http://strom.com/awards/300a.html
My essay this morning on "Fighting Spam" got many replies, and I wanted to share a couple of thoughts with you. First off, the essay wasn't really about "fighting" spam but avoiding it. A few correspondents had some great suggestions on how to really put up a fight.
First off, several people suggested ISPs that make
use of anti-spam filtering software such as Postini. One that was mentioned was
Hargray Communications/InterStar. By staying with
an ISP who turns a blind eye to spammers, you are contributing to the problem,
Second, take
spammers to court. Spam is illegal in 26 states now.
Tood
Hooper filed over twenty court cases in Washington small claims court this
year,
and won or settled every one of them. He tells me: "I represent myself, and the total cost of filing the
case, serving notice and hiring a collection agency (if needed) is usually less
than $50 per case, so it's a low risk endeavour."
"Here in WA, the damages are $500 per email, and small claims allows cases up to $4000. In fact, this nice new P4 laptop I am typing on was paid for by spammers." Hey, it's a living.
Finally, there is the technical anti-spam route. Here
is a report from another reader:
You can
buy spam filters until you're blue in the face, but you won't
stop
spam, and you'll just end up becoming an email filtering wizard.
Instead,
consider fighting spam. It can be done; I try and kill at least
two
spammer accounts per day. It doesn't take much effort to do, and you
get the
occasional reward message from an ISP occasionally that helps
reinforce
you. No, it's not a Quixotish action, it's a necessary
responsibility
to contain spam.
You can
use manual spam-fighting tools, or automated ones. The best
automated
one that I've seen so far (but runs only on Windows for now)
is
SamSpade 1.14. It's a freeware tool kit that contains a most
important
tool called a message header parser.
Every
email message has a header. Most every spam has a header that's
forged
somehow to obscure the true origin of the message. By using the
parser,
it's possible to cut-and-paste the message header, trace the IP
address
of the sender, and send a complaint to the ISP where the message
originated.
Often,
however, there are several addresses in a header, and it takes a
little
experience to discern which address is the correct origination
point.
Currently, many origination points appear to be from Korea, or
China.
In fact, while the message might originate from these points,
they're
actually hijacked systems, and sending complaints to an ISP
where
these systems resides rarely helps.
But
there's always a destination target. You can right-click many
messages
in apps like Outlook where you choose View Source, and look for
an
address for the target of a message. The target is expressed as a
domain
name, URL, IP address, or email account. Then it's time to send a
spam
complaint to the offending target ISP.
The message
parsing function of SamSpade isn't perfect. It relies on
making
reverse DNS calls to verify IP address information, which often
isn't
reliable. I've found that it's always necessary to use the
SamSpade
whois function to find the actual origin of an IP address in
the
message header.
Occasionally,
it becomes necessary to use traceroute to try to determine
the
last few places where TCP/IP goes to an offending address, and send
complaints
there, too. There are some messages that are very well
constructed,
and almost impossible to send a complaint about as tracing
the
message is extremely difficult. Very few spams are like this.
The
messages that advertise 10M names on a CD are mandatory to stop, as
these
CDs are the origin points of spam proliferation. If you want to
choose
your targets for maximum impact, stop *these* guys as fast as you
get
their messages.
ISPs
will listen, although their spam hunting missions are often low on
their
priority lists. While many hosting companies claim that they have
no control
over their users, they'll more than occasionally respond to
say,
ten thousand spam complaints. ISPs often use automated reply tools,
and
you'll never know if your complaint was acted upon. But a few of
them,
especially smaller ones, will let you know the outcome of your
complaint.
Don't be disheartened if you never find the end of the
complaint
story.
The
best way of course to stop spammers is never to buy from them, but
there
are always idiots that see no harm in doing so. Hijacking systems
or using
an open relay function of a mail server to propagate spam is
often
used, and doing so is a violation of the law in many
jurisdictions.
Rarely will the law get involved in spam nuisances.
The
SamSpade.ORG site has many links to places that can be used for
targets
of offending or even illegal email, such as uce@ftc.gov.