[ Home | Library | Contents ]

[ Prev | Next ]

by Jason Whong

How to Fight Spam

Some of you read my first Geek Boy column about spam, and how it is the bane of the Internet. If you're on the Internet, you probably know by now what a waste of resources it is. But if you're new, here's a brief rundown.

Spam is unsolicited commercial e-mail. Unsolicited, meaning you didn't ask for it. Commercial, meaning that it's an ad, not a private communication between two people. And e-mail, meaning, well, uhh... e-mail.

Spam, or UCE (to be polite to the folks at Hormel) is bad for the 'net because it increases the cost of your network connection, and slows it down. Even if you don't end up paying more for your service, it is slower than it could be, and your ISP is hurting, wasting money dealing with the problem instead of providing the fast connection you paid for.

Ambrosia doesn't send UCE. We only send solicited commercial e-mail, meaning that we will send you our press releases by e-mail only if you ask for them. We think this is the only right way to do business.

That's as far as I am going - some people think spam is OK. Those people can ignore this column. This column is all about fighting back - taking charge of your e-mail account, and wiping out the spammers one by one. Legally. Without being evil. It can be done.

Here's the deal: Most ISPs hate junk e-mail as much as you do (since it slows down their network and makes them look bad), so they usually have rules that forbid users from sending UCE. All an angry recipient would need to do was forward the offending e-mail to the appropriate parties, and the spammer would have his or her account canceled.

Well, this continued for a bit until the spammers figured out how to confuse people by forging their e-mail messages so they looked like they came from a completely different site. Abuse desk operators everywhere were inundated with false reports as confusion spread across the 'net.

Which brings us to the point of this article. It was going to be a definitive explanation of how to read headers to diagnose the exact entry point of the offending messages, and to determine whom to report the abusive activity to. Thankfully, I am not an abuse administrator, so I don't deal with this every minute of my life. So, I've decided not to write about it. Why? Because so much has already been written about it, and it is very lengthy, and I just might communicate it improperly.

Instead, I'll focus on the basics of reporting spam.

Rule Number One

Be polite. When you report spam, you're usually reporting it to a party that did not send it. Often the person you'll be complaining to is an administrator of a network who has to deal with messes that someone else made. Secondly, there's always a chance that you could be wrong when you report the spam, particularly if you haven't mastered the art of diagnosing a forgery.

Rule Number Two

Be concise. I used to type a paragraph or two saying something to the effect of "This may or may not have come from your network, but it is unsolicited commercial e-mail. Please investigate this matter. If I have reported this message to the wrong party, you have my apologies." Then I realized that the people that read these things read hundreds of these per hour; it would be best to just say those three sentences.

Rule Number Three

Always forward the message, with full headers. It really peeves me that Claris Emailer 2.0 doesn't have this capability right out of the box (although it can be done with AppleScript!). Your mailer may vary. Since headers tend to be very long, most mail utilities tend to hide the less important ones. That's why I make the distinction between full headers, and the kind that you might be looking at when you see the message. Headers are the parts of the email that don't contain the message. They're at the beginning of the message (although the AOL mail software moves them to the end, for some silly reason). Essentially, they contain information about the message, including the sender, the recipient, and, if you're lucky, the sites in between.

I'm using some headers from a junk e-mail I recieved just today (your headers may vary):

Received: from mail.mia.machine (1Cust131.tnt2.west-palm-beach.fl.da.uu.net [208.253.43.131])
by janus.AmbrosiaSW.com (8.9.1/8.9.1) with SMTP id TAA01799;
Thu, 4 Mar 1999 19:51:50 -0500 (EST)
From: frankj@eastmail.com
Message-Id: <199903050051.TAA01799@janus.AmbrosiaSW.com>
Subject: PUTS MONEY INTO YOUR POCKET! AD
Date: Sat, 13 Mar 1999 06:40:28

Usually, you just see the From: header, and the Subject: header. But these other headers should be quite helpful.

If you know how to read headers, and are handy with WhatRoute by Brad Christianson, you can see that the From: header is a forgery, and that the Received: header has some kind of spoofing in it. The mail did not come from eastmail.com, nor did it come from mail.mia.machine. It came from a UUnet site. in West Palm Beach, Florida, no less!

Now here's the fun part - ratting out the spammer to the appropriate party.

Internet rules require that someone read the postmaster@ account for each domain, precisely for issues such as these. However, there's no rule that says the postmaster can't refer you to someone else. If you're not sure whom you should write to, pick one domain and write to that postmaster; they often will interdict and send it to the right party for resolution. In this case the UUnet postmaster would instruct you to UUnet's e-mail abuse department, at fraud@uu.net.

UUnet is kind of slow to respond, but here's a nice message I got from Netcom's abuse desk last week:


Hello,

Thank you very much for the notification of our user's actions.

We have terminated the personal dial-up account of our user for breaking
our user agreement policies.  If that user owned a web site that was being
advertised, that site should no longer be accessible.  However, it can
some cases take up to 24 hours for the site to clear from our servers.

We will not allow this person to purchase another account at NETCOM.  In
addition, this user was charged our mandatory UCE Clean-up fee of $200.00
for this incident. NETCOM has very strict anti-spam policies, and in no
way supports any type of unsolicited commercial email (UCE).

If you receive any further contact from this user through NETCOM, please
contact us immediately. For more information on our Acceptable Usage and
Guidelines, please review them at this website.

        http://www.netcom.com/netcom/aug.html

Thank you.
- Marc
NETCOM Policy Management
Ahh. The thrill of victory, and the agony of defeat. That'll teach the jerk to mess with my inbox.


[ Prev | Home | Library | Contents | Next ]

Copyright ©1995-9 by Ambrosia Software, Inc. - All rights reserved