Subject: e-Spam From: Steven J. Coker Date: April 04, 1998 Newsgroups, Forums, Mailing Lists, etc., are all variations on a common theme. Origins of Spam http://ddi.digital.net/~gandalf/spamfaq.html The history of calling inappropriate postings in great numbers "Spam" is from a Monty Python skit yes, it is very silly, see http://www.ironworks.com/comedy/python/spam.htm where a couple go into a restaurant, and the wife tries to get something other than Spam. In the background are a bunch of Vikings that sing the praises of Spam. Pretty soon the only thing you can hear in the skit is the word "Spam". That same idea would happen to the Internet if large scale inappropriate postings were allowed. You couldn't pick the real postings out from the Spam. Bob's alternate view is that SPAM is an acronym for Send Phenomenal Amounts of Mail. To join a discussion list for Spams, send a message to [email protected] In the body of the message type : subscribe spamad your_name your_affiliation Or a real mailing list for the discussion on spamming and about what is and/or isn't possible in dealing with this problem. If you would like to join the mailing list send mail to [email protected] with the following message in the body : subscribe spam-list [preferred address] Black listed Internet Advertisers : http://math-www.uni-paderborn.de/~axel/BL/ (Europe) or http://www.cco.caltech.edu/~cbrown/BL/ (USA) First off, the only CORRECT way to "Spam" the net : Show SPAM Gifts http://wolf.co.net/spamgift/index.html Or for the free SPAM recipe Book ($1.00 postage and handling) : SPAM recipe Book, P.O. Box 5000, Austin, MN 55912 Or for SPAM merchandise and apparel call 1-800-LUV-SPAM The Church of Spam : http://www.goodnet.com/~swiggy There is also a letter circulating about "dying boy wants postcards" (Craig Shergold) which is no longer true. Same as with the Blue Star LSD addicting children hoax. See Urban Folklore FAQ at : http://www.urbanlegends.com/classic/craig.shergold/craig_nyt.html http://www.urbanlegends.com/classic/blue.star.tattoos/blue_star_lsd_faq.html A complete Urban Legends listings (It is big) : http://www.urbanlegends.com/afu.faq/listing.html There has been some discussion that such things should be canceled because they exceed the BI 20 index. They are untrue and they waste bandwidth. How *did* I get this unsolicited e-mail anyway? ================================================== Unfortunately just posting a message to a news group can get unsolicited e-mail. Some spammers "harvest" e-mail addresses by stripping e-mail return addresses out of messages people post. Try posting to alt.test a few times. You will get not only a few autoresponder messages (that is how it is *supposed* to work) but also a few unsolicited pieces of e-mail. Another way to get e-mail is to have a World Wide Web page. Some spammers just start a web spider (a piece of software that just traverses World Wide Web pages and collects information) going and collect e-mail that way. A suggestion of some nasty little HTML items to have in your WWW page (invisible, of course) are : A HREF="mailto:root@[127.0.0.1]"/a or if your server allows "server-side includes" (and .shtml) : a href="mailto:abuse@!--#echo var="REMOTE_ADDR"-- "anti spambot/a Also you might include a mail to news gateway like the following so that the Spam is posted to Usenet : A HREF="mailto:[email protected]"/a Or A HREF="mailto:[email protected]"/a Or A HREF="mailto:[email protected]"/a Note : You should note on your World Wide Web page that these links should *not* be followed by Lynx users, as they will see them no matter how you choose not to display them on a graphical interface. The last few in the below list are particularly not nice as they execute commands on a UNIX host. Substitute root@[127.0.0.1] with any of the following : postmaster abuse root admin postmaster@localhost abuse@localhost root@localhost admin@localhost postmaster@loopback abuse@loopback root@loopback admin@loopback `cat /dev/zero /tmp/...`@localhost ;cat /dev/zero /tmp/...;@localhost `umount /tmp`@localhost ;umount /tmp;@localhost `halt`@localhost ;halt;@localhost The MMF (Make Money Fast) Posts or any fraud on the Internet ================================================================ For a list of countries where Make Money Fast is illegal see : http://www.pacifier.com/~klucke/mmf/mmf_table.html MMFs should be reported to the user and their postmaster and the following : Federal Trade Commission Ms. Broder ( [email protected] ), the staff attorney assigned to handle MMF. f you have a question or comment regarding an antitrust or competition issue, please contact: [email protected] . If you have a complaint or comment regarding a consumer protection issue, please contact: [email protected] . Fraud Department at the Internal Revenue Service [email protected] National Fraud Information Center (NFIC) [email protected] (may not be working) And the US Postal Inspection Service [email protected] or [email protected] For more info on the Postal Chain Letters & where to send them, take a look at : http://nctuccca.edu.tw/ftp/documents/Internet/MaasInfo/Other/NetAbuse.html#USPS Complain reasonably politely with a copy of the USPS URL on MMFs. This stops 99%+ dead in their tracks. I've only had one person resist the full treatment of getting the USPS web page dropped in their mailbox - but their system admin fixed him up right quick :- Please, only report MMFs in news.admin.net-abuse.misc if they're spam and you've seen it in lots of groups and / or the postmaster/user are defiantly stupid. Rolf has created a page dedicated to making fun of MMF losers : http://www.clark.net/pub/rolf/mmf/home.html Or the MMF myth : http://www.pacifier.com/~klucke/mmf/mmf_myth.html Keep track of On-Line Fraud, subscribe to the fraud discussion at : http://www.silverquick.com To subscribe by email send a message to : [email protected] The body of the message to read : join fraudnews Hoaxes and scams : http://www.abraxis.com/fans/PAGE_7.htm Or for the latest scams : http://www2.scambusters.org/scambusters Call 1-800-688-9889 for the phone and fax numbers of the federal law enforcement agencies near you. The U.S. Securities and Exchange Commission now has a web page specifically set up to take reports of financial scams promoted over the Internet. Basically, anything that involves promoting stocks, bonds, and such comes under their authority. A big fraction of the MAKE MONEY FAST postings fall in this category. For the full story see : http://www.sec.gov/enforce/comctr.htm or Email: [email protected] Food and Drug Administration "Have you had a problem with a food, drug, cosmetic, medical device, radiation-emitting electronic product, or veterinary drug? Did it cause you an injury or was it insanitary or improperly labeled? Perform a public service and report the problem to the Food and Drug Administration." : http://www.fda.gov/opacom/backgrounders/problem.html Also the FDA explains : Complaints about the following should be made to the agencies listed. Consult your local telephone directory or public library for specific information. o meat and poultry products: U.S. Department of Agriculture o sanitation in restaurants and cafeterias: local or state health departments o unsolicited products in the mail: U.S. Postal Service o accidental poisonings: poison control centers or hospitals o pesticides, air, and water pollution: U.S. Environmental Protection Agency o hazardous household products (including appliances, toys and chemicals): Consumer Product Safety Commission o exposure to hazardous materials in the workplace: Occupational Safety and Health Administration of the U.S. Department of Labor o advertising and warranties: Federal Trade Commission (except advertising for prescription drugs, which is regulated by FDA) o dispensing and sales practices of pharmacies: State Board of Pharmacy o medical practice: State Board of Healing Arts There is a WWW site dedicated to *any* kind of fraud. It is : A partnership of the National Association of Attorneys General, the Federal Trade Commission and The National Consumers League http://www.fraud.org Wolfgang sez :IMHO MMF is associated with "Hello, my name is Dave Rhodes. In 198...". There was also a forged article purporting to tell how MMF is illegal : From: [email protected] (Melvin Purvis) ^^^^^^^^^^^^^ he arrested / shot John Dillinger. Subject: 'Make Money Fast' Scam Jon said : "Hermann" appears to have spammed at least 27 Bitnet mailing lists, including TANGO-L, where I saw it, with a standard MMF. I checked at the US Post Office web site and verified that chain letters are federal crimes under Title 18, United State Code, Section 1302. This does apply to email as well as paper; quoting from URL >From http://www.usps.gov/websites/depart/inspect/chainlet.htm : "Recently, high-tech chain letters have begun surfacing. They may be disseminated over the Internet, or may require the copying and mailing of computer disks rather than paper. Regardless of what technology is used to advance the scheme, if the mail is used at any step along the way, it is still illegal." To find your nearest postal inspector in the USA, see URL http://www.usps.gov/ncsc/locators/find-is.html California MMF law : http://www.leginfo.ca.gov/cgi-bin/calawquery?codesection=pen&codebody=endless I believe that the applicable Canadian description can be found at : http://www.rcmp-grc.gc.ca/html/commerc.htm [French language version] http://canada.justice.gc.ca/folio.pgi/fstats.nfo/query=pyramidale+/doc/{@1}/hit_headings/words=4/hits_only?">href="http://canada.justice.gc.ca/folio.pgi/fstats.nfo/query=pyramidale+/doc/{@1}/hit_headings/words=4/hits_only?">http://canada.justice.gc.ca/folio.pgi/fstats.nfo/query=pyramidale+/doc/{@1}/hit_headings/words=4/hits_only? [English language version] http://canada.justice.gc.ca/folio.pgi/estats.nfo/query=[jump!3A!27c34_000r!2Ee0055!2E1!281!29!27]/doc/{@20517}?">href="http://canada.justice.gc.ca/folio.pgi/estats.nfo/query=[jump!3A!27c34_000r!2Ee0055!2E1!281!29!27]/doc/{@20517}?">http://canada.justice.gc.ca/folio.pgi/estats.nfo/query=[jump!3A!27c34_000r!2Ee0055!2E1!281!29!27]/doc/{@20517}? And from the Canadian Department of Justice server ( http://canada.justice.gc.ca/ ): STATUTES OF CANADA, C, Competition - PART VI OFFENSES IN RELATION TO COMPETITION - Definition of "scheme of pyramid selling" - Section 55.1 EXTRACT FROM THE CANADIAN CRIMINAL CODE Chain-letters 206. (1) Every one is guilty of an indictable offense and liable to imprisonment for a term not exceeding two years who . . . Pyramid Schemes 55.1 (1) For the purposes of this section, "scheme of pyramid selling" means a multi-level marketing plan whereby ... The law in Australia and where to send complaints to : http://www.wa.gov.au/gov/mft/pages/mftbn10.html Ministry of Fair Trading P O Box 6355 EAST PERTH 6536 DOES ANYBODY HAVE POSTAL INSPECTOR ADDRESSES FOR OTHER COUNTRIES THAT PONZI / MMF SCHEMES ARE ILLEGAL IN? 1-900, 1-800 and 1-809 may be expensive long distance phone calls ================================================================= Be very careful when dialing a 1-800 or a long distance number you are not familiar with. It may end up being a very expensive mistake. Remember to dial these numbers from a phone booth so that your home phone will never be charged. All 1-800 numbers are *not* free. See below. Likewise, numbers that may "look" like they are United States long distance phone numbers may in fact be out of country and may cost you $25 or more for a couple of minutes call. These calls are not refundable. A scam artist trying to get money from the phone calls (he gets a skim off the top) was dialing random beepers with an out of country number. Some area codes to look for : 1-809-XXX-XXXX - Virgin Islands and other Caribbean islands 1-242-XXX-XXXX - Bahamas 1-246-XXX-XXXX - Barbados 1-441-XXX-XXXX - Bermuda 1-787-XXX-XXXX - Puerto Rico If the ad says "Procall", it is a large service bureau for 1-900 numbers in Arizona. When you call a pay-per-call number, there should be a recorded intro that will give a customer service number. That *should* connect with a live person. I would like to thank Eileen at the FTC for kindly answering my questions about 1-900 & 1-800 phone numbers. Paraphrasing what she e-mailed me : When a 1-900 number is advertised, the price must also be disclosed (this may be found at 16 CFR Part 308). When calling a 1-800 number that charges, there must be an existing subscription agreement between the buyer and the seller http://www.ftc.gov/ Federal Trade Commission Home Page http://www.ftc.gov/bcp/telemark/rule.htm Telemarketing Sales Rule http://www.ftc.gov/bcp/telemark/telesale.htm Telemarketing Sales Rule http://www.ftc.gov/bcp/ Online Scams http://www.ftc.gov/bcp/conline/fraud.htm Reporting fraud http://www.ftc.gov/bcp/conline/conline.html Consumer Line (from the "Online Scams page) For More Information If you have a question or complaint about a suspect online ad or promotion, contact your commercial service provider. In addition, you can file complaints with your state attorney general, consumer protection office or with the Federal Trade Commission (write to: Correspondence Branch, Federal Trade Commission, 6th St. & Pennsylvania Ave., NW, Washington, DC 20580). Also, contact the National Advertising Division of the Council of Better Business Bureaus, 845 Third Avenue, New York, New York 10022. Questions about whether or not an investment sales person is licensed, or if an offered security is registered, should be directed to the Office of Consumer Affairs, Securities and Exchange Commission, 202-942-7040. The National Fraud Information Center maintains a toll-free Consumer Assistance Service, 1-800-876-7060, to provide consumers with answers to questions about telephone or mail solicitations and online scams. They also offer information about how and where to report fraud and give help in filing complaints. Or fill out an on-line scam sheet : http://www.fraud.com/nficmail.htm Or E-Mail to [email protected] in the form : Your Name: Your email address: Subject: Message: NFIC tells us: We will try to respond as quickly as possible. We will not be able to respond if you have not included your e-mail address. If you wish to inform us of an incident, please provide us with information about the company, the incident, your name and a snail mail address at which you can be reached. Thank you. Please, do not use this service to relay confidential information! The Better Business Bureau has a web site at: http://www.bbb.org To give feedback, go directly to: http://www.bbb.org/council/feedback/index.html How To Respond to SPAM =========================== Howard reminds us : Note to all: NEVER followup to a spam. NEVER. Express your indignation in mail to the poster and/or the [email protected], but NEVER in the newsgroups! Karen asks: But what about the newbies who look at a group, see lots of spam and ads, see NO posts decrying them, and conclude that ads are therefore OK? Ran replies : When it gets bad, you'll usually see some "What can we do about this?" threads. That's a good place to attach a reply that tells people why it's bad, and what they can, in fact, do. Austin Suggests: At the risk of attracting flames, let me suggest an exception to Howard's law. A followup is allowed if the following 3 conditions hold. 1) The offending article is clearly a SCAM (for instance, the *Canada* calls with the Seychelles Islands phone # scam) 2) No one else has followed-up with a posting identifying it as a scam (in other words, no 'Me too' warnings) 3) It is unlikely to be canceled soon, either because it seems to be below the thresholds, or it is in a local hierarchy that doesn't get cancels, or Chris Lewis is on vacation in the Seychelles Islands. If all three conditions are met, a followup that X's out the contact information , severely trims the contents and identifies the post as a scam is exempt from Howard's law. Comments? Bill's and Wolfgang's addition : 4) Follow-ups should be cross posted to news.admin.net-abuse.misc _and_ the groups of the spam, but Followup-To: *MUST* be set to news.admin.net-abuse.misc *ONLY* _or_ post a follow-up and *SET* Followup-To: alt.dev.null. In the first case change Subject: Important FREE $$$ to Subject: SPAM (was Re: Important FREE $$$) and include the original Newsgroups and Message-ID line, so the professional despammers will immediately find what you're talking about. Do not post unless you're absolutely sure that you can do all that properly. Also 1) - 3) do apply. If you see the same article with different Message-IDs in several groups, collect the _complete_ headers of each article and check news.admin.net-abuse.misc if it's already been reported. If not, start a thread with Subject: SPAM (was Re: original Subject) in news.admin.net-abuse.misc. Include all of the headers and as much of the body of one article as you see fit. Revenge - What to do & not to do ======================================== No matter how much we hate Spam and how much we dislike what the spammers to our quiet little corner of the Universe known as the Internet, Spam is not illegal (yet). If you try anything against the spammers, please * do not * put yourself in risk of breaking the law. It only makes them happy if you get in trouble because you were trying to get back at them. The reason why spammers use "throwaway" accounts is because they know the e-mail account will be deleted. They usually provide either another e-mail address or a name / phone number or postal address so that prospective "customers" can be contacted. Be sure to complain to the postmaster of all e-mail names provided to make sure that this route is inhibited. Telephoning someone ====================== Calling someone once is fine. If enough people are pissed at the spammer and they all call the 1-800 number the spammer provides, the spammer will get the idea (sooner or later) that it is costing them more in irate people (and most especially loss of business) and it is not worth it to spam. Do not dial any phone numbers more than once from your home. Phone harassment is * illegal * and you * can * be prosecuted in court for this. Even tho' *67 prevents your number from being displayed on their telephone at home if they have caller ID, *57 will give the phone company the number. If it is a 1-800 number there are two problems. First they can *always* get your phone number, and secondly it may *not* be a toll free number. You may be charged for calling a 1-800 number. Likewise, do not call collect using 1-800-COLLECT or 1-800-CALL-ATT from home, once again this can be traced. Austin comments : I would say that calling a listed non-800 number *once* collect to voice a complaint is not harassment, but justified. They sent you a postage due message, didn't they? If they don't want to accept collect calls, they should say so - and if they do, you should be a responsible person and not do it again. AT&T Information for 1-800 numbers is 1-800-555-1212, but that only helps if you know the company name you are trying to call. Also, you can try searching for a 1-800 number (you do not have to know the company name) at : http://www.tollfree.att.net/dir800 or http://www.tollfree.att.net/dir800/advsea.html (advanced search options). Other telephone search mechanisms: http://www.zip2.com http://www.bigbook.com http://www.switchboard.com http://www.555-1212.com Snail Mailing someone ======================= Likewise, one well thought out letter sent to the spammer might help convince the spammer not to do this again. Especially if the spammer was part of a corporation that didn't realize the detrimental effects of spamming the Internet. If you decide to deluge the spammers postal address by filling out one or two "bingo" (popcorn) postage paid cards in the technical magazines (by circling a few dozen "product info" requests per card & putting on printed out self sticking labels with the spammers address), or by putting preprinted labels on postage paid cards that come in the mail in the little plastic packages, don't organize a public campaign (that they can point to) against the spammer in the newsgroup. Scott also reminds us : Since this is the "Spam FAQ", I'd like to point this out: You're basically Spamming the company offering information in a magazine. It costs companies money, not the one you're spamming. They get a free pile of junk which is easy to throw out. In other words, this may be harming third parties more than the intended target. I'm not trying to be Mr. Nice Guy, just trying to point out an important technicality. Junk Mail - The Law : http://www.vtwctr.org/casewatch/ http://192.41.4.29/index.html - 'Lectric Law Library You should also read Title 47 of the United States Code, Section 227. There is a FAQ at cornell.law.edu for the text of the law (gopher or ftp or http://www.law.cornell.edu/uscode/47/227.html ), and you can use DejaNews to read the USC 47 thread on news.admin.net-abuse.misc to make up your own mind (it invariably comes up) or you can look at : http://www.cybernothing.org/docs/code47.5.II.txt In Washington (State) (for example) fax laws (RCW 80.36.540 - Telefacsimile messages) define "telefacsimile message" in such a way that could be interpreted to include E-mail. It was not originally written to cover E-Mail, but that is for the courts to decide :-). California regulates it thru Section 17538(d) of the Business and Professions Code. Organizing a campaign against the spammer in a news group could lead to the spammer trying to get a cease & desist police order against the organizers. Disclaimer : I am not a lawyer, 80% of the Internet is bull, free advice is worth every penny you paid for it :-). ------------------------------------------------------------------ Do not meddle in the affairs of wizards for they are subtle and quick to anger. E-Mail - [email protected] - Gandalf The White O- Ken Hollis WWW Page - http://digital.net/~gandalf/ WWW Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html WWW Trolls crossposts - http://digital.net/~gandalf/trollfaq.html http://ddi.digital.net/~gandalf/spamfaq.html ==== SCROOTS Mailing List ==== Go To: #, A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z, Main |