|
Internet Spam
This page gives you information about and
links to resources to help you deal with Internet spam.
Unsolicited email ("Spam"), or "UBE -
Unsolicited Broadcast E-mail", is a nuisance for users and a very serious
theft of resources problem for the Internet Service Providers who usually
would like to be notified when their computer resources are being stolen.
To quote from a recent talk by Charlie Oriez, a leading anti-Spam
expert :
Spam has a cost. In a survey of Internet Service Providers
(ISP's):
94.0% reported that spam irritates their subscribers.
79.5% reported that UCE (unsolicited commercial e-mail) slows system
performance.
75.9% stated that it increases operating costs.
58.5%
reported daily or more frequent impact.
33.7% said it creates system
outages.
28% said weekly impact.
Source: CIX (Commercial Internet
eXchange Association)
America Online testified to the Federal Trade Commission that one-third
of their capacity was used to carry spam.
Netcom reported that their cost was one million dollars per year.
Brightline estimated a cost of $225 million, based on 5 seconds of
processing time to hit the Delete key, with an average of 200 spam
messages per year (a very low estimate). An estimated 25 million spam
messages are sent each day.
This section gives resources for tracing the originators, notifying
the appropriate parties, and hopefully getting your name off future spam
mailings.
An excellent resource to trace out where your spam came from, advice on
turning on your email program's display of all the routing information,
and some suggestions about where to complain to is the Spam Cop website.
The Campaign to Stop
Junk Email by JCR Design has extensive and detailed instructions on
tracing and reporting spam.
Another
resource to learn how to report spam so action is taken.
To learn how to interpret email headers visit this Earthlink
page.
To investigate the owners of a domain name visit the InterNic website.
To investigate the owners of a numeric IP address visit the American Registry for Internet Numbers
(AIRN) website
If you are reading your mail at the unix shell level, you might be
interested in setting up Procmail to filter your mail. Here are some links
regarding setting up Procmail, mostly to work with Pine. Be warned that
Procmail is fairly complicated to get up and running.
Using Pine and
Procmail to filter e-mail
Procmail website
How to configure
Pine with Procmail
Filtering
Mail FAQ
Processing mail with
Procmail
Using
Procmail
The link comprehensive
discussion is about spam how to deal with it by Charlie Oriez, a
leading anti-Spam expert.
Abuse.net is an extensive resource
that explains many aspects of the spam problem and has suggestions about
what you can do to help control the problem.
The Network Abuse Clearing house
keeps a database for the reporting and control of abusive use and users -
Once you have the IP (Internet Protocol) number, what do you do? Spam Combat is a site that tries to
translate all valid IP numbers to their email or postal address.
Another resource for determining who owns a domain name or an IP number
is the web equivalent of the whois command is the NTT/Verio website.
A site with more information about spam and some tools and suggestions
to avoid and fight it Email
Abuse
A site that claims to clean up your e-mail spam Spam Killer
Another resource to deal with spam Fight Spam on the Internet !
The Mail Abuse Prevention System
LLC page will give you more information about the spam
The ORDB list provides a service to
Internet Service Providers that attempts to block a lot of spam from
reaching your mailbox."
Bigfoot.com
spam tracing procedure.
A Spam FAQ
Lots of links to places to complain about various frauds & scams on
the Internet LinkScan
Another resource to deal with spam, junk mail and telemarketers EcoFuture
Coalition Against Unsolicited
Commercial Email (CAUCE)
HotPOP's AntiSpam
Page
Dealing Constructively with Spam
Here are some suggestions for
handling the spam problem -
-
Don't hit the Delete button and gripe to a colleague;
that ensures your name stays on the spam lists, you will get lots more
spam in the future and more ISP's will continue to be victimized.
D
-
Do review the above spam information sites for
background on this area and to find one that works with your email
environment.
-
Do not respond the "click here to be removed" line -
that may take your name off the current list, but it validates your
address and probably guarantees more spam later on.
- Do file a complaint to the responsible party. How to do so may
appear complicated, but it is actually quick and simple. Here is one
approach :
- Turn on the email header display in your email program per the
instructions in several of the above sites. Especially Spamcop has an
extensive list of email programs and setting their controls.
- Track down the probable culprit - remember that a lot of the ISP
names in the header are false alarms. The above sites have several
utilities that can analyze a header from a paste of the header, or by
using the IP numbers, and give you the address of a responsible party
who to file a report with.
Note that the "From ... Sat Jul 22
17:34:36 2000" line at the beginning of an email is rarely the
culprit.
- Most responsible ISP's now have an "abuse" mailbox which is devoted
explicitly for receiving spam reports.
Write a report to the abuse
mailbox along the following lines :
- To: abuse@the_ISP_you_tracked_down_above.
- Subject: Spam
- The following spam is unsolicited and unauthorized email that
apparently came from or through your server. Please tighten your
security, and remove my name from this and all associated lists.
- If there is an email or web address in the message, add a note to
draw attention to it, such as Please kill account xxxyyyzzz@domain.com
found in the body of the spam - this is a very important lead in
helping the abuse department track and close down the spammer.
- If the the spam has a possibly fraudulent offer (such as a chain
letter or pyramid scheme) that involves sending money via U.S. Mail,
report it to the U. S. Post Office Inspector General by making a
printout of the header and entire message and send it to :
R. J.
Hang
U.S. Postal lnspection Service
Operations Support Group
Gateway 2 Center Fl 9
Newark NJ 07175-0003
Denver area
telephone: (303)313-5320
U.S.P.S
Mail Fraud Complaint Form
- Thank you,
Your email address - only as it appeared in the
email header.
- Send a background copy to the Federal
Trade Commision , which is tracking the spam problem and will,
hopefully, eventually develop the information to get serious
legislation. Enclose the entire email header record without any
modifications.
- Enclose enough of the content to let whoever gets the report
identify the message; such as through an address or telephone number,
or at most a screen image. But don't fight spam with more spam by
resending a lengthy spam message!
- Alternatively
- Enable a display of the header information as above.
- Copy the entire email - important - the email header must be
included - to the Clipboard.
- Go to Spamcop and to their "Just Testing" page.
Paste the
email into their window and ask for an analysis.
Save the
address(es) of the spam and write a letter as above to those
addresses. Of course, if you use this service very much, register and
pay their nominal fee. Then Spamcop will, after analyzing the email,
send the report to the offending parties for you.
Spam Control Bills before Congress
As of September 1,
2001
Finally, the federal Congress is beginning to address the Spam
problem. There was a bill in the 2000 Congress that failed to pass. But
this year, there are several bills pending action. Go to the Thomas site
and do a search on "spam". Check them out and urge your Congressperson to
support them.
Thomas
The
following biils are under consideration as of now
H.R. 113H, Wireless Telephone Spam
Protection Act;
H.R. 1017H, Anti
Spamming Act of 2001;
HR 1017H, Anti
Spamming Act of 2001;
S.630.S, CAN Spam
Act of 2001, which deals with fraudulent routing information
Law
There are (finally!) some serious laws about spam. Visit
U.S. Department
of Justice Internet Fraud page for details.
Email Filters
Another approach to dealing with spam is to
put filters on your account. To get more information about how to do this,
check the Usenet newsgroups best.unix and best.abuse
Check if your ISP uses some or all of the anti-spam databases, such as
RBL, RSS, and DUL, managed by Mail
Abuse Prevention System MAPS.
These are system enhancements
that the ISP can implement to filter out known spammers.
Or if you have a technical background, take a look at Catherine
Hampton's email filters, at SpamBouncer
Another resource to track down a spammer and/or his his ISP an
extensive set of (freeware) tools for the Windows environment Sam Spade
How Spammers Harvest their Addresses
How do the spammers get
their address lists?
One way, which many email users may not be aware of is that the email
message contains a lot of header information which is often not displayed
by common email programs.
Anytime you do a CC: operation to another person, that second person's
address (and everyone else who gets a CC:) shows up in all copies of the
message. It is then a very simple operation for the savvy spammer to
display the header information and - viola! - one, or a lot of addresses
to pick on. As such do not use the CC: option in your email. Use the BC:
(Background Copy) option instead. It sends a copy of your email to the
other recipients but does not compromise
Be careful about giving out an email address in chat rooms and casual
contacts in general.
After spammers get an address, they need to make sure it is a valid
email address so they can brag about "x-million valid addresses" in their
pitches to potential customer. That is where the rule - Never respond
the "click here to have your name removed" message - comes from. Your
address may get removed from one list, but be assured it will end up on
one (or many more) other spam lists.
|
