Spam

General

What is spam?

Spam is flooding the Internet with many copies of the same message,
in an attempt to force the message on people who would not otherwise choose to receive it.
Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services.
Spam costs the sender very little to send, most of the costs are paid by the recipient or the carriers rather than by the sender.

There are two main types of spam.and they have different effects on Internet users.
  • Cancellable Usenet spam is a single message sent to 20 or more Usenet newsgroups. (Through long experience, Usenet users have found that any message posted to so many newsgroups is often not relevant to most or all of them.) Usenet spam is aimed at "lurkers", people who read newsgroups but rarely or never post and give their address away.
    Usenet spam robs users of the utility of the newsgroups by overwhelming them with a barrage of advertising or other irrelevant posts.
    Furthermore, Usenet spam subverts the ability of system administrators and owners to manage the topics they accept on their systems.
  • Email spam targets individual users with direct mail messages.
    Lists of e-mail adresses are often created by scanning Usenet postings, stealing Internet mailing lists, or searching the Web for addresses.
    Email spams typically cost users money out-of-pocket to receive.
    Many people - anyone with measured phone service - read or receive their mail while the meter is running, so to speak. Spam costs them additional money.
    On top of that, it costs money for ISPs and online services to transmit spam, and these costs are transmitted directly to subscribers.

    One very nasty variant of email spam is sending spam to mailing
    lists. Because many mailing lists limit activity to their subscribers,
    spammers will use automated tools to subscribe to as many mailing lists as possible,
    so that they can grab the lists of addresses, or use the mailing list as a direct target for
    their attacks.

OK I got spam, What to do ?
  • Why shouldn't I just delete it? How about bouncing it?
    Deleting spam helps no one.
    Your silence will be taken as acceptance.
    Bouncing spam is tricky, if you don't do it right, the spammer may realize that you faked it, and that your address is a legitimate one.
    This may get you more spam.
    Most of the time, the spammer will not include a legitimate address to bounce a message to anyway, so it's just a waste of time.
    The best thing to do is reporting to the proper authorities.

  • Is spam legal ?
    Check http://www.spamlaws.com/ for information about your area.

Reporting

MyMAIL can help you reporting spam.

Automaticly:

Manual:

  • Select the mail you like to report.
  • Press S key
  • A template report is created.
  • Find out the originating IP
  • Find out who is owning the network (ISP) by using whois or nslookup.
    or visit http://www.iana.org/ipaddress/ip-addresses.htm to find out on the web.
  • Change the "To:" field address to abuse@[ISP]
    Please note that the adress automaticly is invalid in 99.9% of the cases.
  • Send the mail

Response on reporting ?

Most times there is no human response on the reports.
A automatic response are in the most cases sent to you so it is a good idea to have a folder for these mails and then filter on "abuse" on Subject: and From:.

How to find out the ISP...

The spammer tries to hide the originator of the mail by not including the correct e-mail address and or hiding the server name.
It is possible to trace the originator by the IP-address by using for example whois, traceroute, nslookup or webtools Sample 1 of a spam header:
..
Received: from (gaia.tripnet.se) [195.100.21.7]
   by heron.tripnet.se with esmtp (Exim 3.35 #1)
   id 19d6J9-0002uf-00 (Debian); Thu, 17 Jul 2003 12:48:19 +0200
Received: from (p50829739.dip.t-dialin.net) [80.130.151.57]
   by gaia.tripnet.se with smtp (Exim 3.35 #1)
   id 19d6Iu-0004c3-00 (Debian); Thu, 17 Jul 2003 12:48:07 +0200
From: rugilo@deliveryman.com ..

This one has correct IP and Name, a serch with nslookup gives p50829739.dip.t-dialin.net
abuse address is abuse@t-dialin.net
Sample 2 of a spam header:
..
Received: from (gaia.tripnet.se) [195.100.21.7]
   by heron.tripnet.se with esmtp (Exim 3.35 #1)
   id 19cz4Y-000147-00 (Debian); Thu, 17 Jul 2003 05:04:46 +0200
Received: from (jdgxkxc) [218.5.6.222]
   by gaia.tripnet.se with smtp (Exim 3.35 #1)
   id 19cz4S-0006VK-00 (Debian); Thu, 17 Jul 2003 05:04:45 +0200
From: Jada
To:
Subject: Equal results just cheaper
Date: Thu, 17 Jul 2003 07:08:51 -0400
Mime-Version: 1.0
Content-Type: text/html
Message-Id:
Status:
..

This one has mismatching IP (218.5.6.222) and Name (jdgxkxc). A serach on http://www.apnic.net/apnic-bin/whois.pl
finds out that the spam comes from China (China net).
abuse address is in this case abuse@fjdcb.fz.fj.cn

More information/tools

http://www.abuse.net/
http://spam.abuse.net/faq/
http://spam.abuse.net/overview/
http://www.iana.org/ipaddress/ip-addresses.htm

© Erik Häll 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006

TO INDEX