How to Complain About Spam | <– Date –> <– Thread –> |
From: Kevin Wolf (kjwolfdcn.davis.ca.us) | |
Date: Tue, 18 Nov 1997 02:27:12 -0600 |
Friends, As users of the Internet we all have a stake in lessening the problem of unwanted spamming. Spam causes a percentage of the public to not want to utilize the tool as much. In this way spam hurts the free flow of information. It is most often just a waste of Internet bandwidth. The good news is that the Internet and its users have a tradition for self-policing. This piece by Phil Agre covers the ground in a well thought out and pragmatic way. He is encouraging wide distribution of it. Even if only a percentage of us actually use what Phil details, we can make it more difficult for spamming to happen. Thank you. Kevin Wolf kjwolf [at] dcn.davis.ca.us P.S. I know this comes close to crossing the boundaries of what is acceptable to post to this list but the article is well written, and spam probably keeps some people from using email who would be interested in subscribing to cohousing-l. Some of these unsubscribed want-to-bes might be inspired by the information they read on the list and be instrumental to starting another cohousing community. But for spam, they don't. ******************** How to Complain About Spam, or, Put a Spammer in the Slammer Phil Agre http://communication.ucsd.edu/pagre/ Feel free to post where appropriate until December 31st, 1997. Table of contents: (1) Introduction (2) Fraud and related consumer issues (3) Issues relating to paper mail (4) Complaining to the police (5) Complaining to your legislator (6) Complaining to the service provider (7) Complaining to the spammers themselves (8) Questionable strategies (9) Other resources (10) Conclusion (1) Introduction Unsolicited bulk e-mail, commonly called "spam", has lately become an extraordinary nuisance. Spam as such is not illegal (yet). The contents of some actual spam messages, however, may violate a state or federal law. Other spam messages may violate the spammer's contract with his or her Internet Service Provider, or else cause enough harm to a third party to warrant a civil lawsuit. No legal action will be taken against a spammer, however, unless someone reports the problem. This article does not provide legal advice, nor does it make legal allegations against any particular spammer or any particular class of spam messages. It does, however, provide instructions for reporting those messages that, in your judgement, deserve further investigation by appropriate authorities. Reporting spam does take some effort at first, but once you get a little practice, it can easily become a regular part of reading e-mail. Let me emphasize: even though this article provides a whole menu of methods for complaining about spam, you'll be doing a tremendous public service if you simply pick ONE of these methods and do it on a regular basis. Pick the one that you find most convenient, or that gives you the most delicious feeling of revenge. There's no need to get overwhelmed or burned out. Follow the instructions a few times, just to see how it feels. Maybe try something else and see how *it* feels. Then slowly work your favorite spam-reporting measures into your daily and weekly routine. The contact information that I provide here is incomplete, and at present includes only the United States. Those with contact information for other jurisdictions are encouraged to send it along for inclusion in future editions. This article only contains information for those wishing to complain about spam; those seeking deeper explanations of the problem, or who are curious about other topics, will find URLs for several encyclopedic Web sites toward the end of this article. Most of the information in this article, particularly on technical topics, has previously been described in other forms by these existing sites. (2) Fraud and related consumer issues Many spam messages make offers that seem too good to be true -- for example money-making pyramid schemes, impossibly lucrative work-at- home deals, suspiciously low prices, disingenuously described goods, questionable medical cures, free cable TV schemes, and so forth. These messages might be fraudulent, or they might not. You needn't judge for yourself which messages are legal. If you find a message suspicious then you have a right, and perhaps even a moral duty to others less sophisticated than yourself, to report the possible fraud or misrepresentation to the Federal Trade Commission (FTC). The FTC doesn't settle particular disputes, but it is interested in patterns, and a massive, potentially fraudulent spam is nothing if not a pattern. Although the FTC has so far shown little inclination to do anything about potentially fraudulent spam offers, nonetheless it's their job and we should encourage them to do it. For their progress on related issues see: http://www.ftc.gov/opa/9711/hlthsurf.htm and http://www.ftc.gov/opa/9711/cdi.htm To report a suspicious spam message, simply print the message out, add a cover letter that expresses your concerns, and mail it to: Federal Trade Commission 6th Street and Pennsylvania Ave NW Washington, DC 20580 Your cover letter can be very simple indeed. There's no need to quote chapter and verse of the law. You might simply say: I received the enclosed message over the Internet today, presumably as part of a much larger "spam". I am concerned that it might be fraudulent, and I want to ask you to investigate it. Thank you. I encourage you to report potentially fraudulent spam messages to law enforcement authorities using paper mail, because Internet messages seem to carry less weight in Washington. You can, however, make a report to the FTC over the Internet using the "scamspam" page: http://www.junkemail.org/scamspam/ The FTC supposedly accepts electronic mail complaints about spam at uce [at] ftc.gov. I would be interested to hear of any evidence that they take complaints to that address seriously. (UCE means unsolicited commercial email, which is supposedly the polite way of saying spam.) The British equivalent of the FTC is the Trading Standards Officer: http://www.xodesign.co.uk/tsnet/pages/lalist.htm One way to raise awareness of these issues is to seek media coverage. In the United States anyway, many regional television stations have excellent consumer affairs reporting. These folks are always looking for good story ideas, and potentially fraudulent junk mail on the Internet makes a clear story that's easy to explain. Pick up the phone and call a local station that produces a nightly news program. Ask for the name of the editor who handles consumer affairs and the mailing address of the station. Write that person a letter concisely explaining the problem. Draw on your own experience and use language that their viewers will understand. A good consumer affairs story will ideally have a local angle -- for example, someone in the community who got burned by a fraudulent offer that they received over the Internet, or a questionable spammer who lists a mailing address in the area -- or a news hook -- for example, a recent news article about somebody being indicted for a consumer- related crime that involves the Internet. Even if those elements are missing, potentially fraudulent spam messages can still make a good story if you explain the following points: * Spam is an urgent, day-to-day issue in the lives of ordinary people who use the Internet. Most users receive at least a few messages every day, and many users receive dozens. * Spam is the Internet equivalent of junk mail, but much worse. Paper junk mail costs about 50 cents per item to send; electronic junk mail, on the other hand, is thousands of times cheaper, so that a spammer has virtually no incentive to target an audience. * Internet users must frequently pay to download each message they receive, whether they solicited the message or not. Paper junk mailers pay almost all of the social cost of their activities, but spammers create significant costs for Internet Service Providers and message recipients. * Junk mail on paper, furthermore, is strictly regulated by postal inspectors and strong mail fraud laws, whereas spam has been almost unregulated. One part of the problem is inadequate laws; another part is lack of understanding of the medium by regulators and law enforcement people. * Reputable businesses realize that spam violates the cultural norms of the Internet. As a result, the contents of spam messages are often offensive, such as get-rich-quick schemes and advertisements for pornography. * Internet users can defend themselves against spam to some degree if they really work at it. The ultimate solution, though, will be some combination of technical improvements and appropriate legislation. Bad legislation can interact in unexpected ways with the rapidly evolving Internet, but one solid principle is "opt-in": advertisers can easily use the Internet to provide consumers with opportunities to solicit advertising on topics that interest them, so they should be required to get permission from consumers before sending them any advertising. Enclose some examples of spam from your own printer, and any news clippings on the subject that you might have (USA Today and the New York Times have covered the issue, or use the Spam Media Tracker -- see below) and perhaps a copy of this article. Some people make a habit of printing out spam messages that they find particularly offensive, just to have them ready for such purposes. The key, however, is your letter. If you want to follow up with a phone call, wait about three days and then call in the morning, when deadlines are less urgent. Never try to talk to an editor or reporter on the phone without first asking if they are on deadline. Then simply ask if they've received the letter and whether they'd like to follow up. Be polite, don't pressure anyone, and be ready to accept a "no" gracefully. (3) Issues relating to paper mail Schemes that employ the US mail may interest postal inspectors. If you find a spam message suspicious, and the message invites replies at a US mail address, you might send a copy of the message to the relevant postmaster. Again, simply print the message out, add a simple cover letter expressing your concerns, and mail it to: Postmaster Anytown, XX 12345 where, obviously, you should replace "Anytown, XX 12345" with the real city, state, and zip code that was mentioned in the address. You must use postage when sending a letter to a postmaster (or, for that matter, to the FTC or the other law enforcement agencies). In the United States, one first-class stamp pays for an envelope and about four sheets of paper. After that, put another stamp on it to make sure. Reporting spam, in other words, does cost a little money. If this bothers you, simply restrict yourself to reporting the most offensive messages, or the ones that seem the most obviously illegal. (4) Complaining to the police Messages that seem potentially illegal can also be reported to the FBI, to the attorney general of any state that the message claims as its origin, and to the local police. In each case, once again, simply print out the message and include a brief cover letter expressing your concerns. To find the address of the nearest FBI field office, consult the following web page: http://www.fbi.gov/fo/fo.htm The attorney general of your state is your friend, and will be happy to investigate potentially illegal spammers if newspaper headlines can be generated by doing so. Here, just to give the idea, are a few of their addresses: Attorney General Scott Harshbarger One Ashburton Place Boston, MA 02108-1698 (617) 727-2200 http://www.state.ma.us/ag/ago.htm Frank J. Kelley Attorney General Law Building PO Box 30212 Lansing, MI 48909 (517) 373-1110 Hon. Drew Edmondson, Attorney General 112 State Capitol Bldg. Oklahoma City, OK 73105 (405) 521-3921 Pennsylvania Attorney General's Office 16th Floor, Strawberry Square Harrisburg, PA 17120 (717) 787-3391 info [at] attorneygeneral.gov http://www.attorneygeneral.gov Office of the Texas Attorney General PO Box 12548 Austin, TX 78711-2548 (512) 463-2100 Office of the Virginia Attorney General 900 East Main Street Richmond, VA 23219 (804) 786-2071 mail [at] oag.state.va.us http://www.state.va.us/~oag/main.htm The National Association of Attorneys General is on the Web at: http://www3.issinet.com/naag/ The attorney generals' contact information, courtesy of various sources: http://www.tobacco.org/Misc/ags.html http://www.fraud.org/info/links.htm http://www.counselconnect.com/agtierney/list.html http://members.aol.com/reinbeaux/pass/stateag.htm Many state attorneys general have offices to protect consumers. For example, the Washington State attorney general's Consumer Protection Division is on the Web at http://www.wa.gov/ago/CPD/CPHOME.html Many states have Web sites at http://www.state.XX.us/ , where XX is the 2-letter postal code, for example CA for California. You might be able to find other consumer related information at the site for your state, or the state from which a spam message originated. The federal equivalent of the state attorneys general are the US attorneys, who litigate for the US attorney general. Their contact information can be found at: http://www.usdoj.gov/usao/usao.html If the spam message includes a postal address then you can get the address for the spammer's local police department through directory assistance (in the US, 1 + area code + 555 1212). It would be excellent if someone wrote a program (ideally integrated with a commonly used mail-reading program) that scans a potentially illegal spam message and automatically prints letters of complaint to the appropriate law enforcement authorities. (5) Complaining to your legislator If you receive a particularly outrageous item of spam, you can use it to help educate your elected representatives on the need for appropriate legislative action. Federal legislation would have the advantage of uniformity, but action is more likely at the state level. Moreover, at least one state, Nevada, has passed very bad legislation in this area because legislators were not well-enough educated. You can easily identify your legislators and obtain their addresses by calling your state's capitol building. The most effective letters are hand-written, concise, calm and rational, based in personal experience, and explain the issue in plain language. At the federal level, you can find instructions for contacting senators and representatives at http://www.cauce.org/congress.html Several anti-spam bills have been introduced in the US Congress, and you may wish to express your opinion about them. (6) Complaining to the service provider Warning. This section is slightly technical. Although I have tried to write it for beginners, many people might be impatient with the details. That's okay. Go ahead and concentrate on the methods of complaint that are listed in the previous sections and you'll be making a real contribution. Internet Service Providers should require their subscribers to sign contracts that forbid spam, and some of them actually do so. It is appropriate, therefore, to complain to any ISP whose users originate spam. The ISP usually isn't responsible for the spam, so be polite. But do encourage the ISP to take action against the offender, and to strengthen its contractual language so that future offenders face stronger penalties for spamming. The focus here, then, is on identifying the spammer's ISP. It is not useful to complain about particular spammers to your own service provider, who already knows about all of the spammers that it can do anything about. Your service provider, however, might be able to provide you with software for filtering spam or tracking spam messages back to the source. Beyond that, you might consider moving your business to a provider who makes a real effort to fight spam both technically and legally. The hard question is how to identify the spammer's ISP. The most obvious approach is to look in the "From:" field of the spam message's header. If the address in that field is not a plausible e-mail address, for example From: yourfriend [at] snarfworld.com you can be confident that the header was forged and that the message did *not* originate at snarfworld.com. Even a legitimate-looking "From:" field is likely to contain the address of an innocent person whom the spammer wishes to burden with complaints. Likewise, any field that claims to identify the "Authenticated sender", for example: Comment: Authenticated sender is otherguy [at] aol.com is probably bogus as well. Now, if a spammer forges an individual's name or address as the source of a spam message, then that individual might have cause for a lawsuit. Likewise, the owner of an Internet site whose domain name has been forged as the source of a spam message might also have cause for a suit. So you might consider reporting spam to a site even when the site's address has obviously been forged. You should obviously be polite about it. In particular, you should understand that having to read your message constitutes part of the damage that will constitute grounds for the suit. It's your call. In any case, another part of the header is less likely to be forged. It looks like this: Received: from snarfworld.com ([194.177.96.7]) for <pagre [at] weber.ucsd.edu>; Wed, 12 Nov 1997 16:01:42 -0800 (PST) If you don't see any "Received:" fields in the header, that's because your mail-reading program isn't displaying the complete header, or else because the mailer at your site has stripped off the "Received:" headers before delivering the mail to you. Consult the mail-reader's documentation, or your ISP or system administrator, to find out how to see the complete headers. Here are the instructions for some commonly used mail reading programs: * In Eudora or Eudora Pro, just press the "Blah Blah Blah" button at the top left side of the message window to toggle the full headers on and off. (Although I do not use Eudora, ten separate people have sworn to me that this button is called "Blah Blah Blah".) * Pegasus for Windows: With the spam message open, from the Pegasus program's toolbar (not the message toolbar) click the 'Reader' menu and then click the "Show all headers" menu item. Or to use the keyboard shortcut, press and hold the [ctrl] key then press the "H" key. ([Ctrl] + H) * With Netscape 3.0, pull down the Options menu, choose Headers, and choose All. Another option is to pull down the View menu and choose Document Source. It will open a new window with the full message including complete headers. * With the Messenger component of Netscape Communicator 4.0, pull down the View menu, choose Headers, and choose All. An alternative is to pull down the View menu and choose Page Source. It will open a new window with the full message, including complete headers. * In Emacs RMail, press "t" (which is bound by default to the command rmail-toggle-header) to toggle display of the message headers. * In the Pine mail reader, you can hit H while viewing a message to see the full headers, if that option is enabled. If it doesn't work, here are the steps to enable it: - from the main menu, hit S for setup - hit C for config - scroll down to the option named "enable-full-header-cmd" - hit X to turn it on; an X will appear next to that option - hit E to exit config (the new setting is automatically saved) - go back and read your spam message; hit H again * With Outlook Express and Exchange, pointing to the message and right-clicking will pop-up a menu that includes "Properties" at the very bottom. Selecting "Properties" will bring up a dialog box with two tabs, "General" and "Details". The "Details" tab will reveal the message header. In addition there is a button below the message field that says "Message Source...", which, when pushed, will bring up another box with the complete text of the header and body of the message. * With Claris Emailer in version 2.0 and higher, use the "Show Long Headers" option in the "Mail" menu while you have the spam message open. In versions earlier than 2.0: Click the blue triangle near the "from" information to show additional message information, then click the "Show Original Headers..." button to bring up the full header info. * On AOL, for messages sent via the Internet, complete headers are found at the bottom of the message, after a line that says "Headers". Spammers sometimes put fake headers at the end of a message to cause confusion. But AOL is virtually the only environment where headers are supposed to show up at the end of a message, and even there you should be able to find the real headers after the fake ones. When you do retrieve the full header for a spam message, you will usually see several "Received:" fields, which are supposed to trace which machines the message has passed through. You can use these fields to decide where to report the spam. Opinions differ about the best strategy, and I will keep this explanation simple at the risk of offending those who hold different opinions. The problem, simply put, is that many spam messages include forged "Received:" fields to throw you off track. Any "Received:" fields that mention AOL or Juno, for example, are probably forged. The "Received:" fields are generally in order, with the most recent ones first, so if one "Received:" field is suspect, then all the ones below it are automatically suspect as well. If you assume that the "Received:" fields are all legitimate, then you can simply look through them and identify the first machine that accepted the message from the spammer's own site. This machine shares some of the blame, since it should have detected that the message was spam, for example because its return address could not be translated to a legitimate IP address, and refused it. If the spammer employed software that deliberately creates a confusing header, however, you may end up complaining to an innocent party -- one whom the spammer wishes to attack. This is where it helps to have technical tools for reconstructing the truth behind potentially forged e-mail headers. Although I'll talk about some of these tools in a moment, they may require more expertise than most people have. Therefore, nontechnical people may wish to employ another strategy. If you look at a header closely, you will usually find that one or more of the "Received:" fields mentions your own site. Look for the "Received:" header field that records the message's first arrival within your site. Because the "Received:" fields are ordered, the field you want might be the first "Received:" field in the header. This field was generated by the mailer at your site, so it is probably reliable. In the case of the (fictional) "Received:" field that I quoted above, the message came from snarfworld.com. In that case, to report the message, you would forward a copy of it like so: To: abuse [at] snarfworld.com Subject: spam from your site This spam message was apparently sent through your mailer... [include a copy of the message, including the full header] It is important to include the full header of the offending spam message; that header is the site maintainer's major source of clues about the message's actual origins. In fact, the site to which you are complaining was most likely "hijacked" against its will to produce spam. This is very common, and it generally results in torrents of "bouncemail" for the messages that the spammer sent to bad addresses -- potential cause for a lawsuit. Even if no lawsuit is filed, the site's maintainers need to upgrade their software to prevent this sort of hijacking in the future, and your complaint will help motivate them to do so. I recognize that this can be a complicated issue, and that mailer upgrades that suppress hijacking may also disable other, legitimate uses of mail. I believe, however, that spam is the more serious concern. If mail to the "abuse" address does not work, you *might* be dealing with an ISP that is irresponsible or needs a little education on the importance of taking action against users who spam. See if you can reach them at "postmaster" instead and explain the issues to them. A table of the spam-reporting addresses at several major ISPs can be found about halfway down the following Web page: http://members.aol.com/reinbeaux/pass/pass.htm On the other hand, you should not expect a personal reply to a spam complaint from even the most responsible ISP. ISPs get far too many complaints, for better or worse, to respond to each one individually. For more detailed instructions on interpreting "Received:" header fields, see: http://kryten.eng.monash.edu.au/received.html If the "Received:" fields in the message header are too complicated to think about, you might also be able to discern the origin of a spam message from the "Message-Id:" field, also in the header. For example: Message-Id: <199711006334.WAB43780 [at] node21.snarfworld.com> This line can be forged as well, but so far only the professional spammers seem to be forging it regularly. Mail to "postmaster" or "abuse" at the indicated site (in this case snarfworld.com) would be appropriate, once again keeping in mind that the site could have been forged. Another approach to researching the origins of spam messages is the Dejanews service, http://www.dejanews.com/ . This is a search engine for Usenet discussion groups. If an offensive spam message includes a distinctive text string, perhaps a fabricated address in the header or a misspelling in the body of the message, then you can use that text string to conduct a Usenet search. Oftentimes a discussion about that very message will already be ongoing among expert spam-trackers on Usenet, and if you can find the appropriate newsgroup then you can learn what they've discovered. In particular, if you notice a message whose "Subject:" line is "Please help me decode these headers", click on the icon indicating "replies". If a particular Internet Service Provider seems to originate a large amount of spam, you might want to take the trouble to focus your attention on that particular provider. Start by looking at their web page, which will probably be found at http://www.companyname.com/ , and see if they have a policy about spam. If they don't have a policy, or if the policy is weak, or if they are clearly not enforcing it, then you might write to the addresses of any customer service people or company executives that happen to be mentioned on the site. Most reputable ISPs hate spam, so be polite unless you have the expertise to be certain that you're dealing with an irresponsible company. You can also write to the webmaster of any site that is mentioned in a URL that might be included in a spam message. If the message contains a URL like http://www.snarfworld.com/~joker/freeoffer.html , then you might wish to send a message that looks like this: To: webmaster [at] snarfworld.com Subject: spammer using your site A spammer is evidently using your web server... [Enclose a copy of the message, again with complete headers.] Often the URL will mention the spammer's company, but the spammer's web site will in fact be located on the server of a legitimate ISP. If you learn how to use whois, nslookup, and traceroute, you can identify the ISP and report the problem (with complete documentation) to the ISP's "abuse" or "postmaster" address. URLs for Web interfaces to the whois, nslookup, and traceroute functions are provided below. Briefly, the whois function allows you to identify individuals who are involved in managing the spammer's Internet domain. If "abuse" and "postmaster" are invalid, you can send e-mail to the administrative and billing contacts. If those addresses are forged or inactive, see if the server information shown at the bottom of the whois report allows you to track down the actual ISPs supporting the spammer's site. The nslookup function lets you recover the IP address from a domain name. IP addresses, which look like [251.666.4.71], might provide more reliable information about the source of a message than domain names, which look like snarfworld.com. The traceroute function is easily the most entertaining of the three. It demonstrates the route that a packet takes from an arbitrary Internet site (say, for example, the site from which a spam message originated) to another arbitrary site. When you're dealing with a spammer who is connected to a small local ISP, traceroute is useful for figuring out which big national ISPs the spam messages are passing through. If the local ISP is chronically tolerant of spam, you might suggest that representatives of the big ISP have a talk with them. If you would like to learn more sophisticated methods for tracking the origins of offensive spam messages, consult the Web pages mentioned at the end of this article. (7) Complaining to the spammers themselves If you can recover a useful e-mail address from a spam message then you can complain to the spammer directly. It is hard to be certain of having the spammer's real address, but if you find an address on the spammer's Web site then you can be reasonably certain that it is correct. You should realize, however, that by sending electronic mail to a spammer, you have just validated your address for purposes of future spam. Some people claim that they have only made their spam problems worse by complaining in this way, particularly if they use software tools that process a spam message and create complaint messages automatically. If a spam message mentions a phone number, one possibility is to call them and complain. This is easy and cheap if the number happens to be local, or if it is a toll-free (800 or 888) number. You'll probably get an answering machine. However, you should be aware of several drawbacks: * Spammers have been known to include someone else's phone number in their spam messages in order to cause them grief. * If you have Caller-ID turned on, your call can result in your phone number being captured and used for heaven knows what. * If you call a toll-free number, the person you call can capture the number you have called from regardless of whether you have Caller-ID turned on. * If you call repeatedly or abusively, you might be breaking a law. * Do not call any 900 or 976 numbers, or any numbers outside of the United States, which might result in a substantial extra charge on your phone bill. Some spammers may simply be ignorant people who have been conned into paying for miraculous cheap advertising. If you're a kind soul and think you might be dealing with such a person, and they've provided a US mail address in their message, you might write them a letter. Perhaps you can create a form letter that explains the problem, and simply mail it to every postal address that is mentioned in a spam message that you receive. (8) Questionable strategies Some strategies for complaining about spam have significant drawbacks. If you think you have the spammer's true e-mail address, you can send back a couple dozen copies of the offending spam, or else three or four large messages each containing dozens of copies. This approach, however, has four problems: first, you may not have identified the spammer correctly, so that an innocent person gets your mail-bomb; second, the spammer's ISP might stagger under the weight of your messages, thus potentially inconveniencing others; third, spammers have better mail filters than you, and are unlikely to see your mail- bomb; and fourth, you have just provided your e-mail address to a person who sends annoying e-mail. I don't recommend this approach. Another questionable approach is to threaten the spammer with violence or property damage. Though perhaps momentarily satisfying, this method is probably ineffective, possibly illegal, and certainly immoral. The last thing we need is spammers stereotyping anti-spammers as terrorists. A large number of other vigilante measures, such as circulating a spammer's identity on the Internet or complaining about the spammer to his or her business associates, should be approached only with extreme caution, given the potential for harming innocent people or provoking expensive legal action. Do nothing that is illegal, or that might provide grounds for a lawsuit. I also do not recommend availing yourself of the mechanisms that spammers advertise for removing yourself from their mailing lists. Many of those mechanisms are bogus, and they tend to legitimize spam. The goal here is to stop spam, not to legitimize it. You might try configuring your mail-reading program to screen out spam by recognizing certain domains or phrases. Some people have reported good success with this approach, but many others have not. Even if it works, it is only a viable solution for the technically sophisticated, and it does not alleviate the burdens that spam creates for legitimate system operators. This is a community problem that seeks community solutions. Finally, I absolutely do not recommend ignoring spam. Many people argue that you should just ignore it, since flaming creates bad energy, doing anything constructive takes effort, and lots of experts are out there solving the problem. This is hooey and I denounce it. The war is not won, and it will not be won simply through the heroic labors of experts. Everybody's efforts are crucial, including yours. Pick something that you can do and do it, and know that lots of other people are doing the same. (9) Other resources Here are the URLs for some other sources of information about spam on the Web. Use your judgement. I do not necessarily endorse any opinions, factual claims, or software programs that these sites might offer: Email Abuse Frequently Asked Questions http://members.aol.com/emailfaq/emailfaq.html SPAM-L Frequently Asked Questions http://www.ot.com/~dmuth/spam-l Review of the legal issues by Michael W. Carroll http://server.Berkeley.EDU/BTLJ/articles/11-2/carroll.html Compendium of proposed federal and state spam laws http://www.tigerden.com/junkmail/laws.html Comparison of proposed federal spam laws, including text http://www.junkemail.org/bills/ Spam court cases http://www.jmls.edu/cyber/cases/spam.html Spam Media Tracker http://www-fofa.concordia.ca/spam/news.shtml Internet Mail Consortium http://www.imc.org/imc-spam/ National Fraud Information Center http://www.fraud.org/info/contactnfic.htm Coalition Against Unsolicited Commercial Email http://www.cauce.org/ spam.abuse.net http://spam.abuse.net/ Junkbusters (mostly phone and paper mail) http://www.junkbusters.com/ Get That Spammer! (tools for tracking down spammers) http://kryten.eng.monash.edu.au/gspam.html Spam Hater http://www.compulink.co.uk/~net-services/spam/spam_hater.htm Netizens Against Gratuitous Spamming (technical fixes) http://www.nags.org/ Yahoo's guide to anti-spam software http://www.yahoo.com/Computers_and_Internet/Communications_and_Networking/ Electronic_Mail/Junk_Email/Software/ whois -- for recovering (potentially forged) information on a domain http://www.interlog.com/~patrick/cgi/whois.cgi http://rs.internic.net/cgi-bin/whois nslookup -- for looking up the real IP address of a domain name http://www.interlog.com/~patrick/cgi/nslookup.cgi traceroute -- unix program for finding a spammer's upstream ISPs http://www.boardwatch.com/isp/trace.htm news group concerning abuse of e-mail (not for the faint of heart) news.admin.net-abuse.email (10) Conclusion If we despair about spam then the spammers win. Many thousands of people are working against spam, each in their own way. If you simply pick the one method that you find most convenient then you can be confident that these antisocial people will eventually be compelled to find better ways of making a living. (*) Acknowledgements I would like to thank the many people who have contributed suggestions, corrections, and URLs to various drafts of this article. Any further constructive comments will be gratefully received. Notwithstanding the kindness and generosity of the commenters, this article is solely my responsibility. In particular, it does not represent the views of the University of California or any other organization. Copyright 1997 by the author. You may forward this article electronically to anyone for any noncommercial purpose. However, you must forward it in its entirety, without modification. Reproduction in printed form, or for commercial purposes, requires the author's express written consent.
- (no other messages in thread)
Results generated by Tiger Technologies Web hosting using MHonArc.