Junk e-mail and
spam
(How to Get Rid of Junk Mail, Spam, and
Telemarketers)
"The spam
wars are about rendering email useless for unsolicited
advertising
before unsolicited advertising renders email useless for
communication."
-- Walter Dnes/Jeff Wynn
[Back
to Junkmail home page]
EcoFuture ™ home
Population
Do You Have SPAM
PROBLEMS ? CLICK HERE
Overview
Junk e-mail and spam are both terms for advertising and e-mail
sent to you which you did not ask for and which you do not
want. See
Junk Email,
The Email Abuse FAQ, and
Spam FAQ for more detailed information. Interesting
articles are presented in
Salon.com. Also see the informative
How do spammers get people's email addresses? and the
nicely-done
Death to Spam page. The article
Why Am I Getting All This Spam? by the Center for
Democracy & Technology contains useful information and the
results of several experiments. The Wired article
Hotmail: A Spammer's Paradise?" describes how
dictionary attacks are used by spammers to guess at email
addresses.
Note that spam is a more generic term that includes broadcast
posting to newsgroups as well as individuals. Here's a
spam glossary and another
spam glossary. The
Netizen's Guide to Spam, Abuse, and Internet Advertising
provides solid information on the topic. Also check out
The Net Abuse FAQ for the official definition of SPAM and
lots of good information about how to deal with it. Also see
the net-abuse/spam FAQ at
www.faqs.org/ for net-abuse newsgroups, providing lots of
good info and plenty of detail. (Note that the old
alt.current-events.net-abuse newsgroup has been superseded by
the news.admin.net-abuse.* hierarchy (see
newsgroup information).
Spam is, unfortunately, an abuse of the internet that you -
the end user - ultimately pay for. If you think spam costs
nothing, think again! In 1997, America Online estimated that
between 5% and 30% of its email server resources were
exclusively dedicated to handling spam. Between $2-3 of your
monthly internet charges go to handling spam, according to the
1998 Washington State Commercial Electronic Messages Select
Task Force
report. 7% of Internet users who switch ISPs do so because
of spam. This equates to a loss of more then $250,000 per
month for an ISP with one million subscribers. Also see the
essays
The Insidious Evil of Spam and
The Spam Solutions.
See
spamming ethics research from North Carolina State
University.
Spam costs you and your Internet Service Provider (ISP). Here
are the
True Costs of Spam, as calculated by actual victims of
spam. In a survey of ISP's by CIX (Commercial Internet
eXchange Association):
-
94% reported that spam irritates their subscribers.
-
80% reported that UCE (unsolicited commercial e-mail)
slows system performance.
-
76% stated that it increases operating costs.
-
34% said it creates system outages.
-
59% reported daily or more frequent performance impact.
-
28% reported weekly performance impact.
Spam can cause a system outages: excess mail can clog up the
mail servers, preventing non-spam e-mail from getting through.
America Online testified to the Federal Trade Commission that
one-third of their capacity was used to carry spam. Netcom
reported that their cost was one million dollars per year.
Brightline estimated a cost of $225 million, based on 5
seconds to hit the Delete key, with an average of 200 spam
messages per person per year (a very low estimate). An
estimated 25 million spam messages are sent each day.
"Spammers are the Internet's undead. Preying upon the
innocent and naive, these bandwidth-sucking vampires hope to
be network masters hiding in the shadows in cowardice and
shame, only to fade to dust when burned by the light of day."
- Bill McCarthy,
Boardwatch, June 2000
Take the
Boulder Pledge: "Under no circumstances will I ever purchase anything
offered to me as the result of an unsolicited email message.
Nor will I forward chain letters, petitions, mass mailings, or
virus warnings to large numbers of others. This is my
contribution to the survival of the online community."
[Top]
[Back
to Junkmail home page]
Who to Complain to?
Never reply to spam, even if it is to send a "remove"
request. Most spammers ignore such responses, or worse, add
you to their list of validated email addresses that they sell.
Instead, you must complain to ISPs that originate and forward
the spam. The easiest way to report spam is to use the
automatic reporting features of
SpamCop, described
below. Use SpamCop and help reduce the volume of spam!
Here are
simple instructions on how to report spammers. Also see
Where to Complain About Frauds & Scams.
Spam Hater software by Net Services handles responses to
spam automatically. You can download their software for free
(test it by sending spam to yourself). The
Network Abuse Clearinghouse remails reports of spam abuse
for you.
If you know the spam came from an individual, you can tell the
spammer that you charge for use of your facilities to transmit
and store unsolicited junk email, and insist for their postal
address so that you can send the bill. You may e-mail this
standard legal response which references
US Code Title 47, Section 227(b)(1)(C), which can be
interpreted to mean that unwanted spam is illegal. (Thanks to
D. Larson; this response has been very effective before the
advent of more organized commercial spammers). Copy the
message to:
abuse@(their address)
postmaster@(their address)
root@(their address)
admin@(their address)
If their address includes a common domain name like "aol.com",
send the message to the appropriate party:
America Online: abuse@aol.com, and send complaints to
tosemail1@aol.com, then to tosemail2@aol.com,
where tos refers to "terms of service".
Compuserve: postmaster@compuserve.com
or ecgintern@csi.compuserve.com
Prodigy: mailadm@prodigy.com
or postmaster@prodigy.com
ATand T WorldNet: abuse@worldnet.att.net
Earthlink: spam@earthlink.net
or abuse@earthlink.net
Netcom: abuse@netcom.com
Pipeline: abuse@pipeline.com
GNN: GNNadvisor@gnn.com
Sprynet: srb@spry.com
Note: AOL has implemented a preferred mail option (keyword =
PREFERREDMAIL) to protect user's accounts from receiving email
sent by certain junk email sites. The spammer list is updated
regularly.
Some people also send a copy of their complaint to the
following, just to make them aware of the significance of the
problem:
president@whitehouse.gov
ZOEGRAM@lofgren.house.gov
Vice.president@whitehouse.gov
Senator@your senator.senate.gov
Complain directly to the postmasters of these spammers and
insist that they take disciplinary action. If their business
name matches their domain name, complain to the postmaster at
the next link up. Be sure to include the complete original
spam including all header information. Simply copy the
original spam and its header information after the
legal notice. Also remove any residual CCs and BCCs in your
e-mail header - you don't want to inadvertently propagate the
spam!
Next post a copy of the spam, with headers, subject line, and
body intact to the following Usenet newsgroup:
news.admin.net-abuse.sightings
First check the newsgroup to ensure no one else has posted the
spam - no need to clutter up the newsgroup with multiple
postings. Be sure you post the article as a new post, not as a
"reply" to the spam posting - this way you won't perpetuate
the spam. This newsgroup is robomoderated, and is used to
identify new spam. After spam is posted to this newsgroup, it
will then be cancelled. In your posting to signtings, add the
following lines to your header:
Followup-to: news.admin.net-abuse.email (for e-mail spam you received)
or
Followup-to: news.admin.net-abuse.usenet (for spam posted to newsgroups)
Abuse-spotted-in: (the first group where the spam was spotted)
Abuse-Subject: (subject line from the spam)
Type-of-abuse: (EMP, ECP, binary, forgery, etc. Common terms follow:)
ECP Excessive Crossposting
EMP Excessive Mass Posting
MMF Make Money Fast
OTCP Off-Topic Commercial Post
OTP Off-Topic Post
UCP Unsolicited Commercial Post
Description: (description and/or comments)
If your email complaints to spammers' postmasters bounce back
to you, you can do a traceroute - see the
combat sites. (Windows 98 users can use c:\windows\tracert.exe).
Using traceroute, you can sort out the path taken to get from
your ISP to a spammer's ISP. To precisely pinpoint a spammer's
uplink, run traceroute from several different servers (ISPs).
For more information, see the next section on
Cracking Forged Headers.
You may find it most effective to complain to the spammer's
ISP. However, if the spammer is running from a dedicated spam
site (such as
Cyberpromo), you might have better luck complaining to
their upstream provider. Don't complain further up the chain,
though, until you've exhausted the lower levels. It's
considered rude, and just might get your postmaster
into legitimate trouble.
Don't mail-bomb, as periodically suggested by persons trying
to get rid of junk email. A mail-bomb is where you would
bombard the sender with a return of their spam and a note
insisting they delete you from their distribution list - and
then keep resending your email.
Keep in mind that your ISP (and probably the offending
party's) certainly will not approve of either of these
practices (it very well can get you cancelled). What actually
ends up happening is that your ISP (who is on your side) gets
trashed with all of the e-mail traffic, as well the ISP of the
offending party - and both ISPs are probably innocent. In
addition, chances are that the spammer forged their "path" and
"from" headers, so the mail-bomb probably won't reach them.
Also, check out the discussion on news.admin.net-abuse.email.
They discuss email spams, and practice ways of eliminating
these spammers' accounts.
[Top]
[Back
to Junkmail home page]
Cracking Forged Headers
For further information on cracking forged headers, see
SubGenius Police, Usenet Tactical Unit (Mobile). Then
browse on to a few of the following sites:
Spam Patrol site and
Figuring Out Fake E-mail and Posts. MultiTrace has an
excellent explanation of
traceroute, along with a traceroute and enhanced
whois server.
Check out Julian Byrne's
Get That Spammer page, which discusses what an ISP can do,
and contains a wealth of information on how you can dissect
e-mail addresses, and tools you can use against spam.
VisualWare has a good section on cracking spam email
headers.
If you need to use these facilities, your followup e-mail
should also mention that the spammer hacked the email headers
to avoid retribution, which indicates knowledge of guilt,
which means that the postmaster will often cancel the account
immediately instead of waiting for further violations. In
addition, many postmasters will not notify you directly of
their actions, but will instead post summaries to
news.admin.net-abuse.bulletins.
If the spammer's address is an independent address like "pwrnet.com",
you can determine responsible parties by using
whois
- a standard UNIX utility. Or, simply go to
www.betterwhois.com for a web-based domain lookup. Also,
Whois Source offers some industrial strength lookup
facilities. Whois, Finger, and additional network utilities
are also available for Windows. One good package is:
NetScanTools TM Shareware Version
Northwest Performance Software
PO Box 148
Maple Valley, WA 98038-0148, USA
(Check shareware sites such as Strouds and Tucows)
Here's an example of a whois command:
whois pwrnet.com
PowerNet (PWRNET-DOM)
3010 LBJ Freeway, Suite 1435, Dallas, TX 75234, USA
Domain Name: PWRNET.COM
Administrative Contact:
Booth, Paul D. (PB204) paul@PWRNET.COM (214) 488-8295
Technical Contact, Zone Contact:
Shapiro, Joel (JS3319) joel@PWRNET.COM (214) 488-8295
Billing Contact:
La Mar, Steve (SL978) steve@PWRNET.COM (214) 488-8295
Other
whois servers include:
Once you determine the appropriate people to contact at the
spammer's site, copy each of them with your complaint
(including for example, the legal statement and billing
statement noted above). If you need additional help, contact
your system administrator about specific email abuse.
[Top]
[Back
to Junkmail home page]
Spam Combat
It is
recommended that you switch to an ISP that uses one or all of
the anti-spam databases (RBL, RSS, DUL, Spamcop, etc.) About
40% of the internet is using these services, with good
success.
The following is a list of spam-fighting tools and services.
-
Cloud Mark anti-spam products for home and business.
-
Spam Arrest is a tool to eliminate spam.
-
SpamCop
will automatically send complaints about spam for you! All
you have to do is establish a userid, then forward your spam
to SpamCop. SpamCop will generate complaints to all
appropriate parties, upstreams, and open email relay ISPs.
Using SpamCop is probably the best thing you can do to help
eliminate spam. Effective and highly recommended!
-
Spam Bully anti-spam product.
-
Spam Fighter anti-spam product.
-
Spam Fire anti-spam product.
-
Spam Weed anti-spam product.
-
UXN Spam Combat offers traceroute, extended Whois, and
other services - all from one web page!
-
Sam Spade also offers a comprehensive set of tools.
-
Spamhaus tracks known spammers and support services.
-
Spam Whack works essentially like a "bad check"
database, in that users establishing new accounts with
member ISPs are checked against a database of known
spammers.
-
Single Fin email and webfiltering product.
-
www.betterwhois.com searches all domain name registrars.
-
Whois Source offers some industrial strength lookup
facilities.
-
VisuzlWare offers VisualRoute (a graphical traceroute)
and EmailTrackerPro products.
[Top]
[Back
to Junkmail home page]
Fraud
Chain letters over the internet as well as via snail mail are
illegal. For more information, see the
US Postal Service page on chain letters. To report fraud
where money is requested, you can send e-mail to
fraud@uspis.gov.
Pyramid schemes multi-level marketing (MLM) scams are illegal.
E-mail the Federal Trade Commission at
uce@ftc.gov. In the UK, contact the
Trading Standards Officer.
The
Securities and Exchange Commission (SEC) now operates a
complaint center where investors can report online scams.
You can send e-mail to
enforcement@sec.gov.
Many junk emails are illegal get rich scams. The
National Fraud Information Center has an email address
where you can report suspected scams. They have an Internet
fraud division, and work closely with the Federal Trade
Commission and State attorney generals. The e-mail address for
general frauds is
fraudinfo@psinet.com.
Also see
Where to Complain About Frauds & Scams.
[Top]
[Back
to Junkmail home page]
E-mail filtering
techniques
The following list contains information on how to filter your
e-mail on Unix, Windows, and other platforms.
-
Filtering Mail FAQ.
-
Pegasus Mail now contains anti-spam headers. You can now
filter your e-mail based on these headers!
-
Pete Beim's
Eudora Spam Filter and autoresponder is easy to use!
-
See the
Procmail FAQ.
-
Brightmail offers spam-filtered email accounts.
-
Despammed.com also offers spam-filtered email accounts.
-
Freely Available Information Filtering Systems tells you
how to configure Procmail and other Usenet Newsgroup
filters.
-
Netizens Against Gratuitous Spamming offers articles and
a Unix script file to filter spam.
-
The
Boycott
Internet Spam site provides an
FAQ, lots of info on spam, filtering e-mail, blocking an
ISP, etc., and contains some interesting links.
-
Adcomplain is a unix-based system which composes and
mails complaints about inappropriate commercial postings,
chain letters, and e-mail. For example, you can press a
button from within your newsreader, and adcomplain will
automatically mail a complaint to the offender and their
postmaster.
-
Filtering Spam (with Eudora) by checking who the message
is addressed to. Also see
Using Eudora's Filters to avoid spam.
-
Spamhandling Perl handles your spam.
-
Spam filter andi-spam filter.
-
Doug Oard's
Information Filtering Resources page can tell you just
about about everything filtering concepts and tools.
-
Freely Available Information Filtering Systems tells you
how to configure Procmail and other Usenet Newsgroup
filters.
-
MailShell has a free and a fee-based email management
service that prevents junk email.
-
Spam News is the daily e-mail magazine about breaking
events pertaining to spam. The site also includes a list of
filters, ISP contact information, and Spam News archives.
-
Spam Guard Network is a fee-based filtering service.
-
Postini offers a mail filtering product for email
servers.
-
Screen4me is a free service that helps you eliminate
junkmail, spam, and telemarketers.
-
|