Boulder Community Network

BCN Logo

BCN Home Page | Search | What's New | Contribute
Last Update: January 6, 2006.

Internet Spam

This page gives you information about and links to some resources to help you deal with Internet "spam."

Directory to sections in this page -

Legal Note -
"Spam" is a registered trademark of the Hormel Corporation. The term spam is commonly used on the Internet when referring to unsolicited e-mail.


Resources for Handling Internet Spam

Unsolicited email ("Spam"), or "UBE - Unsolicited Broadcast E-mail", wastes some seven billion dollars of productivity a year (that is about $5,000 dollars for every homeless person in the country!), wastes some forty percent of the email channel of the Internet (personal experience is more like 90 percent!), causes people to lose email, is an invasion of privacy, often an identity theft, a very serious nuisance and too often an unsolicited personal cost (such as for downloading email that gets thrown away) for many users.

Spam is very serious theft of resources and identity problems for the responsible Internet Service Providers who usually would like very much to be notified when their computer resources are being stolen. This section gives you some resources for tracing the originators, notifying the appropriate parties. Unfortunately, the spam picture is getting to the point that it is effectively hopeless to try to get your name off their lists.

Spam is also very serious theft of resources when spammers find systems on the Internet that are not protected and allow people to sneak in and use their systems to send millions of emails without their knowledge or permission. This is called the open proxies problem.

Much of the content of spam is very offensive and just plain degrading to our society. Imagine what kind of a world we would live in if we were confronted with huge graphic billboards every mile on the highway telling us to "ENHANCE YOUR MANHOOD!" And to add insult, the billboards are put up on private property without the owners' knowledge nor permission.

The spammers often try to hide behind a claimed First Amendment right of "free speech." Ask does anyone have a right to invade your personal privacy, to obligate your money without your knowledge, and to steal your identity? It should be noted that a Supreme Court decision (Hudgens v. NLRB (424 U. S. 507)) some 25 years ago held that access to private property is premised on "opt-in" permission, not "opt-out" demands after the trespass and or damage was done.

See the following page for the details of this decision -

Another interesting reference on this privacy issue where a company was required to stop sending unsolicited emails to customers of a well-known ISP -


A Blame the Messenger Response

Much of what little legislation exists calls for the spammers to list a web contact link to have your name removed from their list. Aside from the problem of imposing on you to do something to have your name removed after the trespass has been committed, keep in mind the following - too often, these links are nonexistent. Furthermore, if you do happen to get a valid link, keep in mind that there is no assurance that your address has really been removed. Nor is there any assurance that, even if your address gets removed from that one list, that it has not been captured and sold to yet another spammer to perpetuate the harassment.

How often have you received a notice of an email from some name at a well-known ISP that has several people you have corresponded with in the past? And the title is some innocuous "how are things going." So you open it and get another most offensive spam message. Many people understandably complain to that ISP and too often get an unflattering response. Instead of blaming the victim, these ISP's should be asking how many potential customers they have lost by having their name misused. This is called identity theft - of that well-known ISP's name. Yet they too often don't care about the spammers defaming them. They should be reading the current laws on Identity Theft very carefully.

Another technique being used by spammers is to send their email with your address forged as a source. Since many of their addresses are dead, of course all this dead email is bounced back to the "sender" - you. What you see in the email preview is "Undelivered Mail Returned to Sender". Which of course you are tempted to open on the possibility one of your friends has changed an address. Instead, Open carefully! In addition to sneaking more unsolicited and offensive spam into your mailbox, this is also a backdoor technique to propagate computer viruses into your computer. The Identity Theft laws should be applied here.

More and more, a lot of spam contains space wasting garbage fillers buried within html comment tags. This adds as much as 20 percent to that 40 percent of the Internet that these spam messages waste! Also, many of these fillers contain your email address so that if you do report the spam without the headers, the spammers can still deduce your mail address. It amounts to getting the spam reporting services to validate the spammer's email list as valid.

See the Federal Trade Commission's section on this problem -

A very good background on the spam problem, its severe personal, economic and system impacts, and with many useful links is the following -

An excellent resource to trace out where your spam came from, advice on turning on your email program's display of all the routing information, and some suggestions about where to complain to -

A resource for much more information about the spam problem is the Anti-spam Research Group -

Another useful resource for dealing with spam is the following -

An open source spam killer is called Spam Assassin and the University of Colorado has information on it and the spam problem in general at -

A comprehensive discussion about spam by Charlie Oriez, a leading anti-Spam expert, and how to deal with it is at -

To quote from a recent talk by Mr. Oriez:

Spam has a cost. In a survey of Internet Service Providers (ISP's):

Source: CIX (Commercial Internet eXchange Association)

America Online testified to the Federal Trade Commission that one-third of their capacity was used to carry spam.

Netcom reported that their cost was one million dollars per year.

Brightline estimated a cost of $225 million, based on 5 seconds of processing time to hit the Delete key, with an average of 200 spam messages per year (a very low estimate). An estimated 25 million spam messages are sent each day.

Abuse.net is an extensive resource that explains many aspects of the spam problem and has suggestions about what you can do to help control the problem -

The Internet Network Abuse Clearinghouse keeps a database for the reporting and control of abusive use and users -

Senderbase provides access to a database of IP numbers domains, and hosts being used to send spam.

Another resource for further information on the spam problem is Surf Control -

The Open Relay Data Base keeps records on Internet Service Providers who are not adhering to the intents and obligations of the Internet by allowing their systems to be used to propagate spam -

A recently available resource to locate the owner of the recently enabled domain regions, such as aero, biz, coop, info, museum is -

Unfortunately, with the de-centralization of the registrars, many older reference resources for looking up the owner of a domain name have vanished or give a limited search. The current "standard" for most of the older domains is the following -

The following is currently supposed to search all domains -

Find out who is behind your spam and fighting legislative attempts to control it -

Here is a web site that gives summaries of most of the current laws about spam for America and other countries.. I.e., read the laws just about every spammer is flouting.

Once you have the IP (Internet Protocol) number, what do you do? Here is a site that tries to translate all valid IP numbers (including the so-called "cloaked" ones) to their email or postal address:

Another resource for determining who owns a domain name or an IP number is the web equivalent of the whois command -

Here is a site with a discussion of the recent Ferguson vs Friendfinders legal ruling in California -

A site with yet more information about spam and some tools and suggestions to avoid and fight it -

A site that claims to clean up your e-mail spam -

Another resource to deal with spam -

Bigfoot.com's spam tracing procedure -

"Figuring Out Fake E-mail & News Posts" -

Lots of links to places to complain about various frauds & scams on the Internet -

Another resource to deal with spam, junk mail and telemarketers -

The Coalition Against Unsolicited Commercial Email (CAUCE) -

Here is a glossary of spam related terminoloty -

Here is Rahul.net's Spam Glossary -


Dealing Constructively with Spam

Here are some suggestions for handling the spam problem -

Alternatively -

Of course, if you use this service very much, register and pay their nominal fee. Then Spamcop will, after analyzing the email, allow you to send reports - which can be as many as a dozen emails to all ISP's, including the open proxies, all along the routing - to all the offending parties.

If you have shell access in your ISP account, use the network whois command to lookup the owner of the domain name. Since it is usually a waste of time to notify the owner of the spam domain, do another whois lookup on the domain servers who provide service to the spammer and notify them. A message along the following line often gets the message through -

RE - www.spammer.com
THIS IS AN UNSOLICITED, REDUNDANT, HARASSING AND VERY OFFENSIVE SPAM APPARENTLY FROM ONE OF YOUR SERVERS THAT HAS COST ME LOST EMAIL AND HAS COST ME NEEDLESS ADDITIONAL ISP CHARGES. TAKE THIS NAME OFF ALL YOUR LISTS.
cc: Federal Trade Commission

And do really send a copy to the Federal Trade Commission at uce@ftc.gov. They acknowledge getting some 40,000 spams a day; they need more to encourage then to seriously address this problem.

If you have Unix shell access, it is possible to setup a control procedure which is used by the email handler, sendmail, to manage some of your spam. Various names, such as "spamassassin" have been used for these procedures. Unfortunately, most of these procedures merely divert your mail to another directory which you still have to check. (And, unfortunately, if those directories are not emptied, they end up using many megabytes of disk storage.) The only way to begin to get the message back to a spammer that you really don't want spam is to reject or bounce the mail.

CU has SpamAssasin installed for students/faculty. They have an FAQ:

and information on how to configure common mail software:

A close look at spam shows that much of it is artificially padded with html comments that end up as much as doubling or even quadrupling the size of the email. This is a flagrant abuse of their ability to invade your personal space! And when those html comments contain your email address, or personal name or comments, we should be talking about harassment!

Unfortunately, more and more ISP's are getting blase about doing anything about the problem. Some major ISP's, including some who profess to be very concerned about spam, are themselves are serious victims of identity theft and the spam problem, and have often refused to honor mail to their abuse mailbox.

Sending spam is now becoming a big growth industry from some foreign nations. I.e., people in other countries are interfering with the internal affairs of this country! Write your congressperson! Several bills are pending in Congress to supposedly control the problem.

But be aware that one of the measures being pushed, by the spammers of course, is to have a national no-spam registry. I.e., you would need to officially register somewhere to avoid getting spammed! Aside from that database being probably one of the most heavily hacked sites on the Internet, this amounts to nothing less that an unwarranted invasion of privacy as well as being a governmentally mandated protection scheme. Plus it would do nothing to diminish the flood of spam that is crippling the Internet.

There is a message from the recent huge success of the national registration service to prevent telemarketeers from calling people. The result is that many businesses that relied on telemarketing are now moving to other ways to advertise. And many telemarketing companies are getting out of the business. People just don't want to be harassed by in-the-face advertising! The same applies to spam.

A further complication is that some domain name registrars also offer ISP services - to spammers! Since they profit from the spammers registering many throwaway domain names, they are less than proactive in responding to complaints.


Email Filters

Another approach to dealing with spam is to put filters on your account. To get more information about how to do this, check the Usenet newsgroups best.unix and best.abuse, or check

Check if your ISP uses some or all of the anti-spam databases, such as RBL, RSS, and DUL, managed by MAPS. More information is at -

These are system enhancements that the ISP can implement to filter out known spammers.

Or if you have a technical background, take a look at Catherine Hampton's email filters, at

Another resource to track down a spammer and/or his his ISP an extensive set of (freeware) tools for the Windows environment -


How Spammers Harvest their Addresses

How do the spammers get their address lists?

One way, which many email users may not be aware of is that the email message contains a lot of header information which is often not displayed by common email programs.

Anytime you do a CC: operation to another person, that second person's address (and everyone else who gets a CC:) shows up in all copies of the message. It is then a very simple operation for the savvy spammer to display the header information and - viola! - one, or a lot of addresses to pick on.

I.e., do not use the CC: option in your email. Use the BC: (Background Copy) option instead. It sends a copy of your email to the other recipients but does not compromise everyone's address.

For much more information about email headers, see the Email Header Display page in Spamcop -

In general, be careful about giving out an email address in chat rooms and casual contacts in general.

After spammers get an address, they need to make sure it is a valid email address so they can brag about "x-million valid addresses" in their pitches to potential customer. That is where the rule - Never respond the a "click here to have your name removed" message comes from. Your address may get removed from one list, but be assured it will end up on one (or many more) other spam lists.


Return to the Internet Center home page.
Return to the BCN home page.
This information has been brought to you by the Boulder Community Network (BCN). BCN is Boulder Colorado's non-profit sector ambassador to the world of information technology and the Internet.
If this information is of use to you, please consider making a tax-deductible contribution to support BCN in the future. See the contributions page.
World Wide Web page by SCCS.