The Story of "Nadine" -- A Tale of Mailing Lists

The Post-delivere/MatchLogic Late Comers:  New Hogs At the Trough

How the list[s] containing Nadine's supposed email address propagated from here on is a matter of conjecture.  None of the items received from this point on mention any of the original culprits.  It may be that financial challenges accompanying the general bursting of the net.fantasyland bubble caused fire sales of various magnitudes.

First amongst the new gathering shadows was Ombra Marketing Corp., who began to bombard Nadine with a variety of offers on 18 April, 2001.  They sent an average of four blasts per month.  They are currently in the local deny lists, and are discussed in a number of other areas of the World Wide Web, for example here.

itsImazing:  Is It a Threat or Merely a Menace?

Cometh now the " Network" by and through its first spewer, (apparently)  Especially touching are the parts that thank Nadine for "registering at", proclaiming that these valuable messages will only infest the mailboxes of those "...who have specifically requested or agreed to receive our special offers...".  Who can imagine the spewage that might occur should the senders be minded to send their stuff to just any old address?  (NOTE:  on 13 December 2001 I personally began receiving itsImazing spew from, directed to an address used only for registering Palm Pilot software.  Time to update the deny list.)

Rumors on various anti-spam forums were that the "ted2" operation encountered some difficulties in maintaining its network connectivity.  This is plausible, because subsequent detritus has issued from and TargitMail (see below).  We did get one subsequent delivery attempt from on 21 December 2001. are currently in the local block list, but these stout-hearted troupers were not dismayed by this minor contretemps -- until 16-Jan-2002 they continued to exhibit earnest hope that eventually I would let them back in to molest Nadine.


Meanwhile, the itsImazing menagerie continues to expand, with making its long-expected arrival on 23 December 2001.  itsImazing appears also to have attempted to sneak in on 27 December 2001 through the facilities of  On 17 Jan 2002, PO-1.COM began their spew on behalf of itsImazing.

On 20-Feb-2002 Nadine heard from  Oh joy.  Yet another threat of more "exciting promotional offers".

On 18-Apr-2002 23:53 exactis joins the ranks of the Imazing spewificators.

Without a helpful local deny list, Nadine would be receiving several itsImazing announcements per day.  Imazingly prolific and persistent folks.

The Grouplotto Flood

On the same day as the first itsImazing blast came not one but two vital messages from "Grouplotto", sent from  This was just the nose of the camel, as more than thirty messages containing the string "grouplotto" arrived between that date and 12 December 2001.  (This does not take into account the ones that would have arrived had the senders not been blocked.)

Grouplotto are apparently more resourceful than some of the other contenders, since they appear to share their databases amongst an agglomeration of senders with diverse offerings (although itsImazing definitely gives them some crushing competition here).

Senders and product types identified so far include:

All of the senders above are in the local deny list, so there may be other valuable commodities on offer that Nadine will never hear about, at least not from the Grouplotto Borg. made multiple tries nearly every day until 13-Feb-2002. tried a little less frequently and apparently gave up after 26-Jan-2002.

Miss Cleo's Psychic Insight Blows a Fuse

The GroupLotto product singled out for special treatment was a series of breathlessly vital disclosures from Miss Cleo.

She Who Knows All was so convinced of Nadine's existence that she took the trouble to send a personal note.  A short time later, apparently unfazed by the lack of response, Miss Cleo sent another enticing missive.

Perhaps the puzzling lack of response (should we assume that psychics can be puzzled?) led Miss Cleo to send a poorly formatted rerun of Message Two, this time through rather than

Who can fathom the mysterious ways of the Gifted?  Gumshoes in Florida, perhaps?

TargitMail (GTMI, Walt Rines)

Here we have a true relic of the rip-roaring early days of unsolicited broadcast email.  I will make no comments, other than to suggest that the reader who wants to know more may submit the strings "Walt Rines", "IEMMC" and "picklejar" to and especially to Google's Usenet Newsgroup search engine, looking in the* groups.

TargitMail began sending itsImazing stuff from various tm0[digit].net addresses on 28 November 2001, beginning with  They subsequently have sent from, and as well.  All of these domains are in the deny list.  They made their last successful delivery on 09 Jan 2002 with a nice itsImazing offer of great deals from Fingerhut, sent from the heretofore-not-blocked  They were last seen in the server logs on 09 Feb 2002.

As uninvited spewers go, is pretty unremarkable.  They first showed up on 9 November 2001 and managed to blap in 17 messages before I finally blocked them.  Like most of the others, however, being rejected with a "553 Depart Ye Cursed Spammers" message initially did not impress their infrastructure.

They appeared to have given up after 22 Dec 2001, but then something arrived from the Scott Hirsch operation claiming to be an advertisement for stuff from Sears.,

On 28 November 2001 began sending touts for ImazingOffers, winfreestuff, ItsAllAboutGreatOffers, Chase Manhattan Bank, gambling and college scholarships.  Five messages in three days caused them immediate admission to the elite ranks of the blocked.

There is reason to believe that this was not the only list they have ended up in, as they changed IP blocks and reappeared as, managing to slip two more in on 12 December before I noticed and updated their listing.  Like so many others, they tried frequently for quite a spell.

02-Feb-2002:  They are now using a new envelope sender,

11-Feb-2002:  This time they have decided to abandon even the pretense of using a valid envelope sender, and claim to be something "@bounce.37.121.144".  This would appear to be a seriously dim move, given the number of systems that now refuse mail from an invalid envelope sender.  But then, the whole operation seems to be characterised by a significant lack of wattage.

This player sent the usual "thanks for signing up with us" note in late November, 2001.  I am personally fascinated by the "if you don't opt out, you have agreed to our terms" bit.  I'm also somewhat intrigued by their "This message is not intended for anybody living in a state that has an anti-spam law" clause.  What do you suppose that means?

They went into the bozo bin after the third blast on 04 Dec 2001 and were last heard from on 06 Feb 2002.,

Before joining the Chorus of the Banned, this domain pair sent Nadine four "" adverts, beginning with this one, in which the senders claim that Nadine visited their web site and entered a sweepstakes.

I suppose it is indeed possible that the real "Nadine" was still giving out the same wrong email address 613 days after committing the first error.  Personally, I have confidence that she would by this time have noticed that nobody ever responded (at least not in a way that she could observe).

After a long hiatus, they made another attempt on 11-Jan-2002.

ROI1.NET (Img Direct)

Their first one is a keeper:  entirely HTML, work-from-home opportunity, web tracking bugs.  Plucky though blocked, they kept trying until 11 Feb 2002.,, (Optin Inc)

The first piece is an IMPORTANT NOTICE reminding Nadine that "per our TOS (Terms of Service), you wisely agreed to receive third party promotions from our network's preferred affiliates".  I was so overawed by a mention of Terms of Service from this well-known Florida operation that I somehow managed to leave the web bug in while trimming the HTML portion.

A few days later, two copies of a "Confirmation" arrived, identical except that the second one fails to mention "Custom Offers".  Perhaps I was too hasty in blocking and missed all of the valuable information about Nadine's voluntary subscription to this wonderful service.  Life has its unexpected setbacks.

Nadine received one message and a couple of subsequent blocked delivery attempts originating from this domain.  A responsible party from this domain contacted me personally, and I responded to his request for the details of the messages sent to Nadine.  Being convinced that was making a determined effort to adopt the most effective list management practices, I removed the IP and envelope sender blocks against

Unfortunately, a few months down the road, they came back for another try.  So, back into the deny list they go.

This message was surprising and profoundly disappointing.  I had been led to believe that were rather strict in their list verification standards.  If they would like help in diagnosing the point of failure, I'll be happy to assist.  Unfortunately they were still trying to deliver email as of 14-Feb-2002, despite numerous rejections (and several visits to this page from topica's corporate IP space).

The list is sold yet again.  On 19 December comes an advert apparently for REI sent by on behalf of  Visiting the link, however, just gets you to, with no obvious REI involvement.  What a tangled web.

This sender has made a sufficient number of subsequent attempts after being blocked to rate their own reject log page.

Later on in the piece (30-Jan-2002), we find that their erstwhile client,, has decided to take things into their own hands and do their own polluting of the general netspace.  (Or, perhaps, the two entities are really joined at the hip.  Who can fathom these mysteries without buying a programme from a passing vendor?)

Postmaster General (

This sender's customer at least doesn't bother to try the "thanks for signing up at our web site" prevarication or the "you visited a 'marketing partner' and requested drivel" pretense.  The lack of HTML is also a redeeming feature. was added to the parade of unwelcome intruders, and they hammered away until 02-Jan-2002.  I removed them from the deny list on 15-Jan-2002 after having a conversation with the Mindshare Design Standards & Practices people, who convinced me that changes are afoot at pm0.  If this turns out to have been an incorrect impression, I will note it here.

Bigfoot Interactive (

I've always been fascinated by a "this message is confidential -- don't do like we did and send it to a completely unrelated party" clause in email and FAX messages.  What exactly does the sending party in this case have to hide, might one ask? /

Here is an organism that claims that somebody who doesn't exist went to a web site (the same one the itsImazing folks claim she visited) and gave permission for them to send bunches of advertising.

What makes this all the more fascinating is that somebody from Virtumundo apparently visited us here a few hours before the spam started.

Scott Hirsch (,, eDirectNetwork,

This submission arrived in the wee hours of 30 December 2001.  These notes were originally slotted to appear in the "Spamming Scum" section, in view of eDirectNetwork's colorful history of adding unwilling participants to its list of targets for valuable offers.  Upon reflection, I decided that eDirectNetwork meets many but not all of the criteria set forth there -- at least, not recently.  So, eDirectNetwork joins the other Florida operations here in the slightly more prestigious "Hogs" section.

The apparent proprietor, one Scott Hirsch, has been mentioned in the press from time to time, and a brief Google search for this entity nets quite a bit of discussion of their, uh, methods.  Those who want an example of the great care taken by this organization to verify that the recipients really want the advertising may observe eDirectNetwork spamming the abuse address here.

As for, you have to admire the earnest, honest sincerity of a firm that in its domain registration gives its business address as the White House and its telephone number as toll-free information.  Spiffy folks, to be sure.  (And not entirely on the mark when it comes to research.  An Authoritative Source has sent me tidings to the effect that the White House ZIP is actually 20500.)

I held off chucking offermail into the bozo bin because, I freely confess, I wanted to see what would happen next.  I speculated that Scott might read this and spoil my fun.  It has been several months since he has hit one of my personal addresses.

However, on 03-Jan-2002 "what happens next" was not at all unusual as spam goes (although I do have to wonder whether the return-path account name is a bit spelling-challenged).  So, I blocked offermail and waited to see:  would they pay any attention to bou[n]ces?

Nope.  (But they did eventually fix Irma La Bouce).

Then, on 09-Jan-2002, our dear comrades at CustomOffers apparently leaped into the hammock with our friends at eDirectNetwork and sent Nadine an important custom offer for Sears Custom Fit Windows.  Shades of Diana Mey.

And then, sent to the "Tagged by SPEWS" sump by an incorrect mail sorting filter, there is this gem, in which Scott urges Nadine to consider plastic surgery for breast augmentation.

Time to bung eDirectNetwork into the deny list and give them their own rejection log.

On 13 Jan 2002 another metamorphosis occurred, and stuff started arriving with an envelope sender of  I was not particularly quick on the deny list entry update, and ol' Scott managed to slip in two more that afternoon.  The first was a delightful Path to Sudden Wealth blandishment, which offers yet another Work From Home and Make Big Bux opportunity.  The other one was sent apparently on behalf of Gevalia Coffee, who certainly should know better.


Yet another itsImazing tentacle put its suckers on the window on 17-Jan-2002, with threats of even more exciting offers soon to festoon the lonely inbox.  Into the bin with them.


Transmissions with an envelope sender of something@MEDIATREC.ROI1.NET were a regular occurrence here until they halted suddenly on 3 January 2002.  Then on 19 January 2002 this mysterious piece arrives, with its peculiar "sorry to see you go" clause, but with links that appear to point strictly to an opt-out function.

Curious to see what their list management practices might be, I visited their web page, signed up for their mailings and waited to see what would happen.  A short time later this confirmation message arrived, inclining me to the belief that they do indeed practice safe mailing, at least as far as new subscribers at their own web site are concerned.  Time will tell.

24-Jan-2002:  What time tells us is that they don't practice safe mailing when purchased lists are involved, as they dropped this item in the hopper on behalf of VoiceStream Wireless.  So, into the deny list they go.  Bon voyage.  The record of their rejected delivery attempts is here.

16-Mar-2002:  They've been averaging more than one futile attempt per day for quite some time, sending from the IP block at 65.105.159.*. Perhaps others have blocked and/or the envelope sender, and they needed to find something that would temporarily let them get through.  Regardless of the reason, they are now sending from, from their own IP space.  Since they dumped five days of pent-up traffic on Nadine this morning, it seems likely that they saw a high non-delivery rate with and needed to make up for lost time.  Here is one for Full Access Medical, the subject of many a search-engine visit to this site.  Those interested in an exclusive money-making program need go no further than here.  Maybe a free cellphone?  Fancy an unsecured credit card (of unspecified type and issuer)?  DVDs from Columbia House?  It's all here, whether you have the sense to ask for it or not (assuming that you exist at all, of course).

So, into the Plonk-O-Matic with

DirectNet Advertising (,,

These folks have enjoyed some popularity amongst those who receive and report spam.  Nadine also received the "Free Chocolates" spam mentioned in some of those reports.  In the non-HTML portion, they began their Nadine involvement with no attempt to explain how they came into possession of Nadine's address.  Only if you browse down to the web-encumbered portion do you see the shift of blame to "valued marketing partners" and the typical threat to continue the bombardment if no opt-out action is taken.

Before the opportunity arose to add this section to the story, somebody from a network address belonging to spent half an hour or so reading Our Saga.  I hope they come back, now that they are a featured character.


On 30-Jan-2002 there comes a "Membership Confirmation for NADINE" from an already-familiar denizen of the swamp.

We first encountered as an apparent client of DM360.COM.  One is tempted to speculate about the tendency for apparent clients of spewers-for-hire to begin doing their own spewing, as is for example the case with Mediatrec and ROI1.NET.

When the spewing for RadioStakes apparently began in earnest on 08-Feb-2002, the envelope sender "NETWORK60.COM" went into the bozo bin. (Harvest Marketing, GDTRFB.COM)

On 16-Feb-2002 we first hear from the Two-River Co-op, formerly known as Prime Offers but calling itself Harvest Marketing in the domain registry.  We receive the welcome assurance that "Two-River Co-op never sends unsolicited email", but are forced to ponder:  if the commercial relationship is launched with such a transparently fraudulent statement, what sort of confidence shall we have in the worth of the commercial offers?

Again on 15-Mar-2002 we see that things haven't changed much.

And on 20-Mar-2002 it would appear that AOL needed some assistance with their sales programme, with a little help from, for reasons best known to those who best know reasons.

Alas, it looks like it is time for the bin for Two-River Co-op.  The envelope sender on the most recent atrocity was <>. is apparently an unrelated domain in Colorado, whereas is in New Hampshire and claims to be in New Jersey.  Considering that the delivering server calls itself "" when in fact it is listed as "" by its own DNS server, and looking at the web site one may perhaps be forgiven for exhibiting a modicum of doubt that has any involvement with these misdeeds.  And in fact my communication with the actual owner of confirms that has no connection with and has not authorized them to use a address or host name. (, on behalf of, et al.

Pretty ordinary.  First a mailing for, then another one that seems less than fully suited to the demographic information that DandyOffers presumably purchased along with a bogus email address.

On 25-Feb-2002 there was another spam for Sonix Systems / AT&T.  Since I'm getting spam from for the "imesh" list to another bogus address, there's no obvious reason not to award a prime spot in the bin forthwith.  And since they've persisted in knocking at the gates, let's give them their own reject log.

The presence of links to in this piece suggests that is just a new disguise for the masters of opt-in-ness, Optin Inc.  Regardless, it has the exceedingly tiresome mendacity "This message was not sent unsolicited. You are currently subscribed to the Open2Win mailing list".  As if "you are subscribed" somehow transforms an unsolicited message to a nonexistent person into a legitimate, requested communication.


Then again, I'm interested in whether the folks at, who don't seem to be affiliated with anybody mentioned in this message, would approve of the apparent sender being "".  Hmm... seems to be the place to knock.  27-Feb-2002:  Email from gives me the distinct impression that they aren't too happy with this use of their domain name.  Imagine that.

Meanwhile, on 26-Feb-2002 the next piece arrives, signaling that The Hour of The Bozo Bin has arrived for


As a proud carrier of the "Motel Six Discount Card" (or AARP membership, as it is sometimes called) I note that in this piece The Hartford makes some sensible use of the demographic information that somebody fraudulently sold them.

Although they wisely chose to send their advertisement for an AARP-branded insurance plan, all was not entirely well in this particular shot.  For instance, the valuable quartz clock is not available in Nadine's home state (and apparently only in Nadine's home state).  One would expect greater diligence from these professionals. 

Additionally, this message is the first one in ages to make an explicit reference to  The HTML version of the payload attempts to retrieve an image from the server, which is strange, since the name servers for are unreachable (at least from any network to which I have access) and have been for quite some time.  Odd.

Then on 18-Apr-2002 we find that exactis is mailing to the itsImazing list.  That alone is enough to win exactis a place in the deny list.

What can we say about this initial salvo (other than a minor carp about a missing ">" in the Message-ID)?  Not much.  We'll just have to wait for the inevitable Drizzle of Irresistible Offers.

Which began to arrive on 19-Mar-2002, manifesting as Yet Another Free Cellphone Offer (YAFCO).  Time for a new deny list entry.

On 22-Mar-2002 Nadine received a "privileged and confidential" offer of magazine subscriptions by Synapse Group Inc, from, through

This is apparently an IMG Direct (optin-inc) operation.  More information here.  Sample here.  The "strict Code of Ethics" bit is a hoot. (emailoffersondemand, Toplander Corporation)

One is tempted to speculate just who has demanded the email offers, of which Nadine received four in the three days that elapsed before the sender was carefully inserted into the deny list.  Since three of them were very similar YAFCO advertisements -- two for AT&T Wireless, one for Voicestream -- on three successive days, the use of the phrase "this recurring mailing" was particularly apt.  Sample here.

Mediatrec, who had slacked off a bit in their delivery attempts, reappeared on 10-Apr-2002 from a new source,

This sender first appears on 02-Apr-2002 on behalf of Publishers Clearing House.  Later they also tout Video Professor and the ubiquitous "Win A Tahoe" message from winfreestuff.

Next:  Nadine's Address Escapes Into the General Domain of Spamming Scum

Back to The Nadine Story Main Page.