|
Archive-name: net-abuse-faq/email/spamfighting
Posting-Frequency: bi-weekly Last-modified: 07-Jul-2001 URL: http://www.twinlobber.org.uk/antispam/faq/faq1.txt Maintainer: James Farmer <nanae-faq@usenet.twinlobber.org.uk> See reader questions & answers on this topic! - Help others by sharing your knowledge
==========================================================================
An FAQ For news.admin.net-abuse.email
Part 1: Spamfighting Overview
==========================================================================
TABLE OF CONTENTS
Recent Changes
Disclaimer
Preface
1.1 Introduction
1.1.1 Whom is this document for?
1.1.2 What is spam and why do we fight it?
1.2 Basic Spamfighting
1.2.1 I've received some spam... what can I do?
1.2.2 How can I find a spammer's ISP?
1.2.3 Can I do anything about a spammer's website?
1.2.4 What if a spam doesn't have include a website?
1.2.5 What if the spam doesn't even include an email address?
1.2.6 Who else can I complain to?
1.2.7 What email address do I complain to?
1.2.8 Can't this all be automated?
1.2.9 Should I hack into the spammer's computer?
1.3 Advanced Spamfighting
1.3.1 Spammer Tricks
1.3.1.1 What are these weird URLs?
1.3.1.2 Is the spammer's URL always the place to complain to?
1.3.1.3 Why does the spammer's website's source code look so weird?
1.3.1.4 How can I stop a spammer's website doing bad things to my
computer?
1.3.1.5 What if a spammer's website has disabled right-click?
1.3.2 What can I do about Spam-Supporting ISPs?
1.3.2.1 Research
1.3.2.1.1 news.admin.net-abuse.sightings & groups.google.com
1.3.2.1.2 Halls of Shame
1.3.2.1.3 Posting in news.admin.net-abuse.email
1.3.2.2 Education
1.3.2.2.1 What if the ISP doesn't speak English?
1.3.2.3 Contact their Upstream
1.3.2.4 Publicise their Spam-Supporting
1.3.2.5 Submit an RBL Nomination
1.3.2.6 Bitching
1.4 Spam Prevention
1.4.1 How can an individual reduce the amount of spam they get?
1.4.1.1 How do spammers get our email addresses?
1.4.1.2 Choose a non-obvious email address
1.4.1.3 Be careful with your email address
1.4.1.4 Address Munging
1.4.1.5 Whitelisting
1.4.1.6 Filtering
1.4.2 How can an ISP reduce the amount of spam their customers get?
1.4.2.1 Stop Accepting All Email
1.4.2.2 Filtering
1.4.2.3 Blackholing
1.4.2.4 Lists
1.4.2.4.1 MAPS
1.4.2.4.2 ORBS
1.4.2.4.2.1 Did ORBS die in June 2001?
1.4.3 How can an ISP reduce the amount of spam their customers send?
1.5 About anti-spammers
1.5.1 Why do anti-spammers fight spam?
1.5.2 Aren't anti-spammers just a load of anti-business communists?
1.5.3 Aren't anti-spammers just a load of anti-commerce net-nazis?
1.5.4 Don't anti-spammers just want to control email on the Internet?
1.5.5 Why don't anti-spammers spend their time stamping out porn
instead?
1.5.6 Why don't you anti-spammers just get a life?
1.5.7 Are anti-spammers all Systems Administrators?
1.5.8 If you anti-spammers are so smart, why am I still getting spam?
Credits
Use Policy
=========================================================================
--------------------------- RECENT CHANGES ------------------------------
=========================================================================
Added section 1.3.2.6, about bitch-list.net.
Linked to <http://www.elsop.com/wrc/nospam.htm> from 1.2.1
Linked to an Esperanto Anti-Spam FAQ at
<http://www.esperanto.net/veb/spam-faq.html>.
1.3.1.4 now links to <http://www.webwasher.com> as an alternative way of
eliminating JavaScript.
1.4.2.4.2.1 - the "Death of ORBS" section - has been updated with
information about the new ORBS-related lists.
=========================================================================
------------------------------- DISCLAIMER ------------------------------
=========================================================================
The following document should, where not otherwise stated, be understood
to represent the opinions and beliefs of the FAQ-maintainer only. I
endeavour to ensure that these opinions and beliefs are as correct as
possible, but take no responsibility for any problems caused by errors
herein. This document should not be considered to represent the opinions
of any individuals or organisations other than the FAQ-maintainer.
Please note that in this document, "we" is intended to collectively refer
to all regular or semi-regular posters to the news.admin.net-abuse.email
newsgroup, including those of all persuasions, and should not be read as
indicating the existence of a "clique" comprising persons of similar
viewpoints.
=========================================================================
-------------------------------- PREFACE --------------------------------
=========================================================================
This is one of three documents I have compiled to comprise an FAQ for the
news.admin.net-abuse.email newsgroup. Each document addresses points in a
given area, specifically:
The SPAMFIGHTING OVERVIEW offers a taste of the many techniques people use
to fight spam. The objective isn't to teach you how to fight spam (there
are many far superior documents that do just this), but rather to
introduce some of the techniques you can use and refer you to some more
detailed works.
THE EVILS OF SPAM covers the more ethical, moral, and legal aspects of
spam, including just what constitutes spam and the types of people who
become spammers.
UNDERSTANDING NANAE aims to introduce all of the weird, wonderful, and
sometimes impenetrable terminology that people use in
news.admin.net-abuse.email (nanae). It covers both colloquialisms (e.g.
"chickenboner") and technical terms (e.g. "direct-to-MX").
These three parts are designed to stand alone and don't have to be read in
order; feel free to pick and choose just the bits you're interested in.
These documents shouldn't be considered to be "the" FAQ, as there are
plenty of other FAQs that are superior in insight, detail, or depth of
coverage. They are just an FAQ that I hope will answer some questions
that have been troubling you.
These documents are currently maintained by James Farmer. If you have any
suggestions for additions or corrections, then feel free to send an email
to nanae-faq@twinlobber.org.uk
The latest versions of all of these documents can always be found at
<http://www.twinlobber.org.uk/antispam/faq/>
=========================================================================
--------------------------- 1.1 INTRODUCTION ----------------------------
=========================================================================
1.1.1 Whom is this document for?
This document is intended for anyone who feels confused about any of the
spamfighting techniques discussed in the news.admin.net-abuse.email
newsgroup. It aims to briefly summarise what each of the commonly used
techniques is, and provide links to sites where you can find more
detailed information.
This document is not a tutorial for spamfighters. While there is much
in here that will be of interest to a newcomer, reading this document
alone will teach you only what techniques you can employ to fight spam,
not how to use them.
1.1.2 What is spam and why do we fight it?
These are issues that are discussed in great depth in the second part of
this FAQ, "The Evils of Spam". However, to briefly summarise, spam is a
type of email that endangers the very existence of the email system by
threatening to overwhelm it with a massive and uncontrollable volume of
messages. Spam usually takes the form of advertising or promotional
material that arrives in your emailbox without you having requested it.
UBE (Unsolicited Bulk Email) and UCE (Unsolicited Commercial Email) are
terms that are often used to describe different types of spam.
RELATED LINKS
NANAE FAQ part 2: The Evils of Spam
<http://www.twinlobber.org.uk/antispam/faq/faq2.txt>
=========================================================================
------------------------ 1.2 BASIC SPAMFIGHTING -------------------------
=========================================================================
1.2.1 I've received some spam... what can I do?
Most people ignore the spam they receive. They either don't have the
time or the expertise to deal with it. Their decision is
understandable, but in the end inaction only helps the spammers because
they can point to statistics and say "I sent my spam to 7 million email
addresses and only 190 people complained so the other 6,999,810 must
have been happy to receive it".
Alternatively, spam-victims might try to use a spam's "remove address".
The concept here is that by sending a message to a given email address
you will tell the spammer to remove you from their mailing list.
However, these things almost universally fail to work. In the rare
cases where your "remove request" actually reaches the spammer, they'll
just take it as an indication that email sent to your address is
actually read by a human, and thus your address becomes _more_ valuable
to them, and they send you _more_ spam.
The best thing to do is: complain, complain, complain! Most ISPs have
Terms of Service (or Acceptable Use Policies) that forbid spamming, so
if you can tell the spammer's ISP that their customer broke these rules,
then you can get the spammer's account cancelled! As well as giving you
personal satisfaction, this will serve as a deterrent to this and other
spammers, and with any luck prevent him from profiting in any way from
his spam.
(As an aside, an ISP will sometimes try to "educate" a spammer before
terminating their account, as sometimes a company will send a spam
without considering the issues involved. This topic is explored in the
second part of this FAQ, "The Evils of Spam".)
RELATED LINKS
Elsop's How To Fight Spam Links
<http://www.elsop.com/wrc/nospam.htm>
1.2.2 How can I find a spammer's ISP?
The tricky bit is working out just who is the spammer's ISP. The
address in the "From:" field is almost certainly forged in order to
throw you off the scent (and may even belong to an innocent
third-party), so you have to learn to read the "full message headers",
which are a bit like a log of an email message's travels through the
internet. The spammer will try to forge these too, but in most cases
it's still pretty easy to work out which ISP the message came from.
Header-reading is beyond the scope of this document, but here are a few
links where you can find out more:
How do I get my email program to reveal the full headers?
<http://spamcop.net/fom-serve/cache/19.html>
Getting Full Headers
<http://www.chebucto.ns.ca/~af380/Antispam.html#fullheaders>
SPAM-L FAQ : Tracking Spam
<http://www.claws-and-paws.com/spam-l/tracking.html>
Reading Email Headers
<http://www.stopspam.org/email/headers/headers.html>
Dealing with Junk Email
<http://www.mcs.net/~jcr/junkemaildeal.html>
Tracking the Source of Email Spam
<http://www.rahul.net/falk/mailtrack.html>
EmailAbuse.org: Reporting Abuse
<http://www.emailabuse.org/report.asp>
BUT... when complaining, please remember that the people at the
spammer's ISP are not the bad guys. They didn't know their customer
would turn out to be a spammer. There is a great temptation to fire off
a few pages of verbal abuse, but remember that you are angry with the
spammer, not the abuse staff at his ISP. The spammer will have abused
them too, probably breaking their Terms of Service. And there is
nothing an ISP can do to prevent, completely, any chance of Internet
abuse emanating from their machines. So be polite. Point out what has
happened without dramatic or obscenity-clad embellishment. Hostile or
infantile behaviour will do you no good at this stage.
If the abuse staff sends you a response that is blatantly offensive,
then it may be time to revise your opinion of them (although always be
aware of the potential for a misunderstanding), but you should start out
from the assumption that these people are your friends.
Most abuse departments won't act against a spammer until a non-trivial
number of complaints have been received. This is because people
sometimes forget that they have signed up for legitimate mailing lists
or requested other types of email, and complain about it as spam. If
you are convinced that a message was spam but the spammer's ISP claims
that it wasn't, then there are further steps you can take. We will
discuss these in later sections of this document.
RELATED LINKS
Step-By-Step Spam Reporting
<http://www.whew.com/Spammers/reportspam_stepbystep.shtml>
Reporting Abuse to ISPs
<http://mail-abuse.org/rbl/notifyfaq.html>
1.2.3 Can I do anything about a spammer's website?
Assuming that the ISP agrees to take action, the spammer's account with
that ISP will often be cancelled. Unfortunately, the spammers have
caught on that their accounts rarely last long after they send their
spam, so they've taken to using cheap "throw-away" accounts, opened
solely for the purpose of sending spam which advertises ("spamvertises")
websites held on other providers. The spamming accounts will get
cancelled soon after the spam-run is complete, but the website will
remain intact and thus the spammer can safely benefit from their spam
(in terms of sales over the web, or clicks on banner advertisements, or
whatever). That's the idea, at any rate.
Largely, this doesn't work as most web-hosting companies have clauses in
their Terms of Service forbidding the use of spam to advertise the
websites they host. Sending a quick complaint to the hosting company
will often result in the spammer's website being removed.
But how to find the web-hosting company? The spammers may try to
conceal this, but there's one snag - they want potential customers to
reach their website, which means that the website's URL is probably
somewhere in the spam. Once you find it, you can use tools like
"traceroute" and "whois" to work out who's hosting the site. Here are
some useful online versions of these tools:
SamSpade
<http://www.samspade.org/>
UXN Spam Combat
<http://combat.uxn.com/>
But if you'd prefer to run them from your desktop, rather than surfing
over to a webpage every time you want to run a traceroute, then you can
download versions of the tools from these links:
SamSpade for Windows
<http://www.samspade.org/ssw/>
Net.Demon for Windows
<http://www.netdemon.net/>
"traceroute" is a tool that gives you the list of machines on the
Internet, where a message sent from the source machine to another
machine would pass through. "Whois" is a tool for looking up the owner
of a domain or IP address. A detailed look at either of these is beyond
the scope of this document, but again here are some useful links:
Whois Tutorial
<http://www.netdemon.net/tutorials/whois.txt>
Spam Tracking 103 - The Whois Tool
<http://www.rahul.net/falk/spamtrack103.html>
Traceroute Tutorial
<http://www.exit109.com/~jeremy/news/providers/traceroute.html>
Traceroute and Spam
<http://www.opus1.com/o/nospamtrace.html>
Death to Spam (includes a traceroute guide)
<http://www.mindworkshop.com/alchemy/nospam.html>
Tools to Help You
<http://www.chebucto.ns.ca/~af380/Antispam.html#astools>
NOTE: Make sure you know what you're doing before you start writing
complaints based on the results of tools like "traceroute" or "whois",
as it's very easy to make mistakes. If in doubt, ask in the newsgroup
for confirmation.
Spammers will often try to obscure the true address of their website by
spamvertising the address of an intermediate site or giving the address
in an obscure format, but in most cases it's pretty easy to work through
their tricks. We'll look at this in more detail in section 1.3.1.
1.2.4 What if the spam doesn't include a website?
Alternatively, the spam may not advertise a website and will instead be
soliciting replies by email. You can use the techniques described above
to work out who is hosting this email address and complain to the
provider, which will probably cancel the spammer's email account. Good,
eh?
1.2.5 What if the spam doesn't even include an email address?
A few spammers - particularly chain-letter spammers - don't include any
electronic ways of contacting them, giving only a postal address or a
telephone number in their spams. In these cases, there tends to be less
you can do.
Most postal addresses found in spams will actually be P.O. boxes (e.g.
Mailboxes Etc). Some of these mailbox providers may have rules against
business use or certain types of business uses (e.g. chain letters or
MLM); if so and you complain, they may take action.
In fact, chain letters soliciting money are illegal pyramid schemes in
many countries, so reporting them to the authorities may be a good idea.
For example, in the United States you can forward such chain letters to
your local postmaster or postal inspector, or the postmaster/postal
inspector local to each address on the chain letter, or present them to
the clerk at your local post office saying "I received this illegal
chain letter asking for money". You can also send them by email to
pyramid@ftc.gov or fraud@uspis.gov.
Incidentally, I do NOT recommend making personal visits to addresses
advertised in spams. Nothing good can come of such episodes. If you
desperately want to contact the spammer, send him a letter.
Many spams will include phone numbers you're supposed to call for more
information. Sometimes these will play recorded messages giving the
address of a website or an email address, in which case you can complain
to the relevent ISP as usual. In other cases, it can be worthwhile
checking the type of phone number it is - many spammers give
premium-rate numbers and don't include legally required warnings, in
which case you can complain the provider or the regulator or whatever is
relevant to the locality. (On this note, _always_ check the call
charges before calling a spamvertised phone number. If in doubt, don't
call it.)
Note that in many countries, a freephone number can still detect your
number even if you have call blocking enabled. Use a pay-phone if this
worries you.
By the way, if you call a spammer's phone number and actually reach the
spammer or his family, DON'T be abusive. It does no good and only makes
the spammer feel like the victim.
(Well that's all I know. Can anyone think of anything more for this
section?)
RELATED LINKS
U.S. Postal Inspection Service on Chain Letters
<http://www.usps.gov/websites/depart/inspect/chainlet.htm>
Mail Fraud Complaints
<http://www.usps.gov/websites/depart/inspect/fraud/MailFraudComplaint.htm>
1.2.6 Who else can I complain to?
The key with most spamfighting is summed up by this simple motto:
"Follow the Money". Have a look at the spam and the spammed website and
see how the spammer's intending to earn off it. Is he using an external
merchant to charge credit cards? If so, complain to them and often
they'll stop dealing with the spammer. Does he have banner ads? If so,
complain to the suppliers of the banner ads. If there's a form on the
spammer's website that sends information to an email address, complain
to the ISP of that email address. Most legitimate businesses on the
Internet aren't keen to sully their reputations by working with
spammers.
Remember: always be polite. The ISPs are not your enemies and a single
polite word will get you a lot farther than a screenful of abuse.
As an aside, the U.S. Federal Trade Commission has a project for
analysing and classifying spam, and have invited Internet users to
forward their spam to uce@ftc.gov. This won't help you in the
short-term but it could be of long-term benefit in the fight against
spam. They also occaisionally take action against outright scams that
are reported in this way.
1.2.7 What email address do I complain to?
At most ISPs, the address for sending complaints is
"abuse@<isp-domain>", e.g. abuse@rcn.com or abuse@yahoo.com. However, a
few ISPs have non-standard abuse department email addresses; in these
cases it can be hard to know where to send your complaint. To the
rescue comes abuse.net; a database of ISP abuse addresses. It can even
forward complaints automatically to the relevant abuse addresses if you
supply the complaint and the name of the Internet provider! Have a look
at <http://www.abuse.net/>
1.2.8 Can't this all be automated?
All this reading headers, working out webhosting providers, and so forth
is a pain. Spamcop is a service that aims to automate this process; you
give it your spam and it writes and mails the complaint for you.
Spamcop has a reputation for sending complaints to a few incorrect
places, so you have to keep an eye on what it's doing, but if you think
you might find it useful, then have a look at <http://www.spamcop.net/>.
(Note that www.spamcop.org has no relation to www.spamcop.net.)
1.2.9 Should I hack into the spammer's computer?
No; hacking is very seriously frowned upon by most of the anti-spamming
community. Apart from the fact that it's illegal, it allows the
spammers to portray themselves as honest businessmen being assaulted by
electronic terrorists. If we are to eliminate spam it is important that
we retain the moral high ground.
=========================================================================
----------------------- 1.3 ADVANCED SPAMFIGHTING -----------------------
=========================================================================
1.3.1 Spammer Tricks
1.3.1.1 What are these weird URLs?
Some spammers try to "obfuscate" the address of their website in order
to make it hard to see where to complain to. A number of common
tactics include:
* The Non-Dotted-Quad IP address
Most IP addresses have the "dotted-quad" form:
182.175.90.10
However, the IP address is also valid as one big decimal number,
e.g.:
3064945162
The spammer hopes that by giving you the address in this form,
you'll be confused. However, tools like traceroute and whois will
quite happily work on either dotted-quads or big decimal numbers.
If you're happier working with the dotted quads, there's a tool at
<http://combat.uxn.com/> that will convert back to them.
IP addresses can also be represented in Octal (prefixed '0') or
hexadecimal (prefixed '0x'), or even as a mixture of these within a
dotted quad, in which case the above IP address might become:
0266.0xaf.0x5a.012
The key thing to remember is that if it works in your web browser,
it'll work in traceroute and whois too, so all this obfuscation by
the spammer is really a wasted effort on their part. What a shame.
:)
* The Really Long Dotted-Quad IP address
The dotted-quad I.P. address is just a way of representing a 32-bit
number using four 8-bit numbers. It's a bit like the way you might
right "1153" as one thousand, one hundred, five tens and three
units. Now, in a dotted-quad only the lowest eight bits of each
number are significant - to continue the above analogy, if we had
"one thousand, twenty-one hundreds, five tens and three units",
we'd discard the "twenty" from the "hundreds" column (because that
would mean an extra two thousands and if we really wanted them we'd
have put them in the "thousands" column, so it must be an error,
right?) and still be left with the number "1153".
Some spammers make use of this by setting the high-bits of the four
numbers in the dotted quad to make the I.P. address rather long and
confusing. For example:
http://10889035741470030830827987437816582766808.41538374868278621028243970633761010.91343852333181432387730302044767688728495784090.5444517870735015415413993718908291383522/
It looks daunting, but dealing with it is quite simple. Just take
each of the four dotted quads and ignore all but the eight lowest
bits (ie divide each by 256 and take the remainder). In the example
above, you'll end up with:
http://216.242.154.226/
and from here you've got the I.P. address and can continue as
normal.
Alternatively, the URL de-obfuscator at <http://combat.uxn.com/>
will happily decode this kind of really-long-dotted-quad URL for
you.
* The Username Trick
You can specify a username and password in a URL using the @
symbol. For example:
http://jjf:fred@www.myreallysecurewebsite.com/
will log me into www.myreallysecurewebsite.com using the username
"jjf" and the password "fred". But if
www.myreallysecurewebsite.com didn't need a username & password,
the username & password are ignored. Spammers use this to conceal
their website's location. For example, is the following website
located on members.aol.com or www.twinlobber.org.uk?
http://members.aol.com@www.twinlobber.org.uk/ispammedyou/
If you know this trick, it's fairly easy to see through it, so the
spammers have now taken to trying a double-bluff. The username has
to come before the first slash after the "http://" bit, and so the
spammers try things like this:
http://members.aol.com/@www.twinlobber.org.uk/ispammedyou/
This URL references the directory
"@www.twinlobber.org.uk/ispammedyou" at members.aol.com, not a
website at www.twinlobber.org.uk itself.
Many of the URL de-obfuscation tools given below for decoding
Javascript-encoded URLs will also deal with this trick.
* JavaScript
A _really_ nasty technique is to encode the URL in JavaScript; this
can result in URLs that look to you and me like absolute
gobbledegook!
Fortunately, help is at hand. Have a look at these resources:
net.demon URL Decoder
<http://www.netdemon.net/decode.html>
SamSpade URLomatic
<http://www.samspade.org/t/url.cgi>
De-obfuscating JavaScript
<http://www.samspade.org/d/javascript.html>
URL Revealer
<http://javascript.internet.com/equivalents/url-revealer.html>
Downloadable Spam Decoder
<http://spamdecode.homestead.com/>
1.3.1.2 Is the spammer's URL always the place to complain to?
Spammers know that no matter how hard they try to mangle their URL in
the manner described above, some people will be able to decode them.
Therefore, they sometimes try to hide their websites using other
methods as well...
* Page Redirections
Another tactic favoured by some spammers is to spamvertise one URL
but have that URL "redirect" visitors to another. In this way, the
spammer hopes to confuse us, to misdirect complaints, and if the
site that's redirected to is taken down he can just change the
redirection page to point to another, identical site and still
profit from his spam run.
Fortunately, in most cases, page redirection can be followed simply
by looking in your browser's history window. Once you recognise
this, the thing to do is complain to the hosters of both the
redirecting website _and_ the website it redirects to.
* Frames
A variant on the Page Redirection trick is to have a webpage on one
site that contains a frame around a webpage on a second site; this
way "Location:" field of the browser will contain the URL of the
first site (the one containing the frame) and not the URL of the
second site (the one containing the actual content). In Netscape,
you can get the URL of the second site by selecting "Page Info"
from the "View" menu; in Internet Explorer, right-click on the
webpage and select "Properties".
1.3.1.3 Why does the spammer's website's source code look so weird?
Many spammers have learned that anti-spammers get important
information about their operations from the source code of their
website. So they've taken to encoding their webpages in JavaScript;
this is decoded into HTML by your web-browser in order to display the
page, but when you try to look at the source you just see
gobbledegook-like Javascript.
Fortunately, help is at hand. Have a look at these resources:
Encrypted-HTML Decryption Tools
<http://www.swishweb.com/dec.shtml>
De-obfuscating JavaScript
<http://www.samspade.org/d/javascript.html>
SamSpade JavaScript Browser
<http://samspade.org/t/js.cgi>
Net.Demon Haywyre Decoder
<http://www.netdemon.net/haywyre/>
Decrypt URLencoded HTML sources
<http://www.elfqrin.com/urlenchtmldecrypt.html>
Downloadable Spam Decoder
<http://spamdecode.homestead.com/>
Alternatively, users of Internet Explorer 5.x can install the
"Microsoft Web Developer Accessories" add-on from Microsoft. With this
tool you can highlight a portion or all of a webpage, right-click (or
shift+F10) and select "View Partial Source". You now see the plain
HTML that the spammer's JavaScript sent to your browser.
1.3.1.4 How can I stop a spammers' website doing bad things to my
computer?
Some spammers' websites can do some quite nasty tricks, such as
switching Internet Explorer to full-screen mode and not letting you
escape, or opening lots of pop-ups, or re-opening the site every time
you try to leave it, and so forth. If you use IE, you can put the
spammer's site in "Restricted Mode" which will disable all JavaScript,
Java, ActiveX, cookies and anything else on the site the spammer will
try to trick or trap you with. In other browsers you can disable
JavaScript and Java from the configuration window. For more
information see:
Improving Security in IE5 and OE5
<http://home.att.net/~shadow.fox/Disabling_IE_Security_Flaws.html>
You can also use the advert-removing program WebWasher to prevent
abusive JavaScript code from executing. Look for it at
<http://www.webwasher.com>.
However, beware; some spammers know that many anti-spammers surf with
JavaScript permanently disabled and have written websites that look as
if they have been killed if JavaScript is disabled yet are still fully
functional for surfers with JavaScript enabled. Some other spammers
websites will immediately redirect you elsewhere if they detect you
have disabled JavaScript.
1.3.1.5 What if a spammer's website has disabled right-click?
Spammers know that anti-spammers get a lot of information about their
revenue chains by looking at the source code of their website. So
they have taken to writing little bits of JavaScript that intercept
right-mouse-clicks on their webpage to prevent the context-sensitive
menu containing the "view source" option in Netscape and Internet
Explorer from appearing.
This can, of course, be circumvented by deactivating JavaScript in
your browser, but there is also a simpler solution, as the "view" menu
on the menu bar allows you to bring up the page source in some
versions IE and Netscape. Alternatively, Shift+F10 will simulate a
right-click in some browsers. Some Windows keyboards also have a
"context-sensitive menu key" which can be used to call up the menu
you'd normally get by right-clicking. Note that some spammer's
webpages will now intercept these keypresses as well as the
right-click, but the "view" menu on the menu bar should still work.
1.3.2 What can I do about Spam-Supporting ISPs?
Most ISPs hate spam. Sometimes, however, you'll come across an ISP that
is either utterly clueless or refuses point-blank to act against its
spamming customers. In these cases, there are a number of steps you can
undertake.
1.3.2.1 Research
The first step is to check the archives to see whether anyone else is
having a problem with this spammer or with this ISP. If you can
contact others who are having the same problems as you, you can pool
your resources to better achieve an affect.
1.3.2.1.1 news.admin.net-abuse.sightings & groups.google.com
news.admin.net-abuse.sightings is a newsgroup for reporting - not
discussing - instances of Internet abuse. The idea is that
anti-spammers post instances of the spam they see to this newsgroup,
and then other anti-spammers can look in this newsgroup to see if
other people are getting the same spam as they.
But it gets better. Google's newsgroup archiving service at
<http://groups.google.com/> archives most postings to
news.admin.net-abuse.sightings (along with most postings to most
newsgroups); you can use the advanced search feature to search these
archives for instances of a particular spam! For example, if you've
received a spam advertising the website
"www.iamareallybadassspammer.com" you could search for
"www.iamareallybadassspammer.com" in the forum (Google-speak for
"newsgroup") "news.admin.net-abuse.sightings" and find some other
people who have been spammed by that spammer.
Incidentally, the Google archives for news.admin.net-abuse.email are
also a very useful resource for priming yourself on specific issues.
There are few new ideas; most spam-related issues will have been
discussed in this newsgroup at some point or another, and many
spammers have too.
RELATED LINKS
Spamfighting 102 - The Many Uses of DejaNews
<http://samspade.org/ssw/help/d_spam102.htm>
news.admin.net-abuse.sightings Charter
<http://www.killfile.org/~tskirvin/nana/nanas-charter.html>
Google's Advanced Newsgroups Search
<http://groups.google.com/advanced_group_search>
1.3.2.1.2 Halls of Shame
news.admin.net-abuse.sightings is a very useful resource but
sometimes you need something a little more structured. Unlikely as
it may seem, there are anti-spammers who dedicate whole websites to
keeping track of the unrepentant spammers and those who run
spam-support services. These can be very useful in discovering a
spammer's M.O., or just why you're having trouble getting a
spammer's account at a certain ISP killed. Here's just a handful of
such sites...
The Spamhaus Project tracks spam support services and spam-friendly
ISPs, and displays the results in a number of easy-to-navigate
formats, with links to "whois" information, relevant abuse
addresses, and the like. As well as currently-active spamhausen it
lists deceased spamhausen, including how many times they have been
terminated and by which ISPs, and when. There's even a "league" of
leading spam-support services.
The Spamhaus Project
<http://www.spamhaus.org/>
In a similar vein is Sapient Fridge's Spamware Sites Listing; a list
of websites that are selling Spamware or supporting Spam in other
material ways, each coming with various service providers (with
cross-references), handy links to traceroute tools, and their status
with the RBL.
Sapient Fridge's Spamware Sites Listing!
<http://www.spamsites.org/>
The Spammer Quick Reference Guide has by no means as many technical
whizz-bangs, but it looks like a quite useful list of who's spamming
what.
Spammer Quick Reference
<http://www.rahul.net/falk/quickrefa.html>
ROKSO is a good reference of hard-core spam operations that get
thrown off Internet providers time after time after time.
ROKSO (Register of Known Spam Operations)
<http://www.spamhaus.org/rokso/index.lasso>
whew.com has a database of postal addresses and phone numbers
advertised in spams...
Spammer Addresses & Phone Numbers
<http://www.whew.com/spammers/spamaddresses.shtml>
In less general terms, Worldwide Online publishes a list of spammers
they've told to stop spamming them.
What is Worldwide Online doing to Stop Spam?
<http://www.wwonline.com/spammers.html>
1.3.2.1.3 Posting in news.admin.net-abuse.email
If this research turns up a blank, then don't forget that a great
way to contact other spamfighters about a suspected spam-supporting
ISP is to post in news.admin.net-abuse.email.
1.3.2.2 Education
Sometimes an ISP will support their spamming customer simply because
the ISP themselves don't realise that spam is bad. In these cases, it
may be worthwhile taking time to briefly explain (patiently and
without expletives) the problems around spam and why the ISP should
take action against their spamming customers.
If you try this, you'll soon be able to tell whether an ISP is
genuinely ignorant and confused or is purposefully supporting spam.
1.3.2.2.1 What if the ISP doesn't speak English?
There are an increasing number of ISPs, most notably those in the
Far East, but also some in Europe and other parts of the
non-English-speaking majority of this planet, where the technical
contacts don't speak English. This can obviously lead to a
communication difficulty if you yourself aren't fluent in their
native language.
One solution is to use the Babelfish automatic translation service,
but this technology can be a little flakey at times. It's probably
better to get a bilingual friend to translate for you if at all
possible.
For persistant spammers from foreign countries, you may be able to
seek help from some of the foreign-language email abuse newsgroups,
such as:
it.news.net-abuse - Italian net abuse newsgroup
fr.usenet.abus.d - French net abuse newsgroup
de.admin.net-abuse.mail - German net-abuse newsgroup
hr.news.net-abuse - Hungarian I *think*
As a last resort, there are some anti-spam documents written in
non-English languages, to which you may be able to refer
non-English-speaching providers.
RELATED LINKS
BabelFish translation service
<http://babelfish.altavista.com/>
Chinese Spam FAQ
<http://www.ofta.gov.hk/chinese/junk-email/chi_page1.htm>
Japanese Anti-Relay Links
<http://www.chebucto.ns.ca/~af380/boilerplates.html#JapanRelay>
Italian Spamfighting Tutorial
<http://collinelli.virtualave.net/antispam/>
French Anti-spam FAQ
<http://www.usenet-fr.net/fur/usenet/abus/reagir-conseils.html>
German Header-Reading Tutorial
<http://www.th-h.de/faq/headrfaq.html>
Esperanto Anti-Spam FAQ
<http://www.esperanto.net/veb/spam-faq.html>
(All suggestions for this section gratefully received!)
1.3.2.3 Contact their Upstream
An ISP's "upstream" is a bit like an ISP's ISP. Apart from a few very
large ISPs called "backbones", every ISP purchases its connectivity
with the rest of the Internet from one or more other ISPs, which are
called the "upstreams" of the first ISP. Many of these upstreams will
have clauses in their contracts about spam, and if you can show them
that their customer is allowing spam to come through their networks,
they may well cut them off or pressure them to take action.
Occasionally, you'll find that a spammer has tricked you into thinking
you're complaining to their ISP when really you're complaining to the
spammer himself. In these cases, by going upstream you'll find the
spammer's real ISP.
If an upstream provider refuses to act, you can try _their_ upstream
provider, and so forth until you reach a backbone.
1.3.2.4 Publicise their Spam-Supporting
Spam is unpopular, so if you publicise the fact that a large
organisation is supporting spam, then you may be able to force them to
change their mind. A posting about them in news.admin.net-abuse.email
is a good place to start. If the provider has their own newsgroups,
then possibly one of them might be appropriate for a posting too. And
then, if you're really determined, you can move on to online
magazines, newspapers, and so forth.
1.3.2.5 Submit an RBL Nomination
Before we start, I have been asked to emphasize that where not
otherwise specified, everything in this section is the personal
opinion of the FAQ-maintainer and should not be considered to be
statements on behalf of MAPS, whose policies are set out at the
website <http://www.mail-abuse.org/>
We'll discuss the MAPS RBL in more detail in the "Spam Prevention"
section a little later; to quote from
<http://www.mail-abuse.org/rbl/rationale.html>, however - "The MAPS
(Mail Abuse Prevention System) RBL (Realtime Blackhole List) is a list
of networks which are known to be friendly, or at least neutral, to
spammers who use these networks either to originate or relay spam. As
we discover such networks, we deny them access to the part of the
Internet that we are paying for. Because our research into the
attitudes and policies of network owners is hard to duplicate, many
dozens of other network owners have asked for and are now receiving a
real time mirror of our MAPS RBL. "
These measures serve to exert pressure on a spam-supporting provider
to clean up their act, in addition to protecting parts of the Internet
from their spam. MAPS themselves actively work to encourage providers
whose machines are on the RBL to reform and thus escape the RBL.
Many entries on the RBL come about as a result of nominations from
members of the general public. If you can't touch a spam-supporting
provider by any other legal means, then nominating them for the RBL
may be appropriate. Preparing an RBL nomination does not require a
great deal of technical knowledge but it does require some time and
effort. For full information on how to nominate a provider for the
RBL, see the following resource:
Reporting Abuse to the MAPS RBL team
<http://mail-abuse.org/rbl/reporting.html>
There is a mailing list for discussion of potential RBL nominations.
To join, just send a message to:
rbl-nominate@NorthShoreTechnologies.net
with the command
subscribe rbl-nominate
in the body of the message. You will be required to confirm your
subscription, of course.
1.3.2.6 Bitching
A very controversial tactic is that sponsored by
<http://www.bitch-list.net>. This is a service a little like
abuse.net, except that it forwards email to _every_ known contact
address for abusive and unresponsive ISPs. The idea is that by
forwarding abuse reports to as many officials and unrelated
departments as possible, the message will get through somehow.
However, this is considered by many (including the faq-maintainer) to
be sending Unsolicited Bulk Email and thus wrong. And even if you can
get over that moral hurdle, it is extremely impolite.
=========================================================================
------------------------- 1.4 SPAM PREVENTION ---------------------------
=========================================================================
Spamfighting is very important for reducing the amount of spam we'll all
receive in the future but it doesn't do much to affect your spam intake
for today. This section looks at some popular methods that are used to
reduce the amount of spam currently ending up in mailboxes.
RELATED LINKS
Abuse Prevention
<http://www.emailabuse.org/prevent.asp>
SPAM-L FAQ: Blocking Spam
<http://www.claws-and-paws.com/spam-l/blocking.html>
Blocking Spam Relaying and Junk Mail (rather technical)
<http://www.jtap.ac.uk/reports/htm/jtap-040.html>
1.4.1 How can an individual reduce the amount of spam they get?
1.4.1.1 How do spammers get our email addresses?
The obvious way to reduce the amount of spam you receive is to make
sure that spammers don't have your email address! Before we can go
further with this, however, we must learn how spammers get hold of
email addresses in the first place. As it turns out, there are five
main ways:
* They pick them up when they're used publicly on the Internet, e.g.
in a newsgroup posting or on a webpage. This is by far the most
common way, and is known as "harvesting". Using your email address
in a newsgroup or on a webpage is generally understood to solicit
personal, topical replies from individuals, but is not a
solicitation to receive broadcast advertising.
* They buy a CD of addresses from another spammer. These addresses
were probably harvested from newsgroups or webpages in the manner
described above, and are often years out-of-date to boot. As the
saying goes, there is no honour among thieves...
* They guess them. For example, it's a fair bet that
"joe@example.com" could be a valid email address, although there's
no way of knowing to whom it leads. When spammers concentrate this
technique on one domain it is sometimes called a "dictionary
attack". (As it happens, joe@example.com isn't a valid email
address, because "example.com" is a domain reserved for testing and
examples.)
* Our ISPs sell them our email addresses. This is extremely rare.
* We give them to them. Always carefully read the privacy policy of
any website before you give your email address to it, as sometimes
email addresses are passed on or used for purposes other than those
we intended when we gave them.
For a more detailed look at how spammers find email addresses, have a
look at this document:
FAQ: How do spammers get people's email addresses?
<http://www.faqs.org/faqs/net-abuse-faq/harvest/>
1.4.1.2 Choose a non-obvious email address
Some spammers guess email addresses, so it may be a good idea to use
something that spammers can't guess easily. For example, instead of
joe@example.com, why not have joe34z@example.com?
1.4.1.3 Be careful with your email address
The only way to totally eliminate the chance of receiving spam is not
to have an emailbox. Even if you have an emailbox and never ever show
your email address to anyone else, there's still the chance that a
spammer might guess your email address. However, there are a few less
extreme steps you can take to at least reduce the amount of spam you
receive...
* Never, ever give your email address to a company you do not trust
entirely. If in doubt, open a free email account with a web-based
provider such as hotmail.com and use that address for communicating
with the company; that way, if they do spam, you can close the
account and you've only lost a free email account you weren't using
for anything else.
* Never, ever post to usenet using an unmunged email address you care
about. Use a throw-away address from a free email provider or
munge your email address as described in 1.4.1.4. (Some people
have reported that you can reduce spam without impacting upon the
ease of contacting you, by posting with a munged From: address or
an unmunged Reply-To: address, but I can't believe the spammers
won't catch on to this eventually.)
* Never, ever allow your email address to appear on a website,
including on a web-based discussion board.
Some people concerned about privacy enter made-up email addresses into
online application forms and the like. This seems like a good idea,
but it is important to make sure that the made-up domain you use
doesn't actually belong to anyone, otherwise you'll just be sending
spam to the innocent third-party who owns it. This can become a very
serious problem for the owners of some domains popularly used in such
forms.
BAD MADE-UP EMAIL ADDRESS: walt@disney.com
go@away.com
GOOD MADE-UP EMAIL ADDRESS: go@away.invalid
There are several free mail-forwarding services that can be used to
reduce your spam-level. The idea is simple; you give a different mail
forwarding email address to each company that asks for your email
address, and the mail forwarder forwards all mail to these addresses
to your usual mailbox. If a company ever starts to spam you, you just
disable the forwarding address you gave them and you won't get their
spam, without affecting your other incoming mail. Companies who
provide this service include:
SpamEx
<http://www.spamex.com>
Sneakemail
<http://www.sneakemail.com>
Spam Motel
<http://www.spammotel.com>
Despammed (filters mail using the MAPS and ORBS blackhole lists)
<http://www.despammed.com>
1.4.1.4 Address Munging
"Munging" is the act of mangling your email address so that it can
still be read by a human but cannot be automatically harvested by
spammers.
For example, my email address:
jjf@mungedeg.twinlobber.org.uk
Could be munged into any of the following:
jjf<at>mungedeg<dot>twinlobber<dot>org<dot>uk
jjf@mungedeg.twinlobber.org.uk.REMOVETHISTOSENDEMAIL
jjf@NOSPAM.mungedeg.twinlobber.org.uk.NOSPAM
fjj@ku.gro.rebbolniwt.gedegnum.REVERSE-TO-SEND-EMAIL
When munging, you have to be careful not to accidentally munge your
own email address so that it's identical to someone else's, and should
always munge the bits to the RIGHT of the @-sign and not just the bits
to the LEFT (otherwise your ISP will still get your spam even if you
don't yourself). Also, you should ensure that your munged domain name
is NOT an existing domain (else the poor sod who owns it could get
your spam).
Recent drafts of the Usenet message format RFC specifies that the
From: line of a newsgroup posting must contain either a valid email
address or an email address ending in ".invalid". Your munged email
address should really comply with this forthcoming standard, e.g.:
jjf@REMOVE-CAPS-AND-INVALID.mungedeg.twinlobber.org.uk.invalid
Note that some spammers now have harvesting software that can remove
widely-used munges like "NOSPAM".
RELATED LINKS
Address Munging FAQ
<http://members.aol.com/emailfaq/mungfaq.html>
1.4.1.5 Whitelisting
Some ISPs forbid their customers from using a munged email address.
In these cases, whitelisting can be an alternative. In this, you set
up your mail account such that some given word or string of characters
must be in the subject line for any mail to be accepted, and then you
explain this in any newsgroup postings and webpages containing your
address. This way people can respond to you, but spam will be deleted
from the server without you having to spend time downloading and
reading it. This works especially well with webpages, e.g. use:
<A HREF="mailto:unmunged@example.com?Subject=FRIENDLYMAIL: Comments
about my webpage">Send me email!</A>
Then kill any mail that doesn't have FRIENDLYMAIL: in the subject line
and have the rest forwarded to your real email address.
1.4.1.6 Filtering
You can filter your personal email if you wish, deleting messages
based upon the appearance of certain strings of characters or based
upon the sender. For example, depending upon your tastes, it may be a
fair bet that any message with "FREE LIVE SEX" in the subject line is
spam. The risk of filtering, of course, is that some non-spam mail
will accidentally trigger these filters (perhaps by someone trying to
discuss a piece of spam with you?) and this legitimate email will get
deleted too. In order to prevent this, some people just filter
suspected spam into a separate folder, which they clean out by hand
from time to time.
RELATED LINKS
The Spam Bouncer
<http://www.spambouncer.org/>
1.4.2 How can an ISP reduce the amount of spam their customers get?
1.4.2.1 Stop Accepting All Email
This will immediately reduce the spam intake of their customers to
zero. Unfortunately, it also destroys email as a usable communication
medium. In order to prevent this becoming necessary whilst still
taking action to reduce their customers' spam levels, many ISPs adopt
policies that are midway between blocking everything and doing
nothing...
1.4.2.2 Filtering
One tactic used by some ISPs to cut down on spam is filtering. The
ISP scans incoming mail and any messages that match the pattern of a
known piece of spam are discarded. The big danger with filtering is
that of false positives; users are unlikely to be very pleased if some
non-spam mails are mistaken for spam by the filter and never arrive.
1.4.2.3 Blackholing
Blackholing (or Blacklisting) is a variation on filtering whereby an
ISP refuses to accept any email from machines that have a reputation
for producing a disproportionate amount of spam. Many administrators
have had some success with this tactic, although there are two main
problems with it: firstly, someone will have to add more spam-sending
machines to their list as more emerge if the effectiveness of the list
is to be maintained, and secondly it is hard for the ISP to know when
a machine on the list has reformed and is no longer emitting spam.
Of course, with any type of blackholing, any legitimate email from
machines on the blackhole list will be lost along with the spam
emails.
1.4.2.4 Lists
There are several publically available lists of machines that many
ISPs use for blackholing as described above. Having a reliable third
party manage such a list neatly avoids the ISP having to take
responsibility for maintaining a blackholing list, although it does
raise censorship concerns for some people. The oft-repeated mantra in
such discussions is that the list maintainers are not actually
blocking email at third-party ISPs; rather, the ISPs themselves are
blocking the email.
However, the influence of these lists can itself be a powerful weapon
in the war on spam; many organisations will reform or fix their
problems rather than risk remaining on one of these lists.
1.4.2.4.1 MAPS
I have been asked to emphasize that where not otherwise specified,
everything in this section is the personal opinion of the
FAQ-maintainer and should not be considered to be statements on
behalf of MAPS, whose policies are set out at the website
<http://www.mail-abuse.org/>
MAPS (Mail Abuse Prevention Systems) LLC is a not-for-profit
organisation which has in recent years become an important combatant
in the battle against email abuse. Amongst other things, MAPS
publishes non-definitive lists of IP addresses classified according
to various criteria. It is commonly believed that many Internet
Providers and others use some or all of these lists, in a variety of
ways, in order to reduce the amount of spam received by them or
their customers.
Among the lists maintained by MAPS are:
* MAPS RBL - To quote from
<http://www.mail-abuse.org/rbl/rationale.html> - "The MAPS (Mail
Abuse Prevention System) RBL (Realtime Blackhole List) is a list
of networks which are known to be friendly, or at least neutral,
to spammers who use these networks either to originate or relay
spam. As we discover such networks, we deny them access to the
part,of the Internet that we are paying for. Because our research
into the attitudes and policies of network owners is hard to
duplicate, many dozens of other network owners have asked for and
are now receiving a real time mirror of our MAPS RBL."
* MAPS RSS - "Relay Spam Stopper", an initiative aimed at the
problem of spam sent through open mailservers (see 3.4.1 in the
Understanding NANAE chapter of this FAQ for information on open
mailservers). To quote from <http://mail-abuse.org/rss/> - "The
MAPS Relay Spam Stopper (RSS) is a freely queryable DNS-based
database of spam-relaying mail servers. If you run your own mail
server, you can configure it to utilize our list, if you'd like
to refuse mail from these types of servers."
* MAPS DUL - "Dial-up User List". Quoting from
<http://mail-abuse.org/dul/> - "The MAPS DUL lists dial-up and
other dynamically assigned IP addresses for the convenience of
mail administrators wishing to stop this trespassing, and for
Internet providers to help prevent trespassing from their
networks by volunteering their dial-up information to us.".
Because most legitimate (non-spam) email is sent via an ISP's
mailserver, rather than directly from a dynamically-assigned IP
address, blocking email from machines on the DUL can reduce the
amount of spam received. Note that machines on the DUL have not
necessarily ever been used for abusive purposes.
1.4.2.4.2 ORBS
ORBS was a validated list of open mail relays (see section 3.4.1 in
the "Understanding NANAE" part of this FAQ) and other types of
system. Many Internet Providers and others choose to refuse to
receive email from machines on this list, on the grounds that such
email may be spam. By doing this they:
1) Reduce the amount of spam they and their customers receive.
2) Apply pressure to those running open relays to close them.
Other Internet providers choose simply to flag or statistically
count mail coming from machines on the list.
ORBS could be a rather controversial entity, and long and robust
discussions of it often broke out in news.admin.net-abuse.email.
Rather than go into the details here, this FAQ maintainer recommends
that you use Google.com to sample the opinions on both sides of the
argument and form your own views if you're interested.
1.4.2.4.2.1 Did ORBS die in June 2001?
Probably. There's been a great deal of conjecture but the facts
seem to be as follows:
* In early June 2001, two New Zealand ISPs went to court to force
ORBS to remove (allegedly erroneous) entries for their
mailservers from their list. The court upheld their complaint.
* Thereafter Alan Brown of ORBS posted a public apology to these
ISPs which also included the announcement that for unrelated
reasons ORBS was closing immediately.
There has been a great deal of conjecture about whether the timing
of the closure of ORBS was entirely coincidental with this court
case, but I haven't seen any evidence to suggest otherwise. And I
have seen it suggested that Mr Brown was having problems with his
own ISP anyway.
There has been no indication that ORBS will be returning. Several
other organisations have stepped up to fill the breach left by
ORBS:
ORBL
<http://www.orbl.org/>
ORBZ/ORB UK
<http://www.gst-group.co.uk/orbs/>
ORDB
<http://www.ordb.org/>
More information will be forthcoming once the situation has
stabilised.
RELATED LINKS
ORBS now split into three!
<http://www.theregister.co.uk/content/6/19802.html>
1.4.3 How can an ISP reduce the amount of spam their customers send?
With difficulty. However, experience has shown that there are a few
things that can make a difference...
* If an ISP has a reputation for dealing with spammers quickly and
decisively, many spammers will avoid them. If spammers are dealt
with very rapidly indeed, the ISP may be able to shut down a spam-run
before it has completed.
* An ISP can have a clause in their terms of service that allows them
to charge "clean-up fees" to any customers that send spam.
Unfortunately, many spammers sign up using stolen credit-card
numbers, and in these cases clean-up fees aren't much of a deterrent.
It can be messy to collect clean-up fees, too.
* An ISP can implement "port 25 filtering" (see 3.4.2 in "Understanding
NANAE") to prevent their customers from spamming via open relays.
Note that this, however, will prevent their customers from using
external mailservers for legitimate reasons too.
=========================================================================
------------------------ 1.5 ABOUT ANTISPAMMERS -------------------------
=========================================================================
1.5.1 Why do anti-spammers fight spam?
There's no collective answer to this - different people will have
different motivations. However, three of the most common ones are:
1) Fear. We've calculated our email boxes will become useless if spam
becomes a widespread marketing method, and we don't like the idea.
2) Anger. We don't like people stealing our computer resources and so
we're going to defend ourselves.
3) Altruism. We want to make the Internet a better place.
1.5.2 Aren't anti-spammers just a load of anti-business communists?
No. Some anti-spammers own businesses, and most of the rest work for
businesses. Anti-spammers are generally NOT anti-business. In fact,
many anti-spammers happen to believe that businesses that cannot survive
without stealing the computing resources of others (i.e. spamming)
should go the way of the dodo. It's called "capitalism".
1.5.3 Aren't anti-spammers just a load of anti-commerce net-nazis?
See 1.5.2 above.
;
1.5.4 Don't anti-spammers just want to control email on the Internet?
No. Controlling all email on the Internet, apart from being a practical
impossibility due to the distributed nature of the system, would be an
extremely big job to undertake purely to satiate a few egos.
1.5.5 Why don't anti-spammers spend their time stamping out porn instead?
Porn isn't what gets anti-spammers hot-under-the-collar; spam is.
Anti-spammers are drawn from a surprising cross-section of society and
you'll find that they hold wildly divergent views about the contentious
issues of the day, pornography included. However, they are drawn
together by the simple opinion that spam endangers the email system,
which they really rather like.
1.5.6 Why don't you anti-spammers just get a life?
We have lives. Part of our lives involve sending and receiving email
and so we want to protect this when it is endangered.
1.5.7 Are anti-spammers all Systems Administrators?
Sometimes, when reading news.admin.net-abuse.email, you can get the
impression that in order to be an anti-spammer you have to be a
technical wizard and run your own mailserver. This isn't the case at
all, and the point to remember here is that the only people who
contribute to highly-technical discussions will be those with
highly-technical knowledge, but this doesn't mean that there's not
less-technically-minded people reading.
Anti-spammers tend to be drawn from many sectors of life with many
different types of knowledge. Some do run their own networks and their
own mailservers, but many do not. This FAQ-maintainer, for example, is
a Java programmer. Many anti-spammers don't even work in the computer
industry; they can be florists or brick-layers, brain surgeons or
secretaries. It doesn't matter. The skills needed for most
spamfighting are fairly easy to learn and the more voices that are heard
on this issue, the better.
1.5.8 If you anti-spammers are so smart, why am I still getting spam?
So who said we were smart? ;-)
As a problem, spam has not been solved. We will probably never be able
to completely eliminate spam from this world, any more than we can
expect to eliminate robbery, assault, or bad music. Realistically, our
aim must be to reduce the spam levels as much as possible, to a level
where it doesn't greatly impinge on the usability of electronic mail.
That's an achievable goal. We aren't there yet, and we have a long way
to go, but we've come a long way too. Someday, someway, we _will_ get
there.
=========================================================================
------------------------------- CREDITS ---------------------------------
=========================================================================
No document of this magnitude can be the work of only one man. I would
like to thank everyone who offered ideas and suggestions, everyone who
pointed out grammatical errors and gaps in my logic, and places where I
was just plain getting things wrong. This wouldn't have been possible
without you, people.
Thanks also to Paul Anderson for giving the document an official
proof-read.
=========================================================================
----------------------------- USE POLICY --------------------------------
=========================================================================
You may copy and redistribute this FAQ in unmodified form by any means or
media you see fit.
You may modify the presentation of this FAQ as you see fit, so long as the
content remains unaltered.
You may modify the content of this FAQ so long as you appropriately credit
both your changes and the original authors of this FAQ. At a minimum, the
link to the FAQ's website _must_ remain in place.
User Contributions:
[ Usenet FAQs | Web FAQs | Documents | RFC Index ]
Send corrections/additions to the FAQ Maintainer: nanae-faq@usenet.twinlobber.org.uk (James Farmer, FAQ maintainer)
Last Update March 27 2014 @ 02:11 PM
|
news.admin.net-abuse.email FAQ (1/3): Spamfighting Overview
Search the FAQ Archives
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
news.admin.net-abuse.email FAQ (1/3): Spamfighting Overview
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Schools ]
Comment about this article, ask questions, or add new information about this topic: