I received two spams via bessdeals.co.uk, both on 2002-12-07, with a link to click on. Following returns a redirection to one of Freeserve's web servers:
GET http://66.119.34.155/click.asp?lnk=9798&email=UCOLFAQ@GREENEND.ORG.UK HTTP/1.0 HTTP/1.0 302 Moved Temporarily Server: Microsoft-IIS/5.0 Date: Fri, 13 Dec 2002 10:31:13 GMT Location: http://catalogues.freeserve.com/default.asp?PC=999963&em=&*TO;&fn=&first_name;&ln=&last_name; Content-Length: 214 Content-Type: text/html Set-Cookie: ASPSESSIONIDASDBQTCB=NDMHNOEAPCFJMHNPCHLILLOE; path=/ Cache-Control: private Age: 1 Via: HTTP/1.1 ntl_site (Traffic-Server/5.2.0-R [c s f ]) X-Cache: MISS from www-proxy.anjou.terraraq.org.uk X-Cache-Lookup: MISS from www-proxy.anjou.terraraq.org.uk:3128 Proxy-Connection: close <head><title>Object moved</title></head> <body><h1>Object Moved</h1>This object may be found <a HREF="http://catalogues.freeserve.com/default.asp?PC=999963&em=&*TO;&fn=&first_name;&ln=&last_name;">here</a>.</body>
PC=999963 is presumably a referred ID of some sort. Following the redirection returns:
GET http://catalogues.freeserve.com/default.asp?PC=999963&em=&*TO;&fn=&first_name;&ln=&last_name; HTTP/1.0 HTTP/1.0 302 Moved Temporarily Set-Cookie: BIGipServerOffer-http=68161708.20480.0000; path=/ Server: Microsoft-IIS/4.0 Date: Fri, 13 Dec 2002 10:34:38 GMT P3P: CP="CAO DSP CURa ADMa DEVa OUR IND PHY ONL UNI DEM PRE" Location: http://catalogues.freeserve.com/incentiveiq/freeserve/catalogues/default.asp?PC=999963&em=&*TO;&fn=&first_name;&ln=&last_name; Content-Length: 247 Content-Type: text/html Set-Cookie: ASPSESSIONIDQGGGGQDH=IHFFECCANBNNINNHMCJDBLMN; path=/ Cache-Control: private Age: 0 Via: HTTP/1.1 ntl_site (Traffic-Server/5.2.0-R [c s f ]) X-Cache: MISS from www-proxy.anjou.terraraq.org.uk X-Cache-Lookup: MISS from www-proxy.anjou.terraraq.org.uk:3128 Proxy-Connection: close <head><title>Object moved</title></head> <body><h1>Object Moved</h1>This object may be found <a HREF="http://catalogues.freeserve.com/incentiveiq/freeserve/catalogues/default.asp?PC=999963&em=&*TO;&fn=&first_name;&ln=&last_name;">here</a>.</body>
Following that redirection returns the real page, still on Freeserve's site:
GET http://catalogues.freeserve.com/incentiveiq/freeserve/catalogues/default.asp?PC=999963&em=&*TO;&fn=&first_name;&ln=&last_name; HTTP/1.0 HTTP/1.0 200 OK Set-Cookie: BIGipServerOffer-http=68161708.20480.0000; path=/ Server: Microsoft-IIS/4.0 Date: Fri, 13 Dec 2002 10:35:35 GMT P3P: CP="CAO DSP CURa ADMa DEVa OUR IND PHY ONL UNI DEM PRE" Content-Length: 26826 Content-Type: text/html Set-Cookie: ASPSESSIONIDQGGGGQDH=JIFFECCADCCPPLCBJFCECJGJ; path=/ Cache-Control: private Age: 0 Via: HTTP/1.1 ntl_site (Traffic-Server/5.2.0-R [c sSf ]) X-Cache: MISS from www-proxy.anjou.terraraq.org.uk X-Cache-Lookup: MISS from www-proxy.anjou.terraraq.org.uk:3128 Proxy-Connection: close <html> <head> <title>Choose your mail order catalogue with Freeserve</title>
(...and so on.)
I complained to Freeserve on the 8th and received an autoresponse immediately. On the 12th I receive a second response, saying (essentially) "just unsubsribe". Despite the fact that I never subscribed either of the addresses spammed in the first place. As of the 13th the click-through from the spammer's website still works.
My conclusion: Freeserve support spammers.
See also <3DF9B665.8030906@actuality.co.uk> for more Freeserve spam.
This page used to list Egg (the credit card firm) too, but they emailed me an apology on 2003-01-06. They say that they are taking legal action against the company responsible. I'll see if I can spot any details in the press.