[SI-LIST] : OFF TOPIC: Junk Mail and what to do with it

Ray Anderson (raymonda@radium.eng.sun.com)
Mon, 22 Dec 1997 09:04:58 -0800 (PST)

To all si-list subscribers:

Please excuse the following off-topic digression. As you have
probably observed, another "spammer" has sent some commercial
advertisement material through the si-list mail reflector.
It turns out that si-list isn't the only technical discussion
list plagued with such occassional interuptions.

Maria Kelly who manages the HFSS list out of Herriot Watt
University in Edinburgh posted the following list of suggestions
to the hfss list on ways to deal with such intrusions.

Maria has given me permission to forward the message to si-list.
Hopefully some of her suggestions may be useful to si-list
subscribers who wish to do something constructive to stem
the flow of spam.



By the way, if you use HFSS (either HP or Ansoft version)
in your work and don't belong to the hfss list, you should.
Lots of good technical info and the signal to noise ratio
is at least as good as si-list if not better. The list
subscription address is: Majordomo@cee.hw.ac.uk (just place
'subscribe hfss' in the body of the message). The posting
address is: hfss@cee.hw.ac.uk .


Regards,

Ray Anderson
raymonda@radium.eng.sun.com


------------- Begin Forwarded Message -------------

From: maria@cee.hw.ac.uk (Maria Kelly)
Subject: HFSS: OFF TOPIC: Junk Mail and what to do with it
To: hfss@cee.hw.ac.uk
Date: Mon, 8 Dec 1997 16:40:27 +0000 (GMT)
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

Hi,
I've received a few requests for some basic information on how to
deal with some of the junk mail you get sent, in addition to those
sent to the HFSS mailing list ! I'm certainly not an expert, and
I'm sure there are people on the list who might know better ways
of dealing with the spammers, but this is just a suggestion of
what you can do. Please let us know if you have some other methods.

If I receive an unsolicited email, then I would always inform the
postmaster and the person who deals with email abuse (may be the same
person), but I would never reply to the email. If you do reply to
the originator of the email (assuming it doesn't bounce) then you are
only confirming that your address *does* exist, and they can carry
on sending their garbage to it. However, finding the *correct*
postmaster to mail can require the detective powers of Hercules
Poirot as these spammers can cover their tracks, so the originating
address is not obvious :-(

Below are the headers for some rubbish I received yesterday. These are
the *full* headers, and you will probably have to click a button to
see them all. The default version of the headers won't be sufficient
for finding out who *actually* sent you the junk mail. So, in 'elm'
you'd type 'h' and the full headers are displayed. In Eudora you'd
select the 'blah blah' button, and then you'll get something like
this :-


*From Mail.Austria.EU.net!VME Sun Dec 7 19:14:16 1997
*X-UIDL: 2610431056a78aeb1b123fda426c9a5e
*Return-Path: <VME@Mail.Austria.EU.net>
*Received: from Mail.Austria.EU.net by loki.cee.hw.ac.uk with smtp
* (Smail3.1.28.1 #97) id m0xem9M-000o83C; Sun, 7 Dec 97 19:13 GMT
*Received: from mail.Austria.EU.net (xpr-024.gta.igs.net [207.210.2.152])
* by Mail.Austria.EU.net (8.8.6/8.8.6) with SMTP id UAA27445;
* Sun, 7 Dec 1997 20:04:42 +0100 (MET)
*Received: from mail.idrect.com (alt1.idrect.com (208.9.77.65)) by
idrect.com (8.8.5/8.6.5) with SMTP id GAA00506 for <>; Sun, 07 Dec 1997
13:57:12 -0600 (EST)
*Date: Sun, 07 Dec 97 13:57:12 EST
*From: VME@Mail.Austria.EU.net
*To: Friend@public.com
*Subject: RE: Never Forget
*Message-ID: <199702170025.GAA08065@idrect.com>
*Reply-To: marksmith25@hotmail.com
*X-PMFLAGS: 34078848 0
*Comments: Authenticated sender is <mark@idrect.com>
*Status: RO

As I mentioned, if you just reply to the email, and the ask/tell
the person not to send anymore rubbish the chances are your mail
will either bounce (because the account was only set up temporarily
to send out all all that junk, and is now non-existent), or you will
just confirm your emails actual existence. So, you should forward the
junk mail,including the *full* header to the postmaster at the senders
site.

But who sent this email? Looking at the above headers it could well be
<mark@idrect.com> or <marksmith25@hotmail.com>, but if you look
further up in the "Received" section, the email has come to you via
other sites, Mail.Austria.EU.net and xpr-024.gta.igs.net, and these
are the people you should be contacting. So in this case I sent
email to :-

postmaster@idrect.com, abuse@idrect.com - bounced, domain doesn't exist?
postmaster@igs.net, abuse@igs.net - the actual site of the spammer
postmaster@eu.net, abuse@eu.net - the site the email went via

All sites should have a postmaster account, so you don't need to
know the persons name, you can just send mail to postmaster@domain.com
(or whatever the domain of interest is), and most sites also have
an abuse email as well, and this is why I send mail to both addresses.
Sometimes the abuse address will bounce, in which case the postmaster
will still be informed of the abuse, but usually the abuse address
does exist, purely to monitor and control the abuse of emails from
that site.

But what do you say to the postmaster/abuse overseer? Well I would try
and be polite first because its not the postmasters fault that a moron
is abusing email from their site. Just a polite note, bringing the
abuse to light will normally help :-)

You sometimes receive some sort of acknowledgement of your email,
particularly if it went to an abuse address. The automatic email
normally describes the address you should send info to, and what
you should send (ie copy of junk mail, plus *full* set of headers).
Then, if you are really lucky, you'll receive something like this,
that confirms that someone is at the other end of these emails :-

*This user has been dealt with as of 5:30 pm Central Standard Time with
*restriction from the mail server and termination of dial-up account.
*Southnet Telecomm Services does not condone or allow this form of blatant
*abuse and has a zero tolerance policy in this regard.
* Sincerely,
* Jeremy Bouse
* System Administrator
* Southnet Telecomm Services




Here are some web sites that may be of interest, to give you more
information on how to deal with spammers, possible ways of how to
remove your names from mailing lists, and possible ways of filtering
your mail messages.



http://spam.abuse.net/spam/howtocomplain.html
How To Complain To The Spammer's Provider

http://help.mindspring.com/features/emailheaders/index.htm
How to Interpret Email Headers

http://www.cis.ohio-state.edu/hypertext/faq/usenet/net-abuse-faq/
spam-faq/faq.html
Figuring out fake E-Mail & Posts

http://www.abuse.net/cgi-bin/list-abuse-addresses
The current list of abuse.net reporting addresses

http://www.abuse.net/
Welcome to the Network Abuse Clearinghouse

I hope you find some of this email useful. And if you have any
other effective methods of handling these junk mails I'd love
to hear them.

Regards

Maria

************************************************************************
Maria Kelly | maria@cee.hw.ac.uk
Department of Computing and Electrical Engineering |
Heriot Watt University | Tel: 0131-451 3328
Riccarton | ext. 4173
Edinburgh |
EH14 4AS | Fax: 0131-451-3327
************************************************************************






------------- End Forwarded Message -------------