The Threat
What is the real threat to the internet? Is it censorship, which would
kill some classes of messages? Or would it more likely be those who would
dilute our content till we find it not worth logging in?
When do YOU call it quits? 25% spam? 50 advertising messages? A
hundred? Two hundred? Where do YOU draw the line? When do you say it
isn't worth logging it?
How should we respond? Here are a few ways.
Trespass Analogy
-
If we do not police our back yard, yelling at those who would camp there
and the dogs who would leave their deposits where we may soil ourselves,
then how can we expect to call the yard ours? Indeed, there is adequate
law of trespass vs right of way case law defining just that. You have to
excersize your right of control, or you will loose it. You, yes you,
have to
object, and object often so as to establish your rights to control your
domain.
Theft of Service
-
So too it is with our internet. We, not the senders, are paying for
our connection, our disk space, our computers. These spammers are thus
stealing services from US!
We must object, each and every one of us, to form a legitimate tide of
opinion, to form a legitimate tide of complaint mail flooding the
service
providers each and every time they allow
these spammers to foul our private information footpaths and despoil our
data back yards.
And with some of the larger service providers, selling accounts to
spammer after spammer seems to be good business to their management. A
far better advertising deal for them and their (ab)uers, than all those
bundled post card decks put together. If it were not, a trivial mail
filter plased in these service provider's mail gateways
would have stopped all that outgoing spam mail long ago. Clearly with
them, is is only the volume of our response that will make a
difference.
So it rests with you. Will you do your part? Remember, Only YOU can
prevent spammage fires!
STEP ONE: Finding Where the Junk Came From
-
We need to do a little simple detective work to see where the spam came
from. It is not as simple as sending the spam back to the sender himself,
for in most cases, the sender not only does not care, but has shielded him
or herself with fraudulent message headers, and/or has used a disposable
account to commit his offense against our time and disk quotas.
The first step, is to examine the internet sendmail headers to see
where the message was routed through. in the ELM/PINE mail system, it
suffices to tap the H key to see the headers. In other cases, one may
need to save the message to disk and edit it to examine these headers. You
will likely want to save it to disk anyway so as to return it with all
these headers intact, so the service providers can examine a
representative sample of the messages in order to acertain the true
source. It also results in a larger _legitimate_ message in their mail
box. After writing your polite complaint, read in the original file to the
bottom of your e-mail complaint. In ELM or PINE, use the control-R
command, followed by the name you saved it under.
The FROM and RECEIVED FROM lines give the path and times a message
traveled through
the net. Forgeries often show substantial time gaps in this record, as the
forged sections are usually prepared ahead of time. (However,
sometimes e-mail does pool here or there as machines are down or
busy. Also, not all machines have their clocks set correctly.) Here, we
see a typical routing list, destination on top, and source at the bottom.
(Lines truncated in length) This one appears not to be forged.
From immune-request@weber.ucsd.edu Sat Apr 27 15:38:05 1996
Received: from mail1.best.com (mail1.best.com [206.86.8.14])...
Received: from weber.ucsd.edu (weber.ucsd.edu [132.239.147.2]) ....
Received: (from daemon@localhost) by weber.ucsd.edu (8.7.5/8.7.3) ...
Received: (emout12.mx.aol.com [198.81.11.38]) by weber.ucsd.edu
Note the numbers in brackets -- these are the internet computer numbers
which you can look up with a WHOIS command, and even get the e-mail
address of the system administrator in most cases. Usually, you won't need
this, but wherever there is a time gap, or no name, it might be worth
checking on. Start with the
full number, then if you do not get an answer, repeat the WHOIS command,
dropping the last number in the set till you do get an answer:
whois 132.239.147.2 ...nothing..
whois 132.239.147 ...nothing...
whois 132.239 ...Bingo! UCSD.EDU
Now, we do know that UCSD was victimized along with us. The spammer stole
services from them, and since UCSD does receive some funds from the
Federal Government, this is something the FBI can investigate, and could
be tried in Federal Court, should there be enough complaints. (But perhaps
we ought to try complaining to the source often enough, before we
encourage Federal Intervention.)
From: SElli97635@aol.com
Received: by emout12.mail.aol.com (8.6.12/8.6.12) id OAA04404;
Date: Sat, 27 Apr 1996 14:07:55 -0400
The rest looks OK. And here is the payoff -- the message ID. Each
message on the net has a message number, and the source is part of it. If
a net detective gets this message number, he or she has a much better
chance of deciphering the true source and actual time of entry into the
net. (Perhaps someone could add to that?)
Message-ID: <960427140754_282092949@emout12.mail.aol.com>
Additional Resources:
- The
OLGA mail spamming.
- Tracing
SPAM
- SPAM-L anti SPAM mailing
list
- Killfileing SPAM
news posts
- On this SPAM stuff
- Internet news forum on general net abuse:
news.admin.net-abuse.misc
- Internet news forum for reporting SPAM:
alt.current-events.net-abuse"
- Header
Format Spec
STEP TWO: Legitimate Response
-
Fine and dandy, now what do we do? We complain to the postmaster at
the site of origin. If there is ANY possibility of forgery in the
headers, take the last three or four
sites the message passed through, and send a letter to the postmaster at
that site. In this case, it would be:
postmaster@aol.com, postmaster@ucsd.com, postmaster@best.com
Except that a few service providers now have abuse ID's to deal with
abusers like this. So we add
abuse@aol.com, and abuse@netcom.com
to this list giving us five
addresses to copy the source of the message back to.
Why so many? The last few may be forged, and the sender may have
done that from his own computer, so he may be the postmaster at his own
domain name. If the abuse does not stop with one message, I escalate by
adding more and more up-line service provider's postmasters to the list.
Even with the worst frauds, one eventually hits a legitimate postmaster
who can tell where it all came from, and is getting enough complaints to
try to DO something about it!
How many messages does it take for them to get the hint? For AOL,
apparently quite a few! That is why we have to keep at it, sending every
single spam back with a complaint.
We are not talking mail-bombing, as that would be a denial of service
attack, which is illegal under Federal law.
But... Each of us has a legitimate complaint! And it is certainly
legitimate for us to include ALL the pertinent information needed for them
to investigate this matter, and to send that to all parties involved in
the abuse wreaked upon us! If every one of us sends a single clear, calm,
and respectable complaint message to each of the service providers
involved, it's a lot of mail, legitimate mail, that the service providers
and their up-line connections have to deal with. Sooner or later, they will
get the hint that it is easier to prevent the spam, than deal with so much
complaint mail.
Additional Resources:
Does This Work?
-
A resounding YES!
Remember the immigrations lawyers, C. and S., who spammed newsgroups a
few years
back? A vast tide of e-mailed opinion forced the up-line connections to
threaten to disconnect the service providers of those immigrations lawyers
it they did not drop them. Those lawyers were hounded off three service
providers, one after the other! In addition, there are indications at
least one of them was disbarred for related activities.
The same happened for another particularly vicious spam which we called
"The Suicide Cannibal Cult", for their advocacy of cannibalism and suicide
as means of saving the ecology. They spammed thousands of people, some of
whom later posted that they needed psychiatric support after being shaken
by the psychologicaly twisted trash received in that spam.
After complaining about many spams, (I was by no means the
only one,) I have been notified by
AOL and several universities that the spammers I complained about have
lost their internet access because it was not their first offense.
Some internet service providers (ISP's) now block cross-posts to more
than five news lists. Others have instituted limits on how many addresses
can be placed on a TO or CC line, and there are some proposals for fines,
noted elsewhere.
Why does it work?
The net is, after all, a series of individual and independent companies
cooperating in the transmission of information. The net is not owned by
any one company; even the National Science Foundation funding for the
internet backbone is long gone. If one service provider ceases to be
polite, those next to it can cancel the connection for non-cooperation.
So if enough of us complain, things will be done and HAVE been done!
Complaining Clearly Works! At least, it does if enough
of us complain.
Remember!
Only YOU Can Prevent Spammage Fires!
(Steal this FAQ, post it at your site.)
Follow the Money
-
Why is there spam? Who benefits by this spam? There has got to be a
payoff someplace.
And to collect that payoff, someone has to put out an address. Otherwise,
what is the point? Even the occasional hate spam has some kind of
tie-back to an organization of some sort, for they usually want to
increase their membership.
What is there beyond complaints?
One would suspect that the receiver of these ill gotten gains might
have some LEGAL responsibility for encouraging this, either through sales
commissions, bonuses, or contests. One would suspect that if they receive
enough complaints, or are named in enough suits in small claims court,
even the richest organization would soon get the hint.
One is reminded that a recent TV show interviewing the neighbors of a
particularly bad apartment complex from which gangs had been running
drugs. Each nearby home owner or otherwise offended party sued the owners
of the apartment building in small claims court for some modest amount of
depreciation of their property and/or incidental damage. Although a few
thousand dollar judgement here and a few hundred dollar judgement there
there was not much, there were enough affected parties that it added up to
an appreciable amount of money! The owners cleaned it up. (Or was it the
people who bought the complex after the original owners declared
banckrupcy? I forget.)
Similar approaches have been used successfully to stop
unsolicited advertising phone calls.
Even fleas and mosquitos have been known to bleed people dry when there
are enough of them. And people become wise enough to avoid such
places.
Further down, is the address of the recent magazine spams I have
received. Those with local access or with Sprint's Friday Free service
may want to fax their thoughts and legitimate complaints directly to the
company. We have the duty to complain to the source of the offense
against us!(Though we do need to be Polite, and reasonably to the point.)
If we all fax them our complaints, I would expect their four gigabyte
drive would soon overflow with Legitimate Complaints from Legitimately
Offended parties. Perhaps then, they would see that encouraging the
fouling of our information superhighways with spam, superhighways WE are
paying for, does not help them make any money.
Repeat Offenders
-
We've also seen this address a few times on recent spams.
REQUEST FOR MORE INFO: please return *only* this
section (with no cover page) via 1-page fax to:
718-967-1550 in the USA
or via smail (first class mail or airmail) to:
Magazine Club Inquiry Center
Att. FREE Catalogue-by-email Dept.
PO Box 990
Staten Island NY 10312-0990
Sorry, but incomplete forms *will not* be acknowledged. If you do not
have an email address, or access to one, they will not be able to help you
until you do have one. If you saw this message, then you should have one.
It is up to each of us to police our own back yards. If we let the
neighbors throw their trash in our yards, it is as much our fault as
theirs.
Additional Information
-
