USS Clueless -- What you should do when you receive SPAM

  USS Clueless

             Voyages of a restless mind

Main:
normal
long
no graphics

Contact
Log archives
Best log entries
Other articles

Site Search

What you should do when you receive SPAM

Spam is a bad thing.

[Begin preaching to the choir]

The biggest problem with spam (unsolicited commercial email, or UCE) is that it is not free, but the expense is not being paid by the spammer. There is non-trivial expense associated with delivering email, and the expense is covered by the fees paid by the receiver to his or her ISP.

But the bigger problem with spam is that it threatens to make email useless. Suppose that 95% of the phone calls you received were advertising. Wouldn't you stop answering your phone? But if no-one answers their phone, then the phone system itself becomes useless.

So it would be with email. If spam becomes omnipresent, then people will stop using email. This is unacceptable.

[End preaching to the choir]

So our goal when we receive spam is to hurt the spammer, so that they never spam again. And if enough of this happens, word will get around, and others will be less likely to spam.

First, though, here's what not to do:

1. Don't complain to the site from which the spam itself came. Spammers do their emailing from throw-away accounts which they acquire for this purpose. They expect to lose those accounts; so making them lose them doesn't cause the spammer pain. And our goal is to do things to the spammers that they themselves don't like.

2. Don't complain to the "return" address. Nearly always, those are falsified. If it says it's from "yahoo" or "hotmail" or "aol" it probably isn't. Anyway, even if those accounts were real, the spammers expect to lose them, too.

3. Never, never, follow the instructions for getting removed from the list. This won't get you removed from the list; but it will confirm to the spammer that your email address is a live one.

So what do we want to do that will cause the spammer pain?

First off, if we can do so we want them to get in trouble with the Feds. Many of the things which spammers send out are shady or outright illegal.

1. If it has anything to do with stocks, forward it to the Securities and Exchange Commission. SEC has an email address set up for just this purpose: enforcement@sec.gov. What they're primarily interested in is what is known as "pump and dump" scams. This used to be done using telephones, but email spam has brought a whole new generation of scammers into this field.

Pump and dump means that the scammer selects some relatively unknown smallcap stock, particularly a penny stock, and purchases a large block of it. They then spam messages which look like stockbroker advisories where they claim that the stock has all sorts of upside potential, and includes a "target price" well above the current trading price. By doing this, they hope to sucker people into buying the stock, which makes its price rise. Once it is well up, the scammers sell the stock they own for a healthy profit. Eventually, of course, this artificial bubble bursts and the stock falls back to its original price, leaving the suckers with a big loss.

Understand that the company whose stock is used this way is usually innocent and not involved in the process. They're just as much a victim as you are.

The SEC takes an extremely dim view of this kind of thing, and they are actively seeking and prosecuting people who engage in it. Massive fines and prison time have been awarded to people who get caught.

For our purposes, this is perfect. Don't you think spammers should be in jail if possible?

2. If it does not have to do with stocks but does look like a scam, forward it to the Federal Trade Commission. This would include chain letters or other forms of Ponzi schemes, but by no means is limited to that. (By the way, chain letters are always illegal, even if they say that they're not illegal.) The tell-tale sign of a Ponzi Scheme is that it emphasizes that how you profit is by recruiting others. Also, any kind of "work at home" or "get rich quick" offer is of great interest to the FTC.

The FTC has also set up a mailbox for reporting this kind of thing: UCE@FTC.GOV

3. If it lists a web page URL, you can really stick it to them. The best possible way to punish a spammer is to make them lose their web page. If that happens, then the whole spammed advertising fails to do them any good, and they also lose any other regular business using that URL which was already in process. This is a Good Thing. This hurts.

Again, though, there is one good way to go about this and several useless ones. Don't bother to complain directly to the webpage. That doesn't harm them; they already expect it and it won't interfere with their operations.

Don't visit the web page (especially by following a link in the email) unless you do so using an anonymous means like Anonymizer. If you visit them directly, they get to discover all sorts of interesting things about you from your browser without you realizing it. (They may even get your email address, depending on the browser you use.) To find out the kinds of things they can learn, go here and here and here.

The good thing to do is to complain to the hosting service or network that the spammer's web page is on. Here's how, with an example:

I received the following spam:

>Return-Path: <blahblahblah@hotmail.com>
>Received: from upg ([203.42.127.34]) by po.san.rr.com
> (Post.Office MTA v3.5.3 release 223
> ID# 0-59787U250000L250000S0V35) with SMTP id com
> for <sdenbes1@san.rr.com>; Mon, 14 Feb 2000 02:12:38 -0800
>From: "Blah Blahblah" <blahblahblah@hotmail.com>
>To: <sdenbes1@san.rr.com>
>Subject: New Venture
>Mime-Version: 1.0
>Content-Type: text/plain; charset="iso-8859-1"
>Date: Mon, 14 Feb 2000 21:15:41
>
>-------------------------------------------------------------------
>The information you requested is at:
>
>www.blahblahblah.com
>
>To access site, please use Password: blahblah
>-------------------------------------------------------------------
>
>Did you receive this mail in error? Sometimes mistakes do happen.
>Please click the following link to remove your email address:
>mailto:remove@blahblahblah.com?Subject=REMOVE

I actually received this spam twice, and each time the password was different. Clearly he was generating separate passwords for each mail sent (note that it's not a broadcast; each copy was sent to a single address) so that when the passwords were used he would be able to cross-correlate back to the address to which it was sent. This way he could construct a list of "live ones".

203.42.127.34, from which it was mailed, turns out to be in Australia somewhere. (A lot of the spam I receive seems to come from Australia.) I didn't bother complaining there, for reasons given above.

I used Anonymizer to access the site (but did not log in) and found that it was offering some sort of investment opportunity which guaranteed 120% return on investment. Well, as the old saying goes, if something seems too good to be true, it probably is. (Too good to be true, that is.) No legitimate business would make a claim like that.

I have deliberately obscured the URL because I don't want to encourage anyone to visit this guy (at his new IP, if he gets one).

I did a DNS access using Netlab (a superb free utility for Windows) and from that got the IP. With that, I visited ARIN and looked up the owner of the block of IPs.

It turned out to be pair.com. I visited their web site, and they listed an "abuse" mailbox: abuse@pair.com.

So I mailed a copy of the letter, including the header, and at the front I said the following:

One of your clients is using spam to advertise their web site. The spam did
not originate within your network, but www.blahblahblah.com is
###.###.###.###, which is assigned to you by ARIN.

By the way, I made no request.

[Also, it's a scam. If you visit the site and take a look, they're promising
"guaranteed 120% return on investment". No legitimate business makes claims
like that. I have reported them to the FTC.]

I didn't receive a response, but I had noticed that they had a web page where they talked specifically about their clients which they had terminated. Here's what I found a couple of days later when I checked it:

blahblahblah@hotmail.com - "New Venture"

This brief spam claimed "This mail is never sent unsolicited", and advertised www.blahblahblah.com. If this were never sent unsolicited, would we have received 130 complaints over the weekend? We think not, and this account has been terminated for violations of our policy against spam.

Bravo! Pair.com are among the good guys; they listened to the complaints, and they moved fast and killed this spammer's web site.

Networks are particularly interested in this kind of thing and are usually pretty responsive to them. They don't want their mailboxes jammed up with complaints, and in particular they are vulnerable to the Internet Death Penalty. If they get a reputation for not dealing with problem customers, their business can be very badly damaged by reprisals from the net as a whole.

This has happened and some networks and web hosting services have been made examples. The networks now take the IDP very seriously. And IDP is usually imposed for excessive spamming.

Because this is widely known, it isn't necessary for you to make a threat about it in your complaint. They understand the threat, believe me. So don't threaten the network, and don't abuse them. Your goal is to get the network to be on your side, against the spammer. The network is your friend; treat them as such. I was polite to them, and I hope the other 129 people were, too

And Pair did what we wanted: they cut the spammer off at the ankles.

This page has been viewed 2485 times since 20010726.

Captured by MemoWeb from http://denbeste.nu/essays/spam.shtml on 9/16/2004