by Jason Whong
Spam is unsolicited commercial e-mail. Unsolicited, meaning you didn't ask for it. Commercial, meaning that it's an ad, not a private communication between two people. And e-mail, meaning, well, uhh... e-mail.
Spam, or UCE (to be polite to the folks at Hormel) is bad for the 'net because it increases the cost of your network connection, and slows it down. Even if you don't end up paying more for your service, it is slower than it could be, and your ISP is hurting, wasting money dealing with the problem instead of providing the fast connection you paid for.
Ambrosia doesn't send UCE. We only send solicited commercial e-mail, meaning that we will send you our press releases by e-mail only if you ask for them. We think this is the only right way to do business.
That's as far as I am going - some people think spam is OK. Those people can ignore this column. This column is all about fighting back - taking charge of your e-mail account, and wiping out the spammers one by one. Legally. Without being evil. It can be done.
Here's the deal: Most ISPs hate junk e-mail as much as you do (since it slows down their network and makes them look bad), so they usually have rules that forbid users from sending UCE. All an angry recipient would need to do was forward the offending e-mail to the appropriate parties, and the spammer would have his or her account canceled.
Well, this continued for a bit until the spammers figured out how to confuse people by forging their e-mail messages so they looked like they came from a completely different site. Abuse desk operators everywhere were inundated with false reports as confusion spread across the 'net.
Which brings us to the point of this article. It was going to be a definitive explanation of how to read headers to diagnose the exact entry point of the offending messages, and to determine whom to report the abusive activity to. Thankfully, I am not an abuse administrator, so I don't deal with this every minute of my life. So, I've decided not to write about it. Why? Because so much has already been written about it, and it is very lengthy, and I just might communicate it improperly.
Instead, I'll focus on the basics of reporting spam.
I'm using some headers from a junk e-mail I recieved just today (your headers may vary):
Received: from mail.mia.machine (1Cust131.tnt2.west-palm-beach.fl.da.uu.net [184.108.40.206])
by janus.AmbrosiaSW.com (8.9.1/8.9.1) with SMTP id TAA01799;
Thu, 4 Mar 1999 19:51:50 -0500 (EST)
Subject: PUTS MONEY INTO YOUR POCKET! AD
Date: Sat, 13 Mar 1999 06:40:28
Usually, you just see the From: header, and the Subject: header. But these other headers should be quite helpful.
If you know how to read headers, and are handy with WhatRoute by Brad Christianson, you can see that the From: header is a forgery, and that the Received: header has some kind of spoofing in it. The mail did not come from eastmail.com, nor did it come from mail.mia.machine. It came from a UUnet site. in West Palm Beach, Florida, no less!
Now here's the fun part - ratting out the spammer to the appropriate party.
Internet rules require that someone read the postmaster@ account for each domain, precisely for issues such as these. However, there's no rule that says the postmaster can't refer you to someone else. If you're not sure whom you should write to, pick one domain and write to that postmaster; they often will interdict and send it to the right party for resolution. In this case the UUnet postmaster would instruct you to UUnet's e-mail abuse department, at firstname.lastname@example.org.
UUnet is kind of slow to respond, but here's a nice message I got from Netcom's abuse desk last week:
Hello, Thank you very much for the notification of our user's actions. We have terminated the personal dial-up account of our user for breaking our user agreement policies. If that user owned a web site that was being advertised, that site should no longer be accessible. However, it can some cases take up to 24 hours for the site to clear from our servers. We will not allow this person to purchase another account at NETCOM. In addition, this user was charged our mandatory UCE Clean-up fee of $200.00 for this incident. NETCOM has very strict anti-spam policies, and in no way supports any type of unsolicited commercial email (UCE). If you receive any further contact from this user through NETCOM, please contact us immediately. For more information on our Acceptable Usage and Guidelines, please review them at this website. http://www.netcom.com/netcom/aug.html Thank you. - Marc NETCOM Policy ManagementAhh. The thrill of victory, and the agony of defeat. That'll teach the jerk to mess with my inbox.