e-Spam - Steven J. Coker
Subject: e-Spam
From: Steven J. Coker
Date: April 04, 1998

Newsgroups, Forums, Mailing Lists, etc.,  are all variations on a common theme.

Origins of Spam
http://ddi.digital.net/~gandalf/spamfaq.html

The history of calling inappropriate postings in great numbers "Spam" is from a
Monty Python skit 

yes, it is very silly, see http://www.ironworks.com/comedy/python/spam.htm 

where a couple go into a restaurant, and the wife tries to get something other
than Spam. In the background are a bunch of Vikings that sing the praises of
Spam. Pretty soon the only thing you can hear in the skit is the word "Spam".
That same idea would happen to the Internet if large scale inappropriate
postings were allowed. You couldn't pick the real postings out from the Spam.

Bob's alternate view is that SPAM is an acronym for Send Phenomenal Amounts of
Mail.

To join a discussion list for Spams, send a message to [email protected]

In the body of the message type : subscribe spamad your_name your_affiliation

Or a real mailing list for the discussion on spamming and about what is and/or
isn't possible in dealing with this problem. If you would like to join the
mailing list send mail to [email protected] with the following message in the
body :

subscribe spam-list [preferred address]

Black listed Internet Advertisers : http://math-www.uni-paderborn.de/~axel/BL/
(Europe) or http://www.cco.caltech.edu/~cbrown/BL/ (USA)

First off, the only CORRECT way to "Spam" the net : Show SPAM Gifts
http://wolf.co.net/spamgift/index.html

Or for the free SPAM recipe Book ($1.00 postage and handling) : SPAM recipe
Book, P.O. Box 5000, Austin, MN 55912 Or for SPAM merchandise and apparel call
1-800-LUV-SPAM

The Church of Spam : http://www.goodnet.com/~swiggy

There is also a letter circulating about "dying boy wants postcards" (Craig
Shergold) which is no longer true. Same as with the Blue Star LSD addicting
children hoax. See Urban Folklore FAQ at :

http://www.urbanlegends.com/classic/craig.shergold/craig_nyt.html
http://www.urbanlegends.com/classic/blue.star.tattoos/blue_star_lsd_faq.html

A complete Urban Legends listings (It is big) :
http://www.urbanlegends.com/afu.faq/listing.html

There has been some discussion that such things should be canceled because they
exceed the BI 20 index. They are untrue and they waste bandwidth.

How *did* I get this unsolicited e-mail anyway?
==================================================

Unfortunately just posting a message to a news group can get unsolicited e-mail.
Some spammers "harvest" e-mail addresses by stripping e-mail return addresses
out of messages people post. Try posting to alt.test a few times. You will get
not only a few autoresponder messages (that is how it is *supposed* to work) but
also a few unsolicited pieces of e-mail.

Another way to get e-mail is to have a World Wide Web page. Some spammers just
start a web spider (a piece of software that just traverses World Wide Web pages
and collects information) going and collect e-mail that way. A suggestion of
some nasty little HTML items to have in your WWW page (invisible, of course) are
:

A HREF="mailto:root@[127.0.0.1]"/a

or if your server allows "server-side includes" (and .shtml) :

a href="mailto:abuse@!--#echo var="REMOTE_ADDR"-- "anti spambot/a

Also you might include a mail to news gateway like the following so that the
Spam is posted to Usenet :

A HREF="mailto:[email protected]"/a

Or

A HREF="mailto:[email protected]"/a

Or

A HREF="mailto:[email protected]"/a

Note : You should note on your World Wide Web page that these links should *not*
be followed by Lynx users, as they will see them no matter how you choose not to
display them on a graphical interface. The last few in the below list are
particularly not nice as they execute commands on a UNIX host. Substitute
root@[127.0.0.1] with any of the following :

postmaster abuse root admin postmaster@localhost abuse@localhost root@localhost
admin@localhost postmaster@loopback
abuse@loopback root@loopback admin@loopback

`cat /dev/zero /tmp/...`@localhost
;cat /dev/zero /tmp/...;@localhost
`umount /tmp`@localhost
;umount /tmp;@localhost
`halt`@localhost
;halt;@localhost

The MMF (Make Money Fast) Posts or any fraud on the Internet
================================================================

For a list of countries where Make Money Fast is illegal see :
http://www.pacifier.com/~klucke/mmf/mmf_table.html

MMFs should be reported to the user and their postmaster and the following :

Federal Trade Commission Ms. Broder ( [email protected] ), the staff attorney
assigned to handle MMF. f you have a question or comment regarding an antitrust
or competition issue, please contact: [email protected] . If you have a
complaint or comment regarding a consumer protection issue, please contact:
[email protected] .

Fraud Department at the Internal Revenue Service [email protected]

National Fraud Information Center (NFIC) [email protected] (may not be
working)

And the US Postal Inspection Service [email protected] or [email protected]

For more info on the Postal Chain Letters & where to send them, take a look at :
http://nctuccca.edu.tw/ftp/documents/Internet/MaasInfo/Other/NetAbuse.html#USPS

Complain reasonably politely with a copy of the USPS URL on MMFs. This stops
99%+ dead in their tracks. I've only had one person resist the full treatment of
getting the USPS web page dropped in their mailbox - but their system admin
fixed him up right quick :-

Please, only report MMFs in news.admin.net-abuse.misc if they're spam and you've
seen it in lots of groups and / or the postmaster/user are defiantly stupid.

Rolf has created a page dedicated to making fun of MMF losers :
http://www.clark.net/pub/rolf/mmf/home.html

Or the MMF myth :
http://www.pacifier.com/~klucke/mmf/mmf_myth.html

Keep track of On-Line Fraud, subscribe to the fraud discussion at :
http://www.silverquick.com

To subscribe by email send a message to : [email protected]

The body of the message to read : join fraudnews

Hoaxes and scams : 
http://www.abraxis.com/fans/PAGE_7.htm

Or for the latest scams :
http://www2.scambusters.org/scambusters

Call 1-800-688-9889 for the phone and fax numbers of the federal law enforcement
agencies near you.

The U.S. Securities and Exchange Commission now has a web page specifically set
up to take reports of financial scams promoted over the Internet. Basically,
anything that involves promoting stocks, bonds, and such comes under their
authority. A big fraction of the MAKE MONEY FAST postings fall in this category.
For the full story see :

http://www.sec.gov/enforce/comctr.htm or Email: [email protected]

Food and Drug Administration "Have you had a problem with a food, drug,
cosmetic, medical device, radiation-emitting electronic product, or veterinary
drug? Did it cause you an injury or was it insanitary or improperly labeled?
Perform a public service and report the problem to the Food and Drug
Administration." :

http://www.fda.gov/opacom/backgrounders/problem.html

Also the FDA explains :

Complaints about the following should be made to the agencies listed. Consult
your local telephone directory or public library for specific information.

o meat and poultry products: U.S. Department of Agriculture

o sanitation in restaurants and cafeterias: local or state health departments

o unsolicited products in the mail: U.S. Postal Service

o accidental poisonings: poison control centers or hospitals

o pesticides, air, and water pollution: U.S. Environmental Protection Agency

o hazardous household products (including appliances, toys and chemicals):
Consumer Product Safety Commission

o exposure to hazardous materials in the workplace: Occupational Safety and
Health Administration of the U.S. Department of Labor

o advertising and warranties: Federal Trade Commission (except advertising for
prescription drugs, which is regulated by FDA)

o dispensing and sales practices of pharmacies: State Board of Pharmacy

o medical practice: State Board of Healing Arts

There is a WWW site dedicated to *any* kind of fraud. It is :

A partnership of the National Association of Attorneys General, the Federal
Trade Commission and The National Consumers League

http://www.fraud.org

Wolfgang sez :IMHO MMF is associated with "Hello, my name is Dave Rhodes. In
198...".

There was also a forged article purporting to tell how MMF is illegal :

From: [email protected] (Melvin Purvis)

^^^^^^^^^^^^^ he arrested / shot John Dillinger.

Subject: 'Make Money Fast' Scam

Jon said : "Hermann" appears to have spammed at least 27 Bitnet mailing lists,
including TANGO-L, where I saw it, with a standard MMF. I checked at the US Post
Office web site and verified that chain letters are federal crimes under Title
18, United State Code, Section 1302. This does apply to email as well as paper;
quoting from URL
>From http://www.usps.gov/websites/depart/inspect/chainlet.htm :

"Recently, high-tech chain letters have begun surfacing. They may be
disseminated over the Internet, or may require the copying and mailing of
computer disks rather than paper. Regardless of what technology is used to
advance the scheme, if the mail is used at any step along the way, it is still
illegal."

To find your nearest postal inspector in the USA, see URL
http://www.usps.gov/ncsc/locators/find-is.html

California MMF law :
http://www.leginfo.ca.gov/cgi-bin/calawquery?codesection=pen&codebody=endless

I believe that the applicable Canadian description can be found at :
http://www.rcmp-grc.gc.ca/html/commerc.htm

[French language version]
http://canada.justice.gc.ca/folio.pgi/fstats.nfo/query=pyramidale+/doc/{@1}/hit_headings/words=4/hits_only?">href="http://canada.justice.gc.ca/folio.pgi/fstats.nfo/query=pyramidale+/doc/{@1}/hit_headings/words=4/hits_only?">http://canada.justice.gc.ca/folio.pgi/fstats.nfo/query=pyramidale+/doc/{@1}/hit_headings/words=4/hits_only?

[English language version]
http://canada.justice.gc.ca/folio.pgi/estats.nfo/query=[jump!3A!27c34_000r!2Ee0055!2E1!281!29!27]/doc/{@20517}?">href="http://canada.justice.gc.ca/folio.pgi/estats.nfo/query=[jump!3A!27c34_000r!2Ee0055!2E1!281!29!27]/doc/{@20517}?">http://canada.justice.gc.ca/folio.pgi/estats.nfo/query=[jump!3A!27c34_000r!2Ee0055!2E1!281!29!27]/doc/{@20517}?

And from the Canadian Department of Justice server (
http://canada.justice.gc.ca/ ):

STATUTES OF CANADA, C, Competition - PART VI OFFENSES IN RELATION TO COMPETITION
- Definition of "scheme of pyramid selling" - Section 55.1

EXTRACT FROM THE CANADIAN CRIMINAL CODE

Chain-letters

206. (1) Every one is guilty of an indictable offense and liable to imprisonment
for a term not exceeding two years who . . .

Pyramid Schemes

55.1 (1) For the purposes of this section, "scheme of pyramid selling" means a
multi-level marketing plan whereby ...

The law in Australia and where to send complaints to :
http://www.wa.gov.au/gov/mft/pages/mftbn10.html

Ministry of Fair Trading
P O Box 6355
EAST PERTH 6536

DOES ANYBODY HAVE POSTAL INSPECTOR ADDRESSES FOR OTHER COUNTRIES THAT PONZI /
MMF SCHEMES ARE ILLEGAL IN?

1-900, 1-800 and 1-809 may be expensive long distance phone calls
=================================================================

Be very careful when dialing a 1-800 or a long distance number you are not
familiar with. It may end up being a very expensive mistake. Remember to dial
these numbers from a phone booth so that your home phone will never be charged.

All 1-800 numbers are *not* free. See below.

Likewise, numbers that may "look" like they are United States long distance
phone numbers may in fact be out of country and may cost you $25 or more for a
couple of minutes call. These calls are not refundable. A scam artist trying to
get money from the phone calls (he gets a skim off the top) was dialing random
beepers with an out of country number.

Some area codes to look for :
1-809-XXX-XXXX - Virgin Islands and other Caribbean islands
1-242-XXX-XXXX - Bahamas
1-246-XXX-XXXX - Barbados
1-441-XXX-XXXX - Bermuda
1-787-XXX-XXXX - Puerto Rico

If the ad says "Procall", it is a large service bureau for 1-900 numbers in
Arizona. When you call a pay-per-call number, there should be a recorded intro
that will give a customer service number. That *should* connect with a live
person.

I would like to thank Eileen at the FTC for kindly answering my questions about
1-900 & 1-800 phone numbers.

Paraphrasing what she e-mailed me :

When a 1-900 number is advertised, the price must also be disclosed (this may be
found at 16 CFR Part 308).

When calling a 1-800 number that charges, there must be an existing subscription
agreement between the buyer and the seller

http://www.ftc.gov/ Federal Trade Commission Home Page
http://www.ftc.gov/bcp/telemark/rule.htm Telemarketing Sales Rule
http://www.ftc.gov/bcp/telemark/telesale.htm Telemarketing Sales Rule
http://www.ftc.gov/bcp/ Online Scams
http://www.ftc.gov/bcp/conline/fraud.htm Reporting fraud
http://www.ftc.gov/bcp/conline/conline.html Consumer Line

(from the "Online Scams page)

For More Information

If you have a question or complaint about a suspect online ad or promotion,
contact your commercial service provider. In addition, you can file complaints
with your state attorney general, consumer protection office or with the Federal
Trade Commission (write to: Correspondence Branch, Federal Trade Commission, 6th
St. & Pennsylvania Ave., NW, Washington, DC 20580). Also, contact the National
Advertising Division of the Council of Better Business Bureaus, 845 Third
Avenue, New York, New York 10022.

Questions about whether or not an investment sales person is licensed, or if an
offered security is registered, should be directed to the Office of Consumer
Affairs, Securities and Exchange Commission, 202-942-7040.

The National Fraud Information Center maintains a toll-free Consumer Assistance
Service, 1-800-876-7060, to provide consumers with answers to questions about
telephone or mail solicitations and online scams. They also offer information
about how and where to report fraud and give help in filing complaints.

Or fill out an on-line scam sheet :

http://www.fraud.com/nficmail.htm

Or E-Mail to [email protected] in the form :

Your Name: 

Your email address: 

Subject: 

Message: 

NFIC tells us:

We will try to respond as quickly as possible. We will not be able to respond if
you have not included your e-mail address.

If you wish to inform us of an incident, please provide us with information
about the company, the incident, your name and a snail mail address at which you
can be reached. Thank you.

Please, do not use this service to relay confidential information!

The Better Business Bureau has a web site at:
http://www.bbb.org

To give feedback, go directly to:
http://www.bbb.org/council/feedback/index.html

How To Respond to SPAM
===========================

Howard reminds us :

Note to all: NEVER followup to a spam. NEVER. Express your indignation in mail
to the poster and/or the [email protected], but NEVER in the newsgroups!

Karen asks:

But what about the newbies who look at a group, see lots of spam and ads, see NO
posts decrying them, and conclude that ads are therefore OK?

Ran replies :

When it gets bad, you'll usually see some "What can we do about this?" threads.
That's a good place to attach a reply that tells people why it's bad, and what
they can, in fact, do.

Austin Suggests:

At the risk of attracting flames, let me suggest an exception to Howard's law. A
followup is allowed if the following 3 conditions hold.

1) The offending article is clearly a SCAM (for instance, the *Canada* calls
with the Seychelles Islands phone # scam)

2) No one else has followed-up with a posting identifying it as a scam (in other
words, no 'Me too' warnings)

3) It is unlikely to be canceled soon, either because it seems to be below the
thresholds, or it is in a local hierarchy that doesn't get cancels, or Chris
Lewis is on vacation in the Seychelles Islands. If all three conditions are met,
a followup that X's out the contact information , severely trims the contents
and identifies the post as a scam is exempt from Howard's law.

Comments?

Bill's and Wolfgang's addition :

4) Follow-ups should be cross posted to news.admin.net-abuse.misc _and_ the
groups of the spam, but Followup-To: *MUST* be set to news.admin.net-abuse.misc
*ONLY*

_or_

post a follow-up and *SET* Followup-To: alt.dev.null.

In the first case change

Subject: Important FREE $$$

to

Subject: SPAM (was Re: Important FREE $$$) 

and include the original Newsgroups and Message-ID line, so the professional
despammers will immediately find what you're talking about. Do not post unless
you're absolutely sure that you can do all that properly. Also 1) - 3) do apply.

If you see the same article with different Message-IDs in several groups,
collect the _complete_ headers of each article and check
news.admin.net-abuse.misc if it's already been reported. If not, start a thread
with Subject: SPAM (was Re: original Subject) in news.admin.net-abuse.misc.
Include all of the headers and as much of the body of one article as you see
fit.

Revenge - What to do & not to do
========================================

No matter how much we hate Spam and how much we dislike what the spammers to our
quiet little corner of the Universe known as the Internet, Spam is not illegal
(yet). If you try anything against the spammers, please * do not * put yourself
in risk of breaking the law. It only makes them happy if you get in trouble
because you were trying to get back at them.

The reason why spammers use "throwaway" accounts is because they know the e-mail
account will be deleted. They usually provide either another e-mail address or a
name / phone number or postal address so that prospective "customers" can be
contacted. Be sure to complain to the postmaster of all e-mail names provided to
make sure that this route is inhibited.

Telephoning someone
======================

Calling someone once is fine. If enough people are pissed at the spammer and
they all call the 1-800 number the spammer provides, the spammer will get the
idea (sooner or later) that it is costing them more in irate people (and most
especially loss of business) and it is not worth it to spam.

Do not dial any phone numbers more than once from your home. Phone harassment is
* illegal * and you * can * be prosecuted in court for this. Even tho' *67
prevents your number from being displayed on their telephone at home if they
have caller ID, *57 will give the phone company the number. If it is a 1-800
number there are two problems. First they can *always* get your phone number,
and secondly it may *not* be a toll free number. You may be charged for calling
a 1-800 number.

Likewise, do not call collect using 1-800-COLLECT or 1-800-CALL-ATT from home,
once again this can be traced.

Austin comments : I would say that calling a listed non-800 number *once*
collect to voice a complaint is not harassment, but justified. They sent you a
postage due message, didn't they? If they don't want to accept collect calls,
they should say so - and if they do, you should be a responsible person and not
do it again.

AT&T Information for 1-800 numbers is 1-800-555-1212, but that only helps if you
know the company name you are trying to call. Also, you can try searching for a
1-800 number (you do not have to know the company name) at :

http://www.tollfree.att.net/dir800
or
http://www.tollfree.att.net/dir800/advsea.html (advanced search options).

Other telephone search mechanisms:
http://www.zip2.com
http://www.bigbook.com
http://www.switchboard.com
http://www.555-1212.com

Snail Mailing someone
=======================

Likewise, one well thought out letter sent to the spammer might help convince
the spammer not to do this again. Especially if the spammer was part of a
corporation that didn't realize the detrimental effects of spamming the
Internet.

If you decide to deluge the spammers postal address by filling out one or two
"bingo" (popcorn) postage paid cards in the technical magazines (by circling a
few dozen "product info" requests per card & putting on printed out self
sticking labels with the spammers address), or by putting preprinted labels on
postage paid cards that come in the mail in the little plastic packages, don't
organize a public campaign (that they can point to) against the spammer in the
newsgroup.

Scott also reminds us :
Since this is the "Spam FAQ", I'd like to point this out: You're basically
Spamming the company offering information in a magazine. It costs companies
money, not the one you're spamming. They get a free pile of junk which is easy
to throw out. In other words, this may be harming third parties more than the
intended target. I'm not trying to be Mr. Nice Guy, just trying to point out an
important technicality.

Junk Mail - The Law :

http://www.vtwctr.org/casewatch/

http://192.41.4.29/index.html - 'Lectric Law Library

You should also read Title 47 of the United States Code, Section 227. There is a
FAQ at cornell.law.edu for the text of the law (gopher or ftp or
http://www.law.cornell.edu/uscode/47/227.html ), and you can use DejaNews to
read the USC 47 thread on news.admin.net-abuse.misc to make up your own mind (it
invariably comes up) or you can look at :

http://www.cybernothing.org/docs/code47.5.II.txt

In Washington (State) (for example) fax laws (RCW 80.36.540 - Telefacsimile
messages) define "telefacsimile message" in such a way that could be interpreted
to include E-mail. It was not originally written to cover E-Mail, but that is
for the courts to decide :-). California regulates it thru Section 17538(d) of
the Business and Professions Code.

Organizing a campaign against the spammer in a news group could lead to the
spammer trying to get a cease & desist police order against the organizers.

Disclaimer : I am not a lawyer, 80% of the Internet is bull, free advice is
worth every penny you paid for it :-).

------------------------------------------------------------------
Do not meddle in the affairs of wizards for they are subtle and quick to anger.
E-Mail - [email protected] - Gandalf The White O- Ken Hollis
WWW Page - http://digital.net/~gandalf/
WWW Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html
WWW Trolls crossposts - http://digital.net/~gandalf/trollfaq.html
http://ddi.digital.net/~gandalf/spamfaq.html

==== SCROOTS Mailing List ====




Go To:  #,  A,  B,  C,  D,  E,  F,  G,  H,  I,  J,  K,  L,  M,  N,  O,  P,  Q,  R,  S,  T,  U,  V,  W,  X,  Y,  Z,  Main