The message came from a machine called promailer.prserv.net. Which has the same IP address as www.attbusiness.net. Both domain names are registered to AT&T.
The body of the message contains some evil spammer tricks. Basically, it's made up of a set of links (called imagemap links) to images on remote web pages. It's designed in such a way that, if you open the e-mail and your mail software doesn't have the proper protection in place, the mail software will connect to the remote server to display the images. In the process of connecting, it will send information that can uniquely identify that message. The net upshot is that the spammer can tell it's not only a valid e-mail address, but also that someone's reading the mail there.
OK, so why is an AT&T server advertising spamming services? And why is it fishing for valid e-mail addresses while doing it? Both good questions that I put to AT&T.
I first tried sending to firstname.lastname@example.org. Turns out that address doesn't exist. Now I'm starting to get annoyed enough spend a bit more time on it. Some digging around AT&T's web site turned up email@example.com. I send a message there. A few minutes later, I got a reply summarily closing my trouble ticket:
Wrong answer. One of the few things that'll piss me off more than spam is a company that doesn't care that I've taken the time to investigate and report to them that they, or someone there, is spamming. I next called their 800 number, where they told me to send the message's headers to their Remote Access address, RM-RemoteAccess@ems.att.com, to be appended to the trouble ticket.This is the report of the incident you should receive. Sev: 4 - WarningThank you for taking the time to inform us of this situation.
For Account: aotsmail Incident Number: xxxxxxxxxxxxxxx Status: Closed
However, we cannot take any further action until you provide us with the actual connection logs. These connection logs will include the complete IP address, date, time and time zone associated with the abusive action. Only with this information can we identify the responsible individual.
To find more information on filtering SPAM, please visit
and type the word filter into the search engine.
If you feel we handled this incident improperly or require
assistance providing headers, please call 800-821-4612.
Now we'll see where things go from here. In the meantime, I will either calm down and get back to the work I need to be doing, or I'll start going through the CAN-SPAM act, 15 U.S.C. §§ 7701-7713, to see whether this spam message matches up with federal law.