Hello. Several people have reported one or more jerry.com users as spammers. You're probably here because you plan to do the same. You may even think of issuing a threat like the following:
>This is the only nice attempt at this you will receive. The next step
>won't be as friendly. Unless you want me to make a full time job of seeing
>to your server being shut down. It might take me a very long time but I
>have lots of patience when it comes to this crap. I am willing to devote
>years to putting your server out of business. Is one domain worth that
>kind of potential headache?
The spam mail messages you have been receiving are not originating, passing through, or in any other way connected with our servers. Briefly, the headers are faked. Read http://www.stopspam.org/email/headers/headers.html to learn how to read them. For more detail, read on.
There are two reasons we know the headers are faked.
1) Jerry.com does not have outgoing SMTP services. Jerry.com does not and cannot talk to mail services. Our users use a separate SMTP host which properly identifies itself in its email headers for outgoing mail.
2) Properly configured SMTP servers accept domain identification from the communicant on faith, but they now stamp the headers with the genuine IP addresses of the communicant. Some even do a reverse-dns check and put the result there.
Spam has been coming from:
213.246.66.194 (s066-n194.tele2.cz)
202.103.250.37
198.165.200.87
130.89.235.113 (kabel212117.kabel.utwente.nl)
Some of you have sent messages with incomplete headers; the kind individual who made the above threat didn't bother to include any headers, so I can't track the thing even that far.
Some of you have told me that you have "traced" the email to us. You have not. You have looked at the basic headers, seen "received from Jerry.com (kabel212117.kabel.utwente.nl [130.89.235.113])" or something similar to that, and assumed it was coming from us. In actuality, this line in the headers says "Received from a server identifying itself as Jerry.com but actually coming from 130.89.235.113, or kabel212117.kabel.utwente.nl." When tracing it is important to follow all the steps.
If you would like to learn all the steps to reading headers, you can read http://www.stopspam.org/email/headers/headers.html .
We have taken (from complainants sending in the full headers) numerous IP addresses claiming to be jerry.com and run reverse-dns lookups on them to find the owners of the computers or the ISP which provides them service. The IP addresses belong to numerous people all over the globe, from Canada to Czechoslovakia. We can only assume that some spam distribution software has been distributed with jerry.com as the default falsified response. There is absolutely nothing we can think to do to stop these people from using our name.
Contacting the admins of people listed in headers is no longer an effective means of squashing spam -- the software they use hides their tracks too well. You can support criminal legislation in your country, install spam-filtering software on your server or run it through your email client. These are somewhat effective. My server filter nabs about 40 to 60 spam messages a day coming to the webmaster@slac.com account and the three other established email accounts I own.
Poking through the headers to find the perps is difficult and doesn't really get you anywhere -- whether your message is nicely worded (thanks) or a threat (please at least include your headers). At this point in time going after spammers on an admin-by-admin basis is like trying to cut your lawn with manicure scissors while blindfolded. There's way too much grass and you can't tell where it is anyway.
If you have any other questions I can be reached at webmaster@slac.com. Thank you.
- - John Williams