Yes, the bounces I am getting are about stocks and shares. I was sent a few myself a few days before I started getting bounces, but I never replied to any.
Some of the bounces I am getting also return a copy of the original email sent from the spammer. This is the header information for one of the latest received with my real domain name replaced by mydomainname.co.uk
Quote:
Return-Path: <nelc@mydomainname.co.uk>
Received: by ctcgw.ctc-g.co.jp (CTC-GN mail 12/05/03) id k94A0nfr021955; Wed, 4 Oct 2006 19:00:50 +0900 (JST)
Received: by mx.ctc-g.co.jp (CTC-GN mail 12/05/03) id k94A0ilO024669; Wed, 4 Oct 2006 19:00:48 +0900 (JST)
Received: (qmail 21560 invoked from network); Wed, 4 Oct 2006 06:04:23 -0400
Received: from unknown (HELO 24.239.61.231) (24.239.61.231)
by dynamic-acs-24-239-192-181.zoominternet.net with SMTP; Wed, 4 Oct 2006 06:04:23 -0400
Message-ID: <45238649.6070100@mydomainname.co.uk>
Date: Wed, 4 Oct 2006 06:00:41 -0400
From: Benny Hester <nelc@mydomainname.co.uk>
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
MIME-Version: 1.0
To: matsuzawa@ctc-g.co.jp
Subject: mythology
Content-Type: multipart/related;
boundary="------------000600090708000701030302"
|
Can anyone make sense of this?
From what I understand, the sender is this line:
Quote:
Received: from unknown (HELO 24.239.61.231) (24.239.61.231)
by dynamic-acs-24-239-192-181.zoominternet.net with SMTP; Wed, 4 Oct 2006 06:04:23 -0400
|
The zoominternet.net domain resolves to
http://www.armstrongmywire.com which seems to be a web portal for an Internet company in the US much like NTL's web portal site, so it looks like they are an ISP. As yet, despite having trawled around their site, I cannot find any contact information for them.
However, having looked at the headers in a few of the other bounces I have received, they list what look to be other sources, so I guess the spammer is cloaking the real identity of their ISP.