|
Archive-name: net-abuse-faq/email/terminology
Posting-Frequency: bi-weekly Last-modified: 07-Jul-2001 URL: http://www.twinlobber.org.uk/antispam/faq/faq3.txt Maintainer: James Farmer <nanae-faq@usenet.twinlobber.org.uk> See reader questions & answers on this topic! - Help others by sharing your knowledge
==========================================================================
An FAQ For news.admin.net-abuse.email
Part 3: Understanding news.admin.net-abuse.email
==========================================================================
TABLE OF CONTENTS
Recent Changes
Disclaimer
Preface
3.1 About This Newsgroup
3.1.1 What can be discussed in news.admin.net-abuse.email?
3.1.2 Can anyone join in?
3.1.3 What if I've got a new idea to end spam forever?
3.1.4 What's with all these nonsense posts and reposts?
3.2 Colloquialisms
3.2.1 What is "nanae"? "nanau"? "nanas"?
3.2.2 Why does the word "spam" apply to junk email?
3.2.3 What is a LART? What is a mallet?
3.2.4 What's an "ack"? What's an "auto-ack"?
3.2.5 What's a "throw-away"?
3.2.6 What does it mean if a website is "404-compliant"?
3.2.7 What's a TOS? What's an AUP?
3.2.8 What does "bulletproof" mean?
3.2.9 What's a "spamhaus"?
3.2.10 What's a "pink contract"?
3.2.11 What is "spamware"?
3.2.12 What is "mainsleaze"?
3.2.13 What is "TRUSTe"?
3.2.14 What's all this s/something/somethingelse/ stuff mean?
3.2.15 What do ^H and ^W mean?
3.2.16 What's a "sam-o-gram"?
3.2.17 What is "Afterburner"?
3.2.18 What's a "cartooney"?
3.2.19 What's a "Joe Job"?
3.2.20 What's a "murk"?
3.2.21 What's a "black-hat"? What's a "white-hat"?
3.2.22 What's Rule #1? What's Rule #3?
3.2.23 What does "C&C" mean?
3.2.24 What is the Lumber Cartel?
3.2.25 What do "tinw" and "tinlc" mean?
3.2.26 What is a "Chickenboner"?
3.2.27 What's "Whack-a-mole"?
3.2.28 What's a "BOFH"?
3.2.29 What's a "pump-and-dump" scam?
3.2.30 What is "Viral Marketing"? What's a Pyramid Scheme?
3.2.31 Someone said I'd invoked Godwin? Is that bad?
3.2.32 What's a "troll"?
3.2.33 What's a "kook"?
3.2.34 What's a "sock"?
3.2.35 What does "Cut it out, Ron!" mean?
3.2.36 Who is Dave the Resurrector?
3.2.37 Who is "Brunner"?
3.2.38 Who's this "Spamford" guy people talk about?
3.2.39 Who was Rodona Garst and why do people talk about her?
3.2.40 Who is "Hacker X"?
3.2.41 What is a "plonk"?
3.2.42 What does "fsck" mean?
3.2.43 What is the "Quirk Objection"?
3.2.44 Who is "Ralsky"?
3.2.45 What is "SPAM-L"?
3.3 Abbreviations
3.4 Technical Terms
3.4.1 What are open relays?
3.4.1.1 How can I fix my open relay?
3.4.1.2 What is "relay rape"?
3.4.1.3 What is a "teergrube"?
3.4.2 What is "port 25 blocking"?
3.4.3 What is "POP-before-SMTP"?
3.4.4 What does "direct-to-MX" mean?
3.4.5 What is a "Smarthost"?
3.4.6 What is "wpoison"?
3.4.7 What do those slashes after an I.P. address mean?
3.5 Keeping Up-To-Date
3.6 Keeping Happy
Credits
Use Policy
=========================================================================
--------------------------- RECENT CHANGES ------------------------------
=========================================================================
Finally got those last two deja.com links changed to google.com links!
The Quirk Objections makes it into the FAQ! Section 3.2.43 at the moment,
to be moved somewhere more relevant once I've got the FAQ marked-up in XML
(my next project).
And Ralsky also gets his own section (not so much for demand but because I
myself had no idea who the guy was).
And SPAM-L also gets a mention, although I don't have much to say about
it.
And finally section 3.4.7 looks at network prefixes.
=========================================================================
------------------------------- DISCLAIMER ------------------------------
=========================================================================
The following document should, where not otherwise stated, be understood
to represent the opinions and beliefs of the FAQ-maintainer only. I
endeavour to ensure that these opinions and beliefs are as correct as
possible, but take no responsibility for any problems caused by errors
herein. This document should not be considered to represent the opinions
of any individuals or organisations other than the FAQ-maintainer.
Please note that in this document, "we" is intended to collectively refer
to all regular or semi-regular posters to the news.admin.net-abuse.email
newsgroup, including those of all persuasions, and should not be read as
indicating the existence of a "clique" comprising persons of similar
viewpoints.
=========================================================================
-------------------------------- PREFACE --------------------------------
=========================================================================
This is one of three documents I have compiled to comprise an FAQ for the
news.admin.net-abuse.email newsgroup. Each document addresses points in a
given area, specifically:
The SPAMFIGHTING OVERVIEW offers a taste of the many techniques people use
to fight spam. The objective isn't to teach you how to fight spam (there
are many far superior documents that do just this), but rather to
introduce some of the techniques you can use and refer you to some more
detailed works.
THE EVILS OF SPAM covers the more ethical, moral, and legal aspects of
spam, including just what constitutes spam and the types of people who
become spammers.
UNDERSTANDING NANAE aims to introduce all of the weird, wonderful, and
sometimes impenetrable terminology that people use in
news.admin.net-abuse.email (nanae). It covers both colloquialisms (e.g.
"chickenboner") and technical terms (e.g. "direct-to-MX").
These three parts are designed to stand alone and don't have to be read in
order; feel free to pick and choose just the bits you're interested in.
These documents shouldn't be considered to be "the" FAQ, as there are
plenty of other FAQs that are superior in insight, detail, or depth of
coverage. They are just an FAQ that I hope will answer some questions
that have been troubling you.
These documents are currently maintained by James Farmer. If you have any
suggestions for additions or corrections, then feel free to send an email
to nanae-faq@twinlobber.org.uk
The latest versions of all of these documents can always be found at
<http://www.twinlobber.org.uk/antispam/faq/>
=========================================================================
------------------------ 3.1 ABOUT THIS NEWSGROUP -----------------------
=========================================================================
3.1.1 What can be discussed in news.admin.net-abuse.email?
The short answer to this is: abuse of the email system. Please note the
terminology here; abuse _of_ the email system is anything that endangers
the existence or widespread usability of the email system. Most of the
discussion in news.admin.net-abuse.email is concerned with spam, as this
is, by far, the most prevalent abuse of the email system in recent
times, but discussion of other abuses (e.g. mailbombing) would be
on-topic.
However, issues like electronic stalking and sexual harassment by email
are not on-topic, as they are abuse _on_ the email system. This means
that, while these things are undeniably abuse, they don't threaten the
survival of email as a communications medium. There are other
newsgroups far more appropriate for discussions of these issues.
RELATED LINKS
news.admin.net-abuse.* FAQs
<http://www.killfile.org/~tskirvin/nana/>
Newsgroups Related to Net Abuse
<http://www.eyrie.org/~eagle/faqs/nana-groups.html>
3.1.2 Can anyone join in?
Yes. There is no prerequisite in terms of technical knowledge or
spamfighting success for contributing to this newsgroup. Everyone is
welcome! Even spammers are welcome to post their views, so long as they
don't mind hearing a few conflicting opinions.
I advise newcomers to this newsgroup not to believe everything you read.
Before making up your mind on any issue, read around and see what makes
sense TO YOU. There are a lot of knowledgeable people in this
newsgroup, but also a lot of people talking about things outside their
knowledge, and a few people who aren't above deliberately
mis-representing the facts to fit the stories they want to tell. My
advice, which I repeat throughout these documents, is to take everything
with a pinch of salt, read as many different views as you can, and form
your own opinions.
If there's anything you don't understand, feel free to ask. But think
carefully about what answers you choose to believe; adhering slavishly
to the dogma of "accepted wisdom" in any newsgroup is not a good idea.
3.1.3 What if I've got a new idea to end spam forever?
Let's hear it! People on this newsgroup don't have all the answers, so
if you think your idea has merit, we want to hear about it. Fighting
spam in the same way every day, it's easy to get tunnel vision and to
overlook new possibilities. "Out-of-the-box" thinking is ALWAYS
welcome.
The absolute worst that can happen is that people spot a hitherto-unseen
flaw in your idea and think that it won't work. There's absolutely no
shame in being wrong. But don't let anyone tell you that you're wrong
unless they can CONVINCE you that you're wrong.
A few people may decide to flame any newcomer who posts an idea. This
is an unfortunate fact of life on Usenet, and my advice is to ignore
these people. After all, it's always easier to criticise than create.
3.1.4 What's with all these nonsense posts and reposts?
Ah. Because some people done like the fact that we fight spam, this
newsgroup is occaisionally subjected to attacks by people trying to shut
us up.
One form of attack is the cancel attack, whereby the attackers cancel
lots of our posts. Fortunately a bot called Dave the Resurrector (see
3.2.26) is always running and when it detects such an attack it will
repost the articles removed. This does mean that you might see an
article more than once, but that's generally considered to be better
than never seeing it at all.
The other type of attack is the posting of hundreds or even thousands of
nonsense articles in an attempt to drown out conversation. These
articles are generated by a program to look enough like genuine articles
they they'll evade filters whilst still being total and utter
gobbledegook. Such attacks are generally attributed to the entity
"HipCrime" (a leading Usenet terrorist), although whether they are
perpetrated by the real HipCrime or just someone using the software he
wrote is unclear (and probably not very interesting).
If your newsreader is able, you should be able to filter out HipCrime's
spew a few hundred articles at a time by filtering on the
NNTP-Posting-Host: header; the articles are almost always emitted
through open news servers. For those who cannot, several people have
recommended the program NFilter, which sits between your newserver and
your newsreader filtering out the stuff you don't want to see.
RELATED LINKS
NFilter
<http://www.nfilter.org>
Old HipCrime FAQ
<http://extra.newsguy.com/~rchason/>
=========================================================================
--------------------------- 3.2 COLLOQUIALISMS --------------------------
=========================================================================
Over the years, news.admin.net-abuse.email has evolved its own dialect of
abbreviations and terminology that can be quite confusing for new readers.
It is, however, not intended to exclude newcomers, and in this section I
will aim to explain the most commonly-used terms.
RELATED LINKS
Spam Jargon
<http://www.rahul.net/falk/glossary.html>
The Net Abuse Jargon File
<http://www.ncf.carleton.ca/ip/freenet/subs/complaints/spam/jargon.txt>
Jargon File Resources
<http://www.tuxedo.org/~esr/jargon/>
3.1.1 What is "nanae"? "nanau"? "nanas"?
nanae (sometimes capitalised NANAE) is short for
"news.admin.net-abuse.email" - in short, the newsgroup this FAQ is for.
nanau is "news.admin.net-abuse.usenet" - a newsgroup for discussing
usenet abuse including newsgroup spam. It can be a slightly rougher
place than NANAE, populated as it is by people with radically different
principles on what Usenet should be like, as well as people who are just
there for the rough-and-tumble.
nanas is "news.admin.net-abuse.sightings" - a newsgroup for posting
sightings of Internet abuse. See section 1.3.2.1.1 in the first part of
this FAQ, the "Spamfighting Overview".
3.2.2 Why does the word "spam" apply to junk email?
The term is inspired by a Monty Python sketch in which a group of
Vikings chant "SPAM! SPAM! SPAM!" repeatedly, drowning out the
conversations around them. (A bit like the way spam threatens to drown
out our own electronic conversations.) It has been applied to a number
of different mediums over the years, most notably "newsgroup spam", and
is now being used for "email spam" too.
RELATED LINKS
The Monty Python Spam Sketch
<http://www.stone-dead.asn.au/tv-series/sketches/fc-25/spam-sketch.html>
3.2.3 What is a LART? What is a mallet?
LART = Luser Attitude Readjustment Tool. It can be used as a noun (in
which case it's something that hopefully causes the victim to
re-evaluate their opinions by means of a short sharp shock) or a verb
(in which case it means to apply a short sharp shock). Most often used
as a euphemism for sending complaints to an ISP, as in "I've just
LART-ed that spammer".
One example of a Luser Attitude Readjustment Tool is a mallet (a hammer
with a big wooden head), which is metaphorically used on a spammer's
genitals when his account is cancelled. In male spammers the result of
this manner of LART-ing is sometimes described as "testicular
malletosis".
Another example is a "clue-by-four"; a large wooden board (or baseball
bat) with which spammers (or just those in urgent need of re-education)
are metaphorically whacked.
RELATED LINKS
Mallets Ahoy!
<http://members.home.com/mitchell425/ball22a.jpg>
3.2.4 What's an "ack"? What's an "auto-ack"?
"ack" is short for "acknowledgement", and usually refers to an
acknowledgement that a complaint or LART has been received by an ISP.
An "auto-ack" is an acknowledgement that is generated automatically.
For example, many abuse departments have configured their systems so
that a standard acknowledgement is sent upon receipt of any complaint,
explaining that the complaint has been received and will be dealt with
when they have the time.
Auto-acks are called "auto-ignores" when it is believed that the sending
of the auto-ack is the _only_ action that will be taken in response to
the complaint.
3.2.5 What's a "throw-away"?
An account you don't intend to keep beyond the immediate future. Often
used to refer to "throw-away" dial-up accounts that spammers open with
no intention of them existing beyond the end of one spam run, but is
sometimes also used in the context of "throw-away" email addresses -
that is, email addresses, often from a free provider such as
hotmail.com, that you intend to use merely for communicating with one
party (often a spammer or suspected spammer) for a short period of time,
and will afterwards throw away. The motivation for this could be to not
endanger your "main" emailbox should the spammer decide to mailbomb you.
3.2.6 What does it mean if a website is "404-compliant"?
It's not there anymore. 404 is the number of the HTTP error message
"Not Found".
Note that occasionally spammers design their webpages to look as though
they're 404-compliant (especially for surfers who have disabled
JavaScript) when really they're not. Take care. In these cases, your
browser's "view source" feature is your friend.
3.2.7 What's a TOS? What's an AUP?
TOS = Terms of Service. AUP = Acceptable Use Policy. These are
documents that are published by an ISP describing what users are and are
not allowed to do on their systems. The AUP or TOS of most ISPs will
explicitly state that their users must not send spam.
3.2.8 What does "bulletproof" mean?
Spammers often advertise "bulletproof" web-hosting or email-hosting.
What this means is a spam-friendly (the term in spammer circles is
"bulk-friendly") ISP guarantees not to cancel the "bulletproof" account
no matter how many complaints they receive about it.
3.2.9 What's a "spamhaus"?
A spamhaus is an Internet provider that seems to exist for no reason
other than sending spam and/or providing spam support services. Note
that the plural of "spamhaus" is "spamhausen" and not "spamhauses".
3.2.10 What's a "pink contract"?
Towards the end of the year 2000, it became clear that some major ISPs
had signed contracts with spammers that included clauses permitting the
spammers to _not_ abide by the anti-spamming portions of the ISP's Terms
of Service. When these came to light, anti-spammers dubbed them "pink
contracts" (because SPAM is a pink luncheon meat) and the ISPs almost
universally proclaimed that they had been signed by low-level marketers
and would not be binding. These statements were not entirely believed
by many in the anti-spamming community.
RELATED LINKS
Pink Contracts... the news breaks!
<http://www.rahul.net/falk/pink.txt>
AT&T Spam Contract Discovered
<http://www.net4tv.com/voice/story.cfm?storyid=3052>
PSINet Assailed as Spam Contract Surfaces
<http://cnet.com/news/0-1005-200-3417237.html?pt.yfin.cat_fin.txt.ne>
3.2.11 What is "spamware"?
Software designed primarily for the sending of spam. It can often be
distinguished from legitimate bulk email software by the presence of
tools for abusing open relays, or for obfuscating website addresses, or
for harvesting or de-munging email addresses, or for managing a "remove
list" or a "flamers list", or tools for hiding the source of the
message, or indeed the presence of any features that are needed for spam
but not for legitimate opt-in bulk email.
3.2.12 What is "mainsleaze"?
Mainsleaze is when a well-known, mainstream company starts to spam.
They quickly find themselves associated in the minds of their victims
with the sleaze of the spam world and then people don't trust them
anymore. Such companies often quickly come around to the idea that spam
is bad, but it can take years to re-build the trust of their customers.
3.2.13 What is "TRUSTe"?
TRUSTe is a programme for reassuring web site visitors about online
privacy. The idea is that vendors which adhere to TRUSTe's principles
regarding disclosure of personal information sales, opt-out options (if
any), and personal information protection get to display a TRUSTe
privacy seal. Web site visitors will thus know that they can find out
just what the site will do with the visitors' personal data obtained
through the web site, and use that disclosure to make a more informed
decision about whether they wish to provide accurate information, or any
information at all.
In news.admin.net-abuse.email, TRUSTe's reputation is something of a
joke. It is widely believed that TRUSTe is unlikely to revoke its
privacy seal even when a site breaches its privacy policies. There have
been numerous alleged cases in the past (such as when RealNetworks
started spamming) when TRUSTe failed to do so.
RELATED LINKS
TRUSTe
<http://www.truste.com>
Freedom's Truth about TRUSTe and Your Privacy
<http://www.freedom.net/resources/features/truste/>
3.2.14 What's all this s/something/somethingelse/ stuff mean?
These are regular expression replacement instructions, as used in Unix
utilities like sed. For the most part they're fairly simple to
understand; just substitute the second expression (the "somethingelse")
for the first (the "something") in the text above it. For example, the
following follow-up to an article:
> This FAQ is a wonderful thing
s/wonderful/horrible/
should be read an instruction to replace "wonderful" with "horrible" -
ie the writer is saying "This FAQ is a horrible thing".
RELATED LINKS
Learning to Use Regular Expressions
<http://gnosis.cx/publish/programming/regular_expressions.html>
sed Tutorial
<http://www.math.fu-berlin.de/~leitner/sed/tutorial.html>
3.2.15 What do ^H and ^W mean?
When you press delete (or backspace) on your keyboard, it deletes the
previous character, right? Well, imagine it didn't... or at least, it
did but the deleted character didn't disappear from the screen and
instead a ^H appeared after it. Well, this is how some terminals work.
So, you'd be trying to type:
I hate spammers
But you'd get half-way through it and find that you'd hit one wrong key,
e.g.:
I lat
What do you do? You hit delete three times, giving you:
I lat^H^H^H
Then type the correction, imagining that the last three characters were
deleted. So in all you'd see:
I lat^H^H^Hhate spammers
But when you hit return, the computer would actually see:
I hate spammers
Because you deleted the "lat". Clear?
Well, that's the background. In a newsgroup posting, ^H can be read as
the author hitting the delete key in an effort to erase a "mistake"
which was usually put there for humour value. ^H^H can be read as an
attempt to delete the last two characters, and so forth.
Similarly, ^W can be read as an attempt to delete the last word, e.g.:
I bow to your monumental flatulence^W intelligence.
(Hmmm... does anyone know of a website explaining ^H and ^W that I could
link to?)
3.2.16 What's a "sam-o-gram"?
A particularly biting or sternly worded utterance, either by or in the
style of noted NANAE contributor Sam, directed towards someone who has
been shown to be in need of a clue-by-four.
3.2.17 What is "Afterburner"?
Not "what"; "who". Afterburner was the abuse admin at erols.com, which
has since become part of rcn.com. Apart from being very good at his
job, he is famous for his witty and sadistic lines in account
cancellation messages, and for calling his subordinates "Minions" and
requiring them to take unpronounceable names. :) His own name is often
abbreviated to "AB".
RELATED LINKS
RCN Abuse Administrators
<http://users.rcn.com/abuse/admins.html>
3.2.18 What's a "cartooney"?
A nonexistent attorney (or other lawyer) with whom a spammer will
threaten you, but who will never be seen, usually because he doesn't
exist or isn't really an attorney.
3.2.19 What's a "Joe Job"?
The act of faking a spam so that it appears to be from an innocent third
party, in order to damage their reputation and possibly to trick their
provider into revoking their Internet access. Named after Joes.com,
which was victimized in this way by a spammer some years ago.
RELATED LINKS
Spam Attack: The Story of joes.com
<http://www.joes.com/spammed.html>
3.2.20 What's a "murk"?
A "Murk" is a disclaimer in a spam email that claims it abides by the
dead Murkowski anti-spam bill of a few years ago. E.g.:
Under Bill s. 1618 TITLE III passed by the 105th US Congress
this letter cannot be considered spam as long as the sender
includes contact information and a method of removal. This
is a one time e-mail transmission. No request for removal
is necessary.
The presence of a Murk is 100% proof that a message is spam. Note also
that most spam featuring this disclaimer doesn't comply with the
provisions of the Murkowski bill anyway.
If you're interested you could have a look at the text of this bill;
technical reasons prevent me giving a direct link but go to
<http://thomas.loc.gov/home/c105query.html> and enter "S. 1618" in the
"Bill Number" field, then select either the version passed by the Senate
or referred in the House.
3.2.21 What's a "black-hat"? What's a "white-hat"?
Apparently, in the old cowboy movies, the good guys always wore white
hats and the bad guys always wore black hats. These terms have since
been applied to Internet Providers, with Black Hats supporting spam and
White Hats being anti-spam.
In a similar veign, the term "Grey Hat" is sometimes used to refer to
providers whose anti-spam policies seem a little schizophrenic. "Empty
Hat" is a term occasionally used to refer to providers who are utterly
stupid or clueless about spam.
3.2.22 What's Rule #1? What's Rule #3?
Rule #1: Spammers lie
Rule #2: If a spammer ever appears to be telling the truth,
consult Rule #1
Rule #3: Spammers are stupid
I believe the first two rules came first, and the third was tacked on at
some point later. Less widely stated rules include:
Rule #0: Spam is theft
Krueger's Corollary to Rule #3: Spammer lies are really stupid
Russell's Corollary to Rule #3: Never underestimate the stupidity
of spammers.
There are a few alternative versions of the rules, including:
Rule #1: Spammers lie
Rule #2: There is no such thing as legitimate or ethical UCE
Rule #3: Spammers are stupid
3.2.23 What does "C&C" mean?
Coffee & Cats. It's a warning that you should remove from your vicinity
all tasty beverages and furry felines, as the content of the message may
cause you to convulse with laughter in a manner which will scare furry
felines and can result in spilling of a tasty beverage over your
keyboard (or alternatively choking on your beverage if you are drinking
it when you start laughing).
Incidentally, that's what the "You owe me a new keyboard/monitor"
statements allude to - someone forgetting to put the C&C warning on a
funny message and endangering cats & computer equipment as a result.
3.2.24 What is the Lumber Cartel?
The Lumber Cartel is a nonexistent organisation allegedly formed by the
world's paper-producing companies, who were supposedly worried that the
growth in spam would result in a decrease in junk postal mail, thus a
decrease in demand for paper, thus a decrease in their profits. They
were supposedly funding anti-spammers to prevent this.
It is, of course, a complete fiction. Some spammer posted this story a
few years ago and the whole thing has been a massive running joke ever
since.
References to the Lumber Cartel are usually suffixed "(tinlc)" (There Is
No Lumber Cartel) in order to reflect the fact that, well, there is no
lumber cartel.
RELATED LINKS
The Story of the Lumber Cartel
<http://www.geocities.com/SiliconValley/Lakes/5362/cartel.html>
Lumber Cartel (tinlc) Homepage
<http://come.to/the.lumber.cartel>
3.2.25 What do "tinw" and "tinlc" mean?
tinw = There Is No We. Used to reaffirm that the anti-spamming movement
comprises individuals who have own ideas and motivations, and
often-times don't necessarily agree with each other.
tinlc = There Is No Lumber Cartel. Used to reaffirm the nonexistence of
the Lumber Cartel.
3.2.26 What is a "Chickenboner"?
Someone's words once painted an incredibly vivid picture of an
archetypical spammer living in a trailer, hunched in semi-darkness over
his computer and surrounded by rotting chicken bones in half-eaten KFC
buckets and empty beer cans. The image has stuck, and "Chickenboner" is
now used to describe any two-bit spammer who wants you to think he's a
big shot with his own yacht... but isn't.
RELATED LINKS
The Three Stages of the Chickenboner
<http://groups.google.com/groups?oi=djq&ic=1&selm=an_591962033>
Things we Don't Know about Spammers
<http://groups.google.com/groups?oi=djq&ic=1&selm=an_617237499>
3.2.27 What's "Whack-a-mole"?
Whack-a-mole is an old amusement park game. You stand in front of a
board with a fluffy mallet, and as plastic moles pop up through holes in
the board you have to whack them over the head.
Spamfighting is sometimes like that. Sometimes it seems as if no sooner
do you get one of a spammer's accounts killed then they get another
one... and another... and another... and their accounts keep popping
up like the moles in that old amusement park game. And you keep
whacking them.
3.2.28 What's a "BOFH"?
Bastard Operator From Hell. Inspired by an extremely witty series of
stories about a sadistic, homicidal systems administrator, this acronym
is now applied as a compliment to any sadistic or potentially-sadistic
admin-type, with the implication that the victims of a BOFH deserve
everything they get.
RELATED LINKS
Simon's Stuff, including the BOFH
<http://bofh.ntk.net/>
3.2.29 What's a "pump-and-dump" scam?
This is a type of stock scam that often makes use of spam. The idea is
that the scammers buy some shares that are trading relatively cheap.
Then they try to encourage investors to buy shares in this company,
hoping to drive the price up as much as possible. This is the "pump",
and it can continue for some time. Finally, when the scammers judge
that they're not going to be able to force the share price any higher,
they "dump" by selling their shares and walking away with a huge profit,
while the investors they encouraged are left with shares worth a lot
less than they paid for them.
Spam is just one way that the scammers may use to try to entice people
towards their chosen shares. After all, spam is a cheap way of reaching
lots of people, who probably don't have experience of investing, and
won't be wise to the tricks of the trade. Of course, there are others.
Discussion boards are another favoured venue for creating hype. Throw
in a healthy dose of outright lying (e.g. "Microsoft is about to buy
this company!") and the situation can quickly spin out of the control of
the normal reality of the markets.
In the U.S., pump and dump scams are illegal and people DO get busted
for them. You should report them to enforcement@sec.gov.
RELATED LINKS
Anatomy of a Pump & Dump Stock Spam Scam (excellent article)
<http://ragingbull.lycos.com/mboard/boards.cgi?board=ASDG&read=230>
MMF Hall of Humiliation: The Pump & Dump Scheme
<http://ga.to/mmf/SpamExplained/Pumpndump.html>
Pump and Dump
<http://www.investopedia.com/terms/p/pumpanddump.asp>
3.2.30 What is "Viral Marketing"? What's a Pyramid Scheme?
Most marketing material is broadcast; ie the promotional material is
sent to many people at once. Viral Marketing is a concept wherein the
marketing message spreads gradually from person-to-person, a bit like a
virus does.
Imagine a man getting off a ship at Plymouth. Now imagine that this man
has the Plague. This plague is very contagious, and anyone this man
touches will be infected. But it's a cold day and the man is wearing
lots of thick clothes, so between the dock and his hotel he only touches
ten people. And then he dies, because this plague is very lethal and
will kill 24 hours after infection.
Let's imagine that the next day, the ten newly-infected people will each
infect ten more people, and then die. So after two days, there are 11
(1+10) people dead from the plague, and a further 100 (10*10) people are
infected. Next day, the 100 people infect 10 each, for 1000 total, then
die. And so it continues on...
Day 1, 1 infected
Day 2, 10 infected, 1 dead
Day 3, 100 infected, 11 dead
Day 4, 1,000 infected, 111 dead
Day 5, 10,000 infected, 1,111 dead
Day 6, 100,000 infected, 11,111 dead
Day 7, 1,000,000 infected, 111,111 dead
Day 8, 10,000,000 infected, 1,111,111 dead
Day 9, 100,000,000 infected, 11,111,111 dead
Day 10, 1,000,000,000 infected, 111,111,111 dead
Except that the population of the UK is only 60 million, and so before
the end of the tenth day the entire country will have caught the Plague
and died. And all from one guy getting off a ship in Plymouth.
The obvious type of viral marketing is the chain-letter-style
Multi-Level Marketing scheme. You know the type; you have to enrol
other people in some "scheme" to make money, and each of those people
have to enrol others, and so forth, and so before you know it everyone's
drowning in solicitations to join the scheme. When the solicitations
are sent by email, the effect can be similar to spam even though no one
individual is sending more than a handful of messages.
But of course, not everyone who receives such a solicitation will join
the scheme and try to enrol others. Then again, most of these schemes
don't place a limit on the number of people you can enrol, either, so
people on the scheme will often send spam to thousands or millions of
email addresses in the hopes that they'll persuade lots of people to
enrol in the scheme.
Such pyramid scams whereby enrolling others is the only major way to
make money are highly illegal in most parts of the world. Such scams
are often referred to as "MMF schemes" after an early such scam that was
spammed with the subject line "Make Money Fast".
The term "viral marketing" is often also applied to legal MLM schemes in
which people can earn more money by "referring" others. The obvious
examples are the Get-Paid-To-Surf schemes such as AllAdvantage. At
their height, solicitations to join such schemes seemed to be
everywhere. Many such schemes will have policies that forbid their
users using spam to solicit referrals, but some don't and some that do
don't enforce their policies rapidly.
I should just point out that I've emphasized the abusive elements of
viral marketing here, as these are the ones most often discussed in
news.admin.net-abuse.email, but if used in a properly-constituted
manner, viral marketing techniques need not constitute Internet abuse.
An example of this would be free email providers that place an advert
for themselves at the bottom of every email message sent. (Although
this in itself was controversial at one point.)
RELATED LINKS
The Bottom Line about Multi-Level Marketing Plans
<http://www.ftc.gov/bcp/conline/pubs/alerts/pyrdalrt.htm>
Viral Marketing for Internet Websites
<http://internet.about.com/industry/internet/library/weekly/1999/aa092799.htm>
Viral Marketing - Web Marketing Today Info Center
<http://www.wilsonweb.com/webmarket/viral.htm>
MMF Hall of Humiliation
<http://ga.to/mmf>
U.S. Postal Inspection Service on Chain Letters
<http://www.usps.gov/websites/depart/inspect/chainlet.htm
Don't Get Burned by a Pyramid scheme>
<http://www.ftc.gov/bcp/conline/edcams/pyramid/index.html>
What's Wrong with Chain-Letter Schemes?
<http://www.wco.com/~rteeter/pyramid.html>
3.2.31 Someone said I'd invoked Godwin? Is that bad?
Godwin's Law (named for Mike Godwin) states that if a discussion in
usenet goes on for long enough, someone will eventually make a
comparison to Hitler or the Nazis. (This is due to the fact that
history records Hitler and the Nazis as just about the worst people;
ever.)
The law is often mis-stated as "If you mention Hitler or the Nazis you
automatically lose the argument" or "If you mention Hitler or the Nazis
then the thread is over".
Is it bad to invoke Godwin's law? Well, comparing people to Hitler
rarely results in anything good...
RELATED LINKS
Godwin's Law Website
<http://www.godwinslaw.com/>
3.2.32 What's a "troll"?
In a "troll", someone will disingenuously make controversial statements
in the hope of creating a large ruckus.
A "troll" can also be one who trolls.
3.2.33 What's a "kook"?
A sort-of crossbreed of troll with a paranoid conspiracy theorist.
Handle with care, or even better, ignore.
3.2.34 What is a "sock"?
A commonly-used abbreviation for "sock-puppet". In the context of
usenet, a sock-puppet is an alter-ego established by an individual for
the purpose of posting messages that agree with his views, thus making
it appear that the individual in question has more support than (s)he
really does.
3.2.35 What does "Cut it out, Ron!" mean?
This is a reference to Ron Ritzman, an insightful antispammer famous for
some rather witty trolling of news.admin.net-abuse.email, to the extent
to which any suspected troll is now met with cries of "Cut it out, Ron!"
or "Cut it out, Ritzman!".
RELATED LINKS
Supertroll.com
<http://www.supertroll.com/>
3.2.36 Who is Dave the Resurrector?
It's not who, it's what. You see, there are a few people who don't like
what we talk about in this newsgroup, and will periodically try to
sabotage our discussions by cancelling articles en masse. Fortunately,
this doesn't work, and Dave is what saves us from it. Dave the
Resurrector is a bot that sits watching this newsgroup (and several
others), and when it sees an article cancelled it immediately reposts
it. This means that our discussions can't be removed from Usenet by
rogue cancellers, but it does have the disadvantage that we cannot
cancel our own messages in this newsgroup.
So be sure you really want to say what you're posting before you click
"send".
RELATED LINKS
Dave the Resurrector in the Cancel Message FAQ
<http://www.killfile.org/~tskirvin/faqs/cancel.html#appendixA>
3.2.37 Who is "Brunner"?
Software author Andrew Thomas Brunner got rather annoyed at people
classifying his bulk email program "Cybercreek Avalanche" as spamware
and came to the newsgroup to complain about it. Thereafter the whole
affair spiraled out of control, with Andy threatening numerous
"lawsuites" and making alleged death-threats. Andy has recently filed
lawsuits for libel against his software in several small claims courts.
Also known as "Spamdy" and "The Burglar" (after someone dug up some old
court documents). Andy runs Combat.org (dedicated to "making sure the
Internet is free from all types of abuse", in his words) in addition to
Cybercreek.com (although he's been having trouble finding stable hosting
for it as a result of the publicity from this affair), and can trigger
massive threads in news.admin.net-abuse.email with a single breath.
RELATED LINKS
cybercreek.com (although it may well be down at the moment)
<http://www.cybercreek.com/>
combat.org
<http://www.combat.org/>
Andrew Brunner Usenet Archives
<http://www-users.cs.umn.edu/~krueger/archives/>
Andrew Thomas Brunner - A History in URLs
<http://www-users.cs.umn.edu/~krueger/archives/cybercreek/history.html>
Brunner's Lawsuit against MAPS
<http://www.mail-abuse.org/lawsuit/brunner.htm>
Brunner's Lawsuit against Bruce Pennypacker
<http://people.ne.mediaone.net/brucep/Andy/index.html>
Ruling in Brunner's Lawsuit against the Blaylocks
<http://www.impulse.net/~thebob/BurglarLoses/>
3.2.38 Who's this "Spamford" guy people talk about?
The King of Spam in the mid-1990s, Sanford Wallace ran Cyberpromo and
was the most hated man on the Internet. After failing to make a
sustainable living from spam, he reformed.
RELATED LINKS
Sanford Wallace Biography
<http://www.annonline.com/interviews/970522/biography.html>
3.2.39 Who was Rodona Garst and why do people talk about her?
Rodona Garst (sometimes known as "Rodentia Razzle" after her ICQ
nickname) was apparently a spammer who tried to keep a low profile, but
the owner of a domain she forged got angry, hacked into her computer,
and posted a load of stuff stolen from it onto a website.
Note that many anti-spammers consider hacking into spammers' computers
to be a bad idea because it breaks the law and brings the anti-spammers
down to the same level as the spammers. It can be very important to
occupy the high moral ground.
3.2.40 Who is "Hacker X"?
Probably some spotty-faced adolescent sitting in a darkened room lit
only by the glow of his monitor, as it's far too good a name not to have
been used by someone. In fact, someone calling themselves "Hacker X"
hacked into Sanford Wallace's computer back in the mid-1990s and
published the names and addresses of lots of Cyberpromo customers. But
these days, when people refer to "Hacker X" in
news.admin.net-abuse.email, they don't mean any known individual; rather
it's a facetious reference to people blaming an unknown hacker for
something they did, in order to try to evade the blame. For example,
some spammers have claimed that they didn't send spam, but rather
mysterious hackers hacked into their systems and sent the spam. To put
it mildly, such claims are not often given a lot of credence.
More recently, variations on this have sprung up, such as "Employee X"
(an unknown but low-level employee did something bad without the
knowledge of management) and "Salesman X" (a junior salesman made
promises he shouldn't have without the knowledge of management).
3.2.41 What is a "plonk"?
The sound of a poster being added to a killfile. Many readers of this
newsgroup use "killfiles" to screen out posters they find annoying, so
that their newsreader hides the objectionable articles from them. When
someone has said something they think is the last straw, some people
post a followup saying "Plonk" to let the recipient know that the poster
won't be seeing any of their messages in the future.
3.2.42 What does "fsck" mean?
fsck is a Unix command used to repair the filesystem. Often used as a
"clean" version of a certain expletive that differs from it in only one
letter and rhymes with "duck".
3.2.43 What is the Quirk Objection?
Named for its projenitor Gym Quirk, it goes like this:
"Objection! Assumes organ not in evidence!"
It's usually invoked after someone mentions the testicles or brains of
a spammer.
3.2.44 Who is "Ralsky"?
Alan Ralsky, believed to be one of the biggest spammers currently
operating. Ralksy has several hundred domains he uses for spamming, in
order to evade filters and confuse spamfighters.
RELATED LINKS
Inside the Spammer's World
<http://news.cnet.com/news/0-1278-210-6397016-1.html?tag=bt_pr>
Ralsky at ROKSO
<http://www.spamhaus.org/rokso/spammers.lasso?-database=spammers.db&-layout=list&-maxrecords=100&-response=roksolist.lasso&-noresultserror=rocksonorecords.html&-operator=eq&spammer=Alan%20Ralsky&status=live&-sortfield=subject&-search>
3.2.45 What is "SPAM-L"?
SPAM-L is a mailing list dedicated to spamfighting and discussion of
spam-prevention measures. See
<http://www.claws-and-paws.com/spam-l/spam-l.html> for more details.
=========================================================================
--------------------------- 3.3 ABBREVIATIONS ---------------------------
=========================================================================
These abbreviations are common all over usenet, and so I won't go into too
much detail. However...
BMOC - Big Man on Campus
ESAD - Eat S**t and Die
FWIW - For What It's Worth
FYI - For Your Information
GoAT - Go Away Troll
HTH - Hope That Helps or Happy To Help
IANAL - I Am Not A Lawyer
IIRC - If I Recall Correctly
IMHO - In My Humble Opinion
LOL - Laugh Out Loud
RTFM - Read The F*****g Manual
ROFL or ROTFL - Rolling On the Floor Laughing
NANAE - news.admin.net-abuse.email
NANAS - news.admin.net-abuse.sightings
NANAU - news.admin.net-abuse.usenet
YMMV - Your Mileage May Vary
There's tonnes more abbreviations listed at the following website:
Acronyms, the Insider's Language of Usenet
<http://www.utdallas.edu/ir/tcs/techsupp/acronyms.html>
=========================================================================
-------------------------- 3.4 TECHNICAL TERMS --------------------------
=========================================================================
3.4.1 What are open relays?
Most mailservers (or mail relays) on the present-day Internet will
deliver email from and to only a small set of authorised users. For
example, let's take an imaginary ISP "example.com". The mailservers at
example.com could be used to deliver email sent to users of example.com,
and to transmit email sent by users of example.com, but would deliver no
other emails. This type of relay is generally known as "closed" or
"secure".
However, some relays are configured without this security, so that any
unauthorised user can use them to send email messages to other
unauthorised users (ie any email address in the world). For example, if
example.com's mailservers were open, they could be used by a user of
aol.com to send an email message to a user of twinlobber.org.uk.
Why is this a bad thing? Well, spammers love to use open relays to send
spam. There are several reasons for this:
* Because they don't use their own ISP's mailservers, it helps them to
conceal their spamming from their ISP.
* Open relays will help the spammer to conceal their identity, and help
to deflect complaints to the wrong ISP.
* It's more efficient to send spam using several mailservers rather
than just one (the spammer can spread the load to make it quicker,
and the less the load on a mailserver the less likely that the
mailserver's administrators will notice his activities and stop him).
And one of the main ways to get use of more than a handful of
mailservers is to use open relays.
All mailservers on the Internet used to be open relays (they could be
useful; for example you could still use the email system even if your
own ISP's mailserver was down), but constant abuse of them by spammers
has resulted in a mass move to closed mail relays in recent years. Many
people now consider open relays to be nothing more than sources of
potential email abuse. ORBS describe open relays as an "attractive
nuisance". Because of this, many ISPs block email from open relays,
often using an open-relay listing service such as ORBS
(<http://www.orbs.org>) or the MAPS RSS
(<http://www.mail-abuse.org/rss/>).
Often, the people running the open relay can be completely unaware that
their relay is open, as much mailserver software ships with open
relaying being the default configuration or open relaying is trivial to
enable. Other people leave relays open as a convenience to friends or
customers, intending to allow them to send email no matter which
Internet Provider they use, not realising the potential for abuse.
Surprisingly few open relays are run as a deliberate service for
spammers. Many mailserver admins are only too happy to close their open
relays when they are pointed out to them.
RELATED LINKS
Fighting Relay Spam - One Man's Opinions
<http://fightrelayspam.homestead.com/>
3.4.1.1 How can I fix my open relay?
It's good that you're approaching this in a positive frame of mind.
With any luck, securing an open relay should be a relatively quick and
easy task and then you will be on your way to removing yourself from
any lists of open relays.
Here's a few links to get you started. If you run into problems,
people on the newsgroup will be happy to help you out.
Securing and Testing Servers
<http://www.orbs.org/otherresources.html>
MAPS Transport Security Initiative
<http://www.mail-abuse.org/tsi/>
Open Relays in another NANAE FAQ
<http://samspade.org/d/nanaefaq.html#4.3>
An alternative tactic some people adopt is to post to
news.admin.net-abuse.email about the injustices of having to close an
open relay in order to get off one list or another. This doesn't
often achieve much for the poster.
3.4.1.2 What is "relay rape"?
The "hijacking" of an open mailserver for the purposes of sending
spam.
3.4.1.3 What is a "teergrube"?
"Teergrube" is German for "tar-pit". The idea is that you run what
appears to be an open mailserver that a spammer will find and try to
abuse, but he'll find when he tries to send mail through it... things
seem to start going very slowly...
In fact, what is happening, is that the teergrube holds the SMTP
connection with the spammer open but doesn't actually do anything.
Thus the spammer's UBE-sending software is slowed to the point of
stopping, wasting his time and preventing him from abusing the
Internet. (Since the expectation is that the spammer won't be sitting
watching in case anything goes wrong, this situation could continue
for quite some time.)
The teergrube may still be able to send and receive legitimate email
for authorised users; it's only when someone tries to use it as an
open relay that this activity kicks in.
A teergrube is just one example of a way that fake "open relays" can
be set up to entrap spammers. They may be configured just to waste
spammers' time, or they might log the spammers' activities and allow
the administrator to report them directly to their ISP!
RELATED LINKS
Teergrubing FAQ
<http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html>
Fighting Relay Spam
<http://www.fightrelayspam.homestead.com/files/antispam01192001.htm>
3.4.2 What is "port 25 blocking"?
SMTP communications generally take place using port 25. "Port 25
blocking" is a technique sometimes used by ISPs who have a problem with
users connecting to external mailservers to commit email abuse. Put
simply, the ISP blocks any outgoing connections on port 25 from its
users to the outside world. Thus the spammers cannot connect to the
external mailservers to commit their abuse. The downside is that their
customers won't be able to connect to external mailservers for
legitimate reasons either.
Of course, the spammers will still be able to connect to external
mailservers that listen on a non-standard port, but these are rare.
RELATED LINKS
Port 25 Blocking at Earthlink
<http://help.earthlink.net/port25/>
BYTE Column: Port 25 Blocking Still Needed
<http://www.byte.com/column/digitalbiz/BYT19990816S0021>
3.4.3 What is "POP-before-SMTP"?
Recalling our discussion of open relays, I stated that a closed relay
would only relay messages that were from or to a set of authorised
users. I went on to give an example where the authorised users were the
customers of a given ISP. This is the most common situation, but there
are cases where an Internet Provider will want to provide a mailserver
to users who are logging in through different systems.
The main problem here is that normal SMTP (the Internet protocol used
for sending email) doesn't require authentication (ie you don't require
a username or password to use it). There is a proposed extension to
SMTP that allows authentication, but this is not widely supported right
now. So there's a problem in working out whether someone trying to use
your mailserver to send email from an external system is one of your
customers or a spammer trying to abuse an open relay.
This is the problem that "POP-before-SMTP" is designed to solve. POP3
is an Internet protocol often used for retrieving email, and unlike SMTP
it does require authentication. The idea here is that the mailserver
notes a machine successfully logging in with POP3 and then allows that
machine to make SMTP communications (ie send email) for a period of time
thereafter. This way only authorised users can relay through the
mailserver (because only they'll have POP3 passwords), but they can do
it from anywhere on the Internet.
RELATED LINKS
RFC 2554: Authenticated SMTP
<http://www.imc.org/rfc2554>
POP before SMTP for Sendmail
<http://spam.abuse.net/tools/smPbS.html>
POP3 Authenticated Relaying
<http://bsd.reedmedia.net/Software/Servers/SMTP_Mail/POP3_Authenticated_Relaying/>
3.4.4 What does "direct-to-MX" mean?
This is beyond my area of expertise, so I'll pass you over to Philip
Newton:
"MX Records" are one type of resource record (RR) used by DNS, the
Domain Name System. They show which mail servers accept mail for a
given domain. (MX stands for "Mail Exchanger".)
Generally, you or your mailing program don't need to know what the
mail exchangers for a domain that you're trying to send email to are -
you usually send the mail to your ISP's mail server, which will look
up the MX records and send the mail on its way (it acts as a
"smarthost" for you so that your configuration need only include one
mail server and you don't need to do DNS lookups for every message you
send).
"Direct-to-MX" spamming is where you find out the MX records for the
target domain (by querying the DNS) and deliver mail directly to that
domain's mail exchangers, rather than using your ISP's mail server.
One reason why spammers do this is so that they don't leave any logs
with their ISP that can be used to track them down.
3.4.5 What is a "Smarthost"?
This isn't really an email abuse issue but it is a term that gets thrown
around a lot in the newsgroup. A Smarthost is a mail server that passes
mail between other mailservers and doesn't necessarily interact with any
mailboxes directly. For example, a large organisation might have a
firewall and a mailserver for each department within the firewall, all
of which talk to a smarthost which handles communicating with
mailservers outside the firewall. This set-up has a number of
advantages over the traditional approach of having one big mailserver,
including:
* the local mailservers buffer outbound traffic for users so after
hitting the Send button their mail gets handled quickly no matter how
busy the smarthost is (or even if it is down for maintenance)
* the local mailservers buffer inbound traffic so the mailspool of the
smarthost is less likely to overflow as it trickles to local servers
* because the mailboxes are stored on local mailservers inside the
firewall, they are less vulnerable to hacking.
Another advantage is that, if the recipient mail exchanger can't be
reached, the smarthost will try the other mail exchangers in preference
order, if more than one is listed. If none are listed, most mail servers
will attempt delivery to the domain itself (an 'A' resource record).
Also, if none of the delivery attempts work, smarthosts will usually
queue the mail and retry at intervals, meaning you don't have to do all
this yourself (and dial up each time to retry the delivery).
ISPs sometimes run "smarthosts" to allow their customers to collect
email by SMTP.
3.4.6 What is "wpoison"?
Another tool designed to frustrate spammers. Many spammers obtain email
addresses using harvesting software that extracts them from websites,
automatically following links and exploring new sites to find new
addresses. What wpoison does is generates linked webpages containing
lots of made-up email addresses, to the end of:
(a) Filling the spammer's mailing list with useless addresses.
(b) Wasting the spammer's harvesting program's time while it finds
these useless addresses.
To quote from <http://www.monkeys.com/wpoison/what.html> :
"So the basic idea behind Wpoison is to trap unwary and badly
engineered address harvesting web crawlers, and to fool them into
adding enormous quantities of completely bogus e-mail addresses to the
E-mail address data bases of the spammers, thus polluting those data
bases so badly that they become essentially useless, thereby putting
the spammers who are using them out of business, or at least shutting
them down for a time and causing them some major headaches while they
try to clean up the mess in their now-heavily-polluted e-mail address
data bases."
You can install Wpoison on your own website as a CGI script. Note that
some spammers have now developed address harvesting systems that are
smart to wpoison's tricks.
RELATED LINKS
Wpoison
<http://www.monkeys.com/wpoison/>
3.4.7 What do those slashes after an I.P. address mean?
Sometimes you'll see something like an I.P. address, but with a slash
and a number after it, e.g.:
127.0.0.0/24
This is actually a way of specifying a block of I.P. addresses. The
number after the slash is the size, in bits, of the network prefix.
Remember that, although they're written as four eight-bit integers, an
I.P. address is really one thirty-two bit number. The first few bits
are what is known as the "network prefix"; that is, the number of the
network the I.P. address is a part of. The remainder of the I.P.
address is the "host address"; that is, the number of the host within
its local network.
So, in the example above, the 32-bit I.P. adress has a network prefix 24
bits long, so the host prefix will be 8 bits long (32-24=8). This means
that it specifies a block of 256 I.P. addresses, starting at 127.0.0.0
and going all the way up to 127.0.0.5.
Another example would be:
251.128.0.0/30
which specifies a block of four I.P. addresses (the network prefix is 30
bits, leaving 2 bits for the host address, and there are only four
two-bit numbers), starting from 251.128.0.0.
Traditionally, a /24 is known as a "Class C" network, a /16 a "Class B"
network, and a /8 is a "Class A" network. With the advent of classless
addressing this terminology has fallen out of use.
RELATED LINKS
routerresources.com
<http://www.routerresources.com/>
=========================================================================
------------------------ 3.5 KEEPING UP-TO-DATE -------------------------
=========================================================================
Wonderful though it is, news.admin.net-abuse.email should not be
considered the fount of all wisdom or the source of all news where
spam-related issues are concerned. Here are a few links you can use to
keep up-to-date about various spam issues:
Spam News Daily Press-Clippings
<http://www.petemoss.com/>
Whew.com Anti-Spam Campaign
<http://www.whew.com/Spammers/>
MAPS has press-release and press-coverage sections
<http://www.mail-abuse.org/>
=========================================================================
--------------------------- 3.6 KEEPING HAPPY ---------------------------
=========================================================================
Spamfighting is tough sometimes, especially for those who've been at it
for years. Sometimes you just don't feel like you're getting anywhere;
you LART the spammers but some more spring up and there seems like no end
to it. When you get a little down, it's time to touch on the lighter side
of this whole business... SPAM HUMOUR!
Here's a few funny links to get you started. Do remember though, to
differentiate between the humorous sites and the serious ones! :)
Spamhaus Spammer Threats Page
<http://spamhaus.org/threats.html>
(proving that the spammers don't need any help to look like morons)
The Humour of News.Admin.Net-Abuse.*
<http://www.panix.com/~tori/abuse-humor.html>
The Anti-Spam Cadre
<http://www.msg.net/nospam/>
Norman DeForest's Spam Page (includes some humour)
<http://www.chebucto.ns.ca/~af380/Antispam.html>
Spam Hall of Fame
<http://sendmail.net/?feed=000807knaussspamone>
Spammer's Paradise: The Album
<http://www.orca.bc.ca/spamalbum/>
(I especially love "The Rant")
=========================================================================
------------------------------- CREDITS ---------------------------------
=========================================================================
No document of this magnitude can be the work of only one man. I would
like to thank everyone who offered ideas and suggestions, everyone who
pointed out grammatical errors and gaps in my logic, and places where I
was just plain getting things wrong. This wouldn't have been possible
without you, people.
Big-time thankings also to Paul Anderson for giving all this an official
proof-read.
=========================================================================
----------------------------- USE POLICY --------------------------------
=========================================================================
You may copy and redistribute this FAQ in unmodified form by any means or
media you see fit.
You may modify the presentation of this FAQ as you see fit, so long as the
content remains unaltered.
You may modify the content of this FAQ so long as you appropriately credit
both your changes and the original authors of this FAQ. At a minimum, the
link to the FAQ's website _must_ remain in place.
User Contributions:
[ Usenet FAQs | Web FAQs | Documents | RFC Index ]
Send corrections/additions to the FAQ Maintainer: nanae-faq@usenet.twinlobber.org.uk (James Farmer, FAQ maintainer)
Last Update March 27 2014 @ 02:11 PM
|
news.admin.net-abuse.email FAQ (3/3): Understanding NANAE
Search the FAQ Archives
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
news.admin.net-abuse.email FAQ (3/3): Understanding NANAE
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Forum archive ]
Comment about this article, ask questions, or add new information about this topic: