Spam is the common term for that unsolicited junk mail that arrives in your email InBasket. It is often delivered by stealing services from an 'open relay' or 'open proxy', with the origin obscure or forged. And you had to pay for receiving it.
Spam often contains offers for dubious products or 'MLM' opportunities. The claims are usually too good to be true. The offers often cross the line and become scams. Legitimate offers from legitimate businesses do not try to hide their contact information.
Cyberspace has three dimensions; DNS Name Space, IP Address Space, and Bandwidth. As a participant in the World Wide Web you pay for all three; you buy your Cyber Real Estate.
When you receive unsolicited email your Cyber Real Estate is being trespassed upon. You paid for the spammer to litter your InBasket. Spam is reverse cost advertising, where the recipient pays to receive it.
Spam in an inappropriatre "opt-out" model for commercial contact. It does not scale. If 1% of United States businesses sent you one spam per year, you would receive an average of more than 574 spams per day (based on US Census figures)
There are several answers, and you need to use more than one to be effective.
The more places your email address gets used or posted, the more likely it will be harvested by a spammer and added to their list. The closer your email address is to 'normal' the more likely it will be targeted in a 'dictionary' attack. Avoid forwarding urban legends and other pass this along chain mail. How many addresses could you have harvested from the ones you got from friends this week? How many of those addresses could you have guessed? Get two email addresses, one for social and one for business use. Blind copy your friends when passing on things (pasted into a new letter) to avoid sharing/exposing addresses.
Screen out the junk so you don't have to see it. Don't accept mail sent by confirmed open relay servers. Filtering is most effective at the server level (because it pushes the 'bounce' closer to the source), but it is still effective when implemented closer to your InBasket. Many mail services provide for 'white' and 'black' lists of addresses that you accept and refuse, respectively, mail from. Deleting all mail containing a disclaimer such as
Use 'throw away' accounts for public communications or postings. Use anonymizer services that hide your real email address and IP. Don't use your real name, use a 'screen' name. Use encryption. Be paranoid -- the spammers really are out to get you.
But remember this can also give the appearance that you have something to hide. You paid for your cyber real estate and should be able to put your name on the door.
Sending unsolicited email is against the Acceptable Use Policy of most ISPs. Protect your cyberspace and report abuse. Learn how to track down the source of spam or use a reporting service. Don't just hit delete.
Each server that handles a piece of email adds a Received header to the front of the message before passing it on. Using the information in the headers should allow you to trace the spam to its source, and to identify the appropriate abuse contacts to complain to.
You can also complain to the host of the website being spamvertised about the inappropriate marketing being done by their customer. You can complain to the hosts of the supporting email addresses in a similar manner. And you can even make sure that the real owners of any forged or trademarked names are aware of the misuse of their names. Complain to the DNS hosts.
And remember to complain to the authorities. A copy of every spam should go to spam@ftc.gov (with full headers so they can trace it). Since many of the offers in spam stand on or cross the line, there are specialized reporting addresses for various illegal activities. Use them as appropriate. You don't have to put up with littering in cyperspace at your expense.
Obscurity
Filtering
Under Bill S.1618 TITLE III passed by the 105th US Congress this is not considered spam as long as the sender includes contact information and a method of removal.
is appropriate because it is a lie -- the bill was never passed for good reason. Make some rules to put junk into a junk folder (but you still need to glance thru it before throwing it in the trash since no filter rule will be perfect).
Hide
Vigilance
Return to The Tomaszewski Family Public Home Page or visit Kreigh's Home Page.
Some other opinions on what spam is:
http://www.geocities.com/spamresources/faqs.htm#faqs-what
http://www.monkeys.com/spam-defined/
http://www.mail-abuse.org/standard.html
http://www.templetons.com/brad/spume/define.html
http://www.netlingo.com/lookup.cfm?term=spam
http://rr.sans.org/email/spam_battle.php tactics and strategies used by spammers and spam fighters
Probably the best Spam tracking, analysis, and reporting service on the web: SpamCop.net
Use Hand Weapons for Tracing Spam: And enter the DMZ Combat Zone
Check out senders at: Open RBL
Or try SamSpade for Tracking Spam: For Whois, IP Block Lookup and Traceroute, a safe browser, and more
Check out a domain or IP at: Hexillion's Central Ops
Or see what you can find looking at: DNS stuff
And yet another lookup alternative: Net Demon
Don't cut yourself playing with: IP Security Tools
No installation needed for these: NetTools
See if they are blacklisted anywhere at: rbls.org
Decode an obfuscated webpage: at Swishweb
And when you find bogus registration information:
Report it with a Whois Data Problem Report
or, Lookup a Domain, Registrar, or Nameserver at internic.net:
but remember to say the magic words "ICANN do this" as you hit 'submit'.
Some help fighting spam from: France
Some help blocking spam and adware from: firewallguide.com with a wide variety of products reviewed.
Some great primers on spam:
Slightly dated (recently found), but 'The Art of LART' is still one of the better explanations on how to trace and report spam
Why Spam is bad
Spam FAQ
Spam Headers
Another great primer on tracing spam
Plus a glossary of internet terms
Margie has a good page for beginners
Samspade has a lot of good info in the back rooms (see the Manuals and Tutorials section).
Some good info on how to fight Spam
Spammers do more than just Spam, they often Scam
More on the evils of Spam
More on the costs of Spam
Clueless Mailers
Spamfighting Overview
The Evils of Spam
Greg Searle's Spam Information Site
SPAM-L FAQ - How to Track Spammers and Complain to Their ISP
How to come up with full mail headers for reporting
A great primer on email from a DECUS presenter: Email Protocols : SMTP, MIME, POP & IMAP
A newsgroup to follow is NANAE - news.admin.net-abuse.email
Effective search engines for finding stuff out about a Spam company are Dogpile and 37.com and HREF="http://google.com/">google.com
Open Relay mail servers provide an opportunity for theft of service -- and the delivery of spam; If you run a server, use one, or more, of the open relay databases and never accept mail from proven open relays. And ORDB has a service you can use to test a suspect IP address and get it listed if it is open (as well as a great blacklist if you run a server).
How to Report Child Pornography
Concentric Network's Abuse Group
We have some resources for Hoaxes and Virus Issues on our Family Links page and can suggest Chain Mail and the Facts of Life as another great resource.
Fwd Hotmail Spam to: abuse@hotmail.com (always send full msg AND headers)
Hotmail TOS
Hotmail UCE policy
GoodGuys
Responsible sites
Report Open Relay Spam sites
More ways to stop Spam
UCE closures posted
FTC ScamSpam or forward illegal scams to the FTC at spam@ftc.gov
Spam-L FAQ
RIPE NCC: Whois Queries
ARIN: Whois
What are the Internet Standards and W hat standards are current
Where can I find details on the Internet Standards or search thru the Internet Standards
Earthlinkıs Spam Policy
Earthlink Spam Prevention Suggestions
Earthlink Spam Tech Tip
You can also protect yourself from telephone spam:
ftc.gov
www.the-dma.org
If your wallet or purse is stolen:
Equifax: 1-800-525-6285
Experian (formerly TRW): 1-888-397-3742
Trans Union: 1-800-680-7289
Social Security Administration (fraud line): 1-800-269-0271
Or from online tracking by advertisers:
At www.networkadvertising.org/optout_nonppii.asp, consumers can
opt-out by clicking on the radio button next to a brief description of each
of the advertisers participating in the program.
And an alternate site, NOT run by the advertisers, is found at
www2.ecst.csuchico.edu/~atman/spam/adblock.shtml
The Privacy Foundation has a browser plug in to let you identify those sites trying to track you at www.bugnosis.org
Check out where the Law stands on spam
Check out what the FTC has to say about spam and the Can-Spam Act.
The FTC would like to receive a copy of every spam you receive at spam@ftc.gov , but include full headers. Some other sites that also want a copy of your spam are:
news.admin.net-abuse.sighting
submit@spamarchive.org and you can volunteer to help at volunteer@spamarchive.org
'Nigerian 419' only scams at 419.to
SpamCop.net
Find out a country code:
www.iana.org
www.norid.no
www.norid.no alpha sequence
Coalition Against Unsoliticted Commercial Endorsements
Protect yourself against rfc ignorant domains
Good advice for running a mail list properly
A base 64 magic decoder ring (cut, paste, click)
And some other alternatives:
http://www.miken.com
http://www.wcc.vccs.edu/dtod/base64/
http://www.wc.cc.va.us/dtod/base64/default.asp
http://makcoder.sourceforge.net/demo/base64.php
http://www.robertgraham.com/tools/base64coder.html
You can use WinZip (and several other compression utilities) to unencode 'by hand'. With WinZip, do the following:
- Save base64 data to a text file.
- Rename file to anything.uue
- Select file, right-click to UnZip
- File "Unknown.xxx" (I forget extension) will be created
- Change .xxx to .txt and open
Locating Obscure IPs and other tricks:
www.pc-help.org/obscure.htm
Learn about CIDR notation:
public.pacbell.net/dedicated/cidr.html
pintday.org/misc/cidr.shtml
The USPS catalogs every valid delivery address
in the country:
www.usps.com/zip4/
Find out about open proxy servers and how they are used to send spam
If it smells like a scam, you might want to check it out at scamorama
Find out what state an area code serves at http://docs.nanpa.com/cgi-bin/npa_reports/nanpa?function=list_npa_geo_number so you can identify what phone company is hosting a number mentioned in a spam at http://www.nanpa.com/number_resource_info/co_code_assignments1.html
Find out what a LART is at:
www.utdallas.edu
www. jargon.net
www. netlingo.com/lumenu2.cfm
www. acronymfinder.com
Stupid Spamer excuses, and more resources and references at whew.com
Something to listen to online while chasing spammers
Sendmail is still the most common internet mail server, and their FAQ has *lots* of good information
CERT reports on vulnerabilities and internet security issues, including spam
SMTP uses port 25. Do you know what other port numbers are used for?
http://www.iana.org/assignments/port-numbers
http://www.simovits.com/sve/nyhetsarkiv/1999/nyheter9902.html
http://www.networkice.com/advice/Exploits/Ports/default.htm
http://www.stengel.net/tcpports.htm
http://www.chebucto.ns.ca/%7Erakerman/trojan-port-table.html
http://www.chebucto.ns.ca/%7Erakerman/port-table.html
http://home.tiscalinet.be/bchicken/trojans/trojanpo.htm
http://www.dshield.org/
or maybe you just need to visit Daryl's TCP/IP Primer
VICTIMS AGAINST SCAMS is a FraudInfo Newsletter
Clueless Mailers has good info on spammers
See where spam comes from on a map of the world
PGP appears dead, but the OpenPGP standard still exists so you can continue to digitally sign or encrypt your spam reports
http://www.pgpi.org
http://www.gnupg.org/
List building is a slow and tedious process if you do it right
mail-abuse.org/manage.html
www.faqs.org/rfcs/rfc3098.html
www.cauce.org/about/resources.shtml
Report an act of terrorism to the US government or Research information about the 'Attack on America' or Learn how to protect yourself from virus email from a member of the Stay Safe Online Campaign
Additional choices of Where to complain about internet scams
And last but not least, there is no Lumber Cartel (but watch out for netizens carrying clue-by-fours).