before unsolicited advertising renders email useless for communication."
-- Walter Dnes/Jeff Wynn
EcoFuture home Population
Junk e-mail and spam are both terms for advertising and e-mail sent to you which you did not ask for and which you do not want. See Junk Email, The Email Abuse FAQ, and Spam FAQ for more detailed information. Interesting articles are presented in Salon.com. Also see the informative How do spammers get people's email addresses? and the nicely-done Death to Spam page. The article Why Am I Getting All This Spam? by the Center for Democracy & Technology contains useful information and the results of several experiments. The Wired article Hotmail: A Spammer's Paradise?" describes how dictionary attacks are used by spammers to guess at email addresses.
Note that spam is a more generic term that includes broadcast posting to newsgroups as well as individuals. Here's a spam glossary and another spam glossary. The Netizen's Guide to Spam, Abuse, and Internet Advertising provides solid information on the topic. Also check out The Net Abuse FAQ for the official definition of SPAM and lots of good information about how to deal with it. Also see the net-abuse/spam FAQ at www.faqs.org/ for net-abuse newsgroups, providing lots of good info and plenty of detail. (Note that the old alt.current-events.net-abuse newsgroup has been superseded by the news.admin.net-abuse.* hierarchy (see newsgroup information).
Spam is, unfortunately, an abuse of the internet that you - the end user - ultimately pay for. If you think spam costs nothing, think again! In 1997, America Online estimated that between 5% and 30% of its email server resources were exclusively dedicated to handling spam. Between $2-3 of your monthly internet charges go to handling spam, according to the 1998 Washington State Commercial Electronic Messages Select Task Force report. 7% of Internet users who switch ISPs do so because of spam. This equates to a loss of more then $250,000 per month for an ISP with one million subscribers. Also see the essays The Insidious Evil of Spam and The Spam Solutions.
See spamming ethics research from North Carolina State University.
Spam costs you and your Internet Service Provider (ISP). Here are the True Costs of Spam, as calculated by actual victims of spam. In a survey of ISP's by CIX (Commercial Internet eXchange Association):
Spam can cause a system outages: excess mail can clog up the mail servers, preventing non-spam e-mail from getting through. America Online testified to the Federal Trade Commission that one-third of their capacity was used to carry spam. Netcom reported that their cost was one million dollars per year. Brightline estimated a cost of $225 million, based on 5 seconds to hit the Delete key, with an average of 200 spam messages per person per year (a very low estimate). An estimated 25 million spam messages are sent each day.
"Spammers are the Internet's undead. Preying upon the innocent and naive, these bandwidth-sucking vampires hope to be network masters hiding in the shadows in cowardice and shame, only to fade to dust when burned by the light of day." - Bill McCarthy, Boardwatch, June 2000
Take the Boulder Pledge: "Under no circumstances will I ever purchase anything offered to me as the result of an unsolicited email message. Nor will I forward chain letters, petitions, mass mailings, or virus warnings to large numbers of others. This is my contribution to the survival of the online community."
Who to Complain to?
Never reply to spam, even if it is to send a "remove" request. Most spammers ignore such responses, or worse, add you to their list of validated email addresses that they sell. Instead, you must complain to ISPs that originate and forward the spam. The easiest way to report spam is to use the automatic reporting features of SpamCop, described below. Use SpamCop and help reduce the volume of spam!
Here are simple instructions on how to report spammers. Also see Where to Complain About Frauds & Scams. Spam Hater software by Net Services handles responses to spam automatically. You can download their software for free (test it by sending spam to yourself). The Network Abuse Clearinghouse remails reports of spam abuse for you.
If you know the spam came from an individual, you can tell the spammer that you charge for use of your facilities to transmit and store unsolicited junk email, and insist for their postal address so that you can send the bill. You may e-mail this standard legal response which references US Code Title 47, Section 227(b)(1)(C), which can be interpreted to mean that unwanted spam is illegal. (Thanks to D. Larson; this response has been very effective before the advent of more organized commercial spammers). Copy the message to:
abuse@(their address) postmaster@(their address) root@(their address) admin@(their address)
If their address includes a common domain name like "aol.com", send the message to the appropriate party:
America Online: email@example.com, and send complaints to firstname.lastname@example.org, then to email@example.com, where tos refers to "terms of service". Compuserve: firstname.lastname@example.org or email@example.com Prodigy: firstname.lastname@example.org or email@example.com ATand T WorldNet: firstname.lastname@example.org Earthlink: email@example.com or firstname.lastname@example.org Netcom: email@example.com Pipeline: firstname.lastname@example.org GNN: GNNadvisor@gnn.com Sprynet: email@example.com
Note: AOL has implemented a preferred mail option (keyword = PREFERREDMAIL) to protect user's accounts from receiving email sent by certain junk email sites. The spammer list is updated regularly.
Some people also send a copy of their complaint to the following, just to make them aware of the significance of the problem:
firstname.lastname@example.org ZOEGRAM@lofgren.house.gov Vice.email@example.com Senator@your senator.senate.gov
Complain directly to the postmasters of these spammers and insist that they take disciplinary action. If their business name matches their domain name, complain to the postmaster at the next link up. Be sure to include the complete original spam including all header information. Simply copy the original spam and its header information after the legal notice. Also remove any residual CCs and BCCs in your e-mail header - you don't want to inadvertently propagate the spam!
Next post a copy of the spam, with headers, subject line, and body intact to the following Usenet newsgroup:
First check the newsgroup to ensure no one else has posted the spam - no need to clutter up the newsgroup with multiple postings. Be sure you post the article as a new post, not as a "reply" to the spam posting - this way you won't perpetuate the spam. This newsgroup is robomoderated, and is used to identify new spam. After spam is posted to this newsgroup, it will then be cancelled. In your posting to signtings, add the following lines to your header:
Followup-to: news.admin.net-abuse.email (for e-mail spam you received) or Followup-to: news.admin.net-abuse.usenet (for spam posted to newsgroups) Abuse-spotted-in: (the first group where the spam was spotted) Abuse-Subject: (subject line from the spam) Type-of-abuse: (EMP, ECP, binary, forgery, etc. Common terms follow:) ECP Excessive Crossposting EMP Excessive Mass Posting MMF Make Money Fast OTCP Off-Topic Commercial Post OTP Off-Topic Post UCP Unsolicited Commercial Post Description: (description and/or comments)
If your email complaints to spammers' postmasters bounce back to you, you can do a traceroute - see the combat sites. (Windows 98 users can use c:\windows\tracert.exe). Using traceroute, you can sort out the path taken to get from your ISP to a spammer's ISP. To precisely pinpoint a spammer's uplink, run traceroute from several different servers (ISPs). For more information, see the next section on Cracking Forged Headers.
You may find it most effective to complain to the spammer's ISP. However, if the spammer is running from a dedicated spam site (such as Cyberpromo), you might have better luck complaining to their upstream provider. Don't complain further up the chain, though, until you've exhausted the lower levels. It's considered rude, and just might get your postmaster into legitimate trouble.
Don't mail-bomb, as periodically suggested by persons trying to get rid of junk email. A mail-bomb is where you would bombard the sender with a return of their spam and a note insisting they delete you from their distribution list - and then keep resending your email.
Keep in mind that your ISP (and probably the offending party's) certainly will not approve of either of these practices (it very well can get you cancelled). What actually ends up happening is that your ISP (who is on your side) gets trashed with all of the e-mail traffic, as well the ISP of the offending party - and both ISPs are probably innocent. In addition, chances are that the spammer forged their "path" and "from" headers, so the mail-bomb probably won't reach them.
Also, check out the discussion on news.admin.net-abuse.email. They discuss email spams, and practice ways of eliminating these spammers' accounts.
Cracking Forged Headers
For further information on cracking forged headers, see SubGenius Police, Usenet Tactical Unit (Mobile). Then browse on to a few of the following sites: Spam Patrol site and Figuring Out Fake E-mail and Posts. MultiTrace has an excellent explanation of traceroute, along with a traceroute and enhanced whois server.
Check out Julian Byrne's Get That Spammer page, which discusses what an ISP can do, and contains a wealth of information on how you can dissect e-mail addresses, and tools you can use against spam.
VisualWare has a good section on cracking spam email headers.
If you need to use these facilities, your followup e-mail should also mention that the spammer hacked the email headers to avoid retribution, which indicates knowledge of guilt, which means that the postmaster will often cancel the account immediately instead of waiting for further violations. In addition, many postmasters will not notify you directly of their actions, but will instead post summaries to news.admin.net-abuse.bulletins.
If the spammer's address is an independent address like "pwrnet.com", you can determine responsible parties by using whois - a standard UNIX utility. Or, simply go to www.betterwhois.com for a web-based domain lookup. Also, Whois Source offers some industrial strength lookup facilities. Whois, Finger, and additional network utilities are also available for Windows. One good package is:
NetScanTools TM Shareware Version Northwest Performance Software PO Box 148 Maple Valley, WA 98038-0148, USA (Check shareware sites such as Strouds and Tucows)
Here's an example of a whois command:
whois pwrnet.com PowerNet (PWRNET-DOM) 3010 LBJ Freeway, Suite 1435, Dallas, TX 75234, USA Domain Name: PWRNET.COM Administrative Contact: Booth, Paul D. (PB204) paul@PWRNET.COM (214) 488-8295 Technical Contact, Zone Contact: Shapiro, Joel (JS3319) joel@PWRNET.COM (214) 488-8295 Billing Contact: La Mar, Steve (SL978) steve@PWRNET.COM (214) 488-8295Other whois servers include:
Once you determine the appropriate people to contact at the spammer's site, copy each of them with your complaint (including for example, the legal statement and billing statement noted above). If you need additional help, contact your system administrator about specific email abuse.
Spam CombatIt is recommended that you switch to an ISP that uses one or all of the anti-spam databases (RBL, RSS, DUL, Spamcop, etc.) About 40% of the internet is using these services, with good success.
The following is a list of spam-fighting tools and services.
Chain letters over the internet as well as via snail mail are illegal. For more information, see the US Postal Service page on chain letters. To report fraud where money is requested, you can send e-mail to firstname.lastname@example.org.
Pyramid schemes multi-level marketing (MLM) scams are illegal. E-mail the Federal Trade Commission at email@example.com. In the UK, contact the Trading Standards Officer.
The Securities and Exchange Commission (SEC) now operates a complaint center where investors can report online scams. You can send e-mail to firstname.lastname@example.org.
Many junk emails are illegal get rich scams. The National Fraud Information Center has an email address where you can report suspected scams. They have an Internet fraud division, and work closely with the Federal Trade Commission and State attorney generals. The e-mail address for general frauds is email@example.com.
Also see Where to Complain About Frauds & Scams.
E-mail filtering techniques
The following list contains information on how to filter your e-mail on Unix, Windows, and other platforms.
Don't support scams and spammers!
What to Filter - Lists of Spammers
The Can-Spam act was passed in 2003. ("Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003"). Here is information and text of the act. The act covers commercial email, but does not seem to address non-profit and personal email. Here's how to comply with the act. The act is not perfect - from Ed Foster's gripe log:
"It's clear that only the Direct Marketing Association, Microsoft, AOL and a handful of others had any input into the law, because it's carefully crafted to allow the big marketers free reign. And the loopholes it provides them will be more than big enough to provide aid and comfort for the smallest and sleaziest of spammers as well."
"Not only does the Can-Spam Act take an opt-out approach, meaning that each spammer can e-mail you until you ask them to stop, but it allows the spammer to dictate what steps you must take to get off their list. The recipient must opt-out "in a manner specified in the message" that can include replying to an opt-out email address or "other Internet-based mechanism." The spammer can also force the recipient to opt-out via "a list or menu from which the recipient may choose the specific types of commercial electronic mail messages the recipient wants to receive or does not want to receive from the sender" just as along as opting out from all e-mail from that sender is one of the choices."
According to PC World News Radio on 3/30/98, EarthLink Nails Spamford for $2 Million. Under a consent decree, Cyber Promotions agreed to pay EarthLink $2 million, stop sending spammming EarthLink's 450,000 members. If Wallace or Cyber Promotions breaks the agreement, Spamford Wallace will be held personally liable for $1 million.
Elsop's Anti-Spam page also follows current anti-spam legislation. The Spam Laws website follows U.S. and international legislation.
Read the Houston Chronicle article.
CAUCE is an organization dedicated to expanding the US "junk fax" law to cover e-mail spamming. Join their effort! See their FAQ and list of recent news articles. Key points are ONCE, which stand for:
Several bills have been introduced over the last several years to deal with spam, by Chris Smith (R-NJ), Senator Murkowski (R-AK), and Senator Torricelli (D-NJ). Truly effective legislation must have teeth in it with stiff penalties, be truly opt-in, and must be enforcable. It must be written in such a way that does not simply encourage spammers to shift operations overseas or use innovative approaches to avoid the penalties. None of the bills introduced to-date have adequately addressed these issues.
One thing that seems inevitable, though, is that federal legislation of some sort will be required. Here's an editorial that sheds a lot of light on the subject. Also see discussion on the merits of legislation.
Contact Your Congresspersons!
Here are e-mail addresses and information for:
Please write and/or e-mail your Senators and Representatives on this issue! Insist on "opt in" legislation. Be sure to include your full name and snail mail address on any e-mail you send, otherwise it will be discarded.
Here are more details on state and national legislation. Also see the Berkeley Technology Law Journal and John Marshall Law School case summary, which has just about all the information you need.
Read the official internet document RFC 2635 on spam.
SpamCon Foundation supports measures to reduce the amount of unsolicited email that crosses private networks.
Forum for Responsible and Ethical E-mail (FREE).
Find out if your browser makes information available to sites you visit.
Did you know that Invisible Web Bugs Track Your Surfing? See the article Uncover the Mystery of Web Bugs. Here's mbugs more information on privacy issues.
Whew.com maintains an informative spam and junkmail website.
SlashDot.org archives current articles on spam. You can also search their archives.
Maintain a web page? Add some spam bait! See why Robots, Spiders, Crawlers and Wanderers are Highway Robbers on your web site.
The Internet Mail Consortium has information on Limiting Unsolicited Bulk Email. Here you can find a link to information about L-Soft Listserv's spam filter.
You might want to read the books Removing the Spam: Email Processing and Filtering by Geoff Mulligan, Addison-Wesley Bandits on the Information Superhighway by Barrett, and Web Psychos, Stalkers, and Pranksters: How to Protect Yourself in Cyberspace by Michael A. Banks, ISBN 1-586-10-137-1. The December 1996 issue of Boardwatch Magazine focuses on junk e-mail and spam. Also see the November 1999 article. For additional informattion on spamming, also see the section on newsgroups, and check out the links section for additional information.
MailExpire lets you set up an auto-expiring email alias. You choose how long you want alias to last for and during that time, email is forwarded to your standard email address.
Although they charge for the service, www.pobox.com claims to be able to filter most spam from their e-mail accounts. PaidMail is a service where junkemailers would have to pay you for you to receive their junkemail.
A philosophical note on exclusion lists, where you add your name to a list of people who do not want junk mail: it places the burden of getting off spam lists on the user, whereas the converse should be true - you should have to explicity request that you do want junk mail. Also keep in mind that someone who maintains an exclusion list could sell it as a database of validated addresses (e-mail as well as postal addresses). Sort of what can, and does, happen with DMA.
In May of 1997, the Internet EMail Marketing was formed. As a pro-spam organization, it offers an opt-out service. This is unacceptable, for the following reasons:
The first step of a viable solution is to enact "opt in" legislation like that proposed by Rep. Chris Smith, discussed above (with substantially higher fines).
Anti-spam listserv mailing lists
Myths, Hoaxes, Chain Letters, and Viruses
Things your ISP can do to fight spam:
Now you can get official spam t-shirts from Hormel. Nice that they have a sense of humor regarding use of their product name.
EcoFuture home Population
Copyright 1995-2004 Fred Elbel. This material may be freely used and distributed only for non-commercial purposes, with credit. Nothing in this web site should be construed as legal advice. This web site is provided for information purposes only. Opinions presented are those of the author (or of other contributors as indicated). Trademarks and copyrighted items remain the property of the owner.