(This is for recipients -- Victims! If you are planning, or even just thinking about sending advertising over the internet, this article is about how and why you will be kicked off the net, and maybe fined thousands upon thousands of dollars. If you want to do it right, if you want user gratitude instead of a swift kick in the rear, see Advertising, Spamming, and The Media. The answers are as old as the hills.)
When do YOU call it quits? 25% spam? 50 advertising messages? A hundred advertising message? Two hundred? Where do YOU draw the line? When do you say it isn't worth logging it?
How should we respond? Here are a few ways.
Current court cases against spammers are refering to spam as refuse and using the dumping analogy.
Other court cases have also awarded users and service providers substantial sums of money for trespass and conversion.. See http://weber.ucsd.edu/~pagre/spam.html and http://www.leepfrog.com/E-Law/Cases/CompuServe_v_Cyber_Promo.html
We must object, each and every one of us, to form a legitimate tide of opinion, to form a legitimate tide of complaint mail flooding the service providers each and every time they allow these spammers to foul our private information footpaths and despoil our data back yards.
And with some of the larger service providers, selling accounts to spammer after spammer seemed to be good business to their management. A far better advertising deal for them and their (ab)users, than all those bundled post card decks put together. If it were not, a trivial mail filter placed in these service providers' mail gateways would have stopped all that outgoing spam mail long ago. Clearly with them, is is only the volume of our complaints that make a difference.
So it rests with you. Will you do your part? Remember, Only YOU can prevent spammage fires!
Read our article on Proposal on Controlling Spam and learn how you might be able to set limits, and even profit from receiving spam(!) Meanwhile, your only recourse is vigorous protest to those who dump their trash on our disk drives!
The first step, is to examine the internet sendmail headers to see where the message was routed through. in the ELM/PINE mail system, it suffices to tap the H key to see the headers. In other cases, one may need to save the message to disk and edit it to examine these headers. You will likely want to save it to disk anyway so as to return it with all these headers intact, so the service providers can examine a representative sample of the messages in order to ascertain the true source. It also results in a larger _legitimate_ message in their mail box. After writing your polite complaint, read in the original file to the bottom of your e-mail complaint. In ELM or PINE, use the control-R command, followed by the name you saved it under. The FROM and RECEIVED FROM lines give the path and times a message traveled through the net. Forgeries often show substantial time gaps in this record, as the forged sections are usually prepared ahead of time. (However, sometimes e-mail does pool here or there as machines are down or busy. Also, not all machines have their clocks set correctly.) Here, we see a typical routing list, destination on top, and source at the bottom. (Lines truncated in length) This one appears not to be forged.
Note the numbers in brackets -- these are the internet computer numbers which you can look up with a WHOIS command, and even get the e-mail address of the system administrator in most cases. Usually, you won't need this, but wherever there is a time gap, or no name, it might be worth checking on. Start with the full number, then if you do not get an answer, repeat the WHOIS command, dropping the last number in the set till you do get an answer:From firstname.lastname@example.org Sat Apr 27 15:38:05 1996 Received: from mail1.best.com (mail1.best.com [188.8.131.52])... Received: from weber.ucsd.edu (weber.ucsd.edu [184.108.40.206]) .... Received: (from daemon@localhost) by weber.ucsd.edu (8.7.5/8.7.3) ... Received: (emout12.mx.aol.com [220.127.116.11]) by weber.ucsd.edu
Now, we do know that UCSD, a good educational institution with a responsible and curtious computer staff, was victimized along with us. The spammer stole services from them, and since UCSD does receive some funds from the Federal Government, this is something the FBI can investigate, and could be tried in Federal Court, should there be enough complaints. (But perhaps we ought to try complaining to the source often enough, before we encourage Federal Intervention.)whois 18.104.22.168 ...nothing.. whois 132.239.147 ...nothing... whois 132.239 ...Bingo! UCSD.EDU
The rest looks OK. And here is the payoff -- the message ID. Each message on the net has a message number, and the source is part of it. If a net detective gets this message number, he or she has a much better chance of deciphering the true source and actual time of entry into the net. (Perhaps someone could add to that?)From: SElli97635@aol.com Received: by emout12.mail.aol.com (8.6.12/8.6.12) id OAA04404; Date: Sat, 27 Apr 1996 14:07:55 -0400
The next step is to do a Traceroute to see what is legitimate, and whom else to complain to. With the above forged headers, this is unlikely to work. However, for less sophisticated spammers, all one need do is:
Say our idiot spammer was advertising a mythical web site like www.hotbabes4u.com. We do a whois on www.hotbabes4u.com, then a traceroute on www.hotbabes4u.com. this gives us a list of all the machines each packet has to travel between us, and them. The line just before hotbabes4u.com, "unluckyme.com" is their link to the internet.
... netmach22.bigboys.net ...So "unluckyme.com" should be CC'd on our complaints. I run these into another file, and include the whois and tracerout information on my complaints, so they all understand why I am complaining. And if unluckyme.com has their postmaster ID turned off, as many of them to, then I send the bounced mail to the guys above, in this case the mythical "email@example.com".
... abc.unluckyme.com ...
To make things easier, I use a UNIX shell script similar to the one below to start my form letter, which I then edit to make it more specific. This lets me string several levels of ISP's and any dependent web sites onto one letter with a minimum of effort, as well as keep a log of incidents. Often, I include a list of prior incidents involving that ID or even that ISP when complaining.
#! /bin/sh date >spam.memo date >>spam.log cat formletter >>spam.memo #Loop through a bunch of ID's for i in $1 $2 $3 $4 $5 $6 $7 $8 $9 do echo "------- $i ---------------" >>spamfile whois $i >>spam.memo traceroute $i >>spam.memo echo $i >>spam.log done
Except that a few service providers now have abuse ID's to deal with abusers like this. So we add firstname.lastname@example.org, and email@example.com to this list giving us five addresses to copy the source of the message back firstname.lastname@example.org, email@example.com, firstname.lastname@example.org
Why so many? The last few may be forged, and the sender may have done that from his own computer, so he may be the postmaster at his own domain name. If the abuse does not stop with one message, I escalate by adding more and more up-line service provider's postmasters to the list. Even with the worst frauds, one eventually hits a legitimate postmaster who can tell where it all came from, and is getting enough complaints to try to DO something about it! How many messages does it take for them to get the hint? For AOL, apparently quite a few! That is why we have to keep at it, sending every single spam back with a complaint.
We are not talking mail-bombing, as that would be a denial of service attack, which is illegal under United States Federal law.
But... Each of us has a legitimate complaint! And it is certainly legitimate for us to include ALL the pertinent information needed for them to investigate this matter, and to send that to all parties involved in the abuse wreaked upon us! If every one of us sends a single clear, calm, and respectable complaint message to each of the service providers involved, it's a lot of mail, legitimate mail, that the service providers and their up-line connections have to deal with. Sooner or later, they will get the hint that it is easier to prevent the spam, than deal with so much complaint mail.
Here's my standard reply:
The following COMMERCIAL UNSOLICITED E-MAIL was received by myself. Please educate your users that this spam and can clog people's mailboxes and subject them to criminal prosecution.
In some states, it falls under the definition of illegal faxing without the recipient's permission. (Device having a computer, modem, and printer and capable of printing images. USC 47.5.II.227. Fine: $500 per recipient.)
In some countries, notably England, it falls under the Criminal Statutes regarding unauthorized alteration of computer data or theft of computer resources. (Theft of access time and disk space.)
YOU, Mr. Service Provider, can be held as an ACCESSORY to these CRIMINAL ACTIONS!
EDUCATE your Users or cut them off at the phone line!
Remember the immigration lawyers, C. and S., who spammed newsgroups a few years back? A vast tide of e-mailed opinion forced the up-line connections to threaten to disconnect the service providers of those immigration lawyers it they did not drop them. Those lawyers were hounded off three service providers, one after the other! In addition, there are indications at least one of them was disbarred for related activities.
The same happened for another particularly vicious spam which we called "The Suicide Cannibal Cult", for their advocacy of cannibalism and suicide as means of saving the ecology. They spammed thousands of people, some of whom later posted that they needed psychiatric support after being shaken by the psychologically twisted trash received in that spam.
After complaining about many spams, (I was by no means the only one,) I have been notified by AOL and several universities that the spammers I complained about have lost their internet access because it was not their first offense. And more and more on the net, people are being removed on a first incident basis.
Some internet service providers (ISP's) now block cross-posts to more than five news lists. Others have instituted limits on how many addresses can be placed on a TO or CC line, and there are some proposals for fines, noted elsewhere, as well as the use of existing FAX and recorded solicitation laws.
Why does it work? The net is, after all, a series of individual and independent companies cooperating in the transmission of information. The net is not owned by any one company; even the National Science Foundation funding for the internet backbone is long gone. If one service provider ceases to be polite, those next to it can cancel the connection for non-cooperation. So if enough of us complain, things will be done and HAVE been done!
Complaining Clearly Works! At least, it does if enough of us complain.
What is there beyond complaints?
One would suspect that the receiver of these ill gotten gains might have some LEGAL responsibility for encouraging this, either through sales commissions, bonuses, or contests. One would suspect that if they receive enough complaints, or are named in enough suits in small claims court, even the richest organization would soon get the hint. After all, $500 times 1,000 recipients is $500,000 -- half a million dollars. All we have to do, it to make them realize this by Taking Action!
It is up to YOU to sue the SOB's! That's right YOU! Don't you want to make $500 to $1,500? And how many spams did you get last month??? Gee, that's real money! So stop griping about spam, and DO something about it! Unless you are making a ton of money at work, take a spammer to court. (Most small claims courts do limit the actions to parties within the state, so the spammer you sue will have to be from the state you live in.) One is reminded that a recent TV show interviewing the neighbors of a particularly bad apartment complex from which gangs had been running drugs. Each nearby home owner or otherwise offended party sued the owners of the apartment building in small claims court for some modest amount of depreciation of their property and/or incidental damage. Although a few thousand dollar judgment here and a few hundred dollar judgment there there was not much, there were enough affected parties that it added up to an appreciable amount of money! The owners cleaned it up. (Or was it the people who bought the complex after the original owners declared bankruptcy? I forget.)
Similar approaches have been used successfully to stop unsolicited advertising phone calls.
Even fleas and mosquitos have been known to bleed people dry when there are enough of them. And people become wise enough to avoid such places.
Further down, is the address of the recent magazine spams I have received. Those with local access or with Sprint's Friday Free service may want to fax their thoughts and legitimate complaints directly to the company. We have the duty to complain to the source of the offense against us!(Though we do need to be Polite, and reasonably to the point.) If we all fax them our complaints, I would expect their four gigabyte drive would soon overflow with Legitimate Complaints from Legitimately Offended parties. Perhaps then, they would see that encouraging the fouling of our information superhighways with spam, superhighways WE are paying for, does not help them make any money.
It is up to each of us to police our own back yards. If we let the neighbors throw their trash in our yards, it is as much our fault as theirs.REQUEST FOR MORE INFO: please return *only* this section (with no cover page) via 1-page fax to: 718-967-1550 in the USA or via smail (first class mail or airmail) to: Magazine Club Inquiry Center Att. FREE Catalogue-by-email Dept. PO Box 990 Staten Island NY 10312-0990 Sorry, but incomplete forms *will not* be acknowledged. If you do not have an email address, or access to one, they will not be able to help you until you do have one. If you saw this message, then you should have one.