Suggestions on How to Stop 'Spam' and Unwanted Junk Email


Spam is the common term for that unsolicited junk mail that arrives in your email InBasket. It is often delivered by stealing services from an 'open relay' or 'open proxy', with the origin obscure or forged. And you had to pay for receiving it.

Spam often contains offers for dubious products or 'MLM' opportunities. The claims are usually too good to be true. The offers often cross the line and become scams. Legitimate offers from legitimate businesses do not try to hide their contact information.

Cyberspace has three dimensions; DNS Name Space, IP Address Space, and Bandwidth. As a participant in the World Wide Web you pay for all three; you buy your Cyber Real Estate.

When you receive unsolicited email your Cyber Real Estate is being trespassed upon. You paid for the spammer to litter your InBasket. Spam is reverse cost advertising, where the recipient pays to receive it.

Spam in an inappropriatre "opt-out" model for commercial contact. It does not scale. If 1% of United States businesses sent you one spam per year, you would receive an average of more than 574 spams per day (based on US Census figures) You are going to be spammed if you have an email address. Its an issue of minimizing the quantity and frequency of spam received. And complaining appropriately about the spam you do receive.

There are several answers, and you need to use more than one to be effective.

Obscurity

The more places your email address gets used or posted, the more likely it will be harvested by a spammer and added to their list. The closer your email address is to 'normal' the more likely it will be targeted in a 'dictionary' attack. Avoid forwarding urban legends and other pass this along chain mail. How many addresses could you have harvested from the ones you got from friends this week? How many of those addresses could you have guessed? Get two email addresses, one for social and one for business use. Blind copy your friends when passing on things (pasted into a new letter) to avoid sharing/exposing addresses.

Filtering

Screen out the junk so you don't have to see it. Don't accept mail sent by confirmed open relay servers. Filtering is most effective at the server level (because it pushes the 'bounce' closer to the source), but it is still effective when implemented closer to your InBasket. Many mail services provide for 'white' and 'black' lists of addresses that you accept and refuse, respectively, mail from. Deleting all mail containing a disclaimer such as

Under Bill S.1618 TITLE III passed by the 105th US Congress this is not considered spam as long as the sender includes contact information and a method of removal.

is appropriate because it is a lie -- the bill was never passed for good reason. Make some rules to put junk into a junk folder (but you still need to glance thru it before throwing it in the trash since no filter rule will be perfect).

Hide

Use 'throw away' accounts for public communications or postings. Use anonymizer services that hide your real email address and IP. Don't use your real name, use a 'screen' name. Use encryption. Be paranoid -- the spammers really are out to get you.

But remember this can also give the appearance that you have something to hide. You paid for your cyber real estate and should be able to put your name on the door.

Vigilance

Sending unsolicited email is against the Acceptable Use Policy of most ISPs. Protect your cyberspace and report abuse. Learn how to track down the source of spam or use a reporting service. Don't just hit delete.

Each server that handles a piece of email adds a Received header to the front of the message before passing it on. Using the information in the headers should allow you to trace the spam to its source, and to identify the appropriate abuse contacts to complain to.

You can also complain to the host of the website being spamvertised about the inappropriate marketing being done by their customer. You can complain to the hosts of the supporting email addresses in a similar manner. And you can even make sure that the real owners of any forged or trademarked names are aware of the misuse of their names. Complain to the DNS hosts.

And remember to complain to the authorities. A copy of every spam should go to spam@ftc.gov (with full headers so they can trace it). Since many of the offers in spam stand on or cross the line, there are specialized reporting addresses for various illegal activities. Use them as appropriate. You don't have to put up with littering in cyperspace at your expense.




Current date and time is Thursday, 28-Mar-2024 05:35:27 EDT and the Greenwich date and time is Thursday, 28-Mar-2024 09:35:27 GMT. You are viewing this page from: 44.213.80.203 and are visitor number 513. This page was first published on 21 October 1998 and was last updated on Wednesday, 21-Jul-2004 22:31:23 EDT.

Return to The Tomaszewski Family Public Home Page or visit Kreigh's Home Page.


Spam Links


Some other opinions on what spam is:
http://www.geocities.com/spamresources/faqs.htm#faqs-what
http://www.monkeys.com/spam-defined/
http://www.mail-abuse.org/standard.html
http://www.templetons.com/brad/spume/define.html
http://www.netlingo.com/lookup.cfm?term=spam
http://rr.sans.org/email/spam_battle.php tactics and strategies used by spammers and spam fighters

Probably the best Spam tracking, analysis, and reporting service on the web: SpamCop.net

Use Hand Weapons for Tracing Spam: And enter the DMZ Combat Zone

Check out senders at: Open RBL

Or try SamSpade for Tracking Spam: For Whois, IP Block Lookup and Traceroute, a safe browser, and more

Check out a domain or IP at: Hexillion's Central Ops

Or see what you can find looking at: DNS stuff

And yet another lookup alternative: Net Demon

Don't cut yourself playing with: IP Security Tools

No installation needed for these: NetTools

See if they are blacklisted anywhere at: rbls.org

Decode an obfuscated webpage: at Swishweb

And when you find bogus registration information: Report it with a Whois Data Problem Report
or, Lookup a Domain, Registrar, or Nameserver at internic.net:
but remember to say the magic words "ICANN do this" as you hit 'submit'
.

Some help fighting spam from: France

Some help blocking spam and adware from: firewallguide.com with a wide variety of products reviewed.

Some great primers on spam: Slightly dated (recently found), but 'The Art of LART' is still one of the better explanations on how to trace and report spam
Why Spam is bad
Spam FAQ
Spam Headers
Another great primer on tracing spam
Plus a glossary of internet terms
Margie has a good page for beginners
Samspade has a lot of good info in the back rooms (see the Manuals and Tutorials section).
Some good info on how to fight Spam
Spammers do more than just Spam, they often Scam
More on the evils of Spam
More on the costs of Spam
Clueless Mailers
Spamfighting Overview
The Evils of Spam
Greg Searle's Spam Information Site
SPAM-L FAQ - How to Track Spammers and Complain to Their ISP

How to come up with full mail headers for reporting

A great primer on email from a DECUS presenter: Email Protocols : SMTP, MIME, POP & IMAP

A newsgroup to follow is NANAE - news.admin.net-abuse.email

Effective search engines for finding stuff out about a Spam company are Dogpile and 37.com and HREF="http://google.com/">google.com

Open Relay mail servers provide an opportunity for theft of service -- and the delivery of spam; If you run a server, use one, or more, of the open relay databases and never accept mail from proven open relays. And ORDB has a service you can use to test a suspect IP address and get it listed if it is open (as well as a great blacklist if you run a server).

How to Report Child Pornography

Concentric Network's Abuse Group

We have some resources for Hoaxes and Virus Issues on our Family Links page and can suggest Chain Mail and the Facts of Life as another great resource.

Fwd Hotmail Spam to: abuse@hotmail.com (always send full msg AND headers)
Hotmail TOS
Hotmail UCE policy
GoodGuys
Responsible sites
Report Open Relay Spam sites
More ways to stop Spam
UCE closures posted
FTC ScamSpam or forward illegal scams to the FTC at spam@ftc.gov
Spam-L FAQ
RIPE NCC: Whois Queries
ARIN: Whois
What are the Internet Standards and W hat standards are current
Where can I find details on the Internet Standards or search thru the Internet Standards

Earthlinkıs Spam Policy
Earthlink Spam Prevention Suggestions
Earthlink Spam Tech Tip

You can also protect yourself from telephone spam:
ftc.gov
www.the-dma.org

If your wallet or purse is stolen:

Equifax:  1-800-525-6285
Experian (formerly TRW):  1-888-397-3742
  Trans Union:  1-800-680-7289
Social Security Administration (fraud line):  1-800-269-0271

Or from online tracking by advertisers:
At www.networkadvertising.org/optout_nonppii.asp, consumers can opt-out by clicking on the radio button next to a brief description of each of the advertisers participating in the program.
And an alternate site, NOT run by the advertisers, is found at www2.ecst.csuchico.edu/~atman/spam/adblock.shtml
The Privacy Foundation has a browser plug in to let you identify those sites trying to track you at www.bugnosis.org

Check out where the Law stands on spam

Check out what the FTC has to say about spam and the Can-Spam Act.

The FTC would like to receive a copy of every spam you receive at spam@ftc.gov , but include full headers. Some other sites that also want a copy of your spam are:
news.admin.net-abuse.sighting
submit@spamarchive.org and you can volunteer to help at volunteer@spamarchive.org
'Nigerian 419' only scams at 419.to
SpamCop.net

Find out a country code:
www.iana.org
www.norid.no
www.norid.no alpha sequence

Coalition Against Unsoliticted Commercial Endorsements

Protect yourself against rfc ignorant domains

APNIC Whois Search

Good advice for running a mail list properly

A base 64 magic decoder ring (cut, paste, click)
And some other alternatives:
http://www.miken.com
http://www.wcc.vccs.edu/dtod/base64/
http://www.wc.cc.va.us/dtod/base64/default.asp
http://makcoder.sourceforge.net/demo/base64.php
http://www.robertgraham.com/tools/base64coder.html

You can use WinZip (and several other compression utilities) to unencode 'by hand'. With WinZip, do the following:
  1. Save base64 data to a text file.
  2. Rename file to anything.uue
  3. Select file, right-click to UnZip
  4. File "Unknown.xxx" (I forget extension) will be created
  5. Change .xxx to .txt and open

Locating Obscure IPs and other tricks:
www.pc-help.org/obscure.htm

Learn about CIDR notation:
public.pacbell.net/dedicated/cidr.html
pintday.org/misc/cidr.shtml

The USPS catalogs every valid delivery address in the country:
www.usps.com/zip4/

Senate Bill 1618 is often cited to make spam legitimate, but the Urban Legend truth is that it never passed.

Find out about open proxy servers and how they are used to send spam

If it smells like a scam, you might want to check it out at scamorama

Find out what state an area code serves at http://docs.nanpa.com/cgi-bin/npa_reports/nanpa?function=list_npa_geo_number so you can identify what phone company is hosting a number mentioned in a spam at http://www.nanpa.com/number_resource_info/co_code_assignments1.html

Find out what a LART is at:
www.utdallas.edu
www. jargon.net
www. netlingo.com/lumenu2.cfm
www. acronymfinder.com

Stupid Spamer excuses, and more resources and references at whew.com

Something to listen to online while chasing spammers

Sendmail is still the most common internet mail server, and their FAQ has *lots* of good information

CERT reports on vulnerabilities and internet security issues, including spam

SMTP uses port 25. Do you know what other port numbers are used for?
http://www.iana.org/assignments/port-numbers
http://www.simovits.com/sve/nyhetsarkiv/1999/nyheter9902.html
http://www.networkice.com/advice/Exploits/Ports/default.htm
http://www.stengel.net/tcpports.htm
http://www.chebucto.ns.ca/%7Erakerman/trojan-port-table.html
http://www.chebucto.ns.ca/%7Erakerman/port-table.html
http://home.tiscalinet.be/bchicken/trojans/trojanpo.htm
http://www.dshield.org/

or maybe you just need to visit Daryl's TCP/IP Primer

VICTIMS AGAINST SCAMS is a FraudInfo Newsletter

Schemes, Scams, and Frauds

Clueless Mailers has good info on spammers

See where spam comes from on a map of the world

an online open proxy tester

PGP appears dead, but the OpenPGP standard still exists so you can continue to digitally sign or encrypt your spam reports
http://www.pgpi.org
http://www.gnupg.org/

List building is a slow and tedious process if you do it right
mail-abuse.org/manage.html
www.faqs.org/rfcs/rfc3098.html
www.cauce.org/about/resources.shtml

Report an act of terrorism to the US government or Research information about the 'Attack on America' or Learn how to protect yourself from virus email from a member of the Stay Safe Online Campaign

Subject Specific Reporting Addresses
Reporting Address Spam Subject or Complaint Topic
pyramid@ftc.gov
http://www.fairtrading.wa.gov.au/consumers/scams/scams/pyramid.html
Money schemes, Get Rich Schemes, Pyramid Schemes, MLMs, and anything that says "not MLM"
webcomplaints@ora.fda.gov
otcfraud@cder.fda.gov
webo@fdadr.cdrh.fda.gov
Anything dealing with drugs, herbals, prescriptions, medical equipment, weight loss, food (Food and Drug Administration), and health
health-claims@ftc.gov FTC - health claims (may be dead)
enforcement@sec.gov in the US
RCMP in Canada
Anything that mentions or promotes stocks or securities (pump 'n' dump scams)
finance-admin@yahoo-inc.com should be interested in stocks that are being pumped and dumped that reference yahoo stock listings/charts
isfeedback@nasdaq.com NASDAQ-stock fraud reports
fraud@uspis.gov If the spam requests sending to a snail mail address (U.S. Postal Service), such as in a pyramid scheme
419.fcd@usss.treas.gov
nigerianfraudwatch@nigerianfraudwatch.org
The 419 Coalition Website at http://home.rica.net/alphae/419coal/
Examples of 'Nigerian 419' scams at http://419.to
http://www.sec.gov/answers/nigeria.htm
http://www.crimes-of-persuasion.com/Crimes/Business/nigerian.htm
http://www.secretservice.gov/alert419.shtml
419.to has an interesting collection of these scams
'Nigerian' 419 Scams (help me get the millions out of the country for a cut)
http://www.missingkids.com/cybertip/ is one of the best
http://www.antichildporn.org
consumerline@ftc.gov
Reporting Child Porn outside the USA by country
Reporting Child Porn in the UK (IWF)
Reporting Child Porn in the USA (NCMEC)
Reporting Child Porn in Europe (Childporn Inhope Partners)
Childporn Cybertipline USA
Report Child Porn to the FBI
child porn
hotline@mpaa.org
cdreward@riaa.com
illegal DVD copying software
cdreward@riaa.com illegal MP3 sites
www.keytlaw.com/faxes/junkfaxlaw.htm spam FAXing is illegal
http://www.iana.org/assignments/port-numbers
http://www.doshelp.com/
registered ports to help with DoS and odd connection attempts

Additional choices of Where to complain about internet scams

And last but not least, there is no Lumber Cartel (but watch out for netizens carrying clue-by-fours).