Gordon v. Virtumundo Inc et al
Filing
70
DECLARATION of Roger Townsend filed by Defendants Virtumundo Inc, Adknowledge Inc, Scott Lynn re 69 MOTION to Compel Discovery (Attachments: # 1 Exhibit A1 - Lynns First Interrogatories to Gordon# 2 Exhibit A2 - Lynns First Interrogatories to Omni# 3 Exhibit B - Discovery Responses# 4 Exhibit C - Letter from Plaintiff re First Supp Discovery Respnses# 5 Exhibit D - Virtumundo's First set of Interrogaotires and Requests for Production to Gordon# 6 Exhibit E - Plaintiff's Purported Email Analysis# 7 Exhibit F - Purported Legend re Email Analysis# 8 Exhibit G - Letter to Plaintiff's Counsel re "Meet and Confer"# 9 Exhibit H - Transcript of "Meet and Confer" at Deposition)(Newman, Derek)
<![CDATA[
Gordon v. Virtumundo Inc et al
Doc. 70 Att. 7
Case 2:06-cv-00204-JCC
Document 70-8
Filed 12/21/2006
Page 1 of 6
EXHIBIT F
Dockets.Justia.com
Case 2:06-cv-00204-JCC
Document 70-8
Filed 12/21/2006
Page 2 of 6
Normal or Valid "Transport Path" Protocol (Visualware) Note: Page 1-2 represent our first "test" of whether the email is normal or valid. For tracking purposes, we are most interested in the "from" and "by" tokens in the Received header field. In general, you are looking for a pattern similar to: Received: from BBB (dns-name [ip-address]) by AAA ... Received: from CCC (dns-name [ip-address]) by BBB ... Received: from DDD (dns-name [ip-address]) by CCC ... In other words, mail server AAA received the email from BBB and provides as much information about BBB, including the IP Address BBB used to connect to AAA. This patterns repeats itself on each Received line. The syntax of the "from" token most times looks like: name (dns-name [ip-address]) Where: name is the name the computer has named itself. Most of the time we never look at this name because it can be intentionally misnamed in an attempt to foil your tracking (but it may leak the windows computer name). dns-name is the reverse dns lookup on the ip-address. ip-address is the ip-address of the computer used to connect to the mail server that generated this Received header line. So, the ip-address is gold to us for tracking purposes. The "by" token syntax just provides us with the name that the mail server gives itself. But since the last mail server could be under the control of a spammer, we should not trust this name. So, what is crucial for tracking, is to pay attention to the trail of ip-address in the from tokens and not necessarily the host name provided to us in the by tokens.
1
Case 2:06-cv-00204-JCC
Document 70-8
Filed 12/21/2006
Page 3 of 6
The following is an example of what a full email header should look like: (University of Alberta, Canada) Return-Path: <bob@mysecretdomain.com> Received: from pilsener.srv.ualberta.ca (pilsener.srv.ualberta.ca [129.128.5.19]) by maildrop.srv.ualberta.ca (8.11.6/8.11.6) with ESMTP id g58MnCB04234 for <spam@maildrop.srv.ualberta.ca>; Sat, 8 Jun 2002 16:49:12 -0600 (MDT) Received: from caerulus.cerintha.com (caerulus.cerintha.com[207.18.92.26]) by pilsener.srv.ualberta.ca (8.11.6/8.11.1) with ESMTP id g58MnB215516 for <spam@ualberta.ca>; Sat, 8 Jun 2002 16:49:12 -0600 (MDT) Received: from jack (host123.mynetwatchman.com [64.238.113.123]) by caerulus.cerintha.com (8.11.3/8.11.3) with SMTP id g58Mn0f74476; Sat, 8 Jun 2002 18:49:01 -0400 (EDT) Message-Id:<200209.g58Mn04476@caerulus.cerintha.com> From: guesswhoiam <bob@mysecretdomain.com> To: "spam@ualberta.ca" <spam@ualberta.ca> Date: Sat, 8 Jun 2002 18:49 -0500 X-MSMail-Priority: Normal X-mailer: AspMail 4.0 4.03 (SMT41F290F) Subject: I'm Sending You Spam Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit ------------------------------------------------------------------I trust that the reader is not color-blind as the color-coding symbolizes the pairing of information from one header (`by' token) or received line to the next (`from' token) --- if there were 10 received the same pattern would appear the "by" token hand-off to the "from" token above it.
Note: This email which is analyzed below does not conform to typical email protocol (above) as a result, errors and omissions ensue (highlighted, below). IP addresses and host names are missing, tokens "from" and "by" are missing, the times in terms of GMT "0000" may be OK for noncommercial purposes but serve to obfuscate the location of the "commercial" spammer, in question.
2
Case 2:06-cv-00204-JCC
Document 70-8
Filed 12/21/2006
Page 4 of 6
An Actual Email Analysis
===Analysis=============================================================== From: IP address 64.125.87.239, host name 'mx-ny239.alpha-ny2.mailsvrbsm.net'. Location: 'Sacramento, CA, USA' - For a detailed geographic trace, run VisualRoute. Mailer: The sender used 'MOM Agent (v.6.5.920722)' to send the e-mail. Received Headers: DNS reports 'unknown' is not a known host name. in R3 (E11). Mandatory 'from' field is missing in R4 (E14). eMailTrackerPro (tm) 4.0a (build 1128) - update ===Received Headers (from you to sender)======================================== R1: (unknown) - 10 Jan 2005 15:16:28 -0000 (qmail 21898 invoked by uid 10003) R2: (unknown) - 10 Jan 2005 15:16:28 -0000 (qmail 21893 invoked from network) R3: 64.125.87.239 - 10 Jan 2005 15:16:28 -0000 from unknown (HELO mx-ny239.blue-mx04.net) (64.125.87.239) by ns48.webmasters.com with SMTP R4: (unknown) - Mon, 10 Jan 2005 06:29:45 -0800 (envelope-from <Control-975-65920722Asc@clientca mpaign2.com>) by mx-ny239.blue-mx04.net id hsa8m006574p R5: (unknown) - Mon, 10 Jan 2005 06:29:45 -0800 from ALPHA-NY.BLUESTREAMMEDIA.COM by BSMgateway.1104737 (ver.3.3.89) with ESMTP id mid65920722.msg for <lynkstation@gordonworks.com> ===All e-mail Internet Headers================================================== X-Persona: <spam> Return-Path: <control-975-65920722-asc@clientcampaign2.com> Delivered-To: virtual-gordonworks_com-spam@gordonworks.com Received: (qmail 21898 invoked by uid 10003); 10 Jan 2005 15:16:28 -0000 Received: (qmail 21893 invoked from network); 10 Jan 2005 15:16:28 -0000 Received: from unknown (HELO mx-ny239.blue-mx04.net) (64.125.87.239) by ns48.webmasters.com with SMTP; 10 Jan 2005 15:16:28 -0000 Received: by mx-ny239.blue-mx04.net id hsa8m006574p; Mon, 10 Jan 2005 06:29:45 -0800 (envelopefrom <Control-975-65920722-Asc@clientcampaign2.com>) Received: from ALPHA-NY.BLUESTREAMMEDIA.COM by BSMgateway.1104737 (ver.3.3.89) with ESMTP id mid65920722.msg for <lynkstation@gordonworks.com>; Mon, 10 Jan 2005 06:29:45 -0800 Date: Mon, 10 Jan 2005 06:29:45 -0800 From: "Active Speed" <Control-975-65920722-Asc@clientcampaign2.com> To: "Online Consumer" <lynkstation@gordonworks.com> Reply-To: <rmvme-please@clientcampaign2.com> Subject: Test your internet connection speed lynkstation Message-ID: <65920722.100105062940.975@CLIENTCAMPAIGN2.COM> X-envid: 65920722 X-Mailer: MOM Agent (v.6.5.920722) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--65920722_abJan975" X-Spam-Filter: F3_Unwanted_To_Address: lynkstation@gordonworks.com
3
Case 2:06-cv-00204-JCC
Document 70-8
Filed 12/21/2006
Page 5 of 6
The Legend for Email Analysis
===Analysis=============================================================== From: IP address 64.125.87.239, host name 'mx-ny239.alpha-ny2.mailsvrbsm.net'. Location: 'Sacramento, CA, USA' - For a detailed geographic trace, run VisualRoute. Mailer: The sender used 'MOM Agent (v.6.5.920722)' to send the e-mail. Received Headers: DNS reports 'unknown' is not a known host name. in R3 (E11). Mandatory 'from' field is missing in R4 (E14). eMailTrackerPro (tm) 4.0a (build 1128) update ===Received Headers (from you to sender)======================================== R1: (unknown) - 10 Jan 2005 15:16:28 -0000 (qmail 21898 invoked by uid 10003)
[R-number : ] [this received line (destination computer) has no IP address or host name/domain to identify receiving computer] [GMT denotes server in a foreign time zone ]
R2: (unknown) - 10 Jan 2005 15:16:28 -0000 (qmail 21893 invoked from network)
[R-number : ] this received line has no IP address or host name/domain to identify receiving computer] [GMT denotes server in a foreign time zone ]
R3: 64.125.87.239 - 10 Jan 2005 15:16:28 -0000 from unknown (HELO mx-ny239.blue-mx04.net) (64.125.87.239) by ns48.webmasters.com with SMTP
The IP address does not match host name which is highlighted bold, red and yellow markings may mean that the domain is used w/o permission [GMT denotes server in a foreign time zone ] [can not be point of origin, if 2 computers precede it]
R4: (unknown) - Mon, 10 Jan 2005 06:29:45 -0800 (envelope-from <Control-975-65920722Asc@clientca mpaign2.com>) by mx-ny239.blue-mx04.net id hsa8m006574p
[R-number : ] this received line has no IP address or host name/domain to identify receiving computer] [GMT denotes server in a Pacific time zone]
4
Case 2:06-cv-00204-JCC
Document 70-8
Filed 12/21/2006
Page 6 of 6
R5: (unknown) - Mon, 10 Jan 2005 06:29:45 -0800 from ALPHA-NY.BLUESTREAMMEDIA.COM by BSMgateway.1104737 (ver.3.3.89) with ESMTP id mid65920722.msg for lynkstation@gordonworks.com
[R-number : ] this received line has no IP address to identify receiving computer] The bottom-most R-number: denotes the point of origin of the email. [GMT denotes server in a Pacific time zone]
===All e-mail Internet Headers================================================== X-Persona: <spam> Return-Path: <control-975-65920722-asc@clientcampaign2.com> Delivered-To: virtual-gordonworks_com-spam@gordonworks.com Received: (qmail 21898 invoked by uid 10003); 10 Jan 2005 15:16:28 -0000 Received: (qmail 21893 invoked from network); 10 Jan 2005 15:16:28 -0000 Received: from unknown (HELO mx-ny239.blue-mx04.net) (64.125.87.239) by ns48.webmasters.com with SMTP; 10 Jan 2005 15:16:28 -0000 Received: by mx-ny239.blue-mx04.net id hsa8m006574p; Mon, 10 Jan 2005 06:29:45 -0800 (envelopefrom <Control-975-65920722-Asc@clientcampaign2.com>) Received: from ALPHA-NY.BLUESTREAMMEDIA.COM by BSMgateway.1104737 (ver.3.3.89) with ESMTP id mid65920722.msg for <lynkstation@gordonworks.com>; Mon, 10 Jan 2005 06:29:45 -0800 Date: Mon, 10 Jan 2005 06:29:45 -0800 From: "Active Speed" Control-975-65920722-Asc@clientcampaign2.com
The "from" field represents an alias a tool, which allows a sender to misrepresent her, his, or its identity.
To: "Online Consumer" lynkstation@gordonworks.com
When the "To:" field features a "gordonworks.com" email address, this indicates the domain was used without my permission.
Reply-To: <rmvme-please@clientcampaign2.com> Subject: Test your internet connection speed lynkstation
When the subject line is highlighted it represents a misleading subject line
Message-ID: <65920722.100105062940.975@CLIENTCAMPAIGN2.COM> X-envid: 65920722 X-Mailer: MOM Agent (v.6.5.920722) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--65920722_abJan975" X-Spam-Filter: F3_Unwanted_To_Address: lynkstation@gordonworks.com
5
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
