How to fight Spam (Re: Pamela & Tommy Lee's...)

[Doug Yanega]

>Hope all of you agree that we REALLY need more of this sort of crap in our
>daily lives.

Leps-L has apparently made it onto a widely-distributed Spammer directory,
and will unquestionably receive many of these things as long as Spam itself
persists (or unless leps-l changes its name, or alters format so it is
moderated or blocked to all non-subscribers). But why should WE give up OUR
free speech to people who are mistaken in believing that this right extends
to making us pay to receive their ads?

>If not, let's try to do something about it!

I do, incessantly. If everyone on this list complains every time we get
another spam, then maybe we can annoy a few ISPs into taking action (see
below).

>Any suggestions from you (disgusted) individuals are appreaciated.

Here's a handy anti-spam reference card for you all - save it and *pass it
along* to any friends/colleagues who you know who are willing to spend a
little time fighting back:

"Spam" is defined, in essence, as identical messages sent to a VAST number
of different recipients, the unspoken qualifier being that the recipients
did not ASK to receive the message in question. Note that CONTENT is
absolutely irrelevant in the technical definition of Spam!! - it does not
matter what the message is, even if it's "Christmas Greetings to the World"
written by Pope John Paul, and it is sent only to mailing lists and
newsgroups for which it is "on-topic" - if hundreds or thousands of people
get it, and didn't ask for it, it's a spam! If anti-spamming was based on
content, then it would be correctly construed as censorship, and it is NOT
a censorship issue, despite spammers' protests to the contrary - if
spammers are given that piece of ammunition, that anti-spamming is
SUBjective and not OBjective, then they will win the war.

The most important proverbial leg we have to stand on for filing complaints
is that most internet service providers (ISPs) have strict anti-spam
policies, and clients who violate these policies can be disconnected. This
is the best thing we can hope for in most cases, and any complaints should
be phrased (politely) in terms of (1) ascertaining who *is* the ISP for the
spammer involved, and (2) whether or not the ISP in question has anti-spam
policies, and whether they intend to enforce these policies.
Sadly, we have no *legal* recourse, because the law which makes fax ads
illegal, as well as cellular phone dialups, has not yet been fully
litigated in an e-mail case. So far, all the spammers have settled out of
court rather than set a formal precedent which would put them out of
business for good. With any luck, it's only a matter of time, but in the
meanwhile, we must complain. Frequently.

The two primary tools at our disposal, especially useful when no false
addresses have been used, are WHOIS and TRACEROUTE. For false return
addresses, see below.

WHOIS tells you the people and places behind that Spam you've just
received, and the administrative contact. Unfortunately, quite often, the
administrative contact is one of the people profiting from the Spam - and
thus not always cooperative in shutting down the spammers. Nonetheless, the
info on who is involved is often good to have, and it gives you more leads.
There are numerous web sites that do Internic Whois searches, my favorite
is www.homecom.com/services/domain.html

TRACEROUTE is much more direct, and absolutely essential when false headers
have been used. It gives you explicit information on the path any messages
must follow from the spammer's site to the traceroute host site. This,
then, typically reveals the electronic "link" between the spammer and the
rest of the net - generally, this will be the ISP (as the link one level up
from the  bottom of the traceroute chain). For example, on a search for a
recent "www.toplis.com" spam, traceroute reveals as its two bottom links
unnamed servers, and then several servers all part of "agis.net" - so it
looks like agis.net is acting as ISP for www.toplis.com, and complaints
going to postmaster at agis.net (virtually ANY "*.net" will have a default
"postmaster" address for such things) are a good bet to get some sort of
action. Of course, someone acting as ISP for a "toplis.com" and
"unforgettable.com" may very well know what sort of clients they have, and
prefer to take their money rather than listen to your complaints. Still
can't hurt to try, and to be polite until you are sure who is responsible.
Anyway, I like the getnet traceroute site, www.getnet.com/cgi-bin/trace

Now, as for tracing a false return address, many mail readers allow you to
view ALL the headers on incoming mail, and the one to look for is the
MESSAGE-ID header, because this one is the hardest to muck with, and
generally will reveal the *actual* source machine for the Spam, at least in
the form of an IP address (e.g. [150.164.24.214]), which one can then plug
into traceroute. Myself, I discovered to my dismay that my present mail
reader does NOT allow me to see the message-id headers, so I am no longer
able to track down false return addresses like I used to. The rest of you
folks will have to give 'em hell for me. ;-)

Peace,

Doug Yanega    Depto. de Biologia Geral, Instituto de Ciencias Biologicas,
Univ. Fed. de Minas Gerais, Cx.P. 486, 30.161-970 Belo Horizonte, MG   BRAZIL
phone: 031-448-1223, fax: 031-44-5481  (from U.S., prefix 011-55)
                  http://www.icb.ufmg.br/~dyanega/
  "There are some enterprises in which a careful disorderliness
        is the true method" - Herman Melville, Moby Dick, Chap. 82