August 08, 2004

Boss Was hI-JACKED Curious George, I can't post a link. I work for the presiding judge in a large jurisiction. In the past few months we have been getting complaints that he is sending spam to members of prominent law firms.

I have been told that his email address has been "spoofed" and there's nothing to be done. When it was the Nigerians emailing and calling, it was kind of funny. Then came the obscene links sent out to local law firms. Now it's timeshares. Then "business opportunities." He thinks it's a joke. He thinks it's an old law partner playing tricks. I think it's a stalker. Is it true -- can nothing be done, as I am told by IS?

posted by cynnbad 20 years ago
  • I suppose he could use some sort of digital signature, eg PGP. Mind you, then everyone he corresponds with would have to verify the signature in order for it to be useful. Not to mention everyone else who gets spammed. (See When PGP signatures can be misleading.)
  • You can look in the headers of the messages and see from where they're originating. If it is, in fact, just someone he knows playing a joke then chances are good that it would be originating from a local ISP and you could file a complaint with said ISP. More than likely, though, it's just some spammer who happened to pick his address randomly as the "From" address. I've had it happen with my address on a couple of occasions. I usually find out when I get a hundred or so bounced messages from AOL accounts that no longer exist. If it's a spammer (or someone who's fairly Internet savvy) then the e-mails are probably coming through an open mail server, in which case.. yeah, you're pretty much screwed.
  • Couldn't change his email address, and let his trusted contacts know?
  • It's true. Nothing can be done. It's no-one he knows. When you get complaints, the thing to do is to remind people that the from address on spam is no more trustworthy than the content of the message. There are things you can do to keep addresses from getting on these lists, like not posting email addresses on the web verbatim, but once it happens, you can't put the genie back in the bottle. However, no matter what precautions you take, sooner or later, some moron will open an email harvesting virus, and everyone in their address book gets a free induction to the wonders of direct digital marketing, and the only thing left for you to do is to write an angry letter to microsoft.
  • I second PGP. Anyone in a situation where their identity is important should use it.
  • Thanks for the good advice, all. Path, he refuses to change his email address because it would be "too much trouble" to notify his million-plus contacts. He uses email constantly. I suspect the perp is somebody he pissed off (you know, sentenced to jail), and I'm concerned that this could escalate. The district attorney computer crime guy told me these attacks are routed through another country, and has suggested the digital signature. I guess I'll just have to hope for the best (I'm the one who takes the angry and intrusive calls) and hope that something doesn't happen for which he might be legally liable. The spam that was going to other attorneys was to hard-core porn sites. Sigh.
  • this happens all the time to anyone who owns a domain. next?
  • Thx for the 411, quonsar.edu.
  • no problemo. have a toke off this here 420, law.biz!
  • cynnbad - are the million plus really current? Well, never mind, 'cause if he won't change it I guess he has to live with the consequences.
  • heheheh. err, i mean yes PGP. Learning curve, etc. but should be standard practice.