Web Informant #300a, 23 September 2002: Joining the fight




My essay this morning on "Fighting Spam" got many replies, and I wanted to share a couple of thoughts with you. First off, the essay wasn't really about "fighting" spam but avoiding it. A few correspondents had some great suggestions on how to really put up a fight.


First off, several people suggested ISPs that make use of anti-spam filtering software such as Postini. One that was mentioned was Hargray Communications/InterStar. By staying with

an ISP who turns a blind eye to spammers, you are contributing to the problem,


Second, take spammers to court. Spam is illegal in 26 states now.

Tood Hooper filed over twenty court cases in Washington small claims court this

year, and won or settled every one of them. He tells me:  "I represent myself, and the total cost of filing the case, serving notice and hiring a collection agency (if needed) is usually less than $50 per case, so it's a low risk endeavour."


"Here in WA, the damages are $500 per email, and small claims allows cases up to $4000. In fact, this nice new P4 laptop I am typing on was paid for by spammers." Hey, it's a living.


Finally, there is the technical anti-spam route. Here is a report from another reader:


You can buy spam filters until you're blue in the face, but you won't

stop spam, and you'll just end up becoming an email filtering wizard.

Instead, consider fighting spam. It can be done; I try and kill at least

two spammer accounts per day. It doesn't take much effort to do, and you

get the occasional reward message from an ISP occasionally that helps

reinforce you. No, it's not a Quixotish action, it's a necessary

responsibility to contain spam.  


You can use manual spam-fighting tools, or automated ones. The best

automated one that I've seen so far (but runs only on Windows for now)

is SamSpade 1.14. It's a freeware tool kit that contains a most

important tool called a message header parser.


Every email message has a header. Most every spam has a header that's

forged somehow to obscure the true origin of the message. By using the

parser, it's possible to cut-and-paste the message header, trace the IP

address of the sender, and send a complaint to the ISP where the message



Often, however, there are several addresses in a header, and it takes a

little experience to discern which address is the correct origination

point. Currently, many origination points appear to be from Korea, or

China. In fact, while the message might originate from these points,

they're actually hijacked systems, and sending complaints to an ISP

where these systems resides rarely helps.


But there's always a destination target. You can right-click many

messages in apps like Outlook where you choose View Source, and look for

an address for the target of a message. The target is expressed as a

domain name, URL, IP address, or email account. Then it's time to send a

spam complaint to the offending target ISP.


The message parsing function of SamSpade isn't perfect. It relies on

making reverse DNS calls to verify IP address information, which often

isn't reliable. I've found that it's always necessary to use the

SamSpade whois function to find the actual origin of an IP address in

the message header.


Occasionally, it becomes necessary to use traceroute to try to determine

the last few places where TCP/IP goes to an offending address, and send

complaints there, too. There are some messages that are very well

constructed, and almost impossible to send a complaint about as tracing

the message is extremely difficult. Very few spams are like this.


The messages that advertise 10M names on a CD are mandatory to stop, as

these CDs are the origin points of spam proliferation. If you want to

choose your targets for maximum impact, stop *these* guys as fast as you

get their messages.


ISPs will listen, although their spam hunting missions are often low on

their priority lists. While many hosting companies claim that they have

no control over their users, they'll more than occasionally respond to

say, ten thousand spam complaints. ISPs often use automated reply tools,

and you'll never know if your complaint was acted upon. But a few of

them, especially smaller ones, will let you know the outcome of your

complaint. Don't be disheartened if you never find the end of the

complaint story.


The best way of course to stop spammers is never to buy from them, but

there are always idiots that see no harm in doing so. Hijacking systems

or using an open relay function of a mail server to propagate spam is

often used, and doing so is a violation of the law in many

jurisdictions. Rarely will the law get involved in spam nuisances.


The SamSpade.ORG site has many links to places that can be used for

targets of offending or even illegal email, such as uce@ftc.gov.