FAQ: Help! I've Been Spammed! What do I do?
Subject: FAQ: Help! I've Been Spammed! What do I do?
Date: 8 Sep 1997
From: gbyshenk@tezcat.com (gregory m. byshenk)
Newsgroups:
news.newusers.questions, news.admin.net-abuse.misc, news.answers
Archive-name: net-abuse-faq/spammed-FAQ
Posting-Frequency: weekly
Last-modified: 1997/08/07
Version: 0.8
URL: http://www.tezcat.com/~gbyshenk/ive.been.spammed.html
Copyright: (c) 1996, 1997 Gregory Byshenk, Chris Lewis
Maintainer: Gregory Byshenk
Help! I've been Spammed! What do I do?
A guide for the beginner.
By Greg Byshenk, based in part on an original by Chris Lewis
Comments welcome.
Posting-Frequency: weekly
Version: 0.8
Last-Modified: 1997/09/07
Text-URL: http://www.tezcat.com/~gbyshenk/ive.been.spammed.txt
HTML-URL: http://www.tezcat.com/~gbyshenk/ive.been.spammed.html
----------------------
1.1: Introduction
1.2: Email versus Usenet spamming
1.3: What is Spam?
1.4: That's not spam!
1.5: A note on "flaming" and other "abuse".
2.1: Ok, I understand that, but what can I _do_ about it?
2.2: Some things _not_ to do.
2.2a: What about "UNIVERSAL" Remove Lists?
2.3: What about messing with my email address?
2.3a: A better solution than munging your address.
2.4: So what _should_ I do?
3.1: Make Money Fast!/chain letters.
3.1a: Other Frauds and Scams.
3.2: Email Spam / Junk Email.
3.2a: I got junk email that wasn't even addressed to me...
3.2b: Someone told me that sending junk email is _illegal_.
3.2c: How do junk emailers get my address, anyway?
3.3: Spam on Usenet.
4.1: Usenet groups for reporting spam.
4.2: Reporting Spam to Usenet.
5.1: When to send a "REMOVE" request.
6.1: Further info.
----------------------
"Spam", either via email or on Usenet, seems to be a growing
problem, and one that hits more and more people, new users
and old hands alike. Unfortunately, the new user may not be
sure about what to do when spammed: some actions are useless
or even counterproductive, while others require a bit of
knowledge to put into practice.
This FAQ attempts to give general suggestions on what you can
do about spam, including how and to whom to complain, and
where you can report spam and learn more, as well as some
recommendations on what _not_ to do.
-----------------------
1.2: Email versus Usenet spamming
For the most part, the general guidelines we'll give here are
common between email and Usenet spamming.
-----------------------
Know your terms! Spam is essentially the same thing posted
many times.
On Usenet, spam is the same (or substantially the same) article
posted multiple times (to many groups, to one group many times,
or to many groups many times). Email spam is the same message
broadcast to multiple recipients who did not request it.
For more details, see
The Net Abuse FAQ, at
URL:
The Current Spam thresholds and guidelines FAQ, at
URL:
and/or The Email Abuse FAQ, at
URL:
FTP:
-----------------------
Yes, there are a lot of annoying, off-topic and stupid postings
out there. But that doesn't make it spam. _Really_. Spam is
almost always off-topic, at least in some of the groups to
which it is posted, but just being off-topic does not make a
post spam.
The defining characteristic of spam is _volume_, and volume
_only_. The content is irrelevant.
-----------------------
1.5: A note on "flaming" and other "abuse".
"Flames" and other verbally abusive posts and emails are _not_
spam. Nonetheless, in sufficiently egregious cases, you may
wish to complain about them. If you wish to do so, you can
use the suggestions below to complain to the administrators of
the site from which the abuse comes. Some providers prohibit
random flames and abuse, and may discipline the person bothering
you.
Note that this is _not_ universal, and the administrators may
tell you to get stuffed. If this happens, there is little you
can do but ignore the messages. Do _not_ report such things
to the news.admin.net-abuse.* newsgroups, which are intended
to deal with abuse _of_ the net (things that are damaging to
the net itself) rather than abuse _on_ the net (such as
"abusive" language that just happens to occur on the net).
Note further that, while harrassment or threats may be illegal,
they are not abuse _of_ the net. If you are being harrassed
or receiving threats via the net, then you should take it up
with the administrators at your provider, and perhaps even with
the police. The readers of the net-abuse groups may be able
to provide assistance in tracking down from where such messages
are coming (if, for example, they are forged), but are not
charged with enforcing civil or criminal law.
-----------------------
2.1: Ok, I understand that, but what can I _do_ about it?
The easiest thing is simply to ignore it. That's what most
people do, and there's nothing at all wrong with doing so.
Doing anything more will require at least a bit of thought and
effort, in part because so much spam is forged or has its true
source hidden in some way, and in part because even reporting
the spam to despammers can be counterproductive if not done
carefully.
So, if you're not interested in expending the effort, feel
free simply to ignore the spam. Don't worry, it almost
certainly will be dealt with in time.
You can even automate (to varying degrees, depending on your
software) the process of ignoring it: use your newsreader's
killfile and/or learn to filter your mail (see "2.3a: A better
solution than munging your address" below).
Another option is to join the Coalition Against Unsolicited
Commercial Email, or at least check out the information they
provide, at
URL:
In addition to providing a lot of information, CAUCE is also
involved in backing legal solutions to junk email. Check out
their site or "3.2b: Someone told me that sending junk email
is _illegal_," below for more on this.
-----------------------
2.2: Some things _not_ to do.
- Don't mailbomb or threaten. Anyone. Especially ISPs.
It's too easy to forge spams in other people's or ISP's
names, or just not be able to read the header right. If
you mailbomb, chances are you'll mailbomb the wrong person.
Recently, a site was knocked off the net due to a revenge
spam. A spammer that was kicked off forged a massive email
spam to look like it had come from the site, and many
people attacked the innocent site -- just what the revenge-
spammer wanted.
So don't. Apart from that, mailbombing can be considered
to be a denial of service attack. In some cases, you could
end up with criminal charges against you. In most cases,
you will be violating the policies of your own site, and
could end up losing your own account.
- If the spam article is more than 4 or 5 days old, _don't_
bother with it -- it's past history. On Usenet, even if
it hasn't already been dealt with, it's probably too late
to despam it. Their ISP probably knows all about it, as
well. So, in such a case, just ignore it.
- Never, _never_, repost or remail the spam where you
found it. Especially with chainletters -- your group
already got hit with it, so why make it worse?
On usenet, the only place one should repost spam is in
one of the news.admin.net-abuse.* groups (see "4.2:
Reporting Spam to Usenet" below).
- If you get email spam with a long CC: list, do _not_ under
any circumstances issue a "reply all". Doing "reply all"
in this situation can actually result in a virtually
unstoppable mail loop. This applies even more if the
From: addresses appears to be a mailing list exploder
(such as a "listserv" or "majordomo" address). If you
reply to one of these, hundreds or perhaps thousands of
people will see your complaint. And complain to you.
Etc.
- This is not a definite "rule", but it is the considered
opinion of those who deal with it that you should _not_
send in a "REMOVE" request when you recieve junk email
(except in a few special circumstances: see "When _should_
I send a REMOVE request?" below), even if the junk email
says that you can be removed from the mailing list by doing
so.
The reason for this is that, in far too many cases, sending
a REMOVE request is ineffective: even if the junk emailer
actually _does_ remove your name from their current list,
when they rebuild their list the next time, you will be
added right back in again. In addition, there is some
evidence that some junk emailers use REMOVE requests as
addresses to be _added_ to their mailing list.
So don't waste your time.
-----------------------
2.2a: What about "UNIVERSAL" Remove Lists?
The latest thing these days is that junk email will arrive
with instructions on how to not just have your name removed
from future mailings by the current joker, but also to have
your name added to a "universal" REMOVE List.
Should you sign up? The best answer is probably the same one
given above: "don't waste your time." Why? Because a
"universal" remove list will most likely be just as much a
waste of time as a plain ol' ordinary REMOVE List. In the
first place, there are several "universal" remove lists, none
of which are truly universal. In the second place, there is
no evidence that being on a "universal" remove list does
anything at all to reduce the amount of junk email sent to
you.
The best known (so far, anyway) "universal" remove list is
that produced by the Internet Electronic Mail Marketing
Council (IEMMC). You may have seen references to this
group in the headers of junk email you've received, along
with comments about "responsible email marketing" or some
similar twaddle.
If the fact that the IEMMC is made up of the most abusive
junk emailers on the net were not enough to raise serious
doubts about the value of the organizations "universal"
remove list, the evidence that IEMMC members themselves
show no interest in abiding by the remove list or any other
of the IEMMC's rules should be sufficient to consider
signing up to be a waste of time.
You can get the IEMMC's side of the story (if the site is
up -- very often it is not) at:
URL:
Reasons for ignoring what the IEMMC says are available at
Tom Betz's "Proof That AGIS Lies pages" at:
URL:
There are other lists and organizations that claim to be
able to remove your name from the junk emailers' mailing
lists, such as that of Aristotle, at:
URL:
but I have seen no evidence _whatsoever_ that any of them
accomplish anything at all.
-----------------------
2.3: What about messing with my email address?
It is becoming rather common for people to mess up their email
address when they post to Usenet, so that the headers say it
came from "no.spam@no.spam.org", "gbyshenk@tezcat.NOSPAM.com",
or "gbyshenk@REMOVE.THIS.TO.REPLY.tezcat.com". The reason for
this is to foil the address-gathering bots that junk mailers
use to cull email addresses from news spools. Certainly the
actions of the junk emailers are unacceptable, but it is not
clear that messing up headers is any better.
I am unhappy (as are quite a few others) with this state of
affairs. In the first place, it is a violation of RFC 1036,
which requires that the From: line of a Usenet post contain
the address of the person sending the post. In the second
place, it can make even the appropriate replies to a post
difficult or impossible to send. Finally, if the address is
messed up in the wrong way, it can lead to further problems
down the road.
But it is fairly common. If you _are_ thinking of messing
up your address, however, there are a few guidelines to keep
in mind:
- Make sure that doing so does not violate the policies of
your provider. Some providers require that posts contain
a real, deliverable email address, and in such a case,
messing yours up could cause you to lose _your_ account.
- Make sure that however you mess with your address, you
make it _obviously_ wrong. For example,
"gbyshenk@REMOVE.THIS.TO.REPLY.tezcat.com" is obviously,
wrong while "gbyshenk@tezcat.foo.com" looks just like a
real address. Something like "gbyshenk(at)tezcat(dot)com"
should also fall under the heading of "obvious".
- Whatever you do, it is polite (at least) to include a way
to decode your address, perhaps in your .signature. You
could say: "to reply by email, remove REMOVE.THIS.TO.REPLY
from my address." The point, here, is to do something
that makes it difficult for a 'bot to read your address,
while making it easy for your readers to figure it out.
- Don't use a totally bogus address. That is, unless your
email address is actually no.spam@no.spam.org, then you
shouldn't put that in the From: line of your posts. This
just makes you completely unreachable by others; the best
spamblockers are those that block the spammers' 'bots,
while not making it overly difficult for real people to
reply to you.
- Make sure that you aren't accidentally including a _real_
deliverable address or domain. This can be a problem
with what you think are totally bogus addresses:
nowhere.com, for example, is a real domain, and the folks
there have no more desire to recieve boatloads of junk
email than do you.
- Make sure that the address you use is _totally_ undeliverable.
The reason being that, should the address be collected by
a 'bot, you don't want to be wasting resources on your
machine or that of some other innocent party while it
tries to deliver the junk email.
For example, "gbyshenk@REMOVE.THIS.TO REPLY.tezcat.com"
is ok on these grounds, because there is no host with
that name at tezcat, which means that the mailer will
just bounce the mail immediately.
"gbyshenk.REMOVE.THIS.TO REPLY@tezcat.com", on the other
hand, is _not_ a good idea, because (depending on the
mailer) the mailer at tezcat.com may spend its time trying
to find the user named "gbyshenk.REMOVE.THIS.TO REPLY",
which wastes the resources of your own provider. Indeed,
if you put a spamblocker _before_ the "@" in your address,
some mailers may even deliver the mail to you.
Of course, none of the above should be taken as _approval_ of
messed-up email addresses. I think it is a bad idea and certainly
do _not_ approve of doing it.
I recognize, however, that some people are going to mess up
their addresses regardless of what I or anyone else thinks.
I include the suggestions above because following them will at
least serve to limit the damage caused by bad addresses.
-----------------------
2.3a: A better solution than munging your address.
A better way to deal with the problem is to filter your mail.
You can use something like Procmail (mail filtering software
for UNIX machines) or the built-in capabilites of your mailer
(most mailers have at least minimal filtering abilities).
Filtering will usually take at least a bit of effort, but the
results can be quite good. For more info, check out the
Filtering Mail FAQ, available through the Infinite Ink FAQ
Launcher, at
URL:
URL:
You can also ask your provider to block out the more insistent
junk email sites. AOL allows you to reject such mail using
AOL's filters, and many providers will block sites that send
nothing but junk email. Some others provide site-wide filters
that you may choose to use.
There are also some more-or-less automated mail-filtering
solutions.
- Adcomplain, by William McFadden, is a bit of software
for UNIX, that automatically composes and mails complaints
about various types of spam. It is available at:
URL:
- Also for UNIX is the NAGS Spam Filter, available from
Netizens Against Gratuitous Spamming, at:
URL:
- And there is a similar program for PCs called "Spam Hater",
available from Net Services at:
URL:
- Finally, for those who use Netscape to read mail and
had despaired of being able to filter out junk mail,
there is a piece of software from Voidstar Systems
called NS-Route that would appear to allow at least some
minimal filtering for Netscape. You can find it at:
URL:
-----------------------
2.4: So what _should_ I do?
There are a number of possible actions that can be taken,
varying somewhat depending on whether the issue is usenet spam,
junk email spam, or a chain letter, and also depending on how
much work you want to do.
Some general rules:
- In most cases, it is best to report spam to the "postmaster"
or"abuse" address at the site where the spam originated,
and not to reply to the person who sent it. The reason
for doing so is that the vast majority of spam is produced
by people who know quite well that it is annoying and abusive,
but simply don't care, so there isn't much point in letting
them know that you find it annoying and abusive. The only
response that complaints will garner is an abusive one, or
more spam.
It is generally better and more productive to report spam
to the administrators of the site from which the spam came.
Spamming violates the Terms of Service (TOS) or Acceptable
Use Policy (AUP) of most sites, and the administrators
are the ones who are best able to deal with it. In addition,
responsible administrators will want to know if one of
their users is spamming.
- The easiest (although not always the best) place to complain
to is the "postmaster" address at the site where the spam
was sent. This will often (though not always) take the
form: postmaster@site.xyz, where the spam was sent by
spammer@site.xyz. That is, if the spam was sent by
bulkmail@cyberpromo.com, the postmaster address would be
postmaster@cyberpromo.com. The "postmaster" address is
required by RFC 822 for all machines from which mail is
sent, and mail sent there should reach some appropriate
person except for the most worthless, abusive sites.
[Note: cyberpromo.com is used above only as an example.
Cyberpromo is one of the _most_ obnoxious junk email
sites, and sending to postmaster@cyberpromo.com is (at
best) equivalent to sending your mail to the trash (at
worst, it could get you on _more_ junk email lists).]
In addition, many sites also provide an "abuse" address,
which is often in the form: abuse@site.xyz. It generally
won't hurt to try to send a response to the abuse address,
since mail to "abuse" will often get to the right people
more quickly than will mail to "postmaster". Unfortunately,
mail to "abuse" may bounce when the site doesn't use this
address, and some sites have created their own rather odd
names for reporting abuse. If you are interested in sending
to the right address, a list of proper reporting addresses
is available at:
URL:
FTP:
- And there's another problem. The From: and Reply-to:
addresses in email and on usenet are extremely easy to
forge, and many (if not most) spammers use this factor
and spam using forged addresses.
Figuring out where such a spam came from requires knowing
something about how to read headers, which is beyond the
scope of this FAQ. Fortunately, there is another available
that covers just this subject:
The alt.spam FAQ or "Figuring out fake E-Mail & Posts", at
URL:
Another guide to reading headers and figuring out where to
complain (targetted especially toward spam) is:
The Anti-Spam How-to, at
URL:
- Also useful in this area is "How To Complain To The Spammer's
Provider" from the abuse.net folks, which provides a good
introduction to how and to whom to complain about spammers.
Find it at:
URL:
The folks at abuse.net also provide a complaint service. If
you register with them, you can send any junk email to their
address and they will forward it to the most likely complaint
addresses. Info on the service is at:
URL:
- If you wish to go it alone, a good way to track down info
about the source if spam is the "Sam Spade, Spam Hunter"
ACME Address Digger, at:
URL:
The address digger provides access to a bunch of useful
tools for tracking the source of spam, all in one
convenient location.
- Whenever and wherever you complain, _always_ include the
_full_ headers of the spam about which you are complaining.
Without full headers, it is generally impossible to be
sure from whence the spam really came; because so much
spam is forged, just the From: line isn't enough.
- Apart from complaining to the source, you can also report
spam to the usenet newsgroups where the despammers hang
out. You can also get help in figuring out spam yourself
from some of the "old hands" reading these groups. (See
"Usenet groups for reporting spam" below.)
-----------------------
3.1: Make Money Fast!/chain letters.
The easiest spams to deal with are probably chain letters
(generally referred to on the net as "Make Money Fast" or MMF,
due to that being the subject of one of the more common chain
letters):
- Be sure that you understand what chain letters are - see
the URL below.
- There are only a few different varieties: "Charles Kust",
"Dave Rhodes", Recipes, another that goes like "I found
it!", and a new one that tells you to "Post the article
to at least n newsgroups", where "n" is most often 200.
- The first time you see a chainletter, report it _only_
to the originator and/or their postmaster . _Never_ repost
it or followup to it in the group where you found it.
A chain lettter is one case when it doesn't hurt to respond
to the one who posted it. Because these are actually
_unlawful_ in the US (see the URL below), they are generally
posted only by those who don't know any better, and letting
the one who posted it know is usually enough.
- Write your message reasonably politely. One possible
message could be:
Hi,
Please be aware that your message (included below) is
both spam (one of many thousands of copies posted), and
an illegal chain letter fraud. Please stop posting
them immediately, and cancel them if you can.
Please read the following URL for a full explanation
of the legality of these messages:
http://www.usps.gov/websites/depart/inspect/chainlet.htm
------------------------
3.1a: Other Frauds and Scams.
Various other forms of fraud may be unlawful, as well, and they
do not magically become lawful by being disseminated via the
net.
For example: dealing in securities (stocks, etc.) is pretty
strictly regulated, and someone touting stocks via spamming
is probably at least close to the legal edge; health claims
made for any drug are regulated and must be demonstrated, and
someone spamming the health benefits of their product probably
does not have FDA support; there are certain legal requirements
regarding what is a legitimate Multi-Level-Marketing program
(as opposed to being an illegal pyramid scheme), and the _vast_
majority of so-called "MLM" programs advertised via spamming
do not meet the legal test, thus being illegal; etc.
There are a number of email addresses to which you can forward
information on suspected fraudulent offers:
pyramid schemes (FTC)
postal fraud (including
chain letters)
fraud office (IRS)
food/drug fraud (FDA)
National Fraud Info Center
More information on fraud is available from the Internet
Consumer Fraud Information Service, at:
URL:
For chain letters originating in Canada, or using Canadian
mailing addresses, you can try:
Bureau of Competition
Or use the fill-in form on the RCMP web site, at
URL:
------------------------
3.2: Email Spam / Junk Email.
Email spam is easy to identify -- if you receive some junk mail
that you didn't ask for or end up on a mailing list that you
didn't ask to be put on, then it's spam -- but identifying its
source can be much more difficult.
The problem here is that junk emailers all know that everyone
hates to receive junk email, so they have become quite creative
in forging their addresses. Some junk emailers for hire offer
"flame-proof mailboxes", and Cyberpromo (one of the big junk
emailers who tried to get an injunction barring AOL from blocking
mail -- and failed) has gone so far as to create whole new phony
_domains_ to send junk mail from in an attempt to get past people's
mail filters.
So, in order to complain effectively about junk mail, you will
need to learn at least a little bit about reading headers; just
sending to postmaster@sendingdomain.xyz will more likely than
not just cause your mail to bounce.
But there is one trick that sometimes works. Because junk emailers
generally want to sell you something, they have to give you some
way to contact them. So you can check out the _body_ of the
message, which will very often contain an email address or a
web page to go to for "more information". And you can try
complaining to the postmaster at the domain in _that_ address.
And you could always check out the URL above (under "So what
_should_ I do?") and learn to read email headers.
Finally, you can report junk email spam to news.admin.net-abuse.*
on usenet and let the despammers take a crack at it (see "Reporting
spam to usenet" below).
And, remember, _always_ include full headers whenever you complain.
------------------------
3.2a: I got junk email that wasn't even addressed to me...
This probably wasn't a "mistake", but mail sent using the Bcc:
header.
What the Bcc: (Blind Carbon Copy) header does is send email to
an address without including that address in the mail when the
recipient finally gets it. Some junk emailers use this feature
to send the same email to hundreds or thousands of different
people without having a To: or Cc: list that is hundreds or
thousands of lines long.
What the recipient sees is a piece of email that is addressed
To: someone else. Some junk emailers even try to make their
junk mail look like it was personal mail intended for someone
else that "accidentally" got mailed to you. Don't be fooled.
There isn't any way that mail sent to someone.else@somewhere.
else could end up in your mailbox "by mistake". (If your ISPs
mailer is messed up, it might be possible for mail addressed
to someone.else@your.domain to arrive in your mailbox, but mail
sent to some other ISP should _not_ end up in your mailbox.)
------------------------
3.2b: Someone told me that sending junk email is _illegal_.
- Maybe that person was right... then again, maybe not.
[note: this section on the legality of junk email is almost
entirely US-centric, for a number of reasons: 1) so far as
users on the net are concerned, the US is still the big boy
on the block; 2) the overwhelming majority of spam on the
net originates in the US (even if it might be sent to those
outside the US or pass through sites outside the US on the
way to its destination); and 3) I am not a lawyer even in
the US, and any attempt to cover legal issues outside the
US would be well beyond my abilities. That said, it should
be noted that just _sending_ junk email may be a violation
of the law in some countries; spammers and spammees should
check their local laws.]
As of July, 1997, there is movement on this front: whether or
not junk email _is_ illegal now, at least certain forms of it
may become so in the near future.
There have now been introduced _three_ different bills dealing
with junk email: HR 1748 by Chris Smith in the House of
Representatives, S 771 by Murkowski in the Senate, and S 875
by Toricelli also in the Senate.. They are not at all the same:
the Murkowski bill bans address-forging and requires the use of
keywords in junk email, but permits its sending; the Toricelli
bill requires that junk emailers remove you from their lists if
you so request, but still permits them to send it until you
"opt out"; the Smith bill amends the "Junk Fax" law to prohibit
unsolicited commercial email, but does not prohibit non-
commercial bulk email.
The text of the Murkowski bill is available at:
URL:
the Torricelli bill at:
URL:
and the Smith bill at:
URL:
More information on these bills is available at:
URL:
URL:
and at the Coalition Against Unsolicited Commercial Email's
site, at:
URL:
CAUCE supports the Smith bill.
There has also been considerable discussion of these bills
in the news.admin.net-abuse.email Usenet newsgroup.
Until such time as a new law is enacted, the legal status
of junk email remains unclear.
- One reading of the "Junk Fax" law (US Code, Title 47,
Sec. 227) is that, because of the way if defines "fax
machine", a computer with a modem and printer is a fax
machine under the law, and thus, sending junk email to
such a computer is a violation of the law.
On another, equally plausible reading, the "Junk Fax"
law cannot possibly apply to email, because (among other
things) if it did, then just about _every_ email message
would be a violation.
Because there has not yet been any judgment by a court on
this matter, the question remains open. In any case, junk
email has _not_ (yet, anyway) been held to be illegal by
a court, which is what matters where the law is concerned.
If you wish, you can read the relevant parts of the law
yourself at:
URL:
- There are those who have attempted to collect "proofreading"
or "data storage" fees from those who send junk email, by
giving notice that they will charge fees for junk email
received.
As in the case of the "Junk Fax" law, however, there has
not yet been a judgment by a court that such charges are
legally enforceable. In addition, many knowledgeable people
argue that any such notice cannot be considered a binding
contract.
- In addition, it is _possible_ that some junk emailers could
be in violation of fraud statutes when they forge their
messages to appear to come from sites other than their own.
Again, this has not, to my knowledge, been tested in court.
- Finally, there is the possibility that the "Junk Fax" law
could _explicitly_ be extended to embrace junk email, as is
proposed in the Smith Bill (HR 1748). Until such a bill is
actually _passed_, though, it has no force.
- So, the answer so far is: the possibility of junk email
being declared illegal remains open, as (again, to my
knowledge) no court has expressly _rejected_ the arguments
above, but neither has any court ruled that junk email
_is_ illegal.
The current status of Cyberpromo v. AOL suggests that no
one has the "right" to send you email, but this means
only that you can block attempts by anyone to send you
email, not that they can't try to send it to you.
- Also available is a somewhat longer discussion of the ways
to respond to junk mail using legal means, provided by a
reader, at:
URL:
- And, finally, there is an excellent review of the legal
issues involved in UCE by Michael W. Carroll in the Berkeley
Technology Law Journal, at:
URL:
- All that said, remember also that even if just sending
junk email is not illegal, the mere fact that something
occurs via email does not mean that other laws do not
apply. Chain letters and other forms of fraud are
unlawful even if the communication occurs via computer
(see 3.1 and 3.1a above).
------------------------
3.2c: How do junk emailers get my address, anyway?
The most common source of email addresses seems to be posts to
usenet. It is fairly easy to use or write a program to collect
From: addresses from usenet posts, and if you post to usenet,
it is likely that your email address will be collected.
Some mailing lists allow anyone to get a list of subscribers,
and it is possible that your email address was collected in
this way if you are on a mailing list.
Some machines allow outsiders to collect users addresses, and
this is another possibility.
Finally, once you are on one list, that list is quite likely
to be sold to other junk emailers or for a junk emailer for-
hire to use the same list to send junk email for large numbers
of people.
------------------------
The first thing to do with spam on usenet is to be sure that
it actually _is_ spam. Remember, what makes something spam is
that there are _lots_ of copies. You'd be surprised how many
people will post one, but only one, wildly off-topic article
into one group. Remember, a single post, no matter how wildly
off-topic, is not spam.
If you see a single massively cross-posted article (typical
multi-group trollbait), it probably _isn't_ spam. Such massive
crossposts may be supremely annoying, but a crosspost (even a
massive one) is only a single copy of the article on the news
server, so it isn't the same thing many times.
- You may wish to report even a single massively cross-
posted article to the poster and their ISP, as some people
post such articles without meaning to be abusive, and some
ISPs have policies against such posts.
Be prepared for a nasty response, though. There are people
who enjoy massively crossposted trolls and post them just
to muck things up on Usenet, and there are many ISPs who
see this as sufficiently close to attempting to control
content that they will not get involved.
You can't really consider something spam on usenet unless you
see multiple copies of it, either the same thing posted multiple
times (with different message-ids) in one newsgroup or posted
individually (not crossposted) to multiple newsgroups. In short,
if you don't see more than one copy, you can't say that it's
spam.
- The one exception to this rule is the "alpha-spam", which
is the practice of attempting to post to _every_ usenet
group (in alphabetical order, hence the name). If you
see something that looks like:
Newsgroups: alt.conspiracy.netcom,alt.conspiracy.usenet-cabal,
alt.construction,alt.consumers.experiences,
alt.consumers.free-stuff,alt.corel.graphics,alt.cosuard,
alt.coupons,alt.cows.moo.moo.moo,alt.crackers,alt.cracks,
alt.creative-cook,alt.creative-cooking,alt.cuddle,
alt.cult-movies,alt.cult-movies.evil-deads,
alt.cult-movies.rocky-horror,alt.culture.alaska,
alt.culture.argentina,alt.culture.austrian,
alt.culture.bullfight
then it's _probably_ an alpha-spam, and, thus, a spam.
If you see something that you think _might_ be spam, and you
want to get a better idea, you can check with dejanews, at
URL:
You can go to dejanews and do a search on the subject of the
post you're wondering about: if dejanews shows that the same
article has been posted 20+ times, then it is definitely spam.
Complaining about usenet spam is more or less the same as
complaining about email spam.
- You can try complaining to the postmaster or abuse
addresses at what seems to be the poster's site, but
usenet spams are forged so often that this will often
be unsuccessful.
- You can learn to read usenet headers so that you can
get a better idea of where forged posts _really_ came
from (again, check out the URL above under "So what
_should_ I do?").
- You can report the spam to the despammers reading the
news.admin.net-abuse.* groups.
And _always_ include full headers whenever and wherever you
complain.
-----------------------
4.1: Usenet groups for reporting spam.
There is a whole hierarchy, news.admin.net-abuse.*, related
to spamming and other net-abuse. Each of the groups in this
recently reorganized hierarchy has a specific function, and
reporting of spam will be most useful if it is done in the right
place. The relevant groups are:
- news.admin.net-abuse.sightings (nanas) - A group specifically
and only for the reporting of cases of net abuse (including
spam), this is _the_ best place to post reports of spam to
usenet. nanas is robomoderated, and posts to nanas must
have the Followup-to: line set to either nanau (for reports
of usnet spam) or nanae (for reports of junk email spam).
Further info on nanas should be available from "The
news.admin.net-abuse.* Homepage," at the URL below.
- news.admin.net-abuse.usenet (nanau) - A group primarily
for _discussion_ of net abuse on usenet, including spam.
Followups to reports of spam on usenet are directed to
nanau, but nana.sightings is a better place for the first
report.
- news.admin.net-abuse.email (nanae) - A group primarily
for _discussion_ of net abuse via email, including spam.
Followups to reports of spam via email are directed to
nanae, but nana.sightings is a better place for the first
report.
- news.admin.net-abuse.policy, news.admin.net-abuse.bulletins,
and news.admin.net-abuse.misc also exist, but are of less
relevance in terms of reporting spam.
- More info on the news.admin.net-abuse.* hierarchy is available
at "The news.admin.net-abuse.* Homepage," at
URL:
------------------------
4.2: Reporting Spam to Usenet.
General guidelines:
- On Usenet, the only places where you should post copies
of spams are in "abuse" groups designed for it. Such as
news.admin.net-abuse.usenet (nanau), news.admin.net-abuse.email
(nanae), or news.admin.net-abuse.sightings (nanas).
- If you do copy spams to abuse groups, ensure that the
posting is a proper "followup" format, with ">" or "|"
indentation. If you don't, then your posting might be
considered part of the original spam and cancelled by the
despammers.
- Check nanas/nanau/nanae first to see if the spam already
has been reported. If it has, consider not reporting,
unless you have additional information to add, such as
different From: or Received: lines, paths, etc. Posts
with different headers can be useful in better analysis of
the origin of a spam, but a bare "I got one, too!" adds
nothing of value.
- Be sure to include _all_ headers. Without full headers,
it is usually impossible to tell for certain where a spam
really came from, and little can be done about it.
Make Money Fast! Chain Letters:
- Do not report first-time MMFers to nana*. Most
administrators will reeducate their users when they're
notified. The URL above (in the sample MMF complaint
letter) will reform 99.9% of the remainder.
- If you see more MMFs from the same person more than a day
or two later, _then_ report it to nanas. And, when reporting
it to nanas, include no more than the headers, the first
paragraph,and the list of suckers. There are only a few
basic variants of the letter, and the despammers have seen
them all, more times than they would like. Posting the
full letter is just a further waste of bandwidth.
Junk Email Spams:
- Always check nanas/nanae _first_. If the spam has already
been reported, don't bother reporting it again unless you
have something new and important to add.
- If you've complained to the site from where the spam was
sent, and received a useful response (saying, for example,
that the sender is being dealt with), then consider not
reporting the spam to nana*. Any site can have an occasional
junk emailer, and if the administrators deal with the problem,
it isn't really necessary to publicize the junk mail. And
this leaves nana* free to concentrate on the problem sites
and dedicated spammers.
- Always include full headers, especially the Received: lines.
Usenet Spams:
- Always check nanas/nanau _first_. If the spam has already
been reported, don't bother reporting it again unless you
have something important to add.
- Don't report any potential spams to nanam unless you are
pretty darn sure that it really is spam. If you don't see
at least two separately posted copies in at least 4 groups
total, then you can't be sure.
- If it doesn't appear to be "it's everywhere it's everywhere!",
consider reporting only to the user and their ISP. In such
cases, the article is probably not something that the
despammers can do anything about, and reporting it on
usenet is just a waste of your time and a further waste
of bandwidth.
- Always include full headers.
------------------------
5.1: When to send a "REMOVE" request.
There are at least three cases in which you may, despite what
is said above (under "Some things _not_ to do"), wish to send
in a REMOVE request to a junk emailer.
- Some people are attempting to _bill_ junk emailers for
the use of their equipment to receive and store junk email.
I don't put much faith in the success of such efforts
(see 3.2b above), but if you choose to attempt this route,
you _must_ let the junk emailer know that you plan to
charge them.
If there is to be any chance of collecting, you will
need something that at least _could_ be a contract: if
the junk emailer isn't even _aware_ of your charges, it
will be nigh on impossible to convince a court that the
junk emailer has agreed to them.
Technically, such a message would not need to be a REMOVE
request -- it could be a notification of the archiving
charges and a notice that further mail will constitute
acceptance of the terms -- but the terms must be communicated
to the junk emailer.
- Some people are arguing that the continuing sending of
junk email messages constitutes "harrassment". It is
possible that continuing to send junk email after a request
to cease _could_ be considered harrassment, but such a
charge would require at the very least that the one being
harrassed tell the harrasser to cease. If you haven't
told the junk emailer to stop sending mail, then you won't
have much to stand on in a harrassment complaint.
- Some junk emailers are attempting to (and, in some cases,
succeeding at) snowing providers by claiming to be
"responsible" junk emailers. One supposed hallmark of
being a "responsible" junk emailer is that one actually
_honor_ REMOVE requests.
If you wish to convince such a junk emailer's provider
that the junk emailer is _not_ "responsible", then
demonstrating that they do _not_ honor REMOVE requests
(by showing that they continue to send junk email after
receiving a REMOVE request) may succeed.
Of course, in some cases, the provider doesn't really care,
and even such a demonstration of lack of responsibility
will accomplish nothing: anyone who buys the "responsible
junk emailer" defense probably won't take action even when
the defense is shown to be a sham. In addition, acceding
to the demands that you should send a REMOVE request also
serves to legitimize sending the junk email in the first
place, something that many people find completely unacceptable:
if everyone wanting to sell something were to send you just
_one_ junk email, you would spend all of your time sending
REMOVE requests.
------------------------
- If you wish to start tracking spam, there are lots of sources of
information. Some of them are:
The Net-Abuse FAQ, at
URL:
the Internet Spam Boycott, at
URL:
The Coalition Against Unsolicited Commercial Email, at
URL:
the Network Abuse Clearinghouse, at
URL:
Fight Spam on the Internet, at
URL:
the SpamFAQ, at
URL:
Stop Junk Email, at
URL:
the Stop Spam FAQ, at
URL:
- In addition, I have quite a few links to information, tools, and
suggestions at
URL:
--
gregory byshenk "Help! I've been Spammed! What do I do?" at
chicago, illinois usa
gbyshenk@tezcat.com
gbyshenk@prairienet.org Take a bite out of SPAM!
Last-modified: Wed, 17 Sep 1997 11:01:15 GMT