rockon2:

There was a virus at some time ago that would send strange e-mails around and even back to you if you were in your address book. I got crap from people that I spoke with and they never sent me anything.

Beats me but looks odd like someone played in your files trying to hack or something like that.

You can try downloading spybot G/L

Actually steve now you mention it i got some of your spam a few weeks ago:doh:
I never thought anything about it i just blocked the sender:frusty:
NO links or anything in the spam though, that was the weird thing. All it wanted was for me to reply for the email, which makes me think it has setup one of those tricks that makes the recipients reply email go to another account(used to be able to do it i've forgotten now).

Tyler.

You should end this sirus (or whatever) soon, it takes up all your bandwidth by sending lots of emails (to you and others)... spybot is a good application to find all the spyware you have and getting rid of it.

my advice to you is... stop with the *!***!***!***!**!!!!
j/k

I spoke to my isp. Its not coming from me. Their logs show no sign of these emails coming from me. They explained to me that spammers are using the email address in the from field, so clients can not add it to their "spam" blocked email list. If so they will get no emails at all.

Steven, this is typical. When I, as a webmaster, place email addresses on the web, I always put it in a picture without an active link. This will take care of 99% of the harvesting of emails.

What happens is, a bot searches the web and pulls email addresses. They also use domain names. Once they have the email address or domain name, they will send out blanket emails to everyone on their list. This list will of course, includes your own email and thus, you receive the message. The email appears to come from you, because they have added your domain name to their email server (for emailing purposes).

If you take the originating IP address and search for it at Project HoneyPot (http://projecthoneypot.org/), you'll find the originating party. Again, since you were subject to the forum attach a while ago, I would recommend participating. This is the easiest and low-cost way to shut this particular harvester down before its picked up by another. Plus, it will help to keep you off of the gray lists for other email servers.

Let me know if I can help further or shed any other light. :)

For the record...

I don't consider myself "smart" or "web savvy"

I merely am sharing the knowledge I've attained over the years.
Thanks for letting me clear that up, LOL!