Spammers List

As informed in our pages, our IDs are being misused by some unscrupulous people for sending SPAM & UCE along with attachments, containing virus. They are sent through various service providers with a false ID or Alias, false 'helo' and false routing and the sender cannot be contacted. The 'helo' is the name of the computer used, when it shakes hand with the server of ISP. Some Spammers appear to be using direct mail programs, bypassing the SMTP server of ISP. Such software is available on the internet. However, they will still need the DNS details of the ISP to access the net for receiving and sending mail and their IP addresses will be logged. We receive the undelivered mail, when the recipient's mail box is unavailable. We have decided to compile the IP address of all such Spammers and publish them for the general public w.e.f March 2005. We take objection when our ID is falsely used, which is illegal and considered as a cyber crime.

We would like to inform all Spammers that on Friday, April 08, 2005, a judgment was delivered in the court of Loudon County, Virginia, USA on a spammer sentencing him to 9 years in jail. A brief mention of the prosecution and judgment is given below:

"Sending of bulk mail by anyone for legitimate commercial purposes is not illegal, as long as there is a genuine removal mechanism in place. Sending of mail using false ID, viruses and the likes, falsifying the routing and disguising the origin is."

S.NO	IP Address	False Helo used	False ID/Alias used	ISP used for spamming
1	[217.113.73.22]	Tinajay.com	Groupmailserver@mmgindia.com	Direct Mailer
2	[60.44.153.224]	local host	shan@mmgindia.com	as above
3	[219.65.110.158]	mmgindia.com	noreply@mmgindia.com	as above
4	(dialup2.utlonline.co.ug [81.199.21.58])	local host	postmaster@mmgindia.com	http://utlonline.co.ug
5	[61.11.90.44]	mmgindia.com	MAILER-DAEMON@mmgindia.com	Direct Mailer
6	[219.65.110.150]	mmgindia.com	MAILER-DAEMON@mmgindia.com	Direct Mailer
7	[61.11.119.29]	mmgindia.com	sandeep_barve@hotmail.com suhasakulkarni@yahoo.com	Direct Mailer
8	[61.80.242.139]	baistore.com	limitedmmguganda@mmgindia.com	mail.altonet.co.za [216.236.177.11]
9	[61.1.98.111]	mmgindia.com	rdemello@pssindia.com fannysydney@rbi.org.in	Direct Mailer
10	[61.1.98.207]	mmgindia.com	umesh.doshi@uniqema.com shpsearch@vsnl.net	Direct Mailer
11	[219.64.159.28]	mmgindia.com	ggovardhan2k@yahoo.co.in	Direct Mailer
12	[61.95.207.12]	dsl-KK-static-012.207.95.61	ipr@mmgindia.com	touchtelindia.net
13	[221.134.201.177]	mmgindia.com	ailkacase@hotmail.com arun_ygi@yahoo.co.in	Direct Mailer
14	[81.199.21.6]	mmgindia.com	MAILER-DAEMON@mmgindia.com	Direct Mailer
15	[61.11.78.7]	mmgindia.com	jeeva_it@yahoo.com srangarajan@srminfotech.com sowmya@6sos.com	Direct Mailer
16	[210.211.246.126]	mmgindia.com	walchandites_2002@yahoogroups.com	Direct Mailer
17	[203.187.210.78]	mmgindia.com	clubbersclub@club.com	Direct Mailer
18	[203.101.70.130]	mmgindia.com	ccarlen@netscape.com pauldboswell@yahoo.com	Direct Mailer
19	[203.187.210.80]	mmgindia.com	1037991314.17915@monterey.triviapop.com	Direct Mailer
20	`[61.11.77.153]`	mmgindia.com	matt@mmgindia.com	Direct Mailer
21	[59.182.43.78]	indiatimes.com	"Power-Web Design"<mmgindia@indiatimes.com>	indiatimes.com
22	(201.255.242.196)	201-255-242-196.mrse.com.ar	admin@mmgindia.com	mrse.com.ar
23	[84.205.213.56 ]	meibu.com	madhavan@madgopes.com	listed in sbl-xbl.spamhaus.org
24	(211.171.125.121)	(HELO ??????.com)	Ipr@mmgindia.com	Unknown (211.171.125.121)
25	`(68.142.202.202)`	mmgindia.com	postman@mmgindia.com	`mta254.mail.mud.yahoo.com`
26	`[86.138.102.14]`	`oem-x28zhdazps5.org`	sales@mmgindia.com	`mx43.stngva01.us.mxservers.net (204.202.242.108)`
27	`[10.202.2.203]`	local host	`qhbmadhavan@mmgindia.com`	`frontend1.internal (mysql-sessions.internal`
28	(64.62.166.104)	local host	groupipr@mmguniversal.com; & <support_num_02@ebay.com>	(221.126.146.10)
29	`(148.6.144.59)`	`(HELO Dealing-internet) (59.144.6.148)`	remove@mmgindia.com office@mmgindia.com	`from btnl-tn-dsl 148.6.144.59.touchtelindia.net`
30	[58.76.182.3]	(helo=70.98.111.54) This is our IP address and a false 'helo'.	"Eva Penn" <madhavan@madgopes.com> This spammer creates false headers and false routing and using a relay service. Has been reported immediately to spamcop.net on January 26, 2006.	X-Originating-IP: 65.154.172.250 by smtp.58.76.182.3; Thu, 26 Jan 2006 05:11:23 -0800
31	(200.63.251.159)	(helo=localhost)	"Pa" <editorial@mmgindia.com>. Reported to spamcop.net	from 159.251.uio.satnet.net; by fotosentuemail.com with SMTP id J85Gz012488274; Tue, 31 Jan 2006 01:24:25 +0000
32	(61.95.191.50)	(HELO= MOHANKUMAR)	"madgopes" <madgopes@mmgindia.com>	Direct Mailer
33	(213.130.49.133)	(HELO= localhost.localdomain) (213.130.49.133)	<ipr@mmguniversal.com>	(196.207.18.214.accesskenya.com [196.207.18.214] (may be forged))
34	(60.163.98.134)	(HELO= mail.2-line.net)	"Angila Marquez" <madhavan@mmgindia.com>	from 128.153.128.2 (SquirrelMail authenticated user asanders@bluebeach-villas.com)
35	[80.240.204.169]	(helo=operator)	madhavan@mmg.name	by mlinzi.africaonline.co.ke with smtp (Exim 4.52 (FreeBSD)) id 1FOuzM-0002cQ-S5
36	(203.133.244.76)	(helo=localhost)	shan@mmgindia.com	from d203133244076.cable.ogaki-tv.ne.jp (HELO entumail.com). Message-Id: <lXvrY6.mailer@localhost>
37	(222.50.43.148)	(helo=localhost)	"Eleanore" <madhavan@mmgindia.com>	by acemailingshop.com with SMTP id J85Gz006570002; Tue, 04 Apr 2006 06:38:46 +0000 Message-Id: <Q2EqDQ.mailer@localhost>
38	[222.119.194.243]	(helo=inflightemail.net)	"Freddie Odonnell" <madhavan@mmg.name>	from 60.37.13.72 (SquirrelMail authenticated user western.ways@bellsouth.net); by inflightemail.net with HTTP id J85Gz030188944; Thu, 13 Apr 2006 03:05:37 +0000 Message-Id: <mWpz07.squirrel@60.37.13.72>
39	[192.168.11.1] [217.21.117.20]	helo=unknown	madgopes@fastmail.fm This spammer appears to be Kenya based using false routing and the false ID that is being used is not available. The undelivered mail are being resolved to the above ID.	byZEDESEN-SERVER.ZEDESENHQ.ZEDESEN.COM with Internet Mail Service (5.5.2653.19) id <2454YFV3>; Wed, 24 May 2006 10:16:42 +0300 fromsmtpout.swiftkenya.com(smtpout.swiftkenya.com [80.240.192.5])by mx2.messagingengine.com (Postfix) with ESMTP id 431B0E2E3for <madgopes@fastmail.fm; Wed, 24 May 2006 03:12:35 -0400 (EDT)
40	[70.184.77.170])	from JIM. COM	"Mmgindia" <mmgindia@mailservice.ms>; Resolved to: mmgindia@mailservice.ms; This spammer is also using the same IP address for sending SPAM under mmg.name false ID	(wsip-70-184-77-170.tc.ph.cox.net; Mon, 5 Jun 2006 17:32:49 -0400 (EDT); SMTP id 794A3471FC; Message-ID: <mkcwldgxxxsxpgcvrwm@mailservice.ms>
41	[61.52.36.221]	(helo=hn.kd.dhcp)	From: "Hilda Hargrove" <madhavan@madgopes.com> Reply-To: "Hilda Hargrove" <madhavan@madgopes.com>	Subject: Do you have life experience? Date: Mon, 10 Jul 2006 07:11:51 -0500 Message-ID: <ytrcsihWNYWSOZmadhavan@madgopes.com>
42	[201.2.86.66]	201-2-86-66.dosce206.dial.brasiltelecom.net.br	"Randolph Burch" <madhavan@madgopes.com>	Subject: How much more would you earn?; Wed, 26 Jul 2006 08:25:40 -0500; SMTP id 1G5iSO-0004sb-La
43	[203.122.12.73]	(helo=drrnayan)	ipr@mmgindia.com	16 Sep 2006 11:16:43 -0000; SMTP id not available; appears to be a direct mailer
44	[58.136.99.231]	(port=0471 helo=p993-adslbkkct1.C.csloxinfo.net)	<hhc@madgopes.com>	p993-adslbkkct1.C.csloxinfo.net, Mon, 25 Sep 2006 17:07:06 +0700; Subject: dacca; X-Attached: image357.gif
45	[83.135.158.43]	"Leonard" <yfollmannmzo@is.tokushima-u.ac.jp>	"Sandee Hayes" <mmg.namemailinglist-request@mmg.name>	from i53879e2b.versanet.de
46	(83.205.135.98)	(port=19364 helo=AMarseille-253-1-16-98.w83-205.abo.wanadoo.fr)	"Alexandra" <faj@mmg.name> & "Angelita" <fantastico@mmg.name>	X-Spam-orig-subject: companion watchmake Date: Thu, 21 Dec 2006 00:41:44 +0100 (EET)
47	(217.96.62.186)	not known	"Obee Ojalehto" <Ojalehtozhaql@mmg.name>	Remote-MTA: DNS; mail.vicrspca.aust.com. Date: Mon, 10 Sep 2007 14:06:49 GMT

All the mail received gets routed through the main gateway to the concerned persons. They are checked for spam content and viruses and if found, get rejected in the gateway, under intimation to us. We have what is called 'Box Trapper' in place. When any mail is received, it will ask for acknowledgement from the sender. If it is a fake address, no reply will be received. Such addresses are shifted to black list. Spam filters are also in place and spams normally get bounced immediately. All mail go through the filters of all the 3 service providers. However, some spammers send mail to publicly known auto responders from fake addresses. The acknowledgement is returned as undelivered. In such cases the bouncing action gets delayed, as filters get confused and do not know what to do. They refer to us with the Bayesian spam score. They have to be manually moved to the blacklist. This does not help much as professional spammers keep changing their fake IDs. We must understand that spammers are highly intelligent, creative and persistent. One spammer found an innovative and novel way of spamming. He or She started filling our guest book, every two hours and every day, with URLs for cheap medicines. We had to delete the guest book. Some spammers use randomly generated tracking codes. You can easily spot it when you find some gibberish in some portion of the mail. Some ISPs are so naive that they send the entire complaint to spammers with tracking codes and reveal the ID of complainant. Some spammers even try to create false headers. It is rather unfortunate that such good qualities are not used properly.

As a policy, we do not use the SMTP facility of local ISPs anywhere. All informatory and commercial mail from us are sent through any of the following SMTP servers of our service providers.

It is very easy to trace where the computer is based. Just go to www.dnsstuff.com and type the IP address in the space provided. It will give you all details of the ISP. The best part of this amazing service is that it is free.

www.mmgindia.com is used for India based prospects and clients. No international communication is sent out using any of mmgindia.com IDs. The IDs of www.mmgkenya.com are used for communicating with our clients and prospects in Kenya. The IDs of www.mmguganda.com are used for communicating with our clients and prospects in Uganda. The DNS and incoming Mail Transfer facility for mmgindia.com, mmguganda.com and mmgkenya.com is provided by www.zoneedit.com from December 2006. They are full fledged domains but hosted as sub domains of www.mmgconsulting.biz. The general communications, of informatory nature, are sent out under mmg.name ID. We maintain country wise and client wise lists for this purpose. All communications are not sent out to everyone in every country. For example, if the matter or event is concerning Uganda, we will send out the communication only to people in the mailing list for Uganda. For more details, please visit our web site www.mmg.name and http://mmg.name/mailinglist.html . The respective web pages contain all technical and legal information.

Some Spammers are sending mail to our general mailing list, which can also be used as a newsgroup. This is despite the specific mention that it is not allowed, either for members or non members, and that they will be blacklisted and barred permanently. They keep changing their IDs. No sweat, we have turned on the auto expiry option and all such messages will expire automatically after 24 hours. We need not visit the control panel to disallow it. To overcome this problem we have become members of www.spamcop.net in January 2006 and will report when our IDs are falsely used or when such Spammers continue to persist. Except for a few ISPs, most ISPs terminate the account of such spammers. Some spammers use the relay service of some irresponsible ISPs. Most of them are known and listed by anti spam organizations like spamhaus.org etc., Relaying means the spammer sends messages from some other IP address, using the relaying facility of such sites. SMTP from remote servers, is possible using mail clients or the web, by authorized users after authentication. In all such cases the originating IP addresses are logged by the SMTP server. The spammers no 30 & 34 listed above are such examples.

If you receive any spam using any of our IDs, please open the mail with all headers and copy the same, including the body, to a new mail and send it to us at: abuse@mmg.name.Do not use 'html' formatting, as far as possible, though it looks good. Turn on 'web bug' protection. This means the images will not load. Spammers use web bugs in images. The 'web bugs' inform the spammer as soon as the mail is opened and the images load. They will know that you have opened their mail and will continue to spam. You can always see the images, if it is from trusted sources, by clicking on a link. Avoid using mail clients which are very vulnerable but convenient and cheap. Always use web mail and preferably IMAP servers but it can be expensive, if you are using a dial up connection. Always use 'text' format though it doesn't look good and sexy. Ensure you reproduce all links in the body. When you are copying and pasting 'html' messages in 'text' format, the links will not appear. Right click on the link and you will get the target. For administrative issues please send mail to the postmaster@mmg.name.

Most of the links will be 'phishing' attempts or non-existent. Phishing also means that the link will be different from what is being displayed. Spammers attempting 'phishing' normally send mail in the name of such reputed sites like 'eBay' or 'Paypal' etc., and try to make it look very authentic and professional. A few such messages were received by us in July 2006 and was supposed to be from Paypal informing that somebody tried to hijack our account. The mail asked for all credit card information and threatened that our account will be suspended, if we do not provide that information. They provided a link which carried us to a site which looked like an exact replica of Paypal site. It was not a secure site. For Paypal site, the term 'https://' appears. We immediately sensed danger, because Paypal does not ask for credit card details by e-mail. This is a 'bait on the hook' for you to bite. Never, ever fall for such baits. Hence, it is called 'Phishing' like we use a bait for catching a fish. However, such messages can be rattling.

Do not bother about tracking codes. Professional spam cops know what to do with them. The various authorities who administer the Internet are equally intelligent and knowledgeable as spammers, if not more. Spammers take advantage of loopholes in law and the communication gap that exists between the various law enforcement agencies.

Please do not open any attachments. Please do not use the forwarding option. It will contain only your headers. Please do not send it as attachment, as it might be construed as spam and rejected. If you are a member of www.spamcop.net, please send it to them. It is a fantastic service. Membership is free, though they also have paid options as low as USD 2 for a 1 MB facility. The advantage is that you can become a 'mole'. Your ID will not be revealed. You can also use the free services of www.bluesecurity.com. This site is very useful, if you use free services like hotmail, yahoo, netscape etc., The tool bar integrates with 'Firefox' browser. It is also useful with most mail clients. Please remember to send it immediately and the spam must be fresh from the proverbial oven. Good ISPs will place restrictions on SMTP by the hour. When bulk e-mail messages are transmitted, there is a sudden surge in band width used and most ISPs servers monitor it by the second. In such cases it is easier to catch them, while they are transmitting. Spammers normally use public terminals like cyber cafes etc., Please help us to fight the spam menace. We reserve our rights to take appropriate action under relevant laws of the land.

As per international convention and protocol on the internet, the IDs, abuse@domainname and postmaster@domainname are always accepted and redirected to the concerned person/s or the web master. However, spamming and UCE to these IDs will entail bouncing of the messages. They are meant for genuine messages only.

Important Note added on August 03, 2006 and additional comments added on September 28, 2006

We have noticed in late July 2006, one spammer sending SPAM using the ID: madhavan@madgopes.com and creating false header with our IP address and the mail resolved to mail.madgopes.com. The headers do not reveal his or her IP address and is shown as 'localhost'. First of all no commercial mail is sent out using any madgopes.com ID from June 2004. We are investigating on this as this a new technique and as to why his or her IP address is not appearing in the headers.

We have completed the investigation with the help of our web hosts. This is possible when some one gets hold of the scripts in the mailing program in the 'php' mailing list. An expert hacker would have been able to scan the files, using remote ftp programs, in the various sub folders and get hold of the scripts. Then, by using the scripts, the spammers can send mail from anywhere and it will be shown as 'localhost' and the IP address will not appear. Obviously, this can only be done by an expert. We are taking necessary action with the assistance of our host to overcome this problem.

This type of spam is originating from China and the most recent details are given below:

person: IPMASTER CHINANET-GD
nic-hdl: IC83-AP
e-mail: ipadm@gddc.com.cn
address: NO.1,RO.DONGYUANHENG,YUEXIUNAN,GUANGZHOU
phone: +86-20-83877223
fax-no: +86-20-83877223
country: CN
changed: ipadm@gddc.com.cn 20040902
mnt-by: MAINT-CHINANET-GD
remarks: IPMASTER is not for spam complaint, please send spam
complaint to abuse@gddc.com.cn
source: APNIC

The above information was provided by the hosts to Madgopes.com - www.bluehost.com - and our grateful acknowledgements to them.

In a recent report on Spamming on the internet by knowledgeable sources, it has been reported that 50% of the spam is originating from Russia, Hong Kong and now China. Many from the West are employing Chinese to do the spamming work or using China based ISPs for spamming. Complaining to the Postmasters does not help and we cannot do much about this problem, as China does not have a developed legal and judicial system for international law enforcement. However, they cannot use our servers for sending spam, though the mail may be ultimately resolved to us, in case of non delivery. Now this is not possible, as it is no longer a 'catch all' facility and will be trapped by the box trapper.

Spammers are people who send UCE. They may also try to send malicious codes embedded in images, viruses, worms and trojans as attachments. They may use ad ware, spy ware, dialers, joke programs, remote access and hack tools. They may use 'web bugs' in images. The spammers sometimes gang up together and launch a 'denial of service' attack on some ISPs from several computers. They are frustrated souls who take vicarious pleasure in harassing and troubling others. Thanks to them, the AV industry is estimated at US $ 8 billion. Spammers are not necessarily hackers, who are far more brainy and intelligent. Hackers are a special breed apart. They have an unique psychological profile. They are like detectives, but with a negative mind set. They look for security vulnerabilities in all programs and operating systems. They are experts and can find chinks in the armor of any new program or operating system in a very short time. They can even take control of large networks from remote locations. They are into bigger things. They generally look for security vulnerabilities, data bases like credit card information, bank account numbers, passwords, mailing lists etc., which can cause havoc in the wrong hands. Since they are expert programmers, they exactly know what and where to look for. If you are running a web site, we advice you to turn your indexes off. The computers despite their large memory, also have to generate database files and scripts for their own information. A British hacker was very severely punished in 2006 by the British Courts, because he took control of the target victims computers remotely, by using spy ware and could read all their files. His target was young teenage girls and he was blackmailing them to do what he wanted.

Most of us think that our passwords are safe. Unfortunately, it is not so, unless you use password generating programs. But the problem is remembering it. The longer the password, more difficult it becomes for hackers. Many people wrongly use their nicknames, birthdays etc., This is the easiest to crack. Never use such passwords. If your mother tongue is not English, we recommend use your mother tongue and convert the alphabets to English. If you are English speaking, than use some foreign languages you know. It will look like gibberish in English. Hackers are generally not spammers, which they consider as a lowly activity. Hackers can be dangerous and are generally lone rangers and very rarely work in groups, because they have king sized egos. However, they do come together for some jobs, where numbers are important. Many software organizations employ former hackers to help them make their products hack proof. This is similar to setting up a thief to catch a thief. It is not a great idea. A professional hacker will never reveal the complete tricks of the trade due to psychological reasons, however reformed he or she may be. He or She will always have something up his or her sleeve. A Leopard never changes its spots. Most brilliant hackers and spammers are below 35. Let us not forget that a new, younger, brainier hacker will come along. However, it must be noted that no program or operating system can be made 100% hack proof. To expect so will be naive, unwise and utopian - Madhavan

A fairly recent technique many spammers have adopted is camouflaging the images as text. Normally, in e-mails the images are shown separately as attachments. These mails will not show any attachments. If you innocently open the mail, instead of the text, the images will start loading. The web bug protection will not be effective in such cases. You just cannot exit or escape. The browser will not close. Hence, all are cautioned not to open any messages received from unknown persons. The Spam cops are winning the small battles but losing the war. The spammers are just one step ahead of them all the time. As far as hacking is concerned, even big companies like Microsoft and Mozilla 'Firefox', have not been very successful with their OS and Browsers. A determined hacker will break into any system. Companies can only make it difficult and harder for him or her.

Most sites use pre designed forms to obtain information to serve their customers and prospects better. The information required can be structured. The spammers have started using these forms. We recommend you turn on the box trapper as it will warn you about contents and one need not open the messages. However, readers are cautioned to be careful in sites where the contents can be publicly edited. Spammers can place invisible forms. Do not use 'auto fill' option and auto save the passwords. It is convenient but dangerous. Though the auto fill options are highlighted and can be done only when you click the button, there is a possibility of the information getting filled unknowingly in the invisible form, if you accidentally click on the page.

Spammer number 47 sent a bulk spam on September 10, 2007 at the time specified in the table. This was noticed by us as we received a large number of undelivered mail on that date as ours was a catch all facility to monitor spam activity. We have turned off the catch all facility in October 2007.

All our incoming mail are routed through 'Postini' Policy Management Services of Google with effect from June 2008.