Linux Online
[ Register ]

[ Applications ]
[ Documentation ]
[ Distributions ]
[ Download Info ]
[ General Info ]
[ Book Store ]

Advertisement

[ Courses ]
[ News ]
[ People ]
[ Hardware ]
[ Vendors ]
[ Projects ]
[ Events ]
[ User Groups ]
[ User Area ]

Programming Perl (3rd Edition)

[ About Us ]
[ Home Page ]
[ Advertise ]

Spam Incidents

On this page you will find:

Synopsis

Linux Online takes the issue of unsolicited commercial email (UCE/SPAM) very seriously. We constantly update the security of our servers to respond to the latest attack methods we become aware of. It is with a reasonable comfort level that we can say that our servers are not usable by outside, unauthorized persons to forward email to others. We can't control what other parties put into their email messages in the form of faked Received: or From: lines.

Since sometime in November 2001 an individual/company has chosen to send out UCE/SPAM messages with fake headers claiming to be from linux.org. We were not contacted by this individual for permission, nor would we have ever given it to them had they done so. These messages contain fraudulent email headers generated by the spamming software they are using. Much like flowers.com vs C.N. Enterprises in 1997, we are the victim of a malicious and currently unknown individual.

All attempts to track down the person responsible have failed. This individual is making use of hacked Windows 95/98 machines to originate email messages claiming to be from our domain, linux.org. These machines do not have log files or other tracking which could indicate the source of the hacks nor the emails being sent. We have tried to communicate with the admins of these machines but since many are in southern Asia there is a significant barrier and most of our attempts have failed miserably. With these people not using a system twice though, we have gone thru this process dozens of times, having to start over each time.

We have asked a number of the companies being advertised to provide us with the name of the person they hired to send out these messages. To date, none have provided us with any information, insisting that we file lawsuits and attempt to subpoena their records. We have not done so to date for lack of resources. Some of these companies are:

  • Zodiac Track
  • porno-hackz.de
  • cashpartner.com
  • www.casinoofthesun.com
  • Travel Easy
  • www.justwincasino.com
  • www.bigkahunascoffee.com
  • www.cottrell-travel.com
  • sex-hackerz.to
  • www.marital-aid.com
  • www.Therightdomains.net
  • www.cybersexmatch.com

If you know of a way to get any of these companies to identify the spammer they are using, please let us know at postmaster**AT**linux.org.

As much as we would like to sue this person and the firms that he is advertising, we simply can't afford the legal fees involved in a case of this magnitude. We would greatly appreciate any information about a lawyer or law firm that would be willing to take this case on a pro bono basis. Alternatively, we may end up setting up a legal fund to try to cover the costs associated with this matter but havent done so at this time.

We have no control over the person sending these unauthorized messages. Because of this, we can't help with any requests to be removed or to otherwise stop such messages coming to you from this person. We sincerely apologize but we are powerless to act in this situation.

FAQ

by Michael Jordan
Linux Online Staff

:UPDATE: March 3, 2004: I have received mail claiming to be from Linux.org telling me to open an attached zip file in order to "protect my computer". What is this?

This didn't come from us. We don't offer email address to the general public, which is what the body of the mail talks about. Please do not open the attached zip file as it contains a virus. As you probably already know, virus writers will do anything to get their malware onto your hard drive.

Q1: I have received an unsolicited email message that says 'whoever0000@linux.org'. Why are you sending me this mail?

We aren't. Our privacy policy expressly states that we do not send unsolicited email messages from Linux Online.

Q2: Is someone in your organization sending this mail then?

No. There exist only authorized email addresses. These are divided into three categories. One is for official Linux Online business - webmaster, suggestions, banners and mugs. There are others for members of our staff. We have also given out '@linux.org' addresses to prominent members of the Linux community, like Linus Torvalds and others.

Q3: How can I be completely sure it isn't you?

In the headers of the mail, look for this:

Received: from linux.org (IP ADDRESS numbers of the spam relay)
by YOUR ISP
for YOUR EMAIL ADDRESS

If you go to an online lookup service like samspade.org and get the 'IP whois' information for the IP ADDRESS, this will never actually show upi as linux.org in these emails.

Q4: If you aren't sending email nor is anybody on i your staff nor are others with authorized @linux.org addresses, then who is?

We don't know exactly who is, but phone numbers provided in the one of the mails led us at least to one of the interested parties. 
  -----Original Message-----
  From: beginner870178@linux.org [mailto:beginner870178@linux.org]
  Sent: None
  To: Administrator
  Subject: GQ Magazine: The gambling urge is universal! (5388fxs@7)


OWN YOUR VERY OWN FREE CASINO AND SPORTSBOOK! EARNING POTENTIAL:
$3-5,000+ WEEKLY P/T
We create your very own Online Casino and Sportsbook
Absolutely FREE!!
You Receive the Highest Payouts! 25-50%, With Lifetime Residuals

Ted Koppel, Nightline..."Not only is Internet Gambling already possible,
already a modestly thriving Industry, it promises to become huge"
NO TECHNICAL EXPERIENCE NECESSARY! WE DO ALL THE WORK
CLICK HERE for all details!

Contact Us Today: Toll Free 1-800-640-9185 24hrs.
Or email us your name and number by CLICKING HERE
International callers are welcome: 011-954-345-5340

Note* You must either leave you name and phone number to be
contact or call our Toll free number! Any responses without
complete information will be ignored!

Q5: How can somebody send out spam using a @linux.org address without your authorization?

All a person needs to do is put whatever they want before @linux.org and they can spam all they want with it. All you need is a mail server. It doesn't even have to be yours.

Q6: Have you tried to do anything about it?

About a day after the first complaints came in, we contacted our lawyer. His advice, in a nutshell, was 'ride out the storm'. There wasn't too much we could do about it without spending about 100,000 US dollars, just to start with. There is a problem of the absence of spamming laws in the US in every state, not to mention what laws may or may not exist internationally. That means that we'd have to prove that our rights had been violated or the law had been broken in some other way that doesn't have to do with spam per se.

Q7: Why so much money?

There are some serious issues here. One is that we don't know exactly where the spammers are located. We know that they are using some legitimate servers to relay spam and we would have to subpoena those ISP's administrators. They would also have to monitor it and report to us. They're not going to do this for free. Some of the servers are outside the United States, so that complicates the situation tremendously. There are also a number of cable/xDSL users with compromised systems that are being used to relay the spam. A network administrator commented to me that there may well be 1000 or more of these compromised home systems relaying spam out there. The bottom line: To find the actual interested parties, to find and shut down their spam relays and locate and notify the owners of compromised machines would be a truly Herculean task. Probably more like a job for Sisyphus, actually.

Q8: Why don't you go after the people at those phone numbers?

In all likelihood, as has been seen in these types of cases, the person who owns the number could claim that they did not tell the "spamming agency" to send the advertisement using @linux.org in the From: and Reply To: headers. In order to prove otherwise, we would have to subpoena their accounting records and find the name of the agency (if there actually is one) that was used -- it may well have been a cash transaction in which case there'd be virtually no record. In the end, the burden of proof is on us, not the accused spammer.

Q9: There must be some advantage to using @linux.org in the From: and Reply To: header?

I don't see any advantage to using our domain. A spammer normally uses From: and Reply To: that do not accurately reflect where they have sent it from or where you can actually reply to them. However, it is fairly standard practice for a spammer to use "throw away" addresses, which are usually from on-line web-based email services. It is quite unusual for a spammer to use an address from a major website like ours. I hate to admit it but, apart from not getting traced, I believe the individuals who are sending these messages used our domain name intentionally to discredit and embarrass us. This is unfortunate because we're just a few people working long hours trying to provide information about Linux. They have succeeded in creating a lot more unnecessary work for us and probably in making us look bad in the eyes of people who don't know too much about how spam works.

It is still to be seen how this will be resolved. As they say on TV, To be continued ...

Q10: Isn't there something you can do about it?

Yes and No. If we had a giant parent company behind us throwing cash at everything and anything we might ask for, yes there's probably a lot we could do. We would have the necessary funds to find the "company" (if these spammers are actually operating as a legal entity somewhere) and then file a lawsuit against them. But even with money, this would be a tremendous task. First of all, the spammers are relaying through any number of hacked DSL/Cable users' machines that they control. They are also using a number of open relays from Korea. A lot of administrators from the Far East simply ignore any requests to close these relays. This piece from Wired about the Asian mail server problem, talks about this. The spammers have free reign, I'm afraid.

If we had deep pockets, we could also attempt to sue the people who use the spamming agency. When we did contact our lawyers about this, they said this would be extremely difficult as well. I suppose it's like when you hire some young person to mow your lawn. Should you be legally held reponsible if it turns out that the young entrepreneur who so nicely manicured your grass had actually used stolen equipment? We have talked to some of the people who used the spamming service. They just paid for bulk email to be sent. If spamming isn't illegal in most places, they have done nothing wrong from a legal standpoint. In the cases of the people we have talked to, they claimed not to know that the service they had paid for was carried out by a company used "stolen" email addresses. This is just a way of putting the problem into perspective. I am in no way condoning the practice of sending unsolicited email, which is nothing but one giant scurge on the Internet. The people who actually think this is a legitimate practice deserve to be forced to use a 14.4 modem as their only way of connecting for a period of one year.

The short answer: We don't have a big parent company with deep pockets, so given a choice to keep servers running, keep paying for our leased lines and all the other costs of operations, we choose to just handle complaints with a polite "It ain't us" and go on with the business of providing Linux info. Even if we found them and won some lawsuit, I expect that the spamming would stop but we would never get back our investment in the fight. It would be worse than a Pyhrric victory. Even King Pyhrrus thought he would win at least one more battle before he lost everything.

History of events

Linux Online singled out for spam embarrassment campaign

by Michael Jordan
Linux Online Staff

Note: A little background. This started out as an explanation and FAQ about our trials and tribulations with a band of spammers using our domain name in the 'From:' headers. They're basically trying to embarrass us. It's what's known as a "joe-job". My thanks to a visitor from Cambridge, England for informing me of that term. It has turned into a sort of web log about spam. The bottom line: if you're here to find out why we spammed you, we didn't do it. We don't relay spammers mail nor are we so desperate for funds that we're doing this ourselves. We don't offer mail accounts here (ie. your_name_here@linux.org), so we can't just disable these lousy spammers email accounts. The page exists simply to say that, more or less.

A few days after Christmas, I started receiving mail addressed to the webmaster accusing us of spamming. Seeing as we only send to our opt-in mailing list and we hadn't sent it out for a while, I figured it was an isolated incident; some misguided individual using @linux.org in the From: header. After a few days, the number of mails sent to the postmaster/abuse addresses numbered in the hundreds. We were looking at 6 or 7 different types of messages, advertising anything from casino gambling to celebrity nudes to prescription medicines. All had been sent by someone using a name plus several digits and our domain. People were irate and accusing us of something we hadn't done. I was nonplussed. The only leads we had as to who was doing this were a few phone numbers and some normal and some obfuscated URLs.

Spam is a big problem and everybody knows it. I learned, though, in looking at the complaints we got that most Internet users don't understand how spam works. I found out some interesting facts like:

  • The average Internet user assumes the spammer sends from his own address
  • Many claiming to be "systems administrators" complained as well, proving that even "tech" people can't interpret email headers correctly.
  • There are literally thousands of compromised cable and DSL users out there unaware that they're relaying mail for spammers

To shed a little light on our spam problem and the problem of spam in general, I have prepared a little FAQ based on actual questions that I have received in the past two weeks or so. If you have received one of these mails purporting to be from someone here at Linux Online, you may be interested in reading it. Some questions have been paraphrased in the interest of clarity.

Update: January 28, 2002

First, I thought we had a breakthrough about a week and a half ago when I started sending to complaint mail to contacts for the domains mentioned in some of the mailings. One individual wrote me to apologize and claimed that "these people told me they were all opt in addresses. We found out it was spam and we're not going to pay them". This, of course implied that there is an agency that's doing the spamming. When we asked him who it was, he refused to tell us. Lawyers have indicated that this individual has no obligation whatsoever to name names. So much for the concept I had that being a party to illegal activity was in fact illegal in and of itself.

As I mentioned, I am sending complaint mail to the contacts for the domains. One of the domains brought me to a website that was claiming to be an affiliate of a legitimate company registered with the Better Business Bureau. When I complained to this legitimate company about their "business partner", the spammer's website came down in a matter of hours. I was provided with the name of the individual but no name or phone number. This information was essentially useless but I was grateful to this company for at least pulling down the affiliate's website (no doubt he'll set up someplace else tomorrow).

I have also noticed that some rather annoying anti-spam software just sends hate mail back to the 'From:'. Seeing that the 'From:' is faked about 99.99% of the time, I wonder what wizard of computer science dreamed this one up. The complaint mail that comes has these two paragraphs in it:

I have received the attached unsolicited e-mail from
someone at your domain.
I do not wish to receive such messages in the future, so
please take the appropriate measures to ensure that this
unsolicited e-mail is not repeated.

If you happen to use software that does this, please take the time to configure it properly. As I mentioned, 99.9% of spammers use fake From: addresses in their mail, so what is the use of sending complaints to people who have nothing to do with it? People have told me that you can configure this not to do this, so that would be the best thing to do.

I'm having a particularly difficult time with two domains from Germany mentioned in a couple of spam mails. It seems that the IP addresses of the actual domains are faked. That means, when you run a traceroute, it resolves to an IP address that really isn't registered to the domain in question. If anybody in Germany has information as to how this effects German law (ie. is this illegal or not in Germany). Here are the domains in question:

One is:

http://crack.porno-hackz.de

The other one is obsfucated

http://%73p%79sp%79.%64%655%2Ed%65

but thanks to http://www.samspade.org (I'm going to end up having to pay these guys a fee!! - my many thanks to this website!!)- they decipher it for you:

http://spyspy.de5.de

As you can see, it seems like a rather nasty business goes on at these domains.

There are also new mailings that are chain letter schemes that are definitely illegal under US law, so we might get somewhere with those.

Update: February 7, 2002

I would like to express publicly my contempt for a website called www.casinoofthesun.com and their owners. I honestly wish I were Rob Malda (aka CmdrTaco, the head honcho of Slashdot, for those who don't know). I wish I could have these people "Slashdotted". (when Slashdot visitors descend upon a website in such numbers that the site goes down - sort of like a legal 'Denial of Service' attack) Normally after a few complaints, the spammers have given up sending out spam, at least with our domain name. These guys just don't stop. They've sent spam to whole blocks of addresses at NASA and numerous other prestigious institutions and there seems to be no end in site. I hope the sun stops shining on this particular casino pretty darn quick.

It is becoming apparent that it may be a poor use of time if I reply personally to all the people who complain to us about the spam problem. Replies have become become automated. I give each mail a quick glance but unless it is really earth-shattering (like, you've discovered the way to stop this now), I can't reply personally. I have to focus on my webmaster duties and we can't have the spammer giving us a bad name and then wasting all of our time to boot. My apologies to those who are planning to write or have written in the past few days. Also my thanks to those who have written since my last update to share traceroute findings, nslookups and other information. Most of this information we already know but we sincerely appreciate the concern. There is occasionally a mail that provides us with info that I didn't know about and that is greatly appreciated.

But... there is mail that is not greatly appreciated, I'm afraid. There have been several mails that start out: I have read your Spam FAQ and here are some ways to "lock down your server" or "Here's how to stop people from relaying through your server". If you're a network admin wannabe and feel the urge to mail us stuff like this, please don't do it. We are not relaying this stuff and our servers are so locked down, that I use my own mail server (also locked down) to handle my mail as the webmaster. So, before you try to amaze us with your knowledge of SMTP, POP3 or even POP-UP illustrations in books, please realize that anyone can take a mail client, find an open relay, use anyone's domain and/or mail address and send spam purporting to come from anywhere. After reading the previous paragraph, the point about writing me with such things should be moot anyway.

I made a comment (below) about a program that filters out spam and sends complaints. A few people have written to tell me which one it is and it seems to be more a problem with users not configuring the program correctly than any design flaw. I still think that that a feature that sends out mail to the From: headers isn't a good idea on any anti-spam program. It's a fairly dumn thing to do if you understand how spam works. At any rate, I'd better finish the battle against the spammers before I start taking on any anti-spam snake oil salesmen.

Update: February 23, 2002

Once again, my sincere thanks to those who have written to us expressing their support and understanding. I regret that I can no longer reply personally to these mails. Every mail gets read, I can assure you of that. (even the ones that say 'Your mail server is compromised, hacked, open, etc. -- *sigh*). Just a quick note to those who use this line in their complaint mails. We are not impressed by signatures at the end.

Harry S. Falseman
A Very Obscure Co. Inc.
Senior Network Administrator
MSCE, GIVEME, ABLT, ASAP

If you purport to be a sys admin and you've read the mail headers and you still feel compelled to write one of these "lock down your servers" complaints, the people upstairs must have been smoking something when they hired you.

I don't mean to be rude to anybody about this, but a lot of complaint mail is in fact rude and downright nasty. Imagine a situation where there are two almost identical dogs in a neighborhood. One belongs to you. You always walk your dog on a leash and he is never allowed to run free. The other dog runs free and goes around digging up everybody's flower gardens. A lot of people think the dog is yours and they come over to your house screaming at you. When you tell them about the other dog, they sheepishly say 'Oh, sorry. I didn't know'. But you still have some neighbors who, despite all the evidence, keep complaining. Then you send your dog away for two weeks with your sister who lives 2000 miles away. Some people still complain. You explain that the dog has been at your sister's house for a week. You call her and have her turn on her webcam and show the dog and have the dog bark into the phone. Some neighbors still complain. I think you get the idea. You just sigh, grin and bear it and chalk it up to your theory that there must have been a sale on lobotomies at the local hospital at some point.

I have noticed that the spam is coming in waves. We seem to get no complaints for a week or so and then someone opens up the spam flood gates and we start getting inundated with mails from people wondering why they're getting spammed from Linux.org. Each time one of these waves hits the complaints take on a theme, so to speak. What I am getting this week, or this weeks "theme" is the question "Isn't there something you can do about it?". As this started out as a FAQ (Frequently Asked Questions) about the incidents, I'll return to that format again, briefly.

Update: April 3, 2002

I've gotten a couple of mails in the past week or so noting that I haven't updated the Spam FAQ in a while. Frankly, I have nothing to say. The Spam complaints seemed to have subsided for a few weeks. I was getting confident that it was over. About a week ago, it started up again. They're generally the same culprits. There's a chain letter scam and some Germans (the mail's in German at any rate) who are selling programs that allow you to access porn sites. It's probably a trojan, so if you're tempted to try it, my advice to you is don't. As you can see, there's nothing new to report. Perhaps the only mildly encouraging piece of news is an article in Wired that I read. It reports that the US and Canadian government are getting kind of fed up with the Spam problem and may do something about it. Let's hope so. The public's been more than fed up since at least 1998.

Update: April 5, 2002

I got this lovely email this morning. This is what I have to wake up to:

Alright, I've had enough of this crap. As a long time Linux user, I hate
to block the entire linux.org domain in my spam filter, but since you
failed to stop this moron (maybe it is one of you) it must be done.

Adios SpamMeister Pricks

I've got the spam blues. I don't know if this person read this spam FAQ or not, but I resent very much getting called a 'prick'. I think if everyone knew the people we've called, the investigations we've done the dead-ends we've run into, I don't think prick classifies as the proper word to describe us.

Here are some adjectives I think do apply to us: beleaguered, violated, innocent

For what it's worth, what we do here is provide information about Linux the best we can. We do not spam. It's a real sad comment on the state of affairs when you just try your best to do something positive with your time on this earth and the thanks you get is that someone takes your good name to use for their sleazy personal benefit. Then, to add insult to injury, somebody instantly assumes that you have either promoted it or actually done it and then calls you names like 'prick'. The saddest thing about this isn't that somebody who resembles more the slime from whence we came than the homo sapiens that we've become uses and abuses your good name - that's been going on since time immemorial - or that you are pronounced guilty before you even have a chance to explain by someone whose height of eloquence is to use the word 'prick'. No. The fact that I have to spend a half an hour or so to process these complaint mails when I could be improving some sections on the site, designing our second on-line Linux course or a dozen other things that need doing to improve this operation, or just spending a little more time with the people near and dear to me.

End of rant

Update: April 10, 2002

Some good news for a change. It doesn't effect us specificially, but it is good for the anti-spam fight in general According to the BBC, the California law firm of Morrison and Foerster is going to start seeking damages from spammers. This isn't the first time that someone has sought damages, but the first time that a high-profile law firm has. Good luck to them. Here's a couple of interesting quotes from the BBC piece:

A 2001 survey by the European Commission estimates that spam costs consumers an estimated $8.8bn a year worldwide just in connection costs.

Internet research company Jupiter Media Metrix predicts consumers will receive about 206 billion junk e-mailings by 2006 - an average of 1,400 per person. Each piece of spam is said to cost $1 in lost productivity.

Update: June 7, 2002

I saw this article on Yahoo and it really made my day. It was written by Ted Rall, a popular political cartoonist. It basically sums up all of the things we've been saying to people who send complaint mails to us. I'd like to highlight a couple of the main points.

"Anyone can send out an e-mail using anyone else's e-mail as a return address," says Simson Garfinkel, a leading Internet privacy expert and author of Database Nation. "Hold on, I'll send you an e-mail from yourself in a few minutes." And he did.

I read this sobering observation with particular interest:

You simply can't stop spam. The classic suggestion-create a new e-mail account from which you never post to the Web or Usenet-no longer works. A new account I set up last week filled with spam before it was ever used, a mere 45 minutes after it was created.

The same goes for identity theft. As I learned by investing three years and tens of thousands of dollars in attorneys' fees, filing a lawsuit won't bring the instantaneous solution such an insidious and time-consuming crime calls for.

Update: June 28, 2002

We've been lucky for a few weeks. The complaints had started to peter out. The other day though, our inboxes became inundated with "I don't want your spam" messages. Our spammer had struck again. I read somewhere that spammers are increasingly faking 'From:' headers from trusted domains in an effort to get their spam through. That may go a long way to explain why they are using ours. As a matter of fact, I have received spam myself from @google.com What I mean by "trusted" domains is that people are probably not thinking they are going to receive spam from Google or from Linux.org, so it stands a good chance of getting through the filters.

I read another interesting report on spam from the New York Times. (The NY Times website requires registration). Once again, it is interesting in that it is bleak in its outlook. The author, Jennifer Lee, basically sums her piece with: " Clearly, spam is a part of electronic communications that everyone loves to hate. But it is also something that no one, it seems, can do much about. Here are the reasons". Some interesting passages stand out.

The [United States] Federal Trade Commission currently receives 40,000 spam complaints a day at its Web site, www.ftc.gov/spam. .... But the commission cannot and does not regulate unsolicited commercial e-mail. There are currently no federal laws against spam. So in a majority of spam cases, the trade commission's hands are tied. Even pornographic spam (including that sent to children) falls outside its mandate.

This one though, was somewhat hopeful, from our perspective:

The commission is investigating whether businesses that sell bulk e-mailing tools and lists have deceptive marketing practices. The goal is to cut off spammers' resources.

The article goes on to say that there are anti-spam bills being debated in the US Congress, but some major corporations want to water them down significantly. They don't want what they consider "legitimate" advertising lumped in with illigitimate spam. That is to say, major banks should be able to send you "sign up for my credit card" emails that you don't want while equally undesirable "buy my Viagra substitute" messages should be banned. Bottom line? anti-spam legislation is going to be tied up for a long time.

Also, I'm glad the "elusiveness" of spammer was brought up. You'd be surprised at the number of complaint mail that I receive saying we're "lying" when we say we can't catch these people.

... spammers are elusive. Lawsuits generally need to nail down a physical presence to proceed. When the F.T.C. sent warning letters to spammers with false "remove me" options, more than 20 percent of the letters came back because the addresses registered with the domain names were false.

That brings up an interesting point and we have run up against the problem mentioned here - when the domains advertised in spam provide false contact information. As far as I am concerned, some registrars are playing right into the spammers hands by permitting their clients to use false contact information. When we receive complaints, I automatically complain to the person who registered the domains included in the spam. In most cases, as Ms. Lee pointed out in her piece, the contact info is bogus. I have run against contact info like telephone: 999 999 9999 - fax 000 000 0000 and with some registrars there is total lack contact information - there is usually just a bogus email address listed. In my opinion, this should not be allowed and the authorities should fine registrars who allow this practice. This would go a long way to curb spam, I think, because the spammers would realize that if they had to provide real information about who they are, lynch mobs would be forming outside their houses in a matter of hours. I am not advocating lynching, of course, but I would assume it would be easy to pass a law to obligate registrars to verify contact info before allowing a domain to be registered.

Anyway, Ms. Lee's piece is quite good and I recommend reading it in its entirety.

Update: August 24, 2002

We had a double whammy this week.

Our misguided spammer sent out a batch of spams from a real linux.org address, which is problematic because the open relays that he uses will bounce the undeliverables to us. Before, the addresses were bogus, so that the undeliverables were rejected. Now we receive millions of bounces. This is why spam has to be banned and the sooner the better. The total cost of operation of a spammer is practically zero. The cost is passed on to us because our mail server has received over 125 megabytes of bounced emails in the past 3 days. Imagine if the law allowed the neighbors to plug in their electrical appliances into the sockets in your house and you could do nothing about it! That's spam in a nutshell.

Our friends from nl.linux.org to whom we provide the subdomain were threatened by a spammer. We were also implicated as the domain name owners. They are still threatening litigation, so I'm not at liberty to go into all the particulars, but nl.linux.org listed a company's name on a mail thread identifying them as spammers. Now some individual from this company's legal department is threatening to shut us both down. The individual in question won't tell us either his name or the firm he works for, so we're not exactly shaking in our boots yet. What's really bad about this is just the complete waste of time the whole thing is.

Speaking of wasting time, I don't mean to harp on this, but it is a total waste of time as well as being counter productive to flame us about these spams. Spammers can use any mail address they want to spam with. The newest technique is to use your address as both the To: and From: addresses in spam. I'm sure a lot of people have noticed this. If you feel the temptation to complain to us about these mails, it would be a better idea to use the time to get educated about spam and how spammers work. CAUCE.org is a good place to start. And please! If you have some of this brain-dead software that automatically sends a complaint to the webmaster or some standard address at a website in the From: header, I urge you to un-install it. If 99.9% of spammers fake their addresses, then what purpose is there to use software that only succeeds in filling up the webmaster's box with useless mail? If you have this software, you're not helping. You're contributing to the spam problem because this software is the spammer's friend. It helps him cover his tracks.

Update: September 16, 2002

I am beginning to dislike people who use automated spam complaint software, so I have written a canned message to throw at those who insist on using this stupid software. I don't usually get return mail, but one day I did. The person mailed back to thank me for enlightening him on how to really complain about spam. To reply, I wrote a nutshell spam complaint "how-to" and I post it here for your perusal:

The introduction is somewhat long, so feel free to skip down to:
How can you effectively fight spam then?

Hello [name withheld],

I was probably a bit harsh, so I'm surprised by the 'Thank you'. We receive hundreds of complaints a week about a spammer who has apparently either set up shop and sends his spam using our address in his headers or sells programs to individuals to spam with. My frustration shows sometimes when I respond.

Here's a little bit more detail about spam fighting techniques. It's a bit long, but worth your while to read, I think.

Email works in such a way that I could use *your* email address to send my email. Anybody can use anybody's address. The only thing that is crucial is to find a computer with a mail server that will let you "route" the mail through it. The easiest way to do this is to find what's called an "open relay". Most good systems administrators configure the computers that handle their email in such a way that someone from outside their organization/company *cannot* use the machine to route mail through it. However, there are thousands of machines in the world that don't take these measures and anyone can "route" through them. These are the "open relays" I mentioned. Spammers use these to cover their tracks. I often complain to these people and there are actually "black lists" of servers whose administrators refuse to close the relays. To use a comparison, the West Nile virus was particularly harsh this year. This would be like a neighbor who had an old algae infested swimming pool that he never took care of and refused to drain. You would be right in complaining to him about the pool being a breeding ground for dangerous mosquitos. And if he didn't heed your warnings, it would be understandable that he would be considered 'persona non-grata' in the town.

Another technique (and this is where we are the unfortunate victims) is to use "trusted" domains in the 'From:' headers. A lot of filtering of spam -mainly done by individuals- is based on domain names. You may obviously not want to receive mail from www.big-jackpot-casino.com, so your email program will filter it out. However, you receive something that claims to be from 'linux.org' which you never thought of filtering and it gets through. This is what the spammer counts on. We are an ideal target because we are a public service site, so the spammer knows that we don't have the resources to spend a lot of money to track him down and sue him. It's a rather sad job for me because some of the hosting companies that provide hosting services for these fly-by-night domains in the spam laugh at us when I ask them to hand over information about the individuals. Some spammers have used other domain names of more profitable companies and they have been slapped down hard, so they now go after sites like ours. Spammers are basically predators. They prey on you, the normal Internet user and they prey on small, public service companies like us.

How can you effectively fight spam then? By complaining to the people who either directly or indirectly give support to the spammer. For example:

The open relay:

You'll find something like this in all mails.

Received: from linux.org ([202.108.32.189])

Every machine has a number on the Internet. It's called an 'IP address'. If you went to www.samspade.org and entered this number in the 'IP whois' field and looked it up, it would show who the machine belonged to (and it wouldn't be linux.org). Spammers can't forge the number, only the domain before it, as you can see. If the machines belong to Koreans or Chinese, the language barrier often gets in the way, so the best thing is to report them to black lists. You can get more information about that at www.cauce.org.

The domain names:

Let's assume you got a mail from someone advertising a domain called www.sexy-pix.com. You could go to www.samspade.org and look up information on www.sexy-pix.com. There is a <<'whois' at 'Magic'>> field there to look up domain names. It will give you the 'whois' information - that means, contact info for the domain owners and the administrative and technical people. A lot of times this information is false, so your complaints go to the dead letter box, so to speak. I believe that this is something that legislation is needed on. Domain registrars should be held liable for accepting bogus information. You'd see a significant reduction in spam if this were the case.

Traceroute:

You'll find a field at samspade.org called 'Traceroute'. Entering the a domain name advertised in a spam mail will give you the Internet route to the computer the domain is hosted on. www.linux.org looks like this:

15 216.191.65.241 71.662 ms srp2-0.core1-tor.bb.attcanada.ca [AS15290] AT&T Canada
16 216.191.65.178 78.414 ms pos8-0.core1-ott.bb.attcanada.ca [AS15290] AT&T Canada
17 216.191.225.2 76.492 ms pos5-0-0.hcap1-ott.bb.attcanada.ca [AS15290] AT&T Canada
18 216.191.132.150 84.293 ms invlogic2.p2p.attcanada.ca [AS15290] AT&T Canada
19 207.245.34.122 81.464 ms router.invlogic.com [AS15290] AT&T Canada
20 198.182.196.56 81.203 ms www.linux.org [AS15290/AS2041/AS3686] AT&T Canada

Notice that AT&T of Canada provides Linux.org with its Internet connection. I have only provided the info from the 15th machine it goes through up until www.linux.org because the lasts ones are the people you should complain to in the event of spamming. They are known as the 'upstream' providers. They have no obligation to shut off the spammer's hosing company, but they will likely complain 'downstream' because spamming is becoming a PR nightmare and companies don't like to be associated with spammers in any way.

Be careful with a traceroute. Other providers higher up in the list have nothing to do with it and will likely send you nasty mail if you complain to them. You will appear to be a 'clueless' anti-spam zealot. Certain misguided anti-spam 'vigilantes' are almost as offensive as spammers themselves.

That is, IMHO, the best spam remedy available without a prescription.

Update: September 25, 2002

As I had mentioned anti-spam 'vigilantes' in the last posting I made, I figured it was a good idea to mention an idea published by Lawrence Lessig, a professor of law at Stanford University in California. Professor Lessig is becoming famous as an advocate for thinking of new ways to protect and use intellectual property.

In this article, Professor Lessig advocates tracking down spammers by putting a "bounty" on their heads. Actually, that simple explanation doesn't do justice (pardon the pun) to his idea of prosecuting spammers, so I suggest you read the article. Although, with all due respect to Prof. Lessig's impeccable academic credentials, after reading this I am reminded of H.L. Mencken's famous saying.

For every complex problem, there is a solution that is simple, neat, and wrong

Why is it wrong? Because it takes for granted that the spammers will always remain anonymous. If you propose putting a bounty on someone, it assumes that person doesn't wish to be found. The problem we have here at Linux Online is that the spammer who's using our domain is obviously practicing stealth tactics. That is, they don't want to be found. That's the point where the problem needs to be attacked. Lessig mentions passing legislation mandating that all commercial emails be labled with an ADV: tag. That might be problematic because people's notion of what is commercial and what is not might vary. But if we're talking about passing legislation, why not talk about something that is not really problematic and is really common sensical; something that everybody, except the spammers might agree to. That is, making domain name registrars responsible for accepting only real contact information about domain name holders. One of the explanations that spammers use when they are caught and are trying to defend themselves is that they are really small businessmen/women fighting the overwhelming superiority of big business. Well, we all know that's a load of male bovine dung. If they consider themselves legitimate businesses, then why don't they set them up legally? If you're selling info on how to consolidate debts and you setup a website called: www.cancel-your-debts.com, then why do you have to use contact information like:

Cancel Debts Inc.
111 Nowhere Street
Nowheresville, FL
12345
Tel: 000-000-0000
Fax: 000-999-0000

And more importantly, why is this allowed? Has anybody ever heard of a clandestine dry cleaners? A hidden pet shop? Any legitimate business that you can't actually find? Anyway, it just seems to me that before we start talking about bounty hunters, we should make sure that there isn't so much incentive for spammers to be able to hide in the first place.

Update: April 30, 2003

Good news today on the fight against spam. Virginia (USA) has just passed the toughest anti-spam law yet. The law mandates jail time for those spammers who fake their email headers, like the spammer who has been using Linux.org in his From: header. Officials commented that they are interpreting the law in this way: America On Line (AOL) is based in Virginia and they receive a lot of spam (millions a day, according to them) so the mere fact that a spam mail goes to an AOL server in their state would make the spammer a target of a felony investigation. I honestly wish Virginia officials good luck but it's one thing to say spamming is a felony, it's another to find the spammer and put him/her in jail.

You can read more on it at CNN or at the New York Times (requires registration).



Comments: feedback (at) linux.org
Advertising: banners (at) linux.org
Copyright Linux Online Inc.
Compilation ©1994-2008 Linux Online, Inc.
All rights reserved.