spam --

how to deal with it

Information pollution

on the Internet

and clogging up your email account

Contents

• what's spam?
• individual rights
• how can I prevent it?
• how do I deal with spam?
• how to read headers

What's spam?

Spam can be:

• commercial (trying to sell you something)
• crackpot (someone blowing off about their ideas or beliefs, or being offensive),
• offering sex-related (also commercial!) Internet links

  (really a tiny minority of the Internet, but the people involved in it seem to be desperate to share their experiences)

• a personal attack in which you get 'mailbombed'

  (sent so much email that it clogs up your account, stopping your normal messages getting through, even overflowing the mail server sometimes and inconveniencing everyone)

• ... or any combination of these!

The Internet was formed in the spirit of co-operation, mutual respect, the free sharing of knowledge and the efficient transfer of information.

Spammers use it to litter information -- they information pollute.
It is estimated that up to 75% of newsgroup information transfer, and 40% of email transfer, is spam.
This slows down the 'Net enormously.
Worse still, spammers' abuse of the 'Net is increasing at a rate which threatens the viability of the Net at all -- at this rate, in a couple of years, only a trickle of real communication will be able to get through!

Right now, quite apart from the personal inconvenience of getting spam, we all pay for all our connect time, regardless of what is slowing our connection down.

Contents

individual rights

Spam is not just like junk mail in your letterbox:

1. you don't pay for junk mail to be delivered to you, and
2. legally you can put a "GPO mail only" sticker on your letterbox,
and junk mail cannot be delivered there.

Spam is unsolicited, you didn't ask for it and you don't want it, but:

1. you pay the connect time to download it, and
2. there is as yet no legal defence against your privacy being invaded,
and your resources being abused in this way.

Larger ISPs, which have been massively affected by spamming, have sued major spammers and won their cases.

There is also currently a bill before the US govt, which will (everyone hopes) include email spam in the current law forbidding sending anyone junk faxes, since the process of sending someone something they don't want, down a phone line for which they are paying the costs, to their own equipment, is the same.

UPDATE: newsgroups have been discussing the legislation, and apparently there are 14 states [USA] currently reviewing anti-spam bills.
Washington State has passed the bill into law, and California is half-way through the process (voting ratio 100% approve, so far).
The Washington State anti-spam law allows up to $500 per violation for the victim, and up to $1000 for the victim ISP (Internet Service Provider).
The major ISP Earthlink took the mass spammer Cyberpromo to court some time ago, and Cyberpromo has been ordered to pay $2 000 000 U.S. in damages to Earthlink, and never to mail an Earthlink customer again (among other details).

For further information on spamming and what is being done about it, please see:

the Netizen's Guide to Spamming and

Netizens Against Gratuitious Spamming (Fight Junk Email)

both major sites which will give you lots of useful advice, software and links to other helpful sites.

and... to report spam (free and easy!) or to look at a service which works to stop spam getting to you in the first place, I recommend:

Spamcop

Contents

how can I prevent it?

Spammers use 'robot' programs

(which follow the same instructions over and over again,
wherever they are placed)

Once they have your address, it is placed on a list with many others, and the lists are sold to other spammers.

Spammers then use spamming-software to email thousands and thousands of people at one go, with their unwanted solicitations.
You can end up on several lists, and receive the same junk information (some of which is very long, or offensive) over and over!

Usenet, a free, easy-going network of newsgroups on every available topic, with millions of people reading and contributing, is not well protected against spam.
Whenever you post to a newsgroup (downloading and/or reading doesn't identify you), you include your email address as one of the headers, and the robots simply collect these headers.

Although it's a pain for your friends wanting to reply to you, it is advisable to make your Return Address header in your newsreader a fake one, and to include your real email address later in the message, in a form which is not recognizable (by the spam robots) as
username@servername.kind of organization.country

For example, a fake Return Address header:

mudgrubs@river.flats.invalid

where the .invalid ending lets everyone know that this is a spam-protective header and not your real address
(there are some weird real addresses around!),

While at the end of your message, in your sig (signature file), for example:

clytie in the domain riverland which is net in au

(the robots have now been programmed to pick out at or dot instead of @ and . so making your email address look like normal text is the best camouflage)

Other protective measures are:

• don't give your email address out too readily, especially where it might be put on a list that a robot could scavenge
• especially, don't fill out those webpage forms for 'guestbooks' and 'free membership of X', if they ask for an email address;
  or if you do, don't give one, or give an invalid one;
  the webpage-form-makers are not necessarily collecting addresses, but a spam robot will crawl their pages and slurp up your address like icecream on a hot day!
• don't allow people to email you as one of a list of people, so the email goes out to each person with a list of addresses copied (cc) at the top
  -- robot programs look for lists of addresses --
  insist that these people use Blind Carbon Copy (bcc) instead, and there will be no visible list

  If you have signed up with a majordomo mailing list or a Listserv, you will notice that other people's email addresses are not listed at the top of each message shared within the group.

• don't have your email address available on a webpage -- robots scan mailto: links
  

  There are apparently ways to conceal your real address but still have a mailto: link.
  I take the risk because I don't want to confuse people reading my pages.

• ask your ISP for help, and refer them to this link: http://kryten.eng.monash.edu.au/gspam.html
  which has information for ISPs, and tools for anyone wanting to prevent spam
• and finally, you can ask your ISP to change your email address, which is a nuisance, because you then have to advise everyone (and possibly change your letterhead, business cards etc) but once the spam gets bad enough, it is worth it, and starts you off afresh.

Contents

how do I deal with spam?

You can trash it, or use your email program's filter

(no filters? very useful for sorting your incoming and outgoing mail -- Eudora has them)

But that doesn't stop it at all.

The way people all over the 'Net are stopping spammers, is to complain to the ISP (Internet Service Provider) which hosts the spammer's account

(meaning it is the spammer's connection to the Internet, just as your ISP is your connection to the Internet).

It means you put some time into it, but you're not just target practice anymore.
You are actually fighting back.

Contents

how to read headers

Spammers forge some of the headers that you see at the top of the email message, but we can still trace them.
After all, we have to be smarter than people who spend all their time junkmailing other people! ;-)

Let's have a look at some typical spams:

here's a typical example of the sex spam (not so much offensive as nauseating, but please be warned etc.), sent to my old email address:

X-POP3-Rcpt: clytie@main
From: MSaint1018@aol.com
Date: Wed, 11 Feb 1998 18:56:59 EST
Mime-Version: 1.0
Subject: Re:

The Virtual Girlfriend and Virtual Boyfriend are artificial intelligence programs for your IBM PC or compatible and also for MACINTOSH. You can watch them, talk to them, ask them questions, tell them secrets, and relate with them. Watch them as you ask them to take off different clothes and guide them through many different activities. Watch and participate in the hottest sexual activities available on computer, [etc etc {yawn}]

Notice the headers, the information at the top:

X-POP3-Rcpt: clytie@main

meaning received at my address by POP (Post Office Protocol)

from this address,
but people on aol.com can have several email addresses,
and in any case it may be forged, which is also illegal; we'll see

the date it was sent (US)

the type of encoding
(often means the message comes from a Windows system)

the subject  line shows up in your In Box, so this one just said "Re:", which would give someone no warning that they were about to read stuff that would put them off their lunch

Not much to work on, huh?

If you have Eudora, you will notice that it shows a "blah blah" button at the top of each message, which when pressed will show you all available headers.

[If your email program doesn't have this feature, to deal with spam you need one that does.]

X-POP3-Rcpt: clytie@main
Received: from imo29.mail.aol.com (imo29.mx.aol.com [198.81.19.157])

this is the first Received line, telling you which server sent the message to your server;
it shows that murray.net, like any responsible ISP, has done a reverse DNS (Domain Name Server) lookup, which will not allow forged "from" hosts (a good start!)
murray.net finds that this message did come in from aol.com

the second Received line doesn't tell us anything more: either the message only came from aol.com, or it's been forged to look like it did.

Either way, if that's all the information you can find, you go to your email program's Message menu, choose Forward

(you can quite easily Forward the same message to each ISP involved,
with full headers but deleting the message,
apart from any names, addresses, weblinks or other identifiers)

[the aol spam-abuse address; most large ISPs respond to abuse@hostname, or if not, to postmaster@hostname]

Let's see if we can find something to get our teeth into...

My, there are some crackpots out there today:

X-POP3-Rcpt: clytie@main
Date: Mon, 9 Feb 1998 09:00:22 +1100
To: cufuloo72@ldl.net
From: cufuloo72@ldl.net (Comments: Authenticated sender is private.company.and.not.an.ISP)
Comments: Authenticated sender is cufuloo72@ldl.net
Subject: The Internet Specialist .007

Are you tired of using the internet for just email? Have you heard about all the information out there but just don't know where to find it? Do you want to find a wealth of information on all the people you know, including yourself? Want to learn EVERYTHING about employees, neighbors, family, boyfriends or girlfriends, ENEMIES and even your boss? [etc. etc. and of course more etc.]

So let's start with the ordinary headers:

X-POP3-Rcpt: clytie@main

received by me, unfortunately

date sent

this "To" header indicates that he is sending the command to a list of addresses

I should hope not, any ISP would have more sense; probably a fake email address

s/he does keep saying that

an immature and bragging subject line, very common among people who spam you but wouldn't look you in the face

Now pressing the "blah blah" button on this spam message gets us some very interesting headers:

X-POP3-Rcpt: clytie@main
Received: from webfarm.ficnet.net.tw (webfarm.ficnet.net.tw [203.70.60.1])

• this has obviously been relayed through a server in Taiwan, because these are not the senders!
• the server admins in Taiwan have setup the server as an open relay, so that anyone from outside its domain (even those who are not its own users) can send mail through it
• spammers use relays to avoid having to pass hostname checks, so they can use fake hostnames and hide where their stuff is coming from
• it is encouraging, though, that spammers are having to use foreign sites more and more, because main sites are closed to them

yes, from Taiwan, and the next thing we can do is to check that DNS number to see if it turns up a host name, which of course will be connected through an ISP to whom we can complain ;-)

Oh, puh-leeze...

Step one is to forward the message to postmaster@webfarm.ficnet.net.tw

[postmaster@hostname is an address which should always exist]

Step two is to start using 'Net tracing utilities.

On a Macintosh, I'm using MacTCPWatcher, an excellent shareware product from Australian Peter Lewis, to be found at his site:

http://www.stairways.com.au

MacTCPWatcher will

• look up DNS numbers to check that they have real host names
• check DNS names to check that they have real numbers
• Ping (see the FAQ for more information about Ping)
• and traceroute
  (backtrack from your end to the spammer's server,
  showing you all the connections in between,
  which will include the spammer's upstream ISP,
  the one that connects them to the 'Net, and can cut them off for spamming
  (useful people to complain to ;-)

There are a number of programs that will do all these same jobs for Windows
in the local Tucows software archive,
but for Windows 95 I recommend CyberKit, found at the top of:

http://tucows.netconnect.com.au/dns95.html

So, having showed all the headers, and checked them, the next step is to get online and use these 'Net tracing tools:

• go into your Net tracing program
• ask it to do a DNS lookup
• copy the DNS number (in this case 206.133.11.106)
• ask it to check the number for a 'real' host name
• If it comes back saying there's no match, it's forged.
  
• If it comes back with a real host name, we have another place to send the complaint:
  to postmaster@that host name.

As it happens, DNS lookup confirms 206.133.11.106 as
sdn-ts-006mdrelrp07.dialsprint.net
in other words, a customer of dialsprint.net
so we can also forward the message to abuse@dialsprint.net (a major ISP)

Next step? To find out which ISP is supplying that host.
For this we use traceroute in your Net tracer.
Traceroute sends a very small amount of data from where you are, to the host you name, and shows you all the hops in between (and how long it takes).
Let's do it:

TraceRoute to host sdn-ts-006mdrelrp07.dialsprint.net

#    Address         Host Name                                   Response Time

1    203.18.28.194   riverland-ppp.riverland.net.au                    156 ms
2    203.18.28.199   renmark.netconnect.com.au                         157 ms
3    203.87.4.217    bal-rt1-s0.5.netconnect.net.au                    367 ms
4    139.130.10.145  Serail4-2.lon3.Melbourne.telstra.net              650 ms
5    139.130.239.231 Fddi0-0.lon5.Melbourne.telstra.net                260 ms
6    204.70.208.117  borderx2-hssi2-0.Bloomington.MCI.net              393 ms
7    204.70.208.65   core2-fddi-1.Bloomington.MCI.net                  698 ms
8    204.70.4.21     core3.Bloomington.mci.net                         1024 ms
9    206.157.77.42   somerouter.SPRINTLINK.net                         979 ms
10   144.232.1.13    sl-bb22-ana-1-1.sprintlink.net                    1400 ms
11   144.232.1.22    sl-bb3-ana-4-0-0.sprintlink.net                   1467 ms
12   207.143.240.162 sdn-pnc1-ana-12-0.dialsprint.net                  874 ms
13                   No response from this hop                         
14                   No response from this hop                         
15                   No response from this hop

...with delay and maybe a broken link toward the end in this case, but we can see that the data went:

Doing a traceroute gives you additional evidence: you can include it with your complaint, and keep it so if the spammer's closest upstream ISP doesn't act effectively, you can complain to the next ISP up.

It sounds like a lot of hassle, but it's worth it, firstly to have some say in what uses up your connect time, and secondly to do something effective towards stopping this waste of everybody's resources.

If you want to experiment with traceroute, whois, finger and other 'Net tracing tools, they are available to useon the webpage:

http://kryten.eng.monash.edu.au/gspam.html

Information is power, and sharing information to empower everybody was what the Internet was originally about (not ripping people off for money).

There is no reason why you should be at all powerless in your contact with the 'Net.

If you get spammed, and need some help reading the headers or working out to whom to complain, feel free to Forward the spam to me, with full headers, and only identifying info (names, addresses, links) left of the text.

Contents

email Clytie!