I didn't see the weather forcasting of the famous ground hog Punxsutawney Phil on February second, but this month certainly seemed to usher in a veritable blizzard of bad weather in the form of spam, at least in my mailbox. The internet watch gurus have been strangely silent about this storm, but I'm sure it's not just happening to me.
Ground hog seeing shadow or no, something happened around the first of February. Suddenly I was getting as many as five spam messages a day in my mailbox. Since I try not to get too intimate with the nuts and bolts of programming, which to me the full headers of e-mail look suspiciously like, I have never considered e-mail headers very exciting reading.
But with the stuff landing in my mailbox with such great regularity, I decided to take action -- and that action was not to mail the spammer and tell them I wanted off their list. I had read enough discussions of spam to know that was the last thing anybody should do. If anyone tells you to e-mail the spammers, take a look at Randy Cassingham's Spam Primer.
For some reason, the technical support people, at least at my ISP, tend to advise ignoring spam or deleteing it. And that had worked for several years now. But the problem had reached a point where I no longer wanted to do this but I didn't know how to go from doing nothing to doing something constructive about it.
As I was contemplating just how much time I wanted to invest in learning how to be proactive with spam, I helped a friend get connected to the internet and begin using e-mail. We activated her account, got her e-mail program working. She sent a message to a couple of her kids and I went home and sent her a test e-mail. I went back the next day to walk her through logging on and check her mail. Much to my amazement, along with the test messages were two spam letters. This struck me as bizarre indeed. How did spammers even get her e-mail address this quickly.
After this incident I decided whatever time it took, this spam needed to be reported.
I e-mailed my ISP about the growing problem, asked if they had noticed it, specifically asked why my friend had gotten spam so quickly, and waited for an answer. The advice? Tech support for this ISP had advised e-mailing the spammer to be taken off the list. Aaaargh!
Besides writing back to my ISP and indicating this was probably the last thing anyone should do with spam, I also reminded them that my questions remained unanswered. Why this sudden blizzard of spam? Why spam in a mailbox that wasn't yet 24 hours old? I didn't know much about headers, but I did recognize the lack of a name in the "To:" field, where there was nothing but an open and closed parentheses, as unusual. And I noticed that the spam went directly to my ISP's provider -- so it looked for all the world to me like someone within the ISP provider was trolling for addresses.
Time, I decided, to learn a bit more about spam.
If you really want to know about the ins and outs of spam, spend some time at Pete Moss Publishing's "Spam News" site, where you will find a list of spam FAQs, directions for sending complaints to ISPs, and information about how to keep your name concealed while using the more popular e-mail list software around the net such as Majordomo, LISTSERV, and Lyris. Be aware, though, that posting to a list will make your name and address public, especially if the lists are archived on the web.
Up to now it's been no problem for me to delete most of the spam I get, and in the rare case of really obnoxious stuff, to send a copy with the full header to my local ISP. I didn't know that ISPs generally use "abuse@[your local ISP net address]" for users to report spam. After all, I was simply being told to ignore the stuff.
If you do report a message to your local ISP at their abuse@ address, you will need to expand the mailing address in your e-mail. With Eudora, that is the "blah blah blah" toggle at the top of the message. Click on it and you will get a complete path of where the message came from and what servers it went through to get to you. Your ISP can block e-mail from the offending server from your mail address if they have the full header. Would that tech support knew about such wonders!
A lot of spam was coming into my mailbox from hotmail.com, usa.net, and aol.com. This makes sense, because these organizations offer free e-mail accounts. Anyone can sign on, promise to abide by the rules, than spam the world until someone complains and they are bounced off. So they sign on somewhere else free under a bogus name and do the same again.
Since these sites offer free e-mail, I checked them out to see if there was a convenient way to report spam to them. Hotmail had a page of contacts which clearly told you how to report spam by using email@example.com. Neither aol.com nor usa.net had any place to find out about reporting spam. When I e-mailed usa.net that I couldn't find any sign of anyone to report spam to on their site, I got an indignant e-mail back that they did not condone spam. Conveniently missing my point. No mention was made of using firstname.lastname@example.org to report spam.
After notifying Hotmail of the abuse by following their instructions, they acknowledged the complaint, reiterated their determination to prevent this kind of usage, and told me they had canceled this account. To make this complaint, all I had to do was paste the complete copy of the spam with the expanded header into an e-mail, tell them I didn't like unsolicited mail, and send it off. I did not have to be able to decipher the expanded routing address, which was great.
With a web search, I quickly turned up the Network Abuse Clearing House and learned a lot about spam there. At this site you may search for known e-mail addresses for ISPs by name or by number, but if you want to send a spam complaint through this site to be forwarded to offending servers, you will need to register.
Using the resources at the Network Abuse Clearing House site means you have to search around in the expanded header and figure out which numbers or names to look up, and this can get to be several addresses if the e-mail has been passed around a lot of servers. It took me quite a while to figure out how to really use this site effectively and my first reporting attempt was incorrectly addressed and bounced, but I eventually got the hang of it.
The Network Abuse Clearing House provides a lengthy list of programs you can download and install on your machine to automate the process of figuring out all these server addresses, but I really didn't want to deal with trying trying to set up software to do this. And anyway, it wasn't clear if any of them worked on a mac (Pete Moss's site does have a list of Mac filters). Tucows also provides anti-spam filters at their various associated sites.
Luckily, I turned up Spam Cop in my searching and following of links. Here's that automatic message generator sitting handily right there in my browser window ready for me to paste in a copy of the spam. After you paste in a copy with the header expanded, you click on the "parse" button and the program tells you which servers are involved and whether there have been complaints about these servers before. After you've seen the analysis, you can decide whether to send the automatically generated complaint or not. Click the button, and it's done. There are no longer several e-mail messages to generate for each server and my mailbox isn't full of numerous notes to various ISPs. Nice, clean, and simple.
Many of the ISPs I contacted e-mailed back and were happy to have the information I sent. For the most part, they are as determined to stamp out spam as any of us, but unless you take the time to notify them, they may miss some of what's going on.
And yes, I'm still waiting for answers to my questions from my ISP.
Comments and suggestions are welcome.
Return to List of Articles
Return to Document Design Home Page
This page and all the images on it are © Copyright 1996, 1997, 1998, 1999, 2000, 2001 Whiskey Creek Document Design. All rights reserved.