When do YOU call it quits? 25% spam? 50 advertising messages? A hundred? Two hundred? Where do YOU draw the line? When do you say it isn't worth logging it?
How should we respond? Here are a few ways.
We must object, each and every one of us, to form a legitimate tide of opinion, to form a legitimate tide of complaint mail flooding the service providers each and every time they allow these spammers to foul our private information footpaths and despoil our data back yards.
And with some of the larger service providers, selling accounts to spammer after spammer seems to be good business to their management. A far better advertising deal for them and their (ab)uers, than all those bundled post card decks put together. If it were not, a trivial mail filter plased in these service provider's mail gateways would have stopped all that outgoing spam mail long ago. Clearly with them, is is only the volume of our response that will make a difference.
So it rests with you. Will you do your part? Remember, Only YOU can prevent spammage fires!
The first step, is to examine the internet sendmail headers to see where the message was routed through. in the ELM/PINE mail system, it suffices to tap the H key to see the headers. In other cases, one may need to save the message to disk and edit it to examine these headers. You will likely want to save it to disk anyway so as to return it with all these headers intact, so the service providers can examine a representative sample of the messages in order to acertain the true source. It also results in a larger _legitimate_ message in their mail box. After writing your polite complaint, read in the original file to the bottom of your e-mail complaint. In ELM or PINE, use the control-R command, followed by the name you saved it under. The FROM and RECEIVED FROM lines give the path and times a message traveled through the net. Forgeries often show substantial time gaps in this record, as the forged sections are usually prepared ahead of time. (However, sometimes e-mail does pool here or there as machines are down or busy. Also, not all machines have their clocks set correctly.) Here, we see a typical routing list, destination on top, and source at the bottom. (Lines truncated in length) This one appears not to be forged.
Note the numbers in brackets -- these are the internet computer numbers which you can look up with a WHOIS command, and even get the e-mail address of the system administrator in most cases. Usually, you won't need this, but wherever there is a time gap, or no name, it might be worth checking on. Start with the full number, then if you do not get an answer, repeat the WHOIS command, dropping the last number in the set till you do get an answer:From immune-request@weber.ucsd.edu Sat Apr 27 15:38:05 1996 Received: from mail1.best.com (mail1.best.com [206.86.8.14])... Received: from weber.ucsd.edu (weber.ucsd.edu [132.239.147.2]) .... Received: (from daemon@localhost) by weber.ucsd.edu (8.7.5/8.7.3) ... Received: (emout12.mx.aol.com [198.81.11.38]) by weber.ucsd.edu
Now, we do know that UCSD was victimized along with us. The spammer stole services from them, and since UCSD does receive some funds from the Federal Government, this is something the FBI can investigate, and could be tried in Federal Court, should there be enough complaints. (But perhaps we ought to try complaining to the source often enough, before we encourage Federal Intervention.)whois 132.239.147.2 ...nothing.. whois 132.239.147 ...nothing... whois 132.239 ...Bingo! UCSD.EDU
The rest looks OK. And here is the payoff -- the message ID. Each message on the net has a message number, and the source is part of it. If a net detective gets this message number, he or she has a much better chance of deciphering the true source and actual time of entry into the net. (Perhaps someone could add to that?)From: SElli97635@aol.com Received: by emout12.mail.aol.com (8.6.12/8.6.12) id OAA04404; Date: Sat, 27 Apr 1996 14:07:55 -0400
Message-ID: <960427140754_282092949@emout12.mail.aol.com>
Additional Resources:
Except that a few service providers now have abuse ID's to deal with abusers like this. So we add abuse@aol.com, and abuse@netcom.com to this list giving us five addresses to copy the source of the message back to.postmaster@aol.com, postmaster@ucsd.com, postmaster@best.com
Why so many? The last few may be forged, and the sender may have done that from his own computer, so he may be the postmaster at his own domain name. If the abuse does not stop with one message, I escalate by adding more and more up-line service provider's postmasters to the list. Even with the worst frauds, one eventually hits a legitimate postmaster who can tell where it all came from, and is getting enough complaints to try to DO something about it! How many messages does it take for them to get the hint? For AOL, apparently quite a few! That is why we have to keep at it, sending every single spam back with a complaint.
We are not talking mail-bombing, as that would be a denial of service attack, which is illegal under Federal law.
But... Each of us has a legitimate complaint! And it is certainly legitimate for us to include ALL the pertinent information needed for them to investigate this matter, and to send that to all parties involved in the abuse wreaked upon us! If every one of us sends a single clear, calm, and respectable complaint message to each of the service providers involved, it's a lot of mail, legitimate mail, that the service providers and their up-line connections have to deal with. Sooner or later, they will get the hint that it is easier to prevent the spam, than deal with so much complaint mail.
Additional Resources:
Remember the immigrations lawyers, C. and S., who spammed newsgroups a few years back? A vast tide of e-mailed opinion forced the up-line connections to threaten to disconnect the service providers of those immigrations lawyers it they did not drop them. Those lawyers were hounded off three service providers, one after the other! In addition, there are indications at least one of them was disbarred for related activities.
The same happened for another particularly vicious spam which we called "The Suicide Cannibal Cult", for their advocacy of cannibalism and suicide as means of saving the ecology. They spammed thousands of people, some of whom later posted that they needed psychiatric support after being shaken by the psychologicaly twisted trash received in that spam.
After complaining about many spams, (I was by no means the only one,) I have been notified by AOL and several universities that the spammers I complained about have lost their internet access because it was not their first offense.
Some internet service providers (ISP's) now block cross-posts to more than five news lists. Others have instituted limits on how many addresses can be placed on a TO or CC line, and there are some proposals for fines, noted elsewhere.
Why does it work? The net is, after all, a series of individual and independent companies cooperating in the transmission of information. The net is not owned by any one company; even the National Science Foundation funding for the internet backbone is long gone. If one service provider ceases to be polite, those next to it can cancel the connection for non-cooperation. So if enough of us complain, things will be done and HAVE been done!
Complaining Clearly Works! At least, it does if enough of us complain.
What is there beyond complaints?
One would suspect that the receiver of these ill gotten gains might have some LEGAL responsibility for encouraging this, either through sales commissions, bonuses, or contests. One would suspect that if they receive enough complaints, or are named in enough suits in small claims court, even the richest organization would soon get the hint.
One is reminded that a recent TV show interviewing the neighbors of a particularly bad apartment complex from which gangs had been running drugs. Each nearby home owner or otherwise offended party sued the owners of the apartment building in small claims court for some modest amount of depreciation of their property and/or incidental damage. Although a few thousand dollar judgement here and a few hundred dollar judgement there there was not much, there were enough affected parties that it added up to an appreciable amount of money! The owners cleaned it up. (Or was it the people who bought the complex after the original owners declared banckrupcy? I forget.)
Similar approaches have been used successfully to stop unsolicited advertising phone calls.
Even fleas and mosquitos have been known to bleed people dry when there are enough of them. And people become wise enough to avoid such places.
Further down, is the address of the recent magazine spams I have received. Those with local access or with Sprint's Friday Free service may want to fax their thoughts and legitimate complaints directly to the company. We have the duty to complain to the source of the offense against us!(Though we do need to be Polite, and reasonably to the point.) If we all fax them our complaints, I would expect their four gigabyte drive would soon overflow with Legitimate Complaints from Legitimately Offended parties. Perhaps then, they would see that encouraging the fouling of our information superhighways with spam, superhighways WE are paying for, does not help them make any money.