My essay this morning on "Fighting Spam" got many replies, and I wanted to share a couple of thoughts with you. First off, the essay wasn't really about "fighting" spam but avoiding it. A few correspondents had some great suggestions on how to really put up a fight.
First off, several people suggested ISPs that make use of anti-spam filtering software such as Postini. One that was mentioned was Hargray Communications/InterStar. By staying with
an ISP who turns a blind eye to spammers, you are contributing to the problem,
Second, take spammers to court. Spam is illegal in 26 states now.
Tood Hooper filed over twenty court cases in Washington small claims court this
year, and won or settled every one of them. He tells me: "I represent myself, and the total cost of filing the case, serving notice and hiring a collection agency (if needed) is usually less than $50 per case, so it's a low risk endeavour."
"Here in WA, the damages are $500 per email, and small claims allows cases up to $4000. In fact, this nice new P4 laptop I am typing on was paid for by spammers." Hey, it's a living.
Finally, there is the technical anti-spam route. Here is a report from another reader:
You can buy spam filters until you're blue in the face, but you won't
stop spam, and you'll just end up becoming an email filtering wizard.
Instead, consider fighting spam. It can be done; I try and kill at least
two spammer accounts per day. It doesn't take much effort to do, and you
get the occasional reward message from an ISP occasionally that helps
reinforce you. No, it's not a Quixotish action, it's a necessary
responsibility to contain spam.
You can use manual spam-fighting tools, or automated ones. The best
automated one that I've seen so far (but runs only on Windows for now)
is SamSpade 1.14. It's a freeware tool kit that contains a most
important tool called a message header parser.
Every email message has a header. Most every spam has a header that's
forged somehow to obscure the true origin of the message. By using the
parser, it's possible to cut-and-paste the message header, trace the IP
address of the sender, and send a complaint to the ISP where the message
Often, however, there are several addresses in a header, and it takes a
little experience to discern which address is the correct origination
point. Currently, many origination points appear to be from Korea, or
China. In fact, while the message might originate from these points,
they're actually hijacked systems, and sending complaints to an ISP
where these systems resides rarely helps.
But there's always a destination target. You can right-click many
messages in apps like Outlook where you choose View Source, and look for
an address for the target of a message. The target is expressed as a
domain name, URL, IP address, or email account. Then it's time to send a
spam complaint to the offending target ISP.
The message parsing function of SamSpade isn't perfect. It relies on
making reverse DNS calls to verify IP address information, which often
isn't reliable. I've found that it's always necessary to use the
SamSpade whois function to find the actual origin of an IP address in
the message header.
Occasionally, it becomes necessary to use traceroute to try to determine
the last few places where TCP/IP goes to an offending address, and send
complaints there, too. There are some messages that are very well
constructed, and almost impossible to send a complaint about as tracing
the message is extremely difficult. Very few spams are like this.
The messages that advertise 10M names on a CD are mandatory to stop, as
these CDs are the origin points of spam proliferation. If you want to
choose your targets for maximum impact, stop *these* guys as fast as you
get their messages.
ISPs will listen, although their spam hunting missions are often low on
their priority lists. While many hosting companies claim that they have
no control over their users, they'll more than occasionally respond to
say, ten thousand spam complaints. ISPs often use automated reply tools,
and you'll never know if your complaint was acted upon. But a few of
them, especially smaller ones, will let you know the outcome of your
complaint. Don't be disheartened if you never find the end of the
The best way of course to stop spammers is never to buy from them, but
there are always idiots that see no harm in doing so. Hijacking systems
or using an open relay function of a mail server to propagate spam is
often used, and doing so is a violation of the law in many
jurisdictions. Rarely will the law get involved in spam nuisances.
The SamSpade.ORG site has many links to places that can be used for
targets of offending or even illegal email, such as email@example.com.