Thursday, July 10, 2003

Viruses and Customer Service

After ordering a computer from Alvio, I got an email virus that looks like it came from them. Herein lies documentation of my attempts to communicate with them about it. 


  1. This is a pretty well known virus that has been doing the rounds.

    What the guy from Alvio has totally failed to get is that the way the virus works is that it selects *pairs* of email addresses from the victim's address book. It uses one as the "To:" address, but uses the other to form a spoofed "From:" address. The fact that this was completely and obviously what happened, given that Craig used a one-time-email-address here is undeniable, but there's more.

    Craig was kind enough to send me the original SMTP headers for this email. They started:

    Received: from ([]) for <> with MailEnable Catch-All Filter; Mon, 07 Jul 2003 12:39:47 -0400
    Received: from NICK ([]) by with MailEnable ESMTP; Mon, 07 Jul 2003 12:39:46 -0400
    From: &>
    To: <> Subject: Re: Application Date: Mon, 7 Jul 2003 0:25:02 --0400 Importance: Normal
    To: Subject: Re: Application

    As Igor says, the email appears to be from However, note that it was delivered from a machine whose IP address is

    If we look up Alvio's MX records in DNS, we find this: MX preference = 0, mail exchanger = internet address =

    Lo and behold, if the email wasn't sent from Alvio's mail server...

    So Igor's looking pretty foolish right now.

  2. Schneier had an interesting take (from the other side) of unique email addresses and spammers. Seems like it'd be better to use very long, random names for unique email addys:

  3. Yep, I read that. I can't say that in this case the benefit outweighs the cost.