Last Modified:


What can you do about SPAM?

This is a public service provided by the Spacecoast Hidden Mickeys List, Sporting Adventures and OITC.


Introduction

There are thre different types of SPAMmers and the methods you must take to protect yourself from them vary.

  1. Net illiterate SPAMmers
  2. Net savy SPAMmers
  3. SPAM ISPs

Net illiterate SPAM

Net illiterate SPAMmers are usually individuals who have fallen for a "get rich quick" scam, are so new to the net they do not understand the technology nor the etiquitte, so young that that the don't know any better, or using old bulk emailers.

These individual acutally use the real addresses in some way.

Net savy SPAM

Net savy SPAMmers are individuals who technically know the network protocols very well or are using sophisticated bulk emailers.

SPAM ISPs

SPAM ISPs are corporations dedicated to SPAM. From one point of view these are the easiest to deal with.

individuals who technically know the network protocols very well or are using sophisticated bulk emailers.

    Step one is to look at all the headers of the message. News/email readers normally show only a subset of the available headers to avoid screen clutter. Select the option that makes the hidden headers visible. In Netscape select Options/Show all headers, in MSWIN Pegasus press ^H, in Pine press H, in VM press t and in NewsExpress select File/ Options/ Compose/ Include Headers. Other news/email readers have similar options.

    Important headers are:

    All contain a network host name that may give you a clue as to who the spammer is. However, any or all of them may be faked. It is common for spammers to send email from a throwaway account at one site and solicit replies at other sites, so you may need to track down two or more network locations. Make a list of all host names mentioned in the headers and in the body of the message. These are the parts to the right of the @ sign in email addresses, between // and / in web links, in the last Received: header and at the right end of the Path: between !'s.

    Path: gives the list of hosts a news item passed through, from the poster's site at the right end to get to your site at the left end. One or more entries on the right end may be faked so you may need to cooperate with others to track down which host in the Path: list the message was injected at.

    Like the Path: header Received: headers are a list of sites the message passed through in reverse order but with only one host name per header. Again, the bottom entries (earlier timewise) in the Received: list may be faked. It is also possible for spammers to relay email via a third party so that the Received: header before your site's Received: headers may be a victim too. They're slack though as they should've configured their mail servers not to relay third party email. Some spammers also pretend to be innocent relay sites by forging additional Received: headers and lying in response to complaints; complain to the so-called `relay' site's ISP if you suspect this is the case.

    Since intermediate sites always prepend headers then those higher in the list are much less likely to be forged than those further down. See how to interpret Received: headers for more information.

    Even with normal, non-faked operation not all hosts or network routers a message passes through are recorded in the Path: or Received: headers. Use TRACEROUTE (described below) to get a more complete list.

    Host names usually have machine name and domain name parts. For example kryten.eng.monash.edu.au has a machine name of kryten and domain name of eng.monash.edu.au (engineering faculty, monash university, education sector, australia) with larger domains monash.edu.au, edu.au and au. Look at your list of host names and see if you can add some local domain names to the list by stripping machine names from host names. This is a trial and error procedure and may not always give a valid result.

    Some of the host/domain names you've discovered may actually be a numerical network IP address eg. kryten's is 130.194.140.2. Use DIG ipaddress->hostname to find a host name given an IP address and use DIG hostname->ipaddress to find an IP address given a host name. Add any new host/domain names discovered to your list. IP addresses can have zero, one or several host names. Host names can have zero, one or several IP addresses.

    Some hosts and domains designate one or more hosts to handle any email directed to them. Use DIG hostname->mailexchanger to find out if there are any such hosts.

    I have, from time-to-time, received really nasty emails for no reason and, like all of us, have received, unfortunately, too much junk mail. A good cyberfriend of mine received an email of a graphic sexual nature. She did not know what to do. Upset, she emailed me with the offensive email and asked for help.

    Although I cannot help everyone individually, I can communicate to as many people as possible procedures to help make the net a better place to be for themselves and others.

    Before you continue, please realize that this is not a normal problem. This only happens in rare occurrences. But, for those who experience it, it can be very upsetting, especially when you don't know who to turn or what to do.

    Junk mail is a more pervasive problem and very real, but is nowhere nearly as offensive as a harassing email of any sort.

    In the "real world" you can throw the junk mail away, write the junk mail sender and ask to be taken off the mailing list, or if nothing else works, you can file a complaint with your local police or the government. For sexual harassment, you can file a complaint with your company, local police or the government.

    But, what can you do in cyberspace? What can you do about the unwanted email you receive?

    Actually lots! Here is what you can do:

    Why does this work?

    All corporations will act immediately to protect their businesses. All ISPs will act immediately on this to protect their businesses and their IP numbers. There is no "freedom of speech" problem here. ISPs will immediately cancel the offensive account(s) and maybe even legally followup. You can be almost guarrenteed that individual will be off the net the next business day if what was done was egregious enough!

    Most ISPs do not appreciate customers using their services for "no good" and do not wish to be known as being tolerant of this sort of behavior, especially since sexual harrasment and junk email are federal offenses and put the ISP at risk of being prosecuted, as well.

    Considerations


    Text of a unwelcomed letter

    Received: from [1.1.1.1] by mail.somewherelse.com
     with ESMTP (ABC Mail Server 1.1.1); Mon, 13 Jan 1997 18:29:43 -0500
    Message-Id: <v03010d11af0075aea550@[1.1.1.1]>
    Mime-Version: 1.0
    Content-Type: text/plain; charset="us-ascii"
    Date: Mon, 13 Jan 1997 18:29:34 -0500
    To: you@yourplace.com
    From: someone <someone@somewherelse.com>
    Reply-To: someone@somewherelse.com
    Subject: unwelcomed letter
    
    unwelcomed letter.
    
    someone
    

    Internic Response

    SOMEWHERELSE (SOMEWHERELSE-DOM)
       Some Street
       Some Town, Some State, Some Zip
    
       Domain Name: somewherelse.com
    
       Administrative Contact:
          One, Some  (SOXXXX) someone@somewherelse.com
          555-555-5555
       Billing Contact:
          One, Some  (SOXXXX) someone@somewherelse2.com
          555-555-5555
       Technical Contact, Zone Contact:
          One, Some  (SOXXXX) someone@somewherelse3.com
          555-555-5555
    

    Example Complaint

    Please make sure that your complaint is to the point and civil. This will insure that your complaint will be handled promptly. An example complaint is shown below:

    Dear Sir,

    The following was received by [me/husband/parent/friend] and [I/we] didn't know what to do! [I/we] consider this [unsolicited junk/harassment/whatever].

    [I am/we are] forwarding it to your attention as I am sure that you will want to take the appropriate actions against your client and keep your good name as much as [I/we] do.

    Using unsolicited email advertisements is unprofessional and violates the intent of US Code, Title 47, Chapter 5, Subchapter II, which prohibits unsolicited fax advertisements.

    By US Code Title 47, Sec.227(a)(2)(B), a computer/modem/printer meets the definition of a telephone fax machine. By Sec.227(b) (1)(C), it is unlawful to send any unsolicited advertisement to such equipment. By Sec.227(b)(3)(C), a violation of the afore- mentioned Section is punishable by action to recover actual monetary loss, or $500, whichever is greater, for each violation.
    Broadcast Fax and Junk Email is also illegal under United States Public Law 103-414 Section 303(a)(11), it is unlawful "to use any telephone facsimile machine, computer, or other device to send an unsolicited advertisement."

    Sexual harassment is a violation of Title VII of the 1964 Civil Rights Act, and Title I of the Civil Rights Act of 1991.

    Thank you for your prompt attention to this matter.

    [Signature]

    Consider adding a PS if the problem is very extreme:

    PS [I/we] feel VERY strongly about this and will follow-up if appropriate action is not taken, and a formal police report is filed under [sexual misconduct or whatever the problem is].


    For web problems contact the
    webmaster
    Web page ©1997 by T.R. Shaw. All rights reserved, USA and Worldwide