The latest Spam filter and anti-Spam reviews.Contact Us
Spam Resources
Information for Advertisers
Click for the latest spyware news and reviews
spyware frustrationsSpyware could be harming your computer

June 09, 2004

12 scams most likely to arrive by bulk email

Email boxes are filling up with more offers for business
opportunities than any other kind of unsolicited commercial email. That's a
problem, according to the Federal Trade Commission, because many of these
offers are scams.


In response to requests from consumers, the FTC asked email users
to forward their unsolicited commercial email to the agency for an inside look
at the bulk email business. FTC staff found that more often than not, bulk
email offers appeared to be fraudulent, and if pursued, could have ripped-off
unsuspecting consumers to the tune of billions of dollars.


The FTC has identified the 12 scams that are most likely to arrive
in consumers' email boxes. The "dirty dozen" are:


1. Business opportunities


These business opportunities make it sound easy to start a business
that will bring lots of income without much work or cash outlay. The
solicitations trumpet unbelievable earnings claims of $140 a day, $1,000 a day,
or more, and claim that the business doesn't involve selling, meetings, or
personal contact with others, or that someone else will do all the work. Many
business opportunity solicitations claim to offer a way to make money in an
Internet-related business. Short on details but long on promises, these
messages usually offer a telephone number to call for more information. In many
cases, you'll be told to leave your name and telephone number so that a
salesperson can call you back with the sales pitch.


The scam: Many of these are illegal pyramid schemes masquerading as
legitimate opportunities to earn money.


2. Bulk email


Bulk email solicitations offer to sell you lists of email
addresses, by the millions, to which you can send your own bulk solicitations.
Some offer software that automates the sending of email messages to thousands
or millions of recipients. Others offer the service of sending bulk email
solicitations on your behalf. Some of these offers say, or imply, that you can
make a lot of money using this marketing method.


The problem: Sending bulk email violates the terms of service of
most Internet service providers. If you use one of the automated email
programs, your ISP may shut you down. In addition, inserting a false return
address into your solicitations, as some of the automated programs allow you to
do, may land you in legal hot water with the owner of the address's domain
name. Several states have laws regulating the sending of unsolicited commercial
email, which you may unwittingly violate by sending bulk email. Few legitimate
businesses, if any, engage in bulk email marketing for fear of offending
potential customers.


3. Chain letters


You're asked to send a small amount of money ($5 to $20) to each of
four or five names on a list, replace one of the names on the list with your
own, and then forward the revised message via bulk email. The letter may claim
that the scheme is legal, that it's been reviewed or approved by the
government; or it may refer to sections of U.S. law that legitimize the scheme.
Don't believe it.


The scam: Chain letters-traditional or high-tech-are almost always
illegal, and nearly all of the people who participate in them lose their money.
The fact that a "product" such as a report on how to make money fast, a mailing
list, or a recipe may be changing hands in the transaction does not change the
legality of these schemes.


4. Work-at-home schemes


Envelope-stuffing solicitations promise steady income for minimal
labor-for example, you'll earn $2 each time you fold a brochure and seal it in
an envelope. Craft assembly work schemes often require an investment of
hundreds of dollars in equipment or supplies, and many hours of your time
producing goods for a company that has promised to buy them.


The scam: You'll pay a small fee to get started in the
envelope-stuffing business. Then, you'll learn that the email sender never had
real employment to offer. Instead, you'll get instructions on how to send the
same envelope-stuffing ad in your own bulk emailings. If you earn any money, it
will be from others who fall for the scheme you're perpetuating. And after
spending the money and putting in the time on the craft assembly work, you are
likely to find promoters who refuse to pay you, claiming that your work isn't
up to their "quality standards."


5. Health and diet scams


Pills that let you lose weight without exercising or changing your
diet, herbal formulas that liquefy your fat cells so that they are absorbed by
your body, and cures for impotence and hair loss are among the scams flooding
email boxes.


The scam: These gimmicks don't work. The fact is that successful
weight loss requires a reduction in calories and an increase in physical
activity. Beware of case histories from "cured" consumers claiming amazing
results; testimonials from "famous" medical experts you've never heard of;
claims that the product is available from only one source or for a limited
time; and ads that use phrases like "scientific breakthrough," "miraculous
cure," "exclusive product," "secret formula," and "ancient ingredient."


6. Effortless income


The trendiest get-rich-quick schemes offer unlimited profits
exchanging money on world currency markets; newsletters describing a variety of
easy-money opportunities; the perfect sales letter; and the secret to making
$4,000 in one day.


The scam: If these systems worked, wouldn't everyone be using them?
The thought of easy money may be appealing, but success generally requires hard
work.


7. Free goods


Some email messages offer valuable goods-for example, computers,
other electronic items, and long-distance phone cards-for free. You're asked to
pay a fee to join a club, then told that to earn the offered goods, you have to
bring in a certain number of participants. You're paying for the right to earn
income by recruiting other participants, but your payoff is in goods, not
money.


The scam: Most of these messages are covering up pyramid schemes,
operations that inevitably collapse. Almost all of the payoff goes to the
promoters and little or none to consumers who pay to participate.


8. Investment opportunities


Investment schemes promise outrageously high rates of return with
no risk. One version seeks investors to help form an offshore bank. Others are
vague about the nature of the investment, stressing the rates of return. Many
are Ponzi schemes, in which early investors are paid off with money contributed
by later investors. This makes the early investors believe that the system
actually works, and encourages them to invest even more.


Promoters of fraudulent investments often operate a particular scam
for a short time, quickly spend the money they take in, then close down before
they can be detected. Often, they reopen under another name, selling another
investment scam. In their sales pitch, they'll say that they have high-level
financial connections; that they're privy to inside information; that they'll
guarantee the investment; or that they'll buy back the investment after a
certain time. To close the deal, they often serve up phony statistics,
misrepresent the significance of a current event, or stress the unique quality
of their offering-anything to deter you from verifying their story.


The scam: Ponzi schemes eventually collapse because there isn't
enough money coming in to continue simulating earnings. Other schemes are a
good investment for the promoters, but no for participants.


9. Cable descrambler kits


For a small sum of money, you can buy a kit to assemble a cable
descrambler that supposedly allows you to receive cable television
transmissions without paying any subscription fee.


The scam: The device that you build probably won't work. Most of
the cable TV systems in the U.S. use technology that these devices can't crack.
What's more, even if it worked, stealing service from a cable television
company is illegal.


10. Guaranteed loans or credit, on easy terms


Some email messages offer home-equity loans that don't require
equity in your home, as well as solicitations for guaranteed, unsecured credit
cards, regardless of your credit history. Usually, these are said to be offered
by offshore banks. Sometimes they are combined with pyramid schemes, which
offer you an opportunity to make money by attracting new participants to the
scheme.


The scams: The home equity loans turn out to be useless lists of
lenders who will turn you down if you don't meet their qualifications. The
promised credit cards never come through, and the pyramid money-making schemes
always collapse.


11. Credit repair


Credit repair scams offer to erase accurate negative information
from your credit file so you can qualify for a credit card, auto loan, home
mortgage, or a job.


The scam: The scam artists who promote these services can't
deliver. Only time, a deliberate effort, and a personal debt repayment plan
will improve your credit. The companies that advertise credit repair services
appeal to consumers with poor credit histories. Not only can't they provide you
with a clean credit record, but they also may be encouraging you to violate
federal law. If you follow their advice by lying on a loan or credit
application, misrepresenting your Social Security number, or getting an
Employer Identification Number from the Internal Revenue Service under false
pretenses, you will be committing fraud.


12. Vacation prize promotions


Electronic certificates congratulating you on "winning" a fabulous
vacation for a very attractive price are among the scams arriving in your
email. Some say you have been "specially selected" for this opportunity.


The scam: Most unsolicited commercial email goes to thousands or
millions of recipients at a time. Often, the cruise ship you're booked on may
look more like a tug boat. The hotel accommodations likely are shabby, and you
may be required to pay more for an upgrade. Scheduling the vacation at the time
you want it also may require an additional fee.


Posted by rich at 05:15 PM | Comments (0) | TrackBack

June 07, 2004

How to track spammers

Unless you're the type who likes finding out how to seduce women subliminally, lose 30 pounds in less than six hours, or earn $5,000 a month while sleeping, you face the daily accumulation of offal appearing in your inbox and wonder if there isn't something you can do besides simply deleting it. There is, but you'll have to do some detective work and learn a few things about e-mail headers.

There are a few tools that you'll need before you launch your anti-spam campaign:

  1. nslookup, which translates an IP address into a domain name,
  2. whois, which gives you domain address and contact information, and
  3. traceroute, which tells you the path by which your machine reaches another.

How Do We Start?

First, we need to determine the proper places to send our complaint. Forget about sending a nastygram directly to the sender. That information is easily forged, and there is a better than average chance that your nastygram will result in your being added to another mailing list. (While I'm on the subject, never respond to the "do this to remove your name" offer. All that will do is verify your address and get you on more mailing lists.)

All e-mail, even that from spammers, must enter the Internet someplace. It's our job to figure out where that happens. Most Internet services providers dislike spam almost as much as we do since it bogs down system resources, and most will take action against an offender as soon as we tell them about it.

We start by examining the header, that arcane mess that precedes the actual message body. To do that, you'll have to set your mail reader to display the full header info, rather than the four-line default. Check your mail program's manual or online help to learn how.

Before we begin, it is necessary to learn a bit about where e-mail comes from. Although many people think that a message goes directly from my computer to yours, a typical piece of email goes through at least four different computers during its journey. For example, suppose I drop Computer Bits editor Paul Heinlein a note. When it leaves my desk, the header looks something like this: To: Paul Heinlein <editor@computerbits.com> From: Gary Shuster <papabear@ix.netcom.com> Subject: Possible anti-spam article

By the time Paul gets it, the header will look somewhat different: Return-Path: <papabear@ix.netcom.com> Received: from dfw-ix13.ix.netcom.com (dfw-ix13.ix.netcom.com [206.214.98.13]) by macbeth.computerbits.com (8.8.5/8.8.5) with ESMTP id KAA22220 for <editor@computerbits.com>; Mon, 17 Nov 1997 10:57:12 -0800 Received: (from smap@localhost) by dfw-ix13.ix.netcom.com (8.8.4/8.8.4) id MAA19835 for <editor@computerbits.com>; Mon, 17 Nov 1997 12:56:49 -0600 (CST) Received: from prt-or4-29.ix.netcom.com (207.220.32.157) by dfw-ix13.ix.netcom.com via smap (V1.3) id rma019807; Mon Nov 17 12:56:45 1997 Message-Id: <3.0.5.32.19971117105643.007ac3b0@popd.ix.netcom.com> X-Sender: papabear@popd.ix.netcom.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Mon, 17 Nov 1997 10:56:43 -0800 To: Paul Heinlein <editor@computerbits.com> From: Gary Shuster <papabear@ix.netcom.com> Subject: Possible anti-spam article In-Reply-To: <3.0.32.19971114160055.00a67bb0@macbeth.computerbits.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"

Each computer which handled my message added something to the header, and it is this additional info we can use to help track spam back to its source. We'll be paying particular attention to the Received: lines. These lines show, in reverse order, the domains through which an e-mail went getting from sender to recipient. In fact, the Received: lines are the only parts of the header useful to us since spammers can easily forge everything else.

A good rule of thumb is never to believe any part of the header other than Received: lines, and never believe any Received: line you can't verify. Just assume everything else is forged.

Received: lines use a distinct syntax: Received: from <one system> by <the next system> on <date and time> (time expressed in hours from GMT). The rest of the verbiage contained in the Received: line can be ignored.

In our example, the top Received: line is pretty typical: Received: from dfw-ix13.ix.netcom.com (dfw-ix13.ix.netcom.com [206.214.98.13]) by macbeth.computerbits.com (8.8.5/8.8.5) with ESMTP id KAA22220 for <editor@computerbits.com>; Mon, 17 Nov 1997 10:57:12 -0800.

Demystified, this says that a mail server called macbeth at computerbits.com received a message from a mail server calling itself dfw-ix13.ix.netcom.com on Mon, 17 Nov 1997 at 10:57:12 local time, which is eight hours behind GMT, or PST.

Notice I said "calling itself." We don't know yet if the domain is real or bogus. Have a look at the phrase in parentheses. The receiving computer automatically logs the IP address of the sender, and some will also do a reverse lookup to verify the domain name. If the two agree, you can be reasonably certain that the domain is legitimate. In this case, it says that the IP address logged really is a server at Netcom. In cases where the IP address resolves to something else, always believe the IP address.

Now is a good time to note that the actual domain name is ix.netcom.com. The dfw-ix13 is a specific computer within the domain, and may be ignored for our purposes.

If the mail handler doesn't have the automatic lookup feature, you'll have to track this information down yourself using nslookup. nslookup will handle either domain names or IP addresses, and when we run it on 206.214.98.13, we get

Host name: dfw-ix13.ix.netcom.com
IP address: 206.214.98.13
Alias(es): None

In other words, that Received: line wasn't lying: 206.214.98.13 really is dfw-ix13.ix.netcom.com.

A Word About Relaying

Before the Net became as all-encompassing as it is today, it was considered good netiquette for a server to relay messages from a domain on one network to a domain on another. Because relaying is no longer needed, many ISPs, especially those in the US, have blocked access to that facility (They are "closed," to use industry parlance.)

However, there are still "open" servers elsewhere in the world, and once spammers have located such a server, they route their trash through it, in a process known as either hijacking or pirating.

Hijacked servers are easy to spot, because they have no relationship to either the sender or the recipient. Legitimate e-mail generally goes from one mail handler to another in a fairly organized process, which is easily followed by looking at the Received: lines. If you are examining a header and run across a line which says it was sent to you from hauptstadt.penzberg.de or some such, you can be pretty sure that the server was hijacked.

Let's Get Serious

The header information for a typical unsolicited message looks something like this: Return-Path: <scarevi78@msn.com> Received: from marketbiz.com ([207.159.141.4]) by ixmail1.ix.netcom.com (8.8.7-s-4/8.8.7/(NETCOM v1.01)) with ESMTP id KAA08287; ; Sun, 7 Dec 1997 10:52:42 -0800 (PST) From: scarevi78@msn.com Received: from marketbiz.com (port15.plea.prodigy.net 204.237.182.15]) by marketbiz.com (8.8.7/8.8.5) with SMTP id KAA07188; Sun, 7 Dec 1997 10:51:42 -0800 (PST) Received: from mailhost.webtrak.com(alt1.delphi.com(218.2.61.29)) by delphi.com (8.8.5/8.6.5) with SMTP id GAA05357 for ; Sun, 07 Dec 1997 13:43:41 -0600 (EST) Date: Sun, 07 Dec 97 13:43:41 EST To: Friend@public.com Subject: Make $$$ Fast Message-ID: <71940249278.SWA08874@delphi.com> X-PMFLAGS: 34078848 0 X-UIDL: n67dc78bvc34fv90mbaz67kn3cx5vs28 Comments: Authenticated sender is <ritz78654@delphi.com>

The first Received: line can't be forged since it's added by the receiving computer. Thus, the message really did originate from a computer whose IP address is 207.159.141.4. Whether or not it really is marketbiz.com remains to be seen.

Running a DNS Lookup tells us that 207.159.141.4 is really something called lightrealm.net. So let's use whois to see if marketbiz.com is real or not:

ACS Hi-Tech Media MARKETBIZ-DOM
3615 Halekipa Place
Honolulu, HI 96816
US

Domain Name: MARKETBIZ.COM

Administrative Contact:
Cabanilla, Flor M FMC12 funix@JUNO.COM
808-737-3064
Technical Contact, Zone Contact:
DNS Administrator DA352-ORG dns@LIGHTREALM.COM
tel.: 206-827-0900 fax.: 206-827-8244 http://www.lightrealm.com
Billing Contact:
Cabanilla, Flor M FMC12 funix@JUNO.COM
808-737-3064

So it is a real domain after all, and appears to have something of an incestuous relation ship with lightrealm.com.

The second Received: line says that Lightrealm got the message from Prodigy. This, too, checks out when you run DNS Lookup.

However, the third Received: line is a phony. You can tell quickly by looking at the timestamp. "-0600 (EST)" is incorrect. EST is five hours behind GMT, so it should say, "-0500 (EST)." You can safely ignore the rest of the header, since once you find one forged line its a safe bet that all lines below it are phony. (By the way, any IP address containing a number greater than 255 is also a phony.)

So, what do we know? We know that this piece of mail went from Prodigy to Lightrealm to me. What we don't know is whether or not Lightrealm is guilty of complicity or simply an innocent bystander. Let's find out.

A good place to start is the domain's Web site. (Use http://www.domain.name, in this case http://www.lightrealm.com/.) Most mainstream providers will have stated in their Policies and Procedures that spamming is grounds for termination. Lightrealm appears to have no such policy, which may mean that as far as it's concerned, spam is OK.

What about marketbiz.com? Hmm, it doesn't appear to have a Web site. Now what?

Using traceroute

traceroute tells you the Internet route by which one computer can contact another. It should be used only on the domain which actually passed the message to your server. A traceroute from my computer back to Lightrealm provides the following information:

Trace 207.159.141.4 ...

165.236.129.1 RTT: 144ms TTL: 0 (prt-or-gw1.netcom.net)
165.236.138.57 RTT: 169ms TTL: 0 (h0-024-stl-wa-gw1.netcom.net)
163.179.232.54 RTT: 306ms TTL: 0 (h4-0-1-scl-ca-gw3.netcom.net)
163.179.232.62 RTT: 189ms TTL: 0 (h4-0-mae-west.netcom.net)
198.32.136.11 RTT: 182ms TTL: 0 (sl-mae-w-F0/0.sprintlink.net)
144.228.10.45 RTT: 183ms TTL: 0 (sl-bb2-stk-2-0-T3.sprintlink.net)
144.232.4.69 RTT: 172ms TTL: 0 (sl-bb11-stk-4-2-155M.sprintlink.net)
144.232.8.30 RTT: 181ms TTL: 0 (sl-bb4-sea-5-0-0.sprintlink.net)
144.228.90.6 RTT: 196ms TTL: 0 (sl-gw4-sea-0-0.sprintlink.net)
144.228.96.6 RTT: 197ms TTL: 0 (sl-televar-1--T3.sprintlink.net)
207.159.128.17 RTT: 202ms TTL: 0 (sea-core1-f500.lightrealm.net)
207.159.141.4 RTT: 216ms TTL:242 (No rDNS)

What we can tell from that information is that Lightrealm connects to the Internet using Sprint (hence the many hops though sprintlink.net).

This means that our complaints should go to three places:

  1. Prodigy, the message's earliest legitimate point of origin

  2. Lightrealm, the administrative contact for Marketbiz, and

  3. Sprint, the company providing Internet access to Lightrealm.

Sending a Complaint

Once you're ready to complain, for a list of complaint addresses. If you don't find the domain you're after, address your complaint to postmaster@the-domain. All domains must have a monitored address called postmaster so if you get an undeliverable message bounce-back from the first letter of complaint, send the second to postmaster. You can also run whois and notify the administrator.

Make sure that you forward the entire header. Without it, the ISP can do nothing. You can safely delete the message body, although if the spammer has included a Web reference or contact e-mail address, you should pass it along. (In spite of arguments to the contrary, junk mailers are human. I have seen spam in which the mailer took great pains to disguise the header -- then used his real e-mail address in the body.)

A couple of notes on getting a helpful response to your complaint:

  1. Be polite. It's possible the domain to which you're complaining is also an innocent victim, and it won't do your cause any good to talk disparagingly about his ancestry or eating habits.

  2. Be patient. Many ISPs are inundated with spam complaints, and replies can be spotty. Sometimes you'll get an automatic reply; sometimes nothing. Sometimes you'll get a personal note that the offender's account has been terminated. That makes all the extra work worthwhile.

Posted by rich at 05:54 PM | Comments (1) | TrackBack

What is spam (part 2)?

With the massive amount of information and speed the Internet is able to handle, communication has been revolutionized with email and other online communication systems. Users are able to send messages across the globe in seconds, and to many people at once. Recently, however, some computer users have abused the technology used to drive these communications, by sending out thousands and thousands of emails with little or no purpose other than to increase traffic or decrease bandwidth.


A rough definition of spam is any unsolicited email sent against the interest and knowledge of the recipient, usually with no intention of a response other than to visit a website or sell a product. These emails are usually sent out in large numbers to many recipients. However, it is important to differentiate between unsolicited email which can be labeled as spam and solicited email. Solicited email my have the same goals as unsolicited email, but you may receive a solicited email that the sender has deemed to be in your interest, or related to a previous interest. spam email, however, is usually sent without any knowledge or consideration of the recipients interests, and is sent out only with the desired result in mind.

Posted by rich at 05:53 PM | Comments (0) | TrackBack

Why junk email is a bad thing

Junk email is bad because:
  • The recipient of the advertising is forced to pay the cost of the message. People pay for an email mailbox for various reasons, but not because they want to receive advertising. It costs the recipient real money in terms of extra connect-time charges, phone time charges, disk space, and lowered bandwidth. This is similar to the cost-shifting incurred with unsolicited faxed advertisements, which were made illegal in the US for that very reason.
  • It costs real money. Junk email wastes recipient's valuable time, because they have to spend extra time to download the unwanted messages, and then to wade through the junk email in order to get to the email they actually want. This costs real money in terms of productive time wasted sorting, identifying, and discarding unwanted junk email.
  • Junk email clogs up people's email boxes, mingling with and sometimes even preventing receipt of legitimate email. As more people conduct more business over the Net, this type of disruption can cost even more money.
  • It may cause employers to pull employee internet email access, because they don't want to pay money for their employees to receive advertisements, nor for the lost productivity of their employees wasting (employer-paid) time identifying and discarding junk email. This lessens diversity of the community and hurts the Internet as a whole, and hurts the advancement of the Internet as a medium for commerce.
  • It is contrary to the helpful and personal culture of the Internet The reason the Internet and interactive communication in general has become so popular is because of the personal one-to-one interaction possible with this technology. People from all over the world have helped each other with problems ranging from the technical to the intensely personal. Impersonal mass-emailings are the antithesis of the an Internet community.
  • It is inappropriate and contrary to the interactive nature of the Internet medium. Junk email is barely interactive at best, and is often not interactive at all, because the sender forged a fake return address to avoid retribution. It is sender-oriented push advertising, not an interactive, recipient-centered pull of information. Junk email is based on outdated advertising model.
  • It discourages people from participating in the Internet The saddest thing of all about junk email is that it subtly destroys the things that made the Internet so attractive to people in the first place.

    People are already withdrawing from participating in Usenet, because junk emailers collect most of their addresses from Usenet. This harms everyone who has benefited from the advice and emotional support other people have provided through Usenet. People who gave the most back to the Internet, by posting the most responses to Usenet questions, are the most likely to be abused by junk email. People who do still participate are forced to provide false addresses, making direct communication difficult or impossible.

    For the same reason, some people are not putting their email addresses on their Web pages anymore, making it harder to communicate feedback and opinion. In this way, junk email stifles communication, making the Web more like television: a one-way medium.

    People are also attempting to get their email addresses out of publicly-available directories due to junk email, just like people unlist their telephone numbers to avoid telemarketing calls. Friends who have lost contact cannot reestablish communication by email.

Posted by rich at 05:52 PM | Comments (0) | TrackBack

What is spam?

Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services. Spam costs the sender very little to send -- most of the costs are paid for by the recipient or the carriers rather than by the sender.

There are two main types of spam, and they have different effects on Internet users. Cancellable Usenet spam is a single message sent to 20 or more Usenet newsgroups. (Through long experience, Usenet users have found that any message posted to so many newsgroups is often not relevant to most or all of them.) Usenet spam is aimed at "lurkers", people who read newsgroups but rarely or never post and give their address away. Usenet spam robs users of the utility of the newsgroups by overwhelming them with a barrage of advertising or other irrelevant posts. Furthermore, Usenet spam subverts the ability of system administrators and owners to manage the topics they accept on their systems.

Email spam targets individual users with direct mail messages. Email spam lists are often created by scanning Usenet postings, stealing Internet mailing lists, or searching the Web for addresses. Email spams typically cost users money out-of-pocket to receive. Many people - anyone with measured phone service - read or receive their mail while the meter is running, so to speak. Spam costs them additional money. On top of that, it costs money for ISPs and online services to transmit spam, and these costs are transmitted directly to subscribers.

One particularly nasty variant of email spam is sending spam to mailing lists (public or private email discussion forums.) Because many mailing lists limit activity to their subscribers, spammers will use automated tools to subscribe to as many mailing lists as possible, so that they can grab the lists of addresses, or use the mailing list as a direct target for their attacks.

Posted by rich at 05:49 PM | Comments (0) | TrackBack

What can I do to keep spammers from getting my email?

Since spammers do not usually get your email address directly from you, but rather indirectly via the web or other service, there is no truly direct way to keep a spammer from getting your email address. However, there are many steps you can take to make it difficult for a spammer to find your email address on the web:

  • Don't publish your email on the web: The only way to keep your email address truly private is to not publish it on the web in any form. This is usually not a very feasible option, because many of us would like people who want to access your email address for legitimate reasons find it.
  • Be conservative with who you give your information to: Many websites and online services these days will ask you for your email address when you register or visit their site. If you do sign up with any of these services, make sure that they have a privacy statement that will ensure that your email address is not given out to anyone that you don't want it to be given out to.
  • DO NOT reply to spam emails: Although it may sometimes be tempting to reply out of anger or frustration to an unsolicited email attacking the sender, it can sometimes lead to more serious problems. First, your email address may be sent to other spammers using the same email account, causing your email address to appear on more lists, and give you more spam mail. Also, if the account name that the spammer is using is actually someone else's (this is easy to do), you may be sending an unsuspecting computer user an unnecessary email.

    Posted by rich at 05:48 PM | Comments (0) | TrackBack

    Dealing with Spam - what not to do

    First of all, there are some things you really shouldn't do.

    Mailbombing

    I have often had the urge to send a multi-megabyte <BLOB file attachment in reply to the junk mailer, to sink their in-box. Or to mailbomb them. It's hard to resist. But, sadly, it's also not very satisfying, once you learn that it just isn't very effective. Junk emailers are getting more savvy. Often mail sent to the return address bounces because the return address is forged. Sometimes (when you're lucky) the system operator has already yanked the account when they discovered that the junk mailer was abusing the net in this way. Sometimes everyone else had the same idea, and all the disk space on the offender's mail server has already been consumed.

    There are also unintended consequences and side-effects for this kind of retributive action, which you should consider. First of all, if the address is forged on purpose (not that hard to do), the person in the reply-to might be the hapless victim of a reverse mailbombing.

    Even if this is not the case, causing a mail server to crash affects all the other innocent users on that system. Sure, I could rationalize that this will give them some incentive to deal with the offender, but if this happened to me I wouldn't have any idea which of my co-users was junk mailing from my ISP's server. All I'd know is that the mail server was unavailable. In addition, intentionally trying to crash a machine through mailbombing is technically a Denial-of-Service Attack, a computer crime (at least in the United States.)

    If the systems operator has done their job and terminated the account, you are just adding to their headache by mailbombing the address. Plus, the sysop is probably much better at it than you are. This means that you might just have your own mailbox squashed like an irritating mosquito.

    Phone Calls and Other Abuse

    If a junk email has a phone number in it for responses, especially a toll-free 800 or 888 number, it's obvious that the sender is either A) completely clueless about the Internet and its denizens, B) attempting to pull a nasty prank on someone they don't like very much or C) someone who just exploited the owner of the phone number by charging them for a "really good advertising opportunity on the Internet." No one who knows anything about the nature of the Internet would willingly or knowingly open themselves up for the inevitable massive abuse that's about to rain down on them via their telephone or fax machine.

    It's certainly acceptable to call once to calmly explain why you object to their junk email, or to send a single, polite fax. But think about this: If the bulk email mailing-list vendors are telling the truth, the lists have over a million supposedly valid email addresses. If the junk email included a toll-free number, suppose just one percent of the recipients were irritated enough to call in a (free, after all) complaint during the following week. That's ten thousand phone calls--more than 1,400 per day! And a lot of those calls are going to be abusive.

    I understand how angry junk email can make you. But please don't call the numbers to yell. Don't send 400-page faxes. It's really not a good idea to call the toll-free number repeatedly just to run up their bill. (For one thing, it's a crime to harass over the phone, and your calling number will appear on their bill.)

    The owner of that number is almost certainly either a victim of a selfish junk emailer (just like you) or a poor, ignorant fool about to learn a terrible lesson. I have talked to some of these people by phone, and they are usually very apologetic and repentant, and have been fielding angry phone calls all day. Feel sorry for them. Don't lower yourself to the same level as the junk emailers. Don't become an abuser.

    Posted by rich at 05:47 PM | Comments (0) | TrackBack

    The junk email FAQ

    Frequently Asked Questions About Junk Email

    Q: What is junk email?
    A: Junk Email is unsolicited commercial electronic mail. In other words, it is when someone sends you an unwanted advertisement via email. Often, junk email is sent in bulk to a large number of addresses using an automated mailing program.
    Q: How is junk email different from spam?
    A: Junk Email is often mis-labeled as Spam. Spam is a name for a excessive multiple posting of a substantially identical message on Usenet. Spam often contains commercial advertising, but the definition is based on the number of postings, and not the content of the message. Because there are effective filtering and cancel mechanisms available on Usenet, it is becoming clear to advertisers that spamming is not an effective means of generating business. Unfortunately, many Net advertisers are now moving to junk email.
    Q: Why is this A Bad Thing?
    A: Junk email requires that the recipient (or victim) pays to receive the advertisement message, and the victim has no way to avoid doing so. Also, since many junk emailers use automated mailing programs, and sell their email address lists, the volume of junk email can quickly rise to unmanageable levels, clogging the victim's in-box and prevent access to legitimate email.
    Q: Who does this?
    A: The short answer is: rude people. Some may not realize that they are being rude; however, many do. The appeal to them is that junk email appears, at least on the surface, to be much cheaper than other advertising methods. Sending an email message appears virtually free to the sender, and a junk emailer can send email to 10,000 addresses as cheaply as one. Because of this, even a fraction of a percent positive response is a great return on investment. Of course, that is overlooking the fact that the other 9,999 people had to be irritated and materially inconvenienced by the junk email.
    Q: What if I want to find out about a product?
    A: You can certainly use Web search engines to find out about products advertised on the Web. You could also sign up for a specialized mailing list to be sent information about a particular product or topic, or use a mail-back email responder. There is no legitimate reason for someone to send you commercial email without your request or permission.
    Q: Is commercial email ever OK?
    A: Sure, if the recipient has knowingly requested the material. This could be through an auto-responder, or even just a personal exchange of email. Many businesses distribute information effectively on the Internet this way.
    Q: What about junk email that tells you to reply with a keyword in order to avoid getting further messages?
    A: That's not good enough. It just wastes more of our valuable time. Valid automated mailing lists require you to subscribe to them, for good reason: There are at more than 54,000 known electronic mailing lists--imagine the chaos if all mailing lists subscribed everyone on the Net automatically! Would you want to spend the time sending 54,000 replies?
    Q: What about putting those "I will proofread junk email for $XXX" contracts in your .sig file?
    A: Well, they may act as a deterrent, but they probably aren't legally binding, because you can't show that the junk emailer actually saw your notice (and, due to their address-collection software, they probably didn't). You could send a notification by certified mail (assuming you can get a valid snail-mail address), send a bill if you got junk emailed again, and then sue in your local small-claims court when they didn't pay. This relies on the concept of Notification and Offer, a common-law legal concept that you have to pay if you do something that costs someone else money, even if you didn't sign a contract before hand. The commonly-cited example is when you gas up your car: you are told how much you will have to pay (and you don't have to accept what is offered to you), but once you start filling the tank you're on the hook to pay up (that is, taking the action indicates your acceptance of the offer, which obliges you to pay). Junkbusters Spamoff uses this concept to fight junk email.

    Posted by rich at 05:46 PM | Comments (0) | TrackBack

    What's in your in-box?

    Do you receive lots of junk email messages from people you don't know? It's no surprise if you do. As more people use email, marketers are increasingly using email messages to pitch their products and services. Some consumers find unsolicited commercial email - also known as "spam" - annoying and time consuming; others have lost money to bogus offers that arrived in their email in-box.

    Typically, an email spammer buys a list of email addresses from a list broker, who compiles it by "harvesting" addresses from the Internet. The marketer then uses special software that can send hundreds of thousands - even millions - of email messages to the addresses at the click of a mouse.

    To reduce the amount of unwanted commercial email you receive:

    ·         Try not to display your email address in public. That includes newsgroup postings, chat rooms, websites or in an online service's membership directory.

    ·         Check the privacy policy when you submit your address to a website. See if it allows the company to sell your address. You may want to opt out of this provision, if possible.

    ·         Read and understand the entire form before you transmit personal information through a website. Some web sites allow you to opt out of receiving email from its "partners" - but you may have to uncheck a preselected box if you want to opt out.

    ·         Decide if you want to use two email addresses - one for personal messages and one for newsgroups and chat rooms.

    ·         Use an email filter. Check your email account to see if it provides a tool to filter out potential spam or a way to channel spam into a bulk email folder.

    If you receive unwanted spam email, you can:

    ·         Report it to the Federal Trade Commission. Send a copy of any unwanted or deceptive messages to uce@ftc.gov. If you want to complain about a removal link that doesn't work or not being able to unsubscribe from a list, you can fill out the FTC's online complaint form at www.ftc.gov. Your complaint will be added to the FTC's Consumer Sentinel database and made available to hundreds of law enforcement and consumer protection agencies. Whenever you complain about spam, it's important to include the full email header.

    ·         Send a copy of the spam to your ISP's abuse desk. By doing this, you can let the ISP know about the spam problem on their system and help them stop it in the future.

    Complain to the sender's ISP. Most ISPs want to cut off spammers who abuse their system.

    Posted by rich at 05:42 PM | Comments (0) | TrackBack