Spam the Spamers

First of all, why am I doing this? There are several reasons:

I want to pass this information on to you to make your life easier,
Hopefully some people will make some suggestions that I can add to this list to make it more effective, and

What is spam?

The following is a summary of the junk email messages I got in the month of September, with a count of how many I got in each category.

13 get rich quick
11 MLM or non-home business
11 cheap merchandise
8 email spammers
7 sex
6 Work at home
5 free money
4 ethereal
5 investigator
3 print supply
2 sports
7 others

Click here to see more details of these 82 spam email messages.

From the above list, you can see that there are many different kinds of email spam. Most are commercial since it costs the sender money to send out bulk email. Some of the email spam, about 10%, comes from the spammers themselves trying to get others to send even more email spam.

By following the steps I outline below, I have received many messages like the following:

Please be advised that this account has been terminated. If you receive any further correspondence from this source, please let us know. Thank you.

Why is email spam bad?

The following is a list of reasons why email spam is bad.

If you can think of more, please let me know. I find email spam more of annoyance. Personally, I view it like the telephone marketer that calls me up while I'm eating dinner.

How does the email spammer get your name?

So how, you ask, does a spammer get your email address? There are several ways this can happen, some more direct than others.

One of the great things on the net is news groups. These are collections of messages, called postings, organized into groups, called news groups. People interested in reading jokes will subscribe (it's free) to the news group rec.humor.funny. There are thousands of news groups for every possible category. The amount of postings in a day's time varies depending upon the news group and the topics being discussed. Some of the news groups are moderated, meaning that there is a small number of people, sometimes one, that control what is posted. People will send a message to the moderator who decides if it is appropriate to the charter of the news group and the will either reject the request or put it on the news group for others to read. The news group rec.humor.funny is moderated. The majority of news groups are not moderated. This means that anyone can post a message and the people who subscribe expect that posters will stay within the charter of the news group.

With the thousands of news groups there are thousands of messages posted each day. It is a simple matter for an email spammer to write a computer program that reads each of these messages looking for email addresses. When it finds one, if it is unique, it simply adds it to its data base.

Another way is for someone to sell email addresses to the email spammer. This almost happened with AOL, but was stopped by irate members, who pay for that service. Why should one have to pay to get spammed?

Another varient on selling email addresses, is for a WEB page to have the surfer fill out a form, with name, email address, etc., to receive information or a free gift. If you have ever gone to a site that offers a free mouse pad, your email address probably was directed to an email spammer.

Spam victim Helper Sites

There are a number of sites that can help rid you of spam. I have listed the ones that I know about here. I have found that some claim to have a filter that will filter out your email address, but in fact do nothing. Others are quite good and actually will do what they say. Your mileage may vary.

Abuse.net: Home Page
ANONYMOUS SURFING
CAUCE - Join the Fight Against Spam!
XO Communications - Email Abuse
Death to Spam
PSINet Strengthens Anti-Spamming Policy

Often, the email address to the originator is bogus, but the abuse mailing lists are great. Often I will get a response of the form "thank you for notifying us of this problem" and after a few days another email of the form "that site has been deleted". The spammer is stopped, hopefully for good.

Analyzing Email Headers

For better results, you can try sending a message to one of the sites in the header of the junk email. To get full headers for a message in Netscape, click on Options --> Show Headers --> All. Look at the full headers to see if there is another email address to send to. Send a message to all likely candidates. For example, if the full header looks like:

Received: by aslws31.asl.dl.nec.com (8.7.3/YDL1.9.1-940729.15) id DAA07950(aslws31.asl.dl.nec.com); Tue, 30 Sep 1997 03:13:50 -0500 (CD T) Received: by aslws01.asl.dl.nec.com (8.7.3/YDL1.9.1-940729.15) id DAA16180(aslws01.asl.dl.nec.com); Tue, 30 Sep 1997 03:13:46 -0500 (CD T) Received: from em.cenida.it (root@mail.cenida.it [194.177.120.5]) by telemann.inoc.dl.nec.com (8.8.5/8.8.5) with ESMTP id DAA16174 for ; Tue, 30 Sep 1997 03:14:14 -0500 (CDT) Received: from 194.177.120.5 (port44.dieg.prodigy.net [204.237.169.44]) by em.cenida.it (8.8.7/8.8.7) with SMTP id JAA07247; Tue, 30 Sep 1997 09:23:22 +0200

There will be other items in the full header, but concentrate on the Received lines. Note that in this message, the host names in these lines with a from or by annotation are:

by aslws31.asl.dl.nec.com
by aslws01.asl.dl.nec.com
from cenida.it
by telemann.inoc.dl.nec.com
from port44.dieg.prodigy.net
by em.cenida.it

From this list I know that the ones that end in dl.nec.com are host names for my work and so the others are unknown to me. From those remaining host names, port44.dieg.prodigy.net and em.cenida.it, are likely candidates.

Sometimes email spam will contain a web address for you to go to. This is a direct link to the spammer's site and so is another likely candidate to add to your list.

given up and send responses only to the places that are easy, and to the places that are the most effective.

--> If there is a web address or you have candidate host names when you expanded the mail headers, use the Whois server to determine the administrative contact. When I send a message to the administrative contact I get the most effective results. The administrative contact will often start investigating the source of the email spam immediately. Usually within a day I get a response like: "it has been taken care of, the site has been deleted". To determine the administrative contact use the InterNIC whois server. When you go to that page, enter the last two parts of the web address (most likely, leave off the www. part) and press the ENTER key. Try it out with tripod.com just to get a feel for it.

Whois Server

The information you get includes the company name, address, the name of the administrative contact, and most importantly that person's email address. When you get that information, paste it into your email program and send to the administrative contact with the proper message.

Specifying prodigy.net to the Whois Server yields the following:

Prodigy Services Company PRODIGY2-DOM 445 Hamilton Avenue White Plains, NY 10601 US Domain Name: PRODIGY.NET Administrative Contact: Fitzgerald, Maureen MF736 fitzger@PRODIGY.NET 914) 448-3571

Spam Responses

After you have a list of email addresses you are ready to start fighting back. If you are certain that the email address is that of the spammer you should send a reasonably harsh email like the following. Feel free to use it or modify as you see fit.

Our private e-mail facilities are not your advertising medium. People who use them as such abuse our resources and waste our time, which we feel are pretty valuable. We have entered your e-mail address and company name in our corporate blacklist database. We will not do business with you now, nor will we consider other requests from you in the future. Please remove this e-mail address from your junk mail list immediately and do not contact us again in the future.

By US Code Title 47, Sec. 227(a)(2)(B), a computer/modem/printer meets the definition of a telephone fax machine. By Sec.227(b)(1)(C), it is unlawful to send any unsolicited advertisements to such equipment, punishable by action to recover actual monetary loss, or $500, whichever is greater, for each violation.

Pursuent to US Code, Title 47, Chapters 5, Subchapter II, Sec. 227, any and all non-solicitied commercial e-mail sent to this address is subject to a download & archival fee of $500 US.

For all other email addresses, you are attempting to have someone who you don't know do some research for you. For this type of email the tone neads to be firm, but polite. This response is directed to a person who has the resources to investigate the email spammer and the authority to terminate their account, such as the administrative contact. Again, feel free to take it as is or modify as you see fit.

I received another junk email message from someone who claims to use your service. I do not appreciate receiving such junk email messages.

Our private e-mail facilities are not an advertising medium. People who use them as such abuse our resources and waste our time, which we feel are pretty valuable. Please remove my e-mail address from your junk mail list immediately.

By US Code Title 47, Sec. 227(a)(2)(B), a computer/modem/printer meets the definition of a telephone fax machine. By Sec.227(b)(1)(C), it is unlawful to send any unsolicited advertisements to such equipment, punishable by action to recover actual monetary loss, or $500, whichever is greater, for each violation.

Pursuent to US Code, Title 47, Chapters 5, Subchapter II, Sec. 227, any and all non-solicitied commercial e-mail sent to this address is subject to a download & archival fee of $500 US.

Attached is the offending email with full headers to aid with your investigation.

The main idea is to be nice to someone who can help rid you of an email spammer.

Back to The Information Cave home page

Last modified Sun Feb 3 15:51:30 2002.