I received some suspicious email from Fotopedia this week. I wrote about it yesterday. Here’s the short version of the events. I am signed up for Fotopedia (a visual online encyclopedia with user generated content) with a unique email address. I received an email last night from some folks at Fotopedia explaining the situation. We’ve had a good conversation about what might have happened. They sent email newsletters using iContact, and believe they were the victim of iContact’s recent security breach. This all seems plausible to me. I removed the post because it was obvious to me this isn’t malicious.
They sent me some links about the breach.
Suppose the same thing happens to you, what next? Here is what I think you have to do.
- Go public with your customers
- Tell them that their email address has been compromised
- Give users an opportunity to change their email address
- I think you have to move email service providers if for no other reason than PR
This is a tough break that could happen to any sender through no fault of their own. FYI, the email is coming from Bangalore.
I wish Fotopedia luck with this.
Here is the message header and the WHOIS of the real spammer.
Return-Path: <email@example.com> X-Original-To: firstname.lastname@example.org Delivered-To: redacted.com Received: from JGWJVCOG (unknown [126.96.36.199]) by mail.otherinbox.com (Postfix) with ESMTP id AFEC09A0D9; Thu, 15 Jul 2010 04:53:39 +0000 (UTC) Received: from 188.8.131.52 by infogeographics.com; Wed, 14 Jul 2010 21:52:50 -0800 Message-ID: <000d01cb23d9$93f6c6d0$6400a8c0@tiptoes886> From: <email@example.com> To: <firstname.lastname@example.org> Subject: Blowout prices for all our designer wear Date: Wed, 14 Jul 2010 21:52:50 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01CB23D9.93F6C6D0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 184.108.40.206 Whois Information% [whois.apnic.net[Who Is Domain][trace][Reverse DNS Search] node-2] % Whois data copyright terms http://www.apnic.net[Who Is Domain][trace][Reverse DNS Search]/db/dbcopyright.html inetnum: 220.127.116.11[Who Is IP][trace][Reverse IP Search] - 18.104.22.168[Who Is IP][trace][Reverse IP Search] netname: DVOIS-NET descr: D-VoiS Broadband Private Limited descr: Classic Net Network country: IN admin-c: DBPL1-AP tech-c: DBPL1-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-DVOIS-IN changed: [Who Is Domain][trace][Reverse DNS Search]20100203 20100209 source: APNIC role: D-VOIS BROADBAND PRIVATE LIMITED - network adminis address: No. 70, 2nd Floor, 9th Main, H.M.T. Main Road, Mathikere, Bangalore 560054 country: IN phone: +91-80-41137335 fax-no: +91-80-41137335 e-mail: [Who Is Domain][trace][Reverse DNS Search] admin-c: DBPL1-AP tech-c: DBPL1-AP nic-hdl: DBPL1-AP mnt-by: MAINT-DVOIS-IN changed: [Who Is Domain][trace][Reverse DNS Search] 20090506 source: APNIC changed: [Who Is Domain][trace][Reverse DNS Search] 20090506