Junk e-mail and spam

(How to Get Rid of Junk Mail, Spam, and Telemarketers)

"The spam wars are about rendering email useless for unsolicited advertising
before unsolicited advertising renders email useless for communication."
-- Walter Dnes/Jeff Wynn

• Overview
• Complain!
• Cracking Forged Headers
• Spam Combat
• Fraud
• E-mail Filtering and lists of spammers
• Anti-spam Legislation including updates and news articles on spam
• More Information
• The Direct Marketing Association is trying to promote spam and needs to hear from you.
• Myths, Hoaxes, Chain Letters, and Viruses
• Email privacy: see remailers and PGP
• ISP Actions
• Internet Domain abuse

[Back to Junkmail home page]
 
EcoFuture ™ home                     Population
 
 

 Do You Have SPAM PROBLEMS ?  CLICK HERE

Overview

Junk e-mail and spam are both terms for advertising and e-mail sent to you which you did not ask for and which you do not want. See Junk Email, The Email Abuse FAQ, and Spam FAQ for more detailed information. Interesting articles are presented in Salon.com. Also see the informative How do spammers get people's email addresses? and the nicely-done Death to Spam page. The article Why Am I Getting All This Spam? by the Center for Democracy & Technology contains useful information and the results of several experiments. The Wired article Hotmail: A Spammer's Paradise?" describes how dictionary attacks are used by spammers to guess at email addresses.
 
Note that spam is a more generic term that includes broadcast posting to newsgroups as well as individuals. Here's a spam glossary and another spam glossary. The Netizen's Guide to Spam, Abuse, and Internet Advertising provides solid information on the topic. Also check out The Net Abuse FAQ for the official definition of SPAM and lots of good information about how to deal with it. Also see the net-abuse/spam FAQ at www.faqs.org/ for net-abuse newsgroups, providing lots of good info and plenty of detail. (Note that the old alt.current-events.net-abuse newsgroup has been superseded by the news.admin.net-abuse.* hierarchy (see newsgroup information).
 
Spam is, unfortunately, an abuse of the internet that you - the end user - ultimately pay for. If you think spam costs nothing, think again! In 1997, America Online estimated that between 5% and 30% of its email server resources were exclusively dedicated to handling spam. Between $2-3 of your monthly internet charges go to handling spam, according to the 1998 Washington State Commercial Electronic Messages Select Task Force report. 7% of Internet users who switch ISPs do so because of spam. This equates to a loss of more then $250,000 per month for an ISP with one million subscribers. Also see the essays The Insidious Evil of Spam and The Spam Solutions.
 
See spamming ethics research from North Carolina State University.
 
Spam costs you and your Internet Service Provider (ISP). Here are the True Costs of Spam, as calculated by actual victims of spam. In a survey of ISP's by CIX (Commercial Internet eXchange Association):

• 94% reported that spam irritates their subscribers.
• 80% reported that UCE (unsolicited commercial e-mail) slows system performance.
• 76% stated that it increases operating costs.
• 34% said it creates system outages.
• 59% reported daily or more frequent performance impact.
• 28% reported weekly performance impact.

 
Spam can cause a system outages: excess mail can clog up the mail servers, preventing non-spam e-mail from getting through. America Online testified to the Federal Trade Commission that one-third of their capacity was used to carry spam. Netcom reported that their cost was one million dollars per year. Brightline estimated a cost of $225 million, based on 5 seconds to hit the Delete key, with an average of 200 spam messages per person per year (a very low estimate). An estimated 25 million spam messages are sent each day.
 
"Spammers are the Internet's undead. Preying upon the innocent and naive, these bandwidth-sucking vampires hope to be network masters hiding in the shadows in cowardice and shame, only to fade to dust when burned by the light of day." - Bill McCarthy, Boardwatch, June 2000
 
Take the Boulder Pledge: "Under no circumstances will I ever purchase anything offered to me as the result of an unsolicited email message. Nor will I forward chain letters, petitions, mass mailings, or virus warnings to large numbers of others. This is my contribution to the survival of the online community."
 
 

[Top] [Back to Junkmail home page]

Who to Complain to?

Never reply to spam, even if it is to send a "remove" request. Most spammers ignore such responses, or worse, add you to their list of validated email addresses that they sell. Instead, you must complain to ISPs that originate and forward the spam. The easiest way to report spam is to use the automatic reporting features of SpamCop, described below. Use SpamCop and help reduce the volume of spam!
 
Here are simple instructions on how to report spammers. Also see Where to Complain About Frauds & Scams. Spam Hater software by Net Services handles responses to spam automatically. You can download their software for free (test it by sending spam to yourself). The Network Abuse Clearinghouse remails reports of spam abuse for you.
 
If you know the spam came from an individual, you can tell the spammer that you charge for use of your facilities to transmit and store unsolicited junk email, and insist for their postal address so that you can send the bill. You may e-mail this standard legal response which references US Code Title 47, Section 227(b)(1)(C), which can be interpreted to mean that unwanted spam is illegal. (Thanks to D. Larson; this response has been very effective before the advent of more organized commercial spammers). Copy the message to:

    abuse@(their address)

    postmaster@(their address)

    root@(their address) 

    admin@(their address)    

 
If their address includes a common domain name like "aol.com", send the message to the appropriate party:

    America Online:  abuse@aol.com, and send complaints to 

                     tosemail1@aol.com, then to tosemail2@aol.com,

                     where tos refers to "terms of service".  

    Compuserve:      postmaster@compuserve.com

                     or ecgintern@csi.compuserve.com

    Prodigy:         mailadm@prodigy.com

                     or postmaster@prodigy.com

    ATand T WorldNet:   abuse@worldnet.att.net

    Earthlink:       spam@earthlink.net 

                     or abuse@earthlink.net

    Netcom:          abuse@netcom.com

    Pipeline:        abuse@pipeline.com

    GNN:             GNNadvisor@gnn.com

    Sprynet:         srb@spry.com

 
Note: AOL has implemented a preferred mail option (keyword = PREFERREDMAIL) to protect user's accounts from receiving email sent by certain junk email sites. The spammer list is updated regularly.
 
Some people also send a copy of their complaint to the following, just to make them aware of the significance of the problem:

    president@whitehouse.gov

    ZOEGRAM@lofgren.house.gov

    Vice.president@whitehouse.gov

    Senator@your senator.senate.gov

 
Complain directly to the postmasters of these spammers and insist that they take disciplinary action. If their business name matches their domain name, complain to the postmaster at the next link up. Be sure to include the complete original spam including all header information. Simply copy the original spam and its header information after the legal notice. Also remove any residual CCs and BCCs in your e-mail header - you don't want to inadvertently propagate the spam!
 
Next post a copy of the spam, with headers, subject line, and body intact to the following Usenet newsgroup:

    news.admin.net-abuse.sightings

 
First check the newsgroup to ensure no one else has posted the spam - no need to clutter up the newsgroup with multiple postings. Be sure you post the article as a new post, not as a "reply" to the spam posting - this way you won't perpetuate the spam. This newsgroup is robomoderated, and is used to identify new spam. After spam is posted to this newsgroup, it will then be cancelled. In your posting to signtings, add the following lines to your header:

    Followup-to: news.admin.net-abuse.email     (for e-mail spam you received)  

         or 

    Followup-to: news.admin.net-abuse.usenet    (for spam posted to newsgroups) 

    Abuse-spotted-in: (the first group where the spam was spotted)

    Abuse-Subject: (subject line from the spam)

    Type-of-abuse: (EMP, ECP, binary, forgery, etc.  Common terms follow:)

              ECP      Excessive Crossposting

              EMP      Excessive Mass Posting

              MMF      Make Money Fast

              OTCP     Off-Topic Commercial Post

              OTP      Off-Topic Post

              UCP      Unsolicited Commercial Post

    Description: (description and/or comments)

 
If your email complaints to spammers' postmasters bounce back to you, you can do a traceroute - see the combat sites. (Windows 98 users can use c:\windows\tracert.exe). Using traceroute, you can sort out the path taken to get from your ISP to a spammer's ISP. To precisely pinpoint a spammer's uplink, run traceroute from several different servers (ISPs). For more information, see the next section on Cracking Forged Headers.
 
You may find it most effective to complain to the spammer's ISP. However, if the spammer is running from a dedicated spam site (such as Cyberpromo), you might have better luck complaining to their upstream provider. Don't complain further up the chain, though, until you've exhausted the lower levels. It's considered rude, and just might get your postmaster into legitimate trouble.
 
Don't mail-bomb, as periodically suggested by persons trying to get rid of junk email. A mail-bomb is where you would bombard the sender with a return of their spam and a note insisting they delete you from their distribution list - and then keep resending your email.
 
Keep in mind that your ISP (and probably the offending party's) certainly will not approve of either of these practices (it very well can get you cancelled). What actually ends up happening is that your ISP (who is on your side) gets trashed with all of the e-mail traffic, as well the ISP of the offending party - and both ISPs are probably innocent. In addition, chances are that the spammer forged their "path" and "from" headers, so the mail-bomb probably won't reach them.
 
Also, check out the discussion on news.admin.net-abuse.email. They discuss email spams, and practice ways of eliminating these spammers' accounts.
 
 

[Top] [Back to Junkmail home page]

Cracking Forged Headers

For further information on cracking forged headers, see SubGenius Police, Usenet Tactical Unit (Mobile). Then browse on to a few of the following sites: Spam Patrol site and Figuring Out Fake E-mail and Posts. MultiTrace has an excellent explanation of traceroute, along with a traceroute and enhanced whois server.
 
Check out Julian Byrne's Get That Spammer page, which discusses what an ISP can do, and contains a wealth of information on how you can dissect e-mail addresses, and tools you can use against spam.
 
VisualWare has a good section on cracking spam email headers.
 
If you need to use these facilities, your followup e-mail should also mention that the spammer hacked the email headers to avoid retribution, which indicates knowledge of guilt, which means that the postmaster will often cancel the account immediately instead of waiting for further violations. In addition, many postmasters will not notify you directly of their actions, but will instead post summaries to news.admin.net-abuse.bulletins.
 
If the spammer's address is an independent address like "pwrnet.com", you can determine responsible parties by using whois - a standard UNIX utility. Or, simply go to www.betterwhois.com for a web-based domain lookup. Also, Whois Source offers some industrial strength lookup facilities. Whois, Finger, and additional network utilities are also available for Windows. One good package is:

     NetScanTools TM  Shareware Version

     Northwest Performance Software

     PO Box 148

     Maple Valley, WA 98038-0148,  USA

       (Check shareware sites such as Strouds and Tucows)

 
Here's an example of a whois command:

     whois pwrnet.com

     PowerNet (PWRNET-DOM)

        3010 LBJ Freeway, Suite 1435, Dallas, TX 75234, USA

        Domain Name: PWRNET.COM

        Administrative Contact:

            Booth, Paul D. (PB204)  paul@PWRNET.COM (214) 488-8295

        Technical Contact, Zone Contact:

            Shapiro, Joel  (JS3319) joel@PWRNET.COM (214) 488-8295

        Billing Contact:

            La Mar, Steve  (SL978)  steve@PWRNET.COM (214) 488-8295

Other whois servers include:

• www.betterwhois.com covers all registrars.
• Whois Source offers some industrial strength lookup facilities.
• www.WhoisReport.com offers industrial-strength whois lookup features.
• Internic
• Network Solutions
• ARIN. ARIN is one of three Regional Internet Registries (RIRs) worldwide which collectively provide IP registration services to all regions around the globe. The others are: RIPE NCC for Europe, Middle East, parts of Africa, and APNIC for Asia Pacific.
• RIPE
• APNIC
• U.S. Department of Defense

 
Once you determine the appropriate people to contact at the spammer's site, copy each of them with your complaint (including for example, the legal statement and billing statement noted above). If you need additional help, contact your system administrator about specific email abuse.
 
 

[Top] [Back to Junkmail home page]

Spam Combat

It is recommended that you switch to an ISP that uses one or all of the anti-spam databases (RBL, RSS, DUL, Spamcop, etc.) About 40% of the internet is using these services, with good success.
 
The following is a list of spam-fighting tools and services.

• Cloud Mark anti-spam products for home and business.
• Spam Arrest is a tool to eliminate spam.
• SpamCop will automatically send complaints about spam for you! All you have to do is establish a userid, then forward your spam to SpamCop. SpamCop will generate complaints to all appropriate parties, upstreams, and open email relay ISPs. Using SpamCop is probably the best thing you can do to help eliminate spam. Effective and highly recommended!
• Spam Bully anti-spam product.
• Spam Fighter anti-spam product.
• Spam Fire anti-spam product.
• Spam Weed anti-spam product.
• UXN Spam Combat offers traceroute, extended Whois, and other services - all from one web page!
• Sam Spade also offers a comprehensive set of tools.
• Spamhaus tracks known spammers and support services.
• Spam Whack works essentially like a "bad check" database, in that users establishing new accounts with member ISPs are checked against a database of known spammers.
• Single Fin email and webfiltering product.
• www.betterwhois.com searches all domain name registrars.
• Whois Source offers some industrial strength lookup facilities.
• VisuzlWare offers VisualRoute (a graphical traceroute) and EmailTrackerPro products.

[Top] [Back to Junkmail home page]

Fraud

Chain letters over the internet as well as via snail mail are illegal. For more information, see the US Postal Service page on chain letters. To report fraud where money is requested, you can send e-mail to fraud@uspis.gov.
 
Pyramid schemes multi-level marketing (MLM) scams are illegal. E-mail the Federal Trade Commission at uce@ftc.gov. In the UK, contact the Trading Standards Officer.
 
The Securities and Exchange Commission (SEC) now operates a complaint center where investors can report online scams. You can send e-mail to enforcement@sec.gov.
 
Many junk emails are illegal get rich scams. The National Fraud Information Center has an email address where you can report suspected scams. They have an Internet fraud division, and work closely with the Federal Trade Commission and State attorney generals. The e-mail address for general frauds is fraudinfo@psinet.com.
 
Also see Where to Complain About Frauds & Scams.
 
 

[Top] [Back to Junkmail home page]

E-mail filtering techniques

The following list contains information on how to filter your e-mail on Unix, Windows, and other platforms.

• Filtering Mail FAQ.
• Pegasus Mail now contains anti-spam headers. You can now filter your e-mail based on these headers!
• Pete Beim's Eudora Spam Filter and autoresponder is easy to use!
• See the Procmail FAQ.
• Brightmail offers spam-filtered email accounts.
• Despammed.com also offers spam-filtered email accounts.
• Freely Available Information Filtering Systems tells you how to configure Procmail and other Usenet Newsgroup filters.
• Netizens Against Gratuitous Spamming offers articles and a Unix script file to filter spam.
• The Boycott Internet Spam site provides an FAQ, lots of info on spam, filtering e-mail, blocking an ISP, etc., and contains some interesting links.
• Adcomplain is a unix-based system which composes and mails complaints about inappropriate commercial postings, chain letters, and e-mail. For example, you can press a button from within your newsreader, and adcomplain will automatically mail a complaint to the offender and their postmaster.
• Filtering Spam (with Eudora) by checking who the message is addressed to. Also see Using Eudora's Filters to avoid spam.
• Spamhandling Perl handles your spam.
• Spam filter andi-spam filter.
• Doug Oard's Information Filtering Resources page can tell you just about about everything filtering concepts and tools.
• Freely Available Information Filtering Systems tells you how to configure Procmail and other Usenet Newsgroup filters.
• MailShell has a free and a fee-based email management service that prevents junk email.
• Spam News is the daily e-mail magazine about breaking events pertaining to spam. The site also includes a list of filters, ISP contact information, and Spam News archives.
• Spam Guard Network is a fee-based filtering service.
• Postini offers a mail filtering product for email servers.
• Screen4me is a free service that helps you eliminate junkmail, spam, and telemarketers.