Perez Hilton - Spammer and a bad one at that

I have my e-mail for matthewmiller.net forwarded to my Gmail account. When I opened my e-mail this morning I found two messages from Perez Hilton perez@perezhilton.com. My familiarity with the name "Perez Hilton" extended to "Wait, isn't that the attention whore Blogger who chose a stage name similar to 'Paris Hilton'?"

The subject line was the next thing that caught my attention. "Here is your personal information we have on file". I was surprised this drek got through the Gmail Spam filter, as it's usually pretty good about purging messages that look like Phising attempts, particularly lame, transparent ones such as this.

I expected Spam, but opened the first e-mail anyway. Sure enough I found a pitch to buy crap, and the text:

You're receiving this message because you may have joined my newsletter If you do not wish to receive these special updates then please edit your email preferences.

I have a few issues with this block of text:

First, I never subscribed to the Perez Hilton newsletter, nor would I. I enjoy well written, well acted and well conceived movies, which means 95% of Hollywood's output holds no interest for me. The occasional Hollywood story that floats to the surface of Digg.com more than satiates any Hollywood interest I may have.

Second, the block of text contains no actual unsubscribe information, just the vague advice to "edit your email preferences." Legitimate firms generally include clear, concise unsubscribe data at the footer of their newsletters. For example, the versiontracker.com newsletter includes a link to the Privacy Policy followed by the text:

About This Email:
You are receiving this email at [Redacted] based on your VersionTracker or MacFixIt email preferences.

To unsubscribe or change your email preferences, visit http://www.versiontracker.com/account/emailSettings.php while logged in or login at http://www.versiontracker.com and go to My Account > Email Settings

Contact Us:
For further assistance email us at http://support.versiontracker.com or:
CNET TechTracker, 55 SW Yamhill, 3rd floor, Portland, OR 97204

Notice the difference?

I opened the second e-mail and saw that it was not only a duplicate of the first, but was sent to the exact same address. This is another red flag, as it generally means that their subscription software is faulty, or the "subscribers" really are just harvested e-mail addresses being processed by a Spammer.

I decided to see if Perez actually provides a way to unsubscribe from this garbage, so I directed my web browser at perezhilton.com. While I found a few "Advertise here" links there was nothing resembling an "unsubscribe." There wasn't even a link or form letting you subscribe. I'd already suspected that this was just Spam spewed at harvested addresses and the lack of any newsletter information on the site only strengthened that belief.

The closest thing to an unsubscribe I found was a vague "Other Technical Problems" link which linked to "support (at) pressflex.hu" I was tempted to e-mail this alleged support address, but decided against it. Everything about the site smelled of shady shenanigans and Spam.

I decided to check out pressflex.hu and was unsurprised when the only content at their site was a Placeholder page and a link to abuse.net. Upon seeing this I decided to report the Spam to Spamcop. I haven't used the site much since forwarding all my messages through Gmail, but those that escape the Spam filter get sent to Spamcop.

Finally, I did a quick search through Gmail's Spam folder, and found yet a THIRD message identical to the other two, all of them sent within a two hour time span.

Finally, I'd like to present the headers from one of the Spam messages for your amusement. Notice that Google's SPF check failed. dns-solutions.net is the hosting provider for matthewmiller.net. Notice that the Message-ID ends with @yahoo.com and the header claims that the message was sent using Outlook Express. You'd have to be running a pretty piss-poor shop to see Outlook Express as the best option for sending out a large newsletter. My suspicion is that whatever bulk mailer they WERE using just identifies itself as Outlook Express. The other option is that whoever wrote the bulk mail program used by the Spammer honestly can't figure out how to connect to an SMTP server. Writing the messages to an EML file was the best he or she could do.

Delivered-To: [Redacted]
Received: by 10.142.52.18 with SMTP id z18cs428652wfz;
Wed, 12 Dec 2007 03:17:56 -0800 (PST)
Received: by 10.100.207.5 with SMTP id e5mr1208228ang.69.1197458275933;
Wed, 12 Dec 2007 03:17:55 -0800 (PST)
Received-SPF: fail (google.com: domain of perez@perezhilton.com does not designate as permitted sender)
Received: by 10.34.253.29 with POP3 id a29mf113399pyi.4;
Wed, 12 Dec 2007 03:17:55 -0800 (PST)
X-Gmail-Fetch-Info: [Redacted]
Return-Path:
Delivered-To: [redacted]
Received: (qmail 90583 invoked from network); 12 Dec 2007 11:05:45 -0000
Received: from unknown (HELO 192.168.0.1) (61.9.217.58)
by mail-da-1.dns-solutions.net - 61.9.217.58 with SMTP; 12 Dec 2007 11:05:45 -0000
Received: from 188.66.110.68 by ; Wed, 12 Dec 2007 12:07:19 +0100
Message-ID:
From: "Perez Hilton"
Reply-To: "Perez Hilton"
To: [Redacted]
Subject: Here is your personal information we have on file.
Date: Wed, 12 Dec 2007 15:07:19 +0400
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--6114072670274832"
X-Priority: 3
X-MSMail-Priority: Normal