• Prevention
• How to defeat spamming (unsolicited mail)
• Helpful links

There are people on the net who annoy you by sending a lot of unsolicited mail. We are talking about SPAMMERS, JUNKERS or MAILBOMBERS. We could classify them in this way:

1. Junk Mailers: who send you unsolicited commercial ads
2. Mailbombers: who send you large quantities of mail to flood your mailbox, forcing you to spend a lot of time getting rid of it
3. Forgers: who send messages to others putting your name and e-mail address into
4. Nuisances: who want to annoy you for some reason or no reason

Sometimes you receive a message saying something like that: 'Blah, blah...we have added you into our mailing list...blah, blah...in order to avoid receiving of our mail you can reply to unsubscribe@blah.blah.com...etc...' Well, let me say a thing: you are paying for your connection and your disk space, why should you spend time and money receiving that? Who authorize these spammers to annoy you? So you shouldn't reply, but you should make a complaint.

Prevention

1. Don't register here and there on the net: if you are registered on thousands of sites, you could receive junk mail. Sure, sometimes you have to register in order to receive some services...Ok, I just suggest you: don't register to ALL sites you visit! Besides, serious sites don't give your e-mail address to spammers!
2. Many spammers buy CD-ROMs of e-mail addresses, usually collected from Usenet or similar sources, so, if you are posting a message to some newsgroup, and you are afraid about flames or spamming, you could use an anonymous remailer. Often spammers collect e-mail addresses inside of newsgroups by means of 'spiders' who walk around the Usenet and collect addresses (like some search engines, who walk around the Internet for the purpose of collecting URLs by following links on web pages). So, if you are posting a message, say to news.admin.net-abuse.misc, you should forge your real e-mail address (or just use an anonymous remailer). Often people send messages with fake e-mail addresses like this: 'sen*der@my*add*ress.com' with instructions to 'fix' this address ('if you want to reply, just strip away asterisks from address...'). Well, it works, because 'spiders' don't understand your instructions...You could use a fake address like this: 'se*der@my$ddress.com' (with these instructions: 'if you want to reply, just replace '*' with 'n' and replace '$' with 'a'...'). Well, spiders CAN'T UNDERSTAND your instructions, because they are quite stupid...
3. You could use 'filters'. Some mail programs (like Eudora Pro for example) have filters to avoid receiving of junk mail. By means of these filters you can delete all mail from a particular e-mail address for example. However a mailbomber attack is pretty dangerous, because it damage your ISP's system resources, so you should warn your ISP when you are suffering mailbombing attacks. In addition, when you receive, say 3000 messages, don't delete all of them, but SAVE at least a copy of them, because you could use it for your complaint. If you are using Eudora pro 3.0: when you receive a spam message, select it and press Ctrl-k keys (Make Nickname) then type 'Spam' inside of window. Then click on 'Tools' and 'Filters'. Then click on 'Incoming', 'From' and type the spammer address. You can 'Transfer' it to the Trash Mailbox for example. You can also click on 'Reply With' and choose a complaint message (you have to make a complaint message and save it into 'Stationery' folder). Whenever you receive a spam message, you can 'Add to list' it by pressing Ctrl-k, typing 'Spam', 'OK' and then 'Add to list'.

How to defeat Spamming

Ok, in spite of prevention, you couldn't avoid spammers. Now you are receiving a lot of junk mail. What can you do now? Well, you have to: 1) find out WHERE the junk mail CAME FROM, 2) Make a COMPLAINT.

Step 1: finding out where junk mail came from

First of all you have to look at HEADERS. Usually spammers forge the headers of their messages, but however there will often be some clue of real spammer inside of them. You have to look at these headers:

1. X-sender: or Sender:
2. Received:
3. From:
4. Message_id:

If the spammer has forged the 'From:' header, the mailer software will in most of cases put the identity of sender in another header. For example, you could see something into the 'Message_id:' header, because the mailer software often put information about the sender into that field. Every time an e-mail message is sent, it has to 'visit' several computers along the way. Well, every time that message visit a computer, a 'Received:' line is added. So, if you look at header of an e-mail, you should see a few of lines. For example:

1. Received: from www.abcdefg.com ([123.11.123.11]) by aaa.bbb.com (11.31.1/22.2.2) with ESMTP id 0AA12345; Sun, 21 Sep 1997 02:40:20 +0200 (MET DST)
2. Received: from www.spam.com ([111.0.0.0]) by www.abcdefg.com (123.1.1/123.1.1) with SMTP id 0BB12345 for <news@abcdefg.com>; Sat, 20 Sep 1997 10:37:05 -0700
3. Message-Id: <3.0.32.19970920103631.00ad4b14@abcdefg.com>
4. X-Sender: spammer@abcdefg.com (Unverified)
5. X-Mailer: Windows Eudora Pro Version 3.0 (32)
6. Date: Sat, 20 Sep 1997 10:36:33 -0700
7. To: news@abcdefg.com
8. From: SPAMMER spammer@abcdefg.com

1. The first line indicates that the mail was sent to your ISP's machine (in this case 'aaa.bbb.com') from the machine www.abcdefg.com. '0AA12345' is the message id; each message on the net has a message id: you can identify the real message by means of this identifier. '+0200' is the local time zone. The From: and Received: lines give times a message travelled through the net. Forged messages often show substantial times differences, as the forged e-mail was prepared in a different time. However some machines haven' t their clock set correctly.
2. The second line indicates that www.abcdefg.com received that e-mail from www.spam.com. So you could complaint to postmaster@spam.com. '-0700' is the local time zone.
3. In the Message-Id: there is '3.0.32' (the mailer program version: 3.0 32 bit as you can see in the X-Mailer: header); '19970920' (when the message was sent); '103631' (it was sent at 10.36.31); '00ad4b14@abcdefg.com' (the real/fake spammer address: if you look after '@' symbol, you can know the domain name of spammer's machine) this address should be the same of which contained into the From: and the Received: headers. If these headers don't agree, there may be a fake From: line. However, in some cases the difference may be legitimate: for example, if you have a private domain name on a commercial service, the 'Id' and 'Received' lines will show the domain name of the commercial service, and the 'From' will show your name.

Ok, you know more about headers...and now? Well you can know more about the spammer or the spammer's ISP looking up the InterNIC database. If you want to get a registered domain, you have to submit a request to the InterNIC. So there you can know a lot of information about the spammer. You can query the InterNIC database by means of WHOIS command. If you are on UNIX system, just type: 'whois spammer_domain.com'. If this command is unavailable on your system, telnet to 'rs.internic.net' and then enter the whois command at the prompt of the InterNIC machine. You should use the IP address of the spammer's domain. For example: 'whois 123.123.123.123'. If you don't get an answer, repeat the whois command, dropping the last number in the set, till you get an answer: 1) whois 123.123.123.123 - Answer: ...nothing 2) whois 123.123.123 - Answer: ...nothing 3) whois 123.123 - Answer: ...Spammer domain, blah, blah...Bingo! If you can't find the identity of the ISP who provide access to the spammer, you can use the TRACEROUTE command. By means of this command you can trace the path from your machine to another machine. There are some web sites who offer access to traceroute command. Look at TOOLS-Monitoring the Internet for example (if you are using Win95, open a Dos Window and then type 'tracert spammer_domain.com'; I don't know the reason for the 'tracert' name...).

Step 2: Make a complaint

Once you have found the spammer, you should make a complaint to the postmaster like this:

Subject: unsolicited e-mail

The following unsolicited commercial message was sent to me. If you added me to a mailing list, please remove me from that mailing list immediately. I don't accept unsolicited e-mail advertisement. Please, ensure that this doesn't happen again.

Sincerely,
Mickey Mouse

Of course, you should substitute your real name at the bottom...There is a nice program for Windows users called 'Spam-hater' to make different complaint messages. Don't forget to include one copy of the offending mail, and, of course, don't mailbomb the postmaster with complaints. However, sometimes you can't send a complaint to...thousands of mailing lists! Some people use some scripts to subscribe you to an huge quantities of mailing lists. If you find out that, you can send this command to a listserver: UNSubscribe * (NETWIDE. You will be unsubscribed from all lists known by that listserver.

Helpful links

• http://rs.internic.netcgi-bin/whois
• http://www.ripe.net/db/whois.html
• news:news.admin.net-abuse.email
• news:news.admin.net-abuse.misc
• news:news.admin.net-abuse.usenet
• news:alt.current-events.net-abuse
• news:alt.spam
• http://nctuccca.edu.tw/ftp/documents/Internet/MaasInfo/Other/NetAbuse.html
• http://www.jazzie.com/ii/internet/mailbots.html
• Junkbusters
• Filtering Mail FAQ Launcher: Information on filtering unwanted mail
• Email Abuse FAQ: A useful collection of information, with many links
• The OLGA mail spamming.
• Tracing SPAM
• SPAM-L anti SPAM mailing list
• Killfileing SPAM news posts
• On this SPAM stuff
• Header Format Spec (RFC 1036)
• Spamfaq
• http://www.cybernothing.org/faqs/net-abuse-faq.html
• http://spam.ohww.norman.ok.us/notice.htm
• http://www.uiuc.edu/ph/www/tskirvin/spam.html
• http://www.cm.org
• http://www.halcyon.com/natew/ (Software to automate tracking the headers)
• http://www.compulink.co.uk/~net-services/spam/ - Windows Spam Hater
• http://www.vix.com/spam
• http://axxis.com/~ian/nags/intro.html
• http://knet.flemingc.on.ca/~surly/junkmail.html
• http://www.mcs.com/~jcr/junkemail.html
• http://www.compulink.co.uk/~net-services/spam/
• http://www.accessnt.com.au/faqs/spam.htm
• http://www.ca-probate.com/aol_junk.htm
• http://www.tezcat.com/~gbyshenk/ive.been.spammed.txt
• http://www.concentric.net/support/tos/index.html - Spam cleanup charges
• http://www.yahoo.com/News/Usenet/Abuse
• http://kryten.eng.monash.edu.au/gspam.html
• http://members.aol.com/emailfaq/emailfaq.html
• http://www.csn.net/~felbel/jnkmail.html
• http://www.webscaper.com/inet/em_secur.shmtl - Why E-mail is not secure
• http://www.ultranet.com/~gmcgath/selfdefense.html
• http://www.metareality.com/~nathan/visit.cgi/spam/html.Remail - Remailer Info
• http://www.metareality.com/~nathan/visit.cgi/spam/html.Spam - Fight Spam
• http://www.crl.com/~sjkiii/news-admin-net-abuse.html
• http://www.rlabs.com/sputum/sputmain.html
• http://morehouse.org/hin
• ftp://rtfm.mit.edu/pub/usenet/alt.spam/
• ftp://rtfm.mit.edu/pub/usenet-by-hierarchy/news/admin/net-abuse/misc/
• http://sh1.ro.com/~mprevost/netutils/netutils.html
• http://www.magicbox.net/~unabest/tools/
• http://sh1.ro.com/~mprevost/netutils/dig.html
• http://cello.cs.uiuc.edu/cgi-bin/slamm/ip2ll/ IP to Latitude Longitude
• http://www.io.com/~johnbob/jm/index.html
• http://www-ucsee.eecs.berkeley.edu/~set/spam
• http://www.best.com/~ariel/nospam
• http://www.nepean.uws.edu.au/users/david/pe/blockmail.html
• http://math-www.uni-paderborn.de/~axel/BL/ (European spammers black list)
• http://www.cco.caltech.edu/~cbrown/BL/ (American spammers black list)

Index           Home  Back       About  Contact us!

Copyright (c) 1998-2006 Wowarea