Date: Thu, 23 May 1996 11:36:01 -0700 From: "G.R.Gircys" <rich@oester.com> To: questions@freebsd.org Cc: pinoy@thesphere.com Subject: SPAM - Can we make it stop! Message-ID: <31A4B011.1C11@oester.com>
next in thread | raw e-mail | index | archive | help
dear freebsders -
i think the following was sent to various freebsd list. it is a cute
and clever spam (or perhaps testing to do spams).
i don't know about the rest of you, but NO ONE (let alone madison ave
scammers) has the right to make me pay for spam crap. yes, it cost me
money in connect time, system resources, etc.
is there something we can do? is there interest in organizing and becoming
vocal about this? if anyone is interested, please contact
me by email; i do have some ideas; a starting idea is at the end
of this message.
i do not oppose commercialization of the internet - yahoo style models
are fine. you get free search and then pay by having commercials injected into
the response. you get what you want - madison ave gets what it wants.
i DO object to email spams - your email costs you money - internet is not
a public airway - no one has the right to make you pay.
i'll see how many people feel the same way - personally i'm sick and
tired of spams. all i ask is if you like spams - DON'T BOTHER TELLING
ME SO.
for those of you who want to respond in the traditional manner, here's
a relevant list of culprits (perhaps some innocent - tough).
postmaster@emxp.com
admin@valleynet.com, sysadmin@valleynet.com
hostmaster@thesphere.com, pinoy@thespere.com
and here's my idea to deal with this problem.
perhaps we need a spam faq - educate the public on how to spot a spam, how
to trace where it came from, and how to respond. maybe freebsd.org would like
to be the first to host this spam faq. (btw, for those who do not know, you
respond by sending email to the above, and tell them 1) this is a spam, and
2) no has the right ....)
so here's a short outline for the faq using this spam
How to Spot a SPAM (and SPAM Spot Remover Instructions ;-)
1. spammers are cowards - they know what they are doing is wrong. so they
try to hide their tracks and identity.
2. so, if an email (like this one) looks totally generic; maybe pretends to be
an innocent mistake - it is most likely a spam. but there's much more you
can do to convince yourself. here's the spam dissected:
>
> =======================================================
> Hi,
huh? do i know you? why don't you use my name? pretty generic, eh?
>
> Came across this web site and thought you might be
> interested. It's about the best selling recording
> of all time. You can find it at -
> came across it doing what? rotten fish is rotten fish - this stinks.
> http://199.182.213.77/britside.html
>
> Talk with you soon.
>
> J
> ah hah! the big tipoff - no identity! an IP address for the host? why? signed J - who the hell is J?
3) if the email message looks anonymous, good tip off that it's a spam. more
you can do to build incontrovertible evidence.
4) look at the headers - in this case there's no Subject (bit unusual); look at
the From:, it's from Email Express (for sure a legitimate outfit that will
deny everything and say it was all a mistake - you believe that sucka);
if your email client supports it (or using some direct viewer) you would see
an Apparently-To: Music@emxp.com line - this is a mailing list - it's not
directed to an individual. and besides, i'm never signed up for any such
list; never before got email from it, etc.
5) additional header info really tips this off as a spam - they are trying
so hard to hide their faces in the following way:
Received: (from www@localhost) by emxp.com
localhost? you got something to hide? oh, excuse me, it's an
intranet misconfiguration error (yeah sucka).
6) convinced - great - now who do you complain to. unfortunately this is
the difficult part since many people don't know how to track this type of
stuff and even worst, popular OSes like Windows95 typically don't have the
needed tools. but here's a summary how you get a list of culprits:
a) use whois to find out who's the emxp.com domain; from that you get the
postmaster contact and domain servers (maybe innocent - maybe not)
b) again use whois to check out valleynet.com - the emxp domain servers - get
valleynet contacts and see they do their own domain servers so we're at a whois
deadend (for now).
c) now use traceroute to see where this anonymous IP address is located - from
this you learn the ip address is www.pinoy.net - ah, now let's use whois again.
d) now whois tells us about the pinoy@thesphere.com contact - i've seen enough
to be very suspicious - given the titles of the people and that this
IP address maps to a userid - no make sense that it's a mistake - if it
walks, talks, smells like a spam - it is.
now the bad news. these people are amateurs - the tracking info in this case
is just too good. there are better ways to do this - ways that would make
identification of closely related parties very difficult. i have in fact
been contacted by a few companies asking me to design such a system for them.
(no kidding! i'll send my resume to anyone who asks and they'll see why
i would be the ideal person to do this).
so someday, it will happen. that's why if you're sick and tired of spams, and
even more importantly stand for the principle that says spamming is wrong, now
is the time to do something (some more ideas - a spammer registry (i.e.
internet molesters) - more info on spotting a spam like recently registered
domain - a volunteer SERT (Spam Emergency Response Team) organization of
individuals with the technical knowledge to provide the rest of the internet
with a list of culprits, etc.).
now for the final fun. remember that Apparently-To: email address - well that's
how this whole thing got started. i'm gonna see how smart these people are
and i am cc'ing this email to that address (PLEASE - NO ONE ELSE DO THAT!).
if they are dumb jerks, this anti spam message will boomerang on them! everyone
who got the spam will now get this email. we shall see.
have fun,
rich
p.s. to spam for the cause of stopping spamming? has it been done before? tis
the only nobel spam, the one to end all spams.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?31A4B011.1C11>