How to Complain About Spam
From: Kevin Wolf (kjwolfdcn.davis.ca.us)
Date: Tue, 18 Nov 1997 02:27:12 -0600
Friends,

As users of the Internet we all have a stake in lessening the problem of
unwanted spamming.    Spam causes a percentage of the public to not want to
utilize the tool as much.  In this way spam hurts the free flow of
information. It is most often just  a waste of Internet bandwidth.  

 The good news is that the Internet and its users have a tradition for
self-policing.  This piece by Phil Agre covers the ground in a well thought
out and pragmatic way.   He is encouraging wide distribution of it.  Even
if only a percentage of us actually use what Phil details, we can make it
more difficult for spamming to happen.  Thank you. 

Kevin Wolf
kjwolf [at] dcn.davis.ca.us

P.S.  I know this comes close to crossing the boundaries of what is
acceptable to post to this list but the article is well written, and spam
probably keeps some people from using email who would be interested in
subscribing to cohousing-l.  Some of these unsubscribed want-to-bes might
be inspired by the information they read on the list and be instrumental to
starting another cohousing community.   But for spam, they don't.  

********************

  How to Complain About Spam, or, Put a Spammer in the Slammer

  Phil Agre
  http://communication.ucsd.edu/pagre/

  Feel free to post where appropriate until December 31st, 1997.

Table of contents:

  (1) Introduction
  (2) Fraud and related consumer issues
  (3) Issues relating to paper mail
  (4) Complaining to the police
  (5) Complaining to your legislator
  (6) Complaining to the service provider
  (7) Complaining to the spammers themselves
  (8) Questionable strategies
  (9) Other resources
  (10) Conclusion

(1) Introduction

Unsolicited bulk e-mail, commonly called "spam", has lately become
an extraordinary nuisance.  Spam as such is not illegal (yet).  The
contents of some actual spam messages, however, may violate a state or
federal law.  Other spam messages may violate the spammer's contract
with his or her Internet Service Provider, or else cause enough harm
to a third party to warrant a civil lawsuit.  No legal action will be
taken against a spammer, however, unless someone reports the problem.

This article does not provide legal advice, nor does it make legal
allegations against any particular spammer or any particular class of
spam messages.  It does, however, provide instructions for reporting
those messages that, in your judgement, deserve further investigation
by appropriate authorities.  Reporting spam does take some effort
at first, but once you get a little practice, it can easily become a
regular part of reading e-mail.  Let me emphasize: even though this
article provides a whole menu of methods for complaining about spam,
you'll be doing a tremendous public service if you simply pick ONE
of these methods and do it on a regular basis.  Pick the one that you
find most convenient, or that gives you the most delicious feeling of
revenge.  There's no need to get overwhelmed or burned out.  Follow
the instructions a few times, just to see how it feels.  Maybe try
something else and see how *it* feels.  Then slowly work your favorite
spam-reporting measures into your daily and weekly routine.

The contact information that I provide here is incomplete, and
at present includes only the United States.  Those with contact
information for other jurisdictions are encouraged to send it
along for inclusion in future editions.  This article only contains
information for those wishing to complain about spam; those seeking
deeper explanations of the problem, or who are curious about other
topics, will find URLs for several encyclopedic Web sites toward
the end of this article.  Most of the information in this article,
particularly on technical topics, has previously been described in
other forms by these existing sites.

(2) Fraud and related consumer issues

Many spam messages make offers that seem too good to be true -- for
example money-making pyramid schemes, impossibly lucrative work-at-
home deals, suspiciously low prices, disingenuously described goods,
questionable medical cures, free cable TV schemes, and so forth.
These messages might be fraudulent, or they might not.  You needn't
judge for yourself which messages are legal.  If you find a message
suspicious then you have a right, and perhaps even a moral duty to
others less sophisticated than yourself, to report the possible fraud
or misrepresentation to the Federal Trade Commission (FTC).  The FTC
doesn't settle particular disputes, but it is interested in patterns,
and a massive, potentially fraudulent spam is nothing if not a
pattern.  Although the FTC has so far shown little inclination to do
anything about potentially fraudulent spam offers, nonetheless it's
their job and we should encourage them to do it.  For their progress
on related issues see:

  http://www.ftc.gov/opa/9711/hlthsurf.htm and 
  http://www.ftc.gov/opa/9711/cdi.htm

To report a suspicious spam message, simply print the message out, add
a cover letter that expresses your concerns, and mail it to:

  Federal Trade Commission
  6th Street and Pennsylvania Ave NW
  Washington, DC  20580

Your cover letter can be very simple indeed.  There's no need to quote
chapter and verse of the law.  You might simply say:

  I received the enclosed message over the Internet today, presumably
  as part of a much larger "spam".  I am concerned that it might be
  fraudulent, and I want to ask you to investigate it.  Thank you.

I encourage you to report potentially fraudulent spam messages to law
enforcement authorities using paper mail, because Internet messages
seem to carry less weight in Washington.  You can, however, make a
report to the FTC over the Internet using the "scamspam" page:

  http://www.junkemail.org/scamspam/

The FTC supposedly accepts electronic mail complaints about spam at
uce [at] ftc.gov.  I would be interested to hear of any evidence that they
take complaints to that address seriously.  (UCE means unsolicited
commercial email, which is supposedly the polite way of saying spam.)

The British equivalent of the FTC is the Trading Standards Officer:

  http://www.xodesign.co.uk/tsnet/pages/lalist.htm

One way to raise awareness of these issues is to seek media coverage.
In the United States anyway, many regional television stations have
excellent consumer affairs reporting.  These folks are always looking
for good story ideas, and potentially fraudulent junk mail on the
Internet makes a clear story that's easy to explain.  Pick up the
phone and call a local station that produces a nightly news program.
Ask for the name of the editor who handles consumer affairs and the
mailing address of the station.  Write that person a letter concisely
explaining the problem.  Draw on your own experience and use language
that their viewers will understand.

A good consumer affairs story will ideally have a local angle -- for
example, someone in the community who got burned by a fraudulent offer
that they received over the Internet, or a questionable spammer who
lists a mailing address in the area -- or a news hook -- for example,
a recent news article about somebody being indicted for a consumer-
related crime that involves the Internet.  Even if those elements are
missing, potentially fraudulent spam messages can still make a good
story if you explain the following points:

 * Spam is an urgent, day-to-day issue in the lives of ordinary people
   who use the Internet.  Most users receive at least a few messages
   every day, and many users receive dozens.

 * Spam is the Internet equivalent of junk mail, but much worse.
   Paper junk mail costs about 50 cents per item to send; electronic
   junk mail, on the other hand, is thousands of times cheaper, so
   that a spammer has virtually no incentive to target an audience.

 * Internet users must frequently pay to download each message they
   receive, whether they solicited the message or not.  Paper junk
   mailers pay almost all of the social cost of their activities, but
   spammers create significant costs for Internet Service Providers
   and message recipients.

 * Junk mail on paper, furthermore, is strictly regulated by postal
   inspectors and strong mail fraud laws, whereas spam has been almost
   unregulated.  One part of the problem is inadequate laws; another
   part is lack of understanding of the medium by regulators and law
   enforcement people.

 * Reputable businesses realize that spam violates the cultural norms
   of the Internet.  As a result, the contents of spam messages are
   often offensive, such as get-rich-quick schemes and advertisements
   for pornography.

 * Internet users can defend themselves against spam to some degree
   if they really work at it.  The ultimate solution, though, will
   be some combination of technical improvements and appropriate
   legislation.  Bad legislation can interact in unexpected ways with
   the rapidly evolving Internet, but one solid principle is "opt-in":
   advertisers can easily use the Internet to provide consumers with
   opportunities to solicit advertising on topics that interest them,
   so they should be required to get permission from consumers before
   sending them any advertising.

Enclose some examples of spam from your own printer, and any news
clippings on the subject that you might have (USA Today and the
New York Times have covered the issue, or use the Spam Media Tracker
-- see below) and perhaps a copy of this article.  Some people make
a habit of printing out spam messages that they find particularly
offensive, just to have them ready for such purposes.  The key,
however, is your letter.

If you want to follow up with a phone call, wait about three days and
then call in the morning, when deadlines are less urgent.  Never try
to talk to an editor or reporter on the phone without first asking if
they are on deadline.  Then simply ask if they've received the letter
and whether they'd like to follow up.  Be polite, don't pressure
anyone, and be ready to accept a "no" gracefully.

(3) Issues relating to paper mail

Schemes that employ the US mail may interest postal inspectors.
If you find a spam message suspicious, and the message invites
replies at a US mail address, you might send a copy of the message
to the relevant postmaster.  Again, simply print the message out,
add a simple cover letter expressing your concerns, and mail it to:

  Postmaster
  Anytown, XX  12345

where, obviously, you should replace "Anytown, XX 12345" with the real
city, state, and zip code that was mentioned in the address.

You must use postage when sending a letter to a postmaster (or,
for that matter, to the FTC or the other law enforcement agencies).
In the United States, one first-class stamp pays for an envelope and
about four sheets of paper.  After that, put another stamp on it to
make sure.  Reporting spam, in other words, does cost a little money.
If this bothers you, simply restrict yourself to reporting the most
offensive messages, or the ones that seem the most obviously illegal.

(4) Complaining to the police

Messages that seem potentially illegal can also be reported to the
FBI, to the attorney general of any state that the message claims as
its origin, and to the local police.  In each case, once again, simply
print out the message and include a brief cover letter expressing your
concerns.

To find the address of the nearest FBI field office, consult the
following web page:

  http://www.fbi.gov/fo/fo.htm

The attorney general of your state is your friend, and will be happy
to investigate potentially illegal spammers if newspaper headlines can
be generated by doing so.  Here, just to give the idea, are a few of
their addresses:

  Attorney General Scott Harshbarger
  One Ashburton Place
  Boston, MA  02108-1698
  (617) 727-2200
  http://www.state.ma.us/ag/ago.htm

  Frank J. Kelley
  Attorney General
  Law Building
  PO Box 30212
  Lansing, MI  48909
  (517) 373-1110

  Hon. Drew Edmondson, Attorney General
  112 State Capitol Bldg. 
  Oklahoma City, OK  73105
  (405) 521-3921 

  Pennsylvania Attorney General's Office
  16th Floor, Strawberry Square
  Harrisburg, PA  17120
  (717) 787-3391
  info [at] attorneygeneral.gov
  http://www.attorneygeneral.gov

  Office of the Texas Attorney General
  PO Box 12548
  Austin, TX  78711-2548
  (512) 463-2100

  Office of the Virginia Attorney General
  900 East Main Street
  Richmond, VA  23219
  (804) 786-2071
  mail [at] oag.state.va.us
  http://www.state.va.us/~oag/main.htm

The National Association of Attorneys General is on the Web at:

  http://www3.issinet.com/naag/

The attorney generals' contact information, courtesy of various
sources:

  http://www.tobacco.org/Misc/ags.html
  http://www.fraud.org/info/links.htm
  http://www.counselconnect.com/agtierney/list.html
  http://members.aol.com/reinbeaux/pass/stateag.htm

Many state attorneys general have offices to protect consumers.  For
example, the Washington State attorney general's Consumer Protection
Division is on the Web at http://www.wa.gov/ago/CPD/CPHOME.html

Many states have Web sites at http://www.state.XX.us/ , where XX is
the 2-letter postal code, for example CA for California.  You might
be able to find other consumer related information at the site for
your state, or the state from which a spam message originated.

The federal equivalent of the state attorneys general are the US
attorneys, who litigate for the US attorney general.  Their contact
information can be found at:

  http://www.usdoj.gov/usao/usao.html

If the spam message includes a postal address then you can get the
address for the spammer's local police department through directory
assistance (in the US, 1 + area code + 555 1212).

It would be excellent if someone wrote a program (ideally integrated
with a commonly used mail-reading program) that scans a potentially
illegal spam message and automatically prints letters of complaint to
the appropriate law enforcement authorities.

(5) Complaining to your legislator

If you receive a particularly outrageous item of spam, you can
use it to help educate your elected representatives on the need for
appropriate legislative action.  Federal legislation would have the
advantage of uniformity, but action is more likely at the state level.
Moreover, at least one state, Nevada, has passed very bad legislation
in this area because legislators were not well-enough educated.  You
can easily identify your legislators and obtain their addresses by
calling your state's capitol building.  The most effective letters
are hand-written, concise, calm and rational, based in personal
experience, and explain the issue in plain language.

At the federal level, you can find instructions for contacting
senators and representatives at http://www.cauce.org/congress.html
Several anti-spam bills have been introduced in the US Congress, and
you may wish to express your opinion about them.

(6) Complaining to the service provider

Warning.  This section is slightly technical.  Although I have tried
to write it for beginners, many people might be impatient with the
details.  That's okay.  Go ahead and concentrate on the methods of
complaint that are listed in the previous sections and you'll be
making a real contribution.

Internet Service Providers should require their subscribers to sign
contracts that forbid spam, and some of them actually do so.  It is
appropriate, therefore, to complain to any ISP whose users originate
spam.  The ISP usually isn't responsible for the spam, so be polite.
But do encourage the ISP to take action against the offender, and
to strengthen its contractual language so that future offenders face
stronger penalties for spamming.

The focus here, then, is on identifying the spammer's ISP.  It is
not useful to complain about particular spammers to your own service
provider, who already knows about all of the spammers that it can
do anything about.  Your service provider, however, might be able to
provide you with software for filtering spam or tracking spam messages
back to the source.  Beyond that, you might consider moving your
business to a provider who makes a real effort to fight spam both
technically and legally.

The hard question is how to identify the spammer's ISP.  The most
obvious approach is to look in the "From:" field of the spam message's
header.  If the address in that field is not a plausible e-mail
address, for example

  From: yourfriend [at] snarfworld.com

you can be confident that the header was forged and that the message
did *not* originate at snarfworld.com.  Even a legitimate-looking
"From:" field is likely to contain the address of an innocent person
whom the spammer wishes to burden with complaints.  Likewise, any
field that claims to identify the "Authenticated sender", for example:

  Comment: Authenticated sender is otherguy [at] aol.com

is probably bogus as well.  Now, if a spammer forges an individual's
name or address as the source of a spam message, then that individual
might have cause for a lawsuit.  Likewise, the owner of an Internet
site whose domain name has been forged as the source of a spam message
might also have cause for a suit.  So you might consider reporting
spam to a site even when the site's address has obviously been forged.
You should obviously be polite about it.  In particular, you should
understand that having to read your message constitutes part of the
damage that will constitute grounds for the suit.  It's your call.

In any case, another part of the header is less likely to be forged.
It looks like this:

  Received: from snarfworld.com ([194.177.96.7])
        for <pagre [at] weber.ucsd.edu>; Wed, 12 Nov 1997 16:01:42 -0800 (PST)

If you don't see any "Received:" fields in the header, that's because
your mail-reading program isn't displaying the complete header, or
else because the mailer at your site has stripped off the "Received:"
headers before delivering the mail to you.  Consult the mail-reader's
documentation, or your ISP or system administrator, to find out how to
see the complete headers.  Here are the instructions for some commonly
used mail reading programs:

 * In Eudora or Eudora Pro, just press the "Blah Blah Blah" button at
   the top left side of the message window to toggle the full headers
   on and off.  (Although I do not use Eudora, ten separate people
   have sworn to me that this button is called "Blah Blah Blah".)

 * Pegasus for Windows: With the spam message open, from the Pegasus
   program's toolbar (not the message toolbar) click the 'Reader' menu
   and then click the "Show all headers" menu item.  Or to use the
   keyboard shortcut, press and hold the [ctrl] key then press the "H"
   key.  ([Ctrl] + H)

 * With Netscape 3.0, pull down the Options menu, choose Headers,
   and choose All.  Another option is to pull down the View menu and
   choose Document Source.  It will open a new window with the full
   message including complete headers.

 * With the Messenger component of Netscape Communicator 4.0, pull
   down the View menu, choose Headers, and choose All.  An alternative
   is to pull down the View menu and choose Page Source.  It will open
   a new window with the full message, including complete headers.

 * In Emacs RMail, press "t" (which is bound by default to the command
   rmail-toggle-header) to toggle display of the message headers.

 * In the Pine mail reader, you can hit H while viewing a message to
   see the full headers, if that option is enabled.  If it doesn't
   work, here are the steps to enable it:
   
    - from the main menu, hit S for setup
    - hit C for config
    - scroll down to the option named "enable-full-header-cmd"
    - hit X to turn it on; an X will appear next to that option
    - hit E to exit config (the new setting is automatically saved)
    - go back and read your spam message; hit H again

 * With Outlook Express and Exchange, pointing to the message and
   right-clicking will pop-up a menu that includes "Properties" at
   the very bottom.  Selecting "Properties" will bring up a dialog
   box with two tabs, "General" and "Details".  The "Details" tab
   will reveal the message header.  In addition there is a button
   below the message field that says "Message Source...", which,
   when pushed, will bring up another box with the complete text
   of the header and body of the message.

 * With Claris Emailer in version 2.0 and higher, use the "Show Long
   Headers" option in the "Mail" menu while you have the spam message
   open.  In versions earlier than 2.0: Click the blue triangle near
   the "from" information to show additional message information, then
   click the "Show Original Headers..." button to bring up the full
   header info.

 * On AOL, for messages sent via the Internet, complete headers
   are found at the bottom of the message, after a line that says
   "Headers".

Spammers sometimes put fake headers at the end of a message to cause
confusion.  But AOL is virtually the only environment where headers
are supposed to show up at the end of a message, and even there you
should be able to find the real headers after the fake ones.

When you do retrieve the full header for a spam message, you will
usually see several "Received:" fields, which are supposed to trace
which machines the message has passed through.  You can use these
fields to decide where to report the spam.  Opinions differ about the
best strategy, and I will keep this explanation simple at the risk of
offending those who hold different opinions.  The problem, simply put,
is that many spam messages include forged "Received:" fields to throw
you off track.  Any "Received:" fields that mention AOL or Juno, for
example, are probably forged.

The "Received:" fields are generally in order, with the most recent
ones first, so if one "Received:" field is suspect, then all the
ones below it are automatically suspect as well.  If you assume that
the "Received:" fields are all legitimate, then you can simply look
through them and identify the first machine that accepted the message
from the spammer's own site.  This machine shares some of the blame,
since it should have detected that the message was spam, for example
because its return address could not be translated to a legitimate
IP address, and refused it.  If the spammer employed software that
deliberately creates a confusing header, however, you may end up
complaining to an innocent party -- one whom the spammer wishes
to attack.  This is where it helps to have technical tools for
reconstructing the truth behind potentially forged e-mail headers.
Although I'll talk about some of these tools in a moment, they may
require more expertise than most people have.

Therefore, nontechnical people may wish to employ another strategy.
If you look at a header closely, you will usually find that one or
more of the "Received:" fields mentions your own site.  Look for the
"Received:" header field that records the message's first arrival
within your site.  Because the "Received:" fields are ordered, the
field you want might be the first "Received:" field in the header.
This field was generated by the mailer at your site, so it is probably
reliable.  In the case of the (fictional) "Received:" field that I
quoted above, the message came from snarfworld.com.  In that case, to
report the message, you would forward a copy of it like so:

  To: abuse [at] snarfworld.com
  Subject: spam from your site

  This spam message was apparently sent through your mailer...

  [include a copy of the message, including the full header]

It is important to include the full header of the offending spam
message; that header is the site maintainer's major source of clues
about the message's actual origins.  In fact, the site to which you
are complaining was most likely "hijacked" against its will to produce
spam.  This is very common, and it generally results in torrents of
"bouncemail" for the messages that the spammer sent to bad addresses
-- potential cause for a lawsuit.  Even if no lawsuit is filed, the
site's maintainers need to upgrade their software to prevent this
sort of hijacking in the future, and your complaint will help motivate
them to do so.  I recognize that this can be a complicated issue, and
that mailer upgrades that suppress hijacking may also disable other,
legitimate uses of mail.  I believe, however, that spam is the more
serious concern.

If mail to the "abuse" address does not work, you *might* be dealing
with an ISP that is irresponsible or needs a little education on the
importance of taking action against users who spam.  See if you can
reach them at "postmaster" instead and explain the issues to them.
A table of the spam-reporting addresses at several major ISPs can
be found about halfway down the following Web page:

  http://members.aol.com/reinbeaux/pass/pass.htm

On the other hand, you should not expect a personal reply to a spam
complaint from even the most responsible ISP.  ISPs get far too many
complaints, for better or worse, to respond to each one individually. 

For more detailed instructions on interpreting "Received:" header
fields, see:

  http://kryten.eng.monash.edu.au/received.html

If the "Received:" fields in the message header are too complicated
to think about, you might also be able to discern the origin of a spam
message from the "Message-Id:" field, also in the header.  For example:

  Message-Id: <199711006334.WAB43780 [at] node21.snarfworld.com>

This line can be forged as well, but so far only the professional
spammers seem to be forging it regularly.  Mail to "postmaster" or
"abuse" at the indicated site (in this case snarfworld.com) would
be appropriate, once again keeping in mind that the site could have
been forged.

Another approach to researching the origins of spam messages is the
Dejanews service, http://www.dejanews.com/ .  This is a search engine
for Usenet discussion groups.  If an offensive spam message includes
a distinctive text string, perhaps a fabricated address in the header
or a misspelling in the body of the message, then you can use that
text string to conduct a Usenet search.  Oftentimes a discussion about
that very message will already be ongoing among expert spam-trackers
on Usenet, and if you can find the appropriate newsgroup then you can
learn what they've discovered.  In particular, if you notice a message
whose "Subject:" line is "Please help me decode these headers", click
on the icon indicating "replies".

If a particular Internet Service Provider seems to originate a large
amount of spam, you might want to take the trouble to focus your
attention on that particular provider.  Start by looking at their web
page, which will probably be found at http://www.companyname.com/ ,
and see if they have a policy about spam.  If they don't have a
policy, or if the policy is weak, or if they are clearly not enforcing
it, then you might write to the addresses of any customer service
people or company executives that happen to be mentioned on the
site.  Most reputable ISPs hate spam, so be polite unless you have
the expertise to be certain that you're dealing with an irresponsible
company.

You can also write to the webmaster of any site that is mentioned in a
URL that might be included in a spam message.  If the message contains
a URL like http://www.snarfworld.com/~joker/freeoffer.html , then you
might wish to send a message that looks like this:

  To: webmaster [at] snarfworld.com
  Subject: spammer using your site

  A spammer is evidently using your web server...

  [Enclose a copy of the message, again with complete headers.]

Often the URL will mention the spammer's company, but the spammer's
web site will in fact be located on the server of a legitimate ISP.
If you learn how to use whois, nslookup, and traceroute, you can
identify the ISP and report the problem (with complete documentation)
to the ISP's "abuse" or "postmaster" address.

URLs for Web interfaces to the whois, nslookup, and traceroute
functions are provided below.  Briefly, the whois function allows you
to identify individuals who are involved in managing the spammer's
Internet domain.  If "abuse" and "postmaster" are invalid, you can
send e-mail to the administrative and billing contacts.  If those
addresses are forged or inactive, see if the server information shown
at the bottom of the whois report allows you to track down the actual
ISPs supporting the spammer's site.

The nslookup function lets you recover the IP address from a domain
name.  IP addresses, which look like [251.666.4.71], might provide
more reliable information about the source of a message than domain
names, which look like snarfworld.com.

The traceroute function is easily the most entertaining of the three.
It demonstrates the route that a packet takes from an arbitrary
Internet site (say, for example, the site from which a spam message
originated) to another arbitrary site.  When you're dealing with a
spammer who is connected to a small local ISP, traceroute is useful
for figuring out which big national ISPs the spam messages are passing
through.  If the local ISP is chronically tolerant of spam, you might
suggest that representatives of the big ISP have a talk with them.

If you would like to learn more sophisticated methods for tracking the
origins of offensive spam messages, consult the Web pages mentioned at
the end of this article.

(7) Complaining to the spammers themselves

If you can recover a useful e-mail address from a spam message then
you can complain to the spammer directly.  It is hard to be certain
of having the spammer's real address, but if you find an address on
the spammer's Web site then you can be reasonably certain that it
is correct.  You should realize, however, that by sending electronic
mail to a spammer, you have just validated your address for purposes
of future spam.  Some people claim that they have only made their
spam problems worse by complaining in this way, particularly if they
use software tools that process a spam message and create complaint
messages automatically.

If a spam message mentions a phone number, one possibility is to call
them and complain.  This is easy and cheap if the number happens to be
local, or if it is a toll-free (800 or 888) number.  You'll probably
get an answering machine.  However, you should be aware of several
drawbacks:

 * Spammers have been known to include someone else's phone number in
   their spam messages in order to cause them grief.

 * If you have Caller-ID turned on, your call can result in your phone
   number being captured and used for heaven knows what.

 * If you call a toll-free number, the person you call can capture
   the number you have called from regardless of whether you have
   Caller-ID turned on. 

 * If you call repeatedly or abusively, you might be breaking a law.

 * Do not call any 900 or 976 numbers, or any numbers outside of the
   United States, which might result in a substantial extra charge on
   your phone bill.

Some spammers may simply be ignorant people who have been conned into
paying for miraculous cheap advertising.  If you're a kind soul and
think you might be dealing with such a person, and they've provided
a US mail address in their message, you might write them a letter.
Perhaps you can create a form letter that explains the problem, and
simply mail it to every postal address that is mentioned in a spam
message that you receive.

(8) Questionable strategies

Some strategies for complaining about spam have significant drawbacks.  

If you think you have the spammer's true e-mail address, you can send
back a couple dozen copies of the offending spam, or else three or
four large messages each containing dozens of copies.  This approach,
however, has four problems: first, you may not have identified the
spammer correctly, so that an innocent person gets your mail-bomb;
second, the spammer's ISP might stagger under the weight of your
messages, thus potentially inconveniencing others; third, spammers
have better mail filters than you, and are unlikely to see your mail-
bomb; and fourth, you have just provided your e-mail address to a
person who sends annoying e-mail.  I don't recommend this approach.

Another questionable approach is to threaten the spammer with
violence or property damage.  Though perhaps momentarily satisfying,
this method is probably ineffective, possibly illegal, and
certainly immoral.  The last thing we need is spammers stereotyping
anti-spammers as terrorists.  A large number of other vigilante
measures, such as circulating a spammer's identity on the Internet
or complaining about the spammer to his or her business associates,
should be approached only with extreme caution, given the potential
for harming innocent people or provoking expensive legal action.  Do
nothing that is illegal, or that might provide grounds for a lawsuit.

I also do not recommend availing yourself of the mechanisms that
spammers advertise for removing yourself from their mailing lists.
Many of those mechanisms are bogus, and they tend to legitimize spam.
The goal here is to stop spam, not to legitimize it.

You might try configuring your mail-reading program to screen out spam
by recognizing certain domains or phrases.  Some people have reported
good success with this approach, but many others have not.  Even if it
works, it is only a viable solution for the technically sophisticated,
and it does not alleviate the burdens that spam creates for legitimate
system operators.  This is a community problem that seeks community
solutions.

Finally, I absolutely do not recommend ignoring spam.  Many people
argue that you should just ignore it, since flaming creates bad
energy, doing anything constructive takes effort, and lots of experts
are out there solving the problem.  This is hooey and I denounce it.
The war is not won, and it will not be won simply through the heroic
labors of experts.  Everybody's efforts are crucial, including yours.
Pick something that you can do and do it, and know that lots of other
people are doing the same.

(9) Other resources

Here are the URLs for some other sources of information about spam on
the Web.  Use your judgement.  I do not necessarily endorse any opinions,
factual claims, or software programs that these sites might offer:

Email Abuse Frequently Asked Questions
  http://members.aol.com/emailfaq/emailfaq.html

SPAM-L Frequently Asked Questions
  http://www.ot.com/~dmuth/spam-l

Review of the legal issues by Michael W. Carroll
  http://server.Berkeley.EDU/BTLJ/articles/11-2/carroll.html

Compendium of proposed federal and state spam laws
  http://www.tigerden.com/junkmail/laws.html

Comparison of proposed federal spam laws, including text
  http://www.junkemail.org/bills/

Spam court cases
  http://www.jmls.edu/cyber/cases/spam.html

Spam Media Tracker
  http://www-fofa.concordia.ca/spam/news.shtml

Internet Mail Consortium
  http://www.imc.org/imc-spam/

National Fraud Information Center
  http://www.fraud.org/info/contactnfic.htm

Coalition Against Unsolicited Commercial Email
  http://www.cauce.org/

spam.abuse.net
  http://spam.abuse.net/

Junkbusters (mostly phone and paper mail)
  http://www.junkbusters.com/

Get That Spammer! (tools for tracking down spammers)
  http://kryten.eng.monash.edu.au/gspam.html

Spam Hater
  http://www.compulink.co.uk/~net-services/spam/spam_hater.htm

Netizens Against Gratuitous Spamming (technical fixes)
  http://www.nags.org/

Yahoo's guide to anti-spam software
  http://www.yahoo.com/Computers_and_Internet/Communications_and_Networking/
    Electronic_Mail/Junk_Email/Software/

whois -- for recovering (potentially forged) information on a domain
  http://www.interlog.com/~patrick/cgi/whois.cgi
  http://rs.internic.net/cgi-bin/whois

nslookup -- for looking up the real IP address of a domain name
  http://www.interlog.com/~patrick/cgi/nslookup.cgi

traceroute -- unix program for finding a spammer's upstream ISPs
  http://www.boardwatch.com/isp/trace.htm

news group concerning abuse of e-mail (not for the faint of heart)
  news.admin.net-abuse.email

(10) Conclusion

If we despair about spam then the spammers win.  Many thousands of people
are working against spam, each in their own way.  If you simply pick the
one method that you find most convenient then you can be confident that
these antisocial people will eventually be compelled to find better ways
of making a living.

(*) Acknowledgements

I would like to thank the many people who have contributed suggestions,
corrections, and URLs to various drafts of this article.  Any further
constructive comments will be gratefully received.  Notwithstanding the
kindness and generosity of the commenters, this article is solely my
responsibility.  In particular, it does not represent the views of the
University of California or any other organization.

Copyright 1997 by the author.  You may forward this article electronically
to anyone for any noncommercial purpose.  However, you must forward it
in its entirety, without modification.  Reproduction in printed form, or
for commercial purposes, requires the author's express written consent.


  • (no other messages in thread)

Results generated by Tiger Technologies Web hosting using MHonArc.