There are thre different types of SPAMmers and the methods you must take to protect yourself from them vary.

1. Net illiterate SPAMmers
2. Net savy SPAMmers
3. SPAM ISPs

Net illiterate SPAMmers are usually individuals who have fallen for a "get rich quick" scam, are so new to the net they do not understand the technology nor the etiquitte, so young that that the don't know any better, or using old bulk emailers.

These individual acutally use the real addresses in some way.

Net savy SPAMmers are individuals who technically know the network protocols very well or are using sophisticated bulk emailers.

SPAM ISPs are corporations dedicated to SPAM. From one point of view these are the easiest to deal with.

individuals who technically know the network protocols very well or are using sophisticated bulk emailers.

Step one is to look at all the headers of the message. News/email readers normally show only a subset of the available headers to avoid screen clutter. Select the option that makes the hidden headers visible. In Netscape select Options/Show all headers, in MSWIN Pegasus press ^H, in Pine press H, in VM press t and in NewsExpress select File/ Options/ Compose/ Include Headers. Other news/email readers have similar options.

Important headers are:

• From:
• Sender:
• X-Sender:
• Reply-To:
• Errors-To:
• Return-path:
• Message-id:
• Path:
• Received:
All contain a network host name that may give you a clue as to who the spammer is. However, any or all of them may be faked. It is common for spammers to send email from a throwaway account at one site and solicit replies at other sites, so you may need to track down two or more network locations. Make a list of all host names mentioned in the headers and in the body of the message. These are the parts to the right of the @ sign in email addresses, between // and / in web links, in the last Received: header and at the right end of the Path: between !'s.

Path: gives the list of hosts a news item passed through, from the poster's site at the right end to get to your site at the left end. One or more entries on the right end may be faked so you may need to cooperate with others to track down which host in the Path: list the message was injected at.

Like the Path: header Received: headers are a list of sites the message passed through in reverse order but with only one host name per header. Again, the bottom entries (earlier timewise) in the Received: list may be faked. It is also possible for spammers to relay email via a third party so that the Received: header before your site's Received: headers may be a victim too. They're slack though as they should've configured their mail servers not to relay third party email. Some spammers also pretend to be innocent relay sites by forging additional Received: headers and lying in response to complaints; complain to the so-called `relay' site's ISP if you suspect this is the case.

Since intermediate sites always prepend headers then those higher in the list are much less likely to be forged than those further down. See how to interpret Received: headers for more information.

Even with normal, non-faked operation not all hosts or network routers a message passes through are recorded in the Path: or Received: headers. Use TRACEROUTE (described below) to get a more complete list.

Host names usually have machine name and domain name parts. For example kryten.eng.monash.edu.au has a machine name of kryten and domain name of eng.monash.edu.au (engineering faculty, monash university, education sector, australia) with larger domains monash.edu.au, edu.au and au. Look at your list of host names and see if you can add some local domain names to the list by stripping machine names from host names. This is a trial and error procedure and may not always give a valid result.

Some of the host/domain names you've discovered may actually be a numerical network IP address eg. kryten's is 130.194.140.2. Use DIG ipaddress->hostname to find a host name given an IP address and use DIG hostname->ipaddress to find an IP address given a host name. Add any new host/domain names discovered to your list. IP addresses can have zero, one or several host names. Host names can have zero, one or several IP addresses.

Some hosts and domains designate one or more hosts to handle any email directed to them. Use DIG hostname->mailexchanger to find out if there are any such hosts.

I have, from time-to-time, received really nasty emails for no reason and, like all of us, have received, unfortunately, too much junk mail. A good cyberfriend of mine received an email of a graphic sexual nature. She did not know what to do. Upset, she emailed me with the offensive email and asked for help.

Although I cannot help everyone individually, I can communicate to as many people as possible procedures to help make the net a better place to be for themselves and others.

Before you continue, please realize that this is not a normal problem. This only happens in rare occurrences. But, for those who experience it, it can be very upsetting, especially when you don't know who to turn or what to do.

Junk mail is a more pervasive problem and very real, but is nowhere nearly as offensive as a harassing email of any sort.

In the "real world" you can throw the junk mail away, write the junk mail sender and ask to be taken off the mailing list, or if nothing else works, you can file a complaint with your local police or the government. For sexual harassment, you can file a complaint with your company, local police or the government.

But, what can you do in cyberspace? What can you do about the unwanted email you receive?

Actually lots! Here is what you can do:

• Do not respond. It will only encourage more email.
• If it's just junk and you don't want to waste your time, delete it. To learn more about other actions you can do see Fight Spam on the Internet!.
• If the email is offensive or if you're tired of junk, forward the offensive mail to the senders ISP's contact:
  1. Take the host domain name from the email return address: someone@somewherelse.com. This can be found in either the Reply-To or From fields shown in the example email below.
  2. Forward the offensive mail with your complaint to postmaster@somewherelse.com,webmaster@somewherelse.com.
• If the sender attempted to give you an invalid address, the offensive mail can still be forwarded to the ISP:
  1. Take a look at the mail headers, if you can, in your mail program or save and read it in a text/word processing program. You will see something like the example email below.
  2. Take the host domain name from the "Received: from": mail.somewherelse.com. If you can't, for some reason, read the headers, use the host domain name you find in either the Reply-To or From fields.
  3. Forward the offensive mail with your complaint to postmaster@somewherelse.com,webmaster@somewherelse.com.
• If the host domain name is a "vanity" or sub-domain and is controlling its own email addresses, the offensive mail can still be forwarded to the real ISP for resolution:
  1. Take a look at the mail headers, if you can, in your mail program, or save and read it in a text/word processing program. You will see something like the example email below.
  2. Take the host domain name from the "Received: from": mail.somewherelse.com. If you can't, for some reason, read the headers, use the host domain name you find in either the Reply-To or From fields.
  3. Use the WhoIs function or just enter the host domain name (i. e., "somewherelse.com"): followed by a return.
  4. When you type either "return" or "enter", you will see a report from the Internic.
  5. From this form, copy the email address of the Technical Contact. You can also get his phone number here.
  6. Forward the offensive mail with your complaint to the Technical Contact's email address.
• If you work for a corporation and receive unwanted and possibly offensive email, contact your network administrator immediately.
• If you have a technical problem with any of these instructions or need further help, please contact your ISP.

Why does this work?

All corporations will act immediately to protect their businesses. All ISPs will act immediately on this to protect their businesses and their IP numbers. There is no "freedom of speech" problem here. ISPs will immediately cancel the offensive account(s) and maybe even legally followup. You can be almost guarrenteed that individual will be off the net the next business day if what was done was egregious enough!

Most ISPs do not appreciate customers using their services for "no good" and do not wish to be known as being tolerant of this sort of behavior, especially since sexual harrasment and junk email are federal offenses and put the ISP at risk of being prosecuted, as well.

Considerations

• The net is no different than the "real world." There are lots of good people and some bad people.
• In the "real world," you walk down the street, get a "comment" or an unwanted solicitation and you are face-to-face with the individual. At least on the "net," you can locate the individual and report him without being face-to-face.
• You can get an anonymous email address through Hotmail or hide behind a form fill outs but that will not stop the slight possibility of receiving unwanted emails. You send email to others and post to news groups, etc. don't you?
• You can go totally insular and not correspond with anyone and feel protected like the US did prior to WW II. It didn't work then, it probably will not work now.
• If you understand how the net works, you can get even and stay safe.
• By reporting these undesirable emails, you are helping to self-police the net and making it a better place for everyone.

---

Text of a unwelcomed letter

Received: from [1.1.1.1] by mail.somewherelse.com
 with ESMTP (ABC Mail Server 1.1.1); Mon, 13 Jan 1997 18:29:43 -0500
Message-Id: <v03010d11af0075aea550@[1.1.1.1]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 13 Jan 1997 18:29:34 -0500
To: you@yourplace.com
From: someone <someone@somewherelse.com>
Reply-To: someone@somewherelse.com
Subject: unwelcomed letter

unwelcomed letter.

someone

---

Internic Response

SOMEWHERELSE (SOMEWHERELSE-DOM)
   Some Street
   Some Town, Some State, Some Zip

   Domain Name: somewherelse.com

   Administrative Contact:
      One, Some  (SOXXXX) someone@somewherelse.com
      555-555-5555
   Billing Contact:
      One, Some  (SOXXXX) someone@somewherelse2.com
      555-555-5555
   Technical Contact, Zone Contact:
      One, Some  (SOXXXX) someone@somewherelse3.com
      555-555-5555

---

Example Complaint

Please make sure that your complaint is to the point and civil. This will insure that your complaint will be handled promptly. An example complaint is shown below:

Dear Sir,

The following was received by [me/husband/parent/friend] and [I/we] didn't know what to do! [I/we] consider this [unsolicited junk/harassment/whatever].

[I am/we are] forwarding it to your attention as I am sure that you will want to take the appropriate actions against your client and keep your good name as much as [I/we] do.

Using unsolicited email advertisements is unprofessional and violates the intent of US Code, Title 47, Chapter 5, Subchapter II, which prohibits unsolicited fax advertisements.

By US Code Title 47, Sec.227(a)(2)(B), a computer/modem/printer meets the definition of a telephone fax machine. By Sec.227(b) (1)(C), it is unlawful to send any unsolicited advertisement to such equipment. By Sec.227(b)(3)(C), a violation of the afore- mentioned Section is punishable by action to recover actual monetary loss, or $500, whichever is greater, for each violation.

Broadcast Fax and Junk Email is also illegal under United States Public Law 103-414 Section 303(a)(11), it is unlawful "to use any telephone facsimile machine, computer, or other device to send an unsolicited advertisement."

Sexual harassment is a violation of Title VII of the 1964 Civil Rights Act, and Title I of the Civil Rights Act of 1991.

Thank you for your prompt attention to this matter.

[Signature]

Consider adding a PS if the problem is very extreme:

PS [I/we] feel VERY strongly about this and will follow-up if appropriate action is not taken, and a formal police report is filed under [sexual misconduct or whatever the problem is].

---

For web problems contact the webmaster
Web page ©1997 by T.R. Shaw. All rights reserved, USA and Worldwide