Date: Thu, 23 May 1996 11:36:01 -0700 From: "G.R.Gircys" <rich@oester.com> To: questions@freebsd.org Cc: pinoy@thesphere.com Subject: SPAM - Can we make it stop! Message-ID: <31A4B011.1C11@oester.com>
next in thread | raw e-mail | index | archive | help
dear freebsders - i think the following was sent to various freebsd list. it is a cute and clever spam (or perhaps testing to do spams). i don't know about the rest of you, but NO ONE (let alone madison ave scammers) has the right to make me pay for spam crap. yes, it cost me money in connect time, system resources, etc. is there something we can do? is there interest in organizing and becoming vocal about this? if anyone is interested, please contact me by email; i do have some ideas; a starting idea is at the end of this message. i do not oppose commercialization of the internet - yahoo style models are fine. you get free search and then pay by having commercials injected into the response. you get what you want - madison ave gets what it wants. i DO object to email spams - your email costs you money - internet is not a public airway - no one has the right to make you pay. i'll see how many people feel the same way - personally i'm sick and tired of spams. all i ask is if you like spams - DON'T BOTHER TELLING ME SO. for those of you who want to respond in the traditional manner, here's a relevant list of culprits (perhaps some innocent - tough). postmaster@emxp.com admin@valleynet.com, sysadmin@valleynet.com hostmaster@thesphere.com, pinoy@thespere.com and here's my idea to deal with this problem. perhaps we need a spam faq - educate the public on how to spot a spam, how to trace where it came from, and how to respond. maybe freebsd.org would like to be the first to host this spam faq. (btw, for those who do not know, you respond by sending email to the above, and tell them 1) this is a spam, and 2) no has the right ....) so here's a short outline for the faq using this spam How to Spot a SPAM (and SPAM Spot Remover Instructions ;-) 1. spammers are cowards - they know what they are doing is wrong. so they try to hide their tracks and identity. 2. so, if an email (like this one) looks totally generic; maybe pretends to be an innocent mistake - it is most likely a spam. but there's much more you can do to convince yourself. here's the spam dissected: > > ======================================================= > Hi, huh? do i know you? why don't you use my name? pretty generic, eh? > > Came across this web site and thought you might be > interested. It's about the best selling recording > of all time. You can find it at - > came across it doing what? rotten fish is rotten fish - this stinks. > http://199.182.213.77/britside.html > > Talk with you soon. > > J > ah hah! the big tipoff - no identity! an IP address for the host? why? signed J - who the hell is J? 3) if the email message looks anonymous, good tip off that it's a spam. more you can do to build incontrovertible evidence. 4) look at the headers - in this case there's no Subject (bit unusual); look at the From:, it's from Email Express (for sure a legitimate outfit that will deny everything and say it was all a mistake - you believe that sucka); if your email client supports it (or using some direct viewer) you would see an Apparently-To: Music@emxp.com line - this is a mailing list - it's not directed to an individual. and besides, i'm never signed up for any such list; never before got email from it, etc. 5) additional header info really tips this off as a spam - they are trying so hard to hide their faces in the following way: Received: (from www@localhost) by emxp.com localhost? you got something to hide? oh, excuse me, it's an intranet misconfiguration error (yeah sucka). 6) convinced - great - now who do you complain to. unfortunately this is the difficult part since many people don't know how to track this type of stuff and even worst, popular OSes like Windows95 typically don't have the needed tools. but here's a summary how you get a list of culprits: a) use whois to find out who's the emxp.com domain; from that you get the postmaster contact and domain servers (maybe innocent - maybe not) b) again use whois to check out valleynet.com - the emxp domain servers - get valleynet contacts and see they do their own domain servers so we're at a whois deadend (for now). c) now use traceroute to see where this anonymous IP address is located - from this you learn the ip address is www.pinoy.net - ah, now let's use whois again. d) now whois tells us about the pinoy@thesphere.com contact - i've seen enough to be very suspicious - given the titles of the people and that this IP address maps to a userid - no make sense that it's a mistake - if it walks, talks, smells like a spam - it is. now the bad news. these people are amateurs - the tracking info in this case is just too good. there are better ways to do this - ways that would make identification of closely related parties very difficult. i have in fact been contacted by a few companies asking me to design such a system for them. (no kidding! i'll send my resume to anyone who asks and they'll see why i would be the ideal person to do this). so someday, it will happen. that's why if you're sick and tired of spams, and even more importantly stand for the principle that says spamming is wrong, now is the time to do something (some more ideas - a spammer registry (i.e. internet molesters) - more info on spotting a spam like recently registered domain - a volunteer SERT (Spam Emergency Response Team) organization of individuals with the technical knowledge to provide the rest of the internet with a list of culprits, etc.). now for the final fun. remember that Apparently-To: email address - well that's how this whole thing got started. i'm gonna see how smart these people are and i am cc'ing this email to that address (PLEASE - NO ONE ELSE DO THAT!). if they are dumb jerks, this anti spam message will boomerang on them! everyone who got the spam will now get this email. we shall see. have fun, rich p.s. to spam for the cause of stopping spamming? has it been done before? tis the only nobel spam, the one to end all spams.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?31A4B011.1C11>