GENERAL FREQUENTLY ASKED
QUESTIONS
-
What is Spam?
-
Why is all this stuff appearing in my mailbox?
-
Why doesn't my ISP do something about
this?
-
This spam says to reply to a remove
address. Won't that take care of the problem?
-
But this spam references legislation
that requires them to honor remove requests.
-
So, what do I do about spam?
-
My address is being used by a spammer,
what do I do ?
-
I have determined
the source of the spam, now what ?
-
When I run a whois on the offending ISP,
it gives me a list of other contact names, should I forward the spam
to them too?
-
We have a poster in our newsgroup that
is very disruptive and obnoxious, can I report him to abuse?
-
This e-mail isn't even addressed to me.
How did I get it?
-
How do I see the complete headers in my
e-mail program?
-
Why don't I
just send a bunch of copies of the mail back to the spammer?
-
How can I
keep the junk mail out of my inbox?
-
On my old ISP
I was able to connect to another mail server to send mail from my other
e-mail account. I can no longer do this. Why?
Spam refers to the same
thing over and over again. It originally applied to massively
cross-posted Usenet articles, but has been
expanded to include most forms of net abuse. It is commonly used to refer to Unsolicited Commercial E-mail,
(UCE), Unsolicited Bulk E-mail (UBE), or Usenet abuse such as commercial posts
in a newsgroup where ads are not welcome, off-topic posts or
cross-posting to more than five newsgroups. The term spam comes from a
skit by Monty Python's Flying Circus.
There are many ways to get on the spammer's mailing lists. Some are
as simple as choosing an unfortunate e-mail address, some are not so simple. A
few of the most common ways a spammer can get your e-mail address are:
Usenet Posting
Many spammers use "bots" to cruise the Newsgroups on Usenet and
collect e-mail addresses. Post to Usenet often and you can almost be
guaranteed of getting on a spam mailing list.
Web Pages
Again, spammers use web-crawlers to search out e-mail addresses located on
web pages.
Mailing
Lists
Many people sign up for mailing lists on subjects that they are interested
in. Unscrupulous people will also sign up on mailing lists in order to
obtain e-mail addresses.
Coincidental
If an e-mail address is used by someone on one ISP, it is fairly certain
than someone else has used that address at some point. This is
particularly true for common words and names. Spammers will use the
front part of the e-mail address and change the ISP name to all the other
major IPSs. So, and address of Jsmith@here.com will get added to the
spam mailing lists as Jsmith@there.com and Jsmith@nothere.com,
etc. If you are
receiving a lot of spam on a particular address try going to dejanews (http://www.deja.com)
Select Power Search. In the author field
enter: name@* then click Find at the top. Leave all the other fields blank.
It should pull the posts in the dejanews archive that match the user name
with a wild card for the ISP. If you turn up a lot of posts, you have a common e-mail address and are
probably receiving collateral spam.
Spam Software
Recently, is
seems that spammers have taken advantage of some hacker/cracker code that was
originally developed to generate passwords lists for breaking into systems.
The code randomly generates lists of possible e-mail addresses using various
combinations of numbers and letters. The spammer then attaches known
ISPs to them to create mailing lists. This helps explain unused and
unusual e-mail addresses suddenly receiving spam.
ISPs have little control over spam which does not
originate from their servers. Some ISPs use programs such as Spam Hippo
to control the amount of spam that enters their newsfeeds; but, filtering out
e-mail spam would be an impossible task. Imagine trying to set up the
criteria to block e-mail spam while making sure that no legitimate messages
get filtered out. As annoying as spam is, not getting legitimate mail
because of the spammers activities would be worse. Face it, do you
really want your ISP deciding what mail you should or should not get?
You can do your own filtering
by setting up the message rules in your e-mail program, or through the use of
third party software such as Spamkiller, Spam Buster, Spam Eater, etc.
Links to these and other spam fighting software packages are in the Spam
Fighting Tools Section of the Useful Links page.
NEVER, EVER reply to a remove address. If the
people sending you the spam were ethical individuals, they would not be
invading your inbox with their junk. Replying to a remove address does
one thing: confirms your e-mail address as legitimate so the spammers
can sell your address to all their friends.
A lot of spammers reference bills such as so-called
Murkowski Bill in order to make themselves appear legitimate. Congress
has not, to date, passed any laws regarding spam. Certain states
such as Washington, California and Virginia have passed anti-spam regulations,
but these tend to invoke penalties for spamming. It is highly doubtful
that a spammer would reference any of these.
The best way to stop the flow of spam is to fight back.
There are many excellent sites that can give you the background information
that you will need to read the message headers and find the source of the
spam. Links to these sites can be found on
this site's Links page.
Once you have the basics down, we here at spam-killers
can provide all the support and advice anyone could ever need. We highly
recommend that you do read through these links first. They will help you
understand the logic and terminology used in spam fighting.
If you find that a spammer is forging your e-mail
address, run, do not walk, to your ISPs abuse
desk. People reporting the
spam to abuse may not check to see if the sending address matches the
originating ISP. Your account could be in jeopardy. Send any
evidence you have of the forgery to the abuse desk with an explanation of what
is happening.
Forward the offending message or e-mail to the abuse
department of the originating ISP. You must include the full headers in
order for the abuse department to be able to act on your complaint.
Refer to your mail or news program's documentation if you need help with
obtaining the full headers.
Most ISPs have adopted the convention of using abuse@
for their abuse departments. Should this bounce, all ISPs
are required to have a postmaster@ address.
No. The contacts shown on InterNIC are not for
use by spam fighters. ISPs have abuse addresses for a reason. It
does your case no good to spam the offending ISP by forwarding the spam to
every known contact address. There are rare occasions of server security
issues, DoS attacks, etc. that might merit communication with an ISP or
server administrator.
Back to Top
Probably not. In most cases, trolling a
newsgroup does not constitute a violation of an ISPs terms of service.
If the poster is making overt threats, continually posting off-topic
information or flooding the newsgroup you may have a case for abuse. If not, the best course of action is for the newsgroup at large to ignore the
troll.
Spammers commonly put their address list in the BBcc:
field, which will not show up in the headers. Many servers and mail clients will bounce messages with empty
To: fields. The spammer may put a dummy address into the To: field, or the
To: field may be filled by the first name on a particular spam run. If a spammer has a huge list of addresses for a spam run, that list
may be parsed into groups of less than 100 in order to get it by the server spam
filters. The first e-mail address on the list will go in the To: field, the rest of the addresses will be put in the
Bcc: field. If your e-mail address is further down the list,
it will end up in the Bcc: section. The e-mail will then appear to
have been sent to someone else.
We have created instructions for some of the most
common e-mail clients. Select the appropriate program below:
Sending mass quantities of mail to an address is known
as mailbombing. It is a DoS
(Denial of Service) attack. Besides
being completely unethical, it will result in immediate cancellation of your
account from 99% of the ISPs. Keep in mind that most From: and Reply To:
addresses are forged anyway. The odds of the spammer actually being the victim
of this attack is minimal. Resorting to unethical and "terroristic"
tactics damages the anti-spam movement as a whole. You will find no
support for this kind of behavior among dedicated spam-fighters.
Most of the newer e-mail clients have filtering
capabilities. Since most spam comes with your e-mail address in the
bcc: field, you can filter the bulk of the UCE by filtering out any mail that
does not have your e-mail address contained in the To: or cc: fields.
If
you are subscribed to any mailing lists, this filter will probably
"catch" those e-mails also. Most mailing lists make use of the
bcc: field to conceal the list members from the unscrupulous. If you can
find a "keyword" that is common to all mail from that mailing list,
you can exclude those messages from the filter.
We recommend that you send the filtered messages to
a separate folder for review, at least until you get the filters functioning
correctly.
A sample filter would look like this (from Outlook
Express 5.0):
Apply this rule after the
message arrives
Where the Subject line does not contain 'Keyword' and
Where the To line does not contain "address1' or address2' or 'address3' and
Where the CC line does not contain "address1' or address2' or 'address3'
Move it to the Questionable folder
