Spam tools:

Spam (unsolicited commercial email) really sucks. Spammers must connect to the internet in order to spam. Most spammers are connecting through Internet Service Providers (ISPs) and and many of these ISPs have rules against spamming. Therefore, by complaining to the right people, we can get many spammers busted.

Be sure before you try any of this that you know the difference between spam and bulk email. If you gave your email address to ShabbyDownloads.com so that you could download the Shabby CD Burning Software, then an email from ShabbyDownloads.com is not spam because it is not unsolicited. They put you on their bulk email list because you asked for it. But they had better have a way for you to unsubscribe from their mailing list. If they don't, then you can treat them like spam. When you get an email and it says "you are receiving this email because you opted in at our web-site," but they don't tell you what web-site that was and you have never heard of them, they are probably lying. Treat them like spam.

Be forewarned that a lot of header information can be forged. Only certain parts of the full header cannot be forged. How do you display full headers? That depends on what kind of email you have. I'll leave you to figure that out. The rest of this document deals with tracing an email.

I am only going to give you the short poop on tracing emails. You can find the long poop at Junk Email Deal, which tells all about tracing email. My little tutorial about tracing email isn't the full story and won't always work, but it frequently will.

1) Look at the full headers, and find the IP address from which the message was sent. You can find out what ISP owns this IP address (and therefore sent the mail) by looking it up in the ARIN database. You should find the web site of the ISP to make sure that the email came from an ISP. Some spam comes from shabby businesses who own their own network and mail servers. You cannot bust these people because they aren't breaking any rules.

2) If the spam came from an ISP, then you should forward the spam mail to the ISP's abuse address (abuse@ISP.net). This is fun because the spammer may very well lose his or her dialup, cable, or DSL connection.

3)You should read the spam to see if it directs you to a website. The website may be guilty by association (but it may not, so think about it). You can lookup who this website belongs to with Domain White Pages. If the website is being served through an ISP, you may be able to get the site shut down by complaining to the ISP. This is fun because all that spam directing people to this website will be wasted -- the website is gone.

4) Usually, the ISP will send you an automated response saying that they have received your report. The automated response will often contain instructions on sending abuse reports. You should read the instructions to make sure that you have done things correctly. Some ISPs have different instructions. For example, eli.net asks you to include whois output or a trace-route showing that the mail came from eli.net computers. We don't need to do a trace-route. We got whois output in step 1. In the future, whenever you get a spam from eli.net, you can send them whois output. The automated response will most likely be the last you hear of it. Don't be fooled by the automatic nature of the response. Real people will read your message. Be polite when you write it and explain exactly what the problem is. Below are a few spam complaint templates which I frequently use. Feel free to copy these if you like them (but change the signature to your own name).


Dear Postmaster,

I am forwarding you an unsolicited commercial email which according to my investigation came from a user on your network or a subnetwork.

I don't know the person who sent it. I did not solicit this email.

I consider unsolicited bulk email to be a waste of network resources, including my personal inbox space, as well as a waste of my time. Network users should not be allowed to do this. No legitimate ISP would permit spamming through their network.

I would respectfully request that you, as sysop, take whatever steps you feel necessary to prevent this network abuse from reccuring.

Thank you for your time,
Chris

[Insert junk mail, including full headers, here.]


Dear Postmaster,

I am forwarding you a spam message which according to my investigation came from a user on your network or a subnetwork. I call it spam because it is impossible to distinguish it from spam.

The offending message claims that I solicited it when I registered for something at a site. Unfortunately, the offending message does not specify what site this was, or what "thing" I registered for. How can I know whether this is true or not?

The offending message includes a remove method, however this is not adequate compensation. Remove methods are frequently used by less reputable email marketers to generate validated email lists. This results in MORE junk mail for the "opt-out". I should never be required to make use of a remove method unless I have a way of identifying the sender.

I am receiving a commercial message from a total stranger. I need to know exactly what I did to solicit the bulk message. Otherwise I cannot distinguish it from spam, which means that I cannot unsubscribe because it is not safe. My only recourse in this scenario is to complain to the sender's ISP (what I am doing now).

I would respectfully suggest that the message I am forwarding you has failed to distinguish itself from spam and should therefore be treated like spam, and the sender of the message should be treated in accordance. Alternatively, if you as sysop believe that the sender of the message has acted in good faith (I do not), then please advise the sender to improve their service to include specific details regarding how I became an opt-in, or else permenantly remove me from their lists.

Thank you for your time,
Chris

[Insert junk email, including full headers, here.]


Dear Postmaster,

In addition to being spam, the email message I am forwarding you also contains falsified header information. It claims to be from "rtportportrtport@yahoo.com", however the IP address reveals that it is not from yahoo.com at all. I believe the offending email was sent by a user on your network or a subnetwork.

I consider spam a waste of network resources and believe that no ISP should permit it. I consider email header falsification a type of forgery and no one should tolerate it.

Thanks for your time,
Chris


Dear Postmaster,

I am forwarding you an email which I believe was sent to me with the sole intention of collecting my email address for spamming purposes.

The offending email is completely blank. I don't know the person who sent it.

I believe the sender either 1) sent out many of these messages to randomly generated hotmail accounts. He or she might assume that the messages that didn't bounce were sent to valid addresses. Or 2) the sender was hoping that I would reply to the strange blank email, in which case he or she would know for certain that my address was valid.

I certainly can't think of a legitimate reason for sending a blank email to a stranger.

I consider this to be abuse of the email systems involved (including my own inbox) and I would respectfully request that you, as sysop, take whatever steps you feel necessary to ensure that this user doesn't abuse the system further.

Thanks for your time,
Chris


Dear Postmaster,

I am forwarding you a spam message which according to my investigation came from a user on your network or a subnetwork.

The offending message appears to be under the pretense of an opt-in bulk message. However, it does not give SPECIFIC information regarding how I solicited it. Without such information, I have no way of knowing whether it was solicited or not.

Because I cannot identify the sender, I also cannot unsubscribe because I have no tangible promise that my request will be honored. Spammers are well known for abusing remove requests.

This is a failure on the part of the sender. Legitimate bulk messages must contain SPECIFIC details on how the message was solicited. No bulk email marketer should send messages without this information. No ISP should allow such bulk messages through their service. I would respectfully recommend that you, as sysop, take whatever steps you feel necessary to curtail network abuse such as this.

Thank you for your time,
Chris


Dear Sir or Ma'am.

I request to know where you got my email address. I have never given my email address to anyone knowing that it would be shared with third parties for bulk advertising purposes, and so I am inclined to think that, whether you intended this or not, your messages are sent to me unsolicited. I hope you can see that it would be fair for me to consider your messages, both past and future, unsolicited unless you can tell me what I did to solicit them.

In the future, I would recommend that you include this information in the bulk message itself. As the recipient, I cannot tell whether a message was solicited unless it states specifically what I did to solicit it. I am taking a chance in sending this message to you which I should not have to take.

When I receive such a message, I have no safe recourse except to complain to the source's ISP. Less reputable email marketers use unsubscribe requests to generate validated email lists. Unless I can identify the sender, any communication with that sender may be just an invitation for more junk. If you, as the sender, state where you got my email address or what I did to solicit your message, it is evidence to me that your message truly is solicited and I have that as a token of your good faith (unless I didn't do what you say I did, in which case I know that you're lying). Without this information, it is anybody's guess whether you're lying or not. A great deal of the spam on the net also claims to be solicited (but isn't). Simply making this claim is insufficient. Legitimate bulk messages must carry more specific details regarding the solicitation. As an additional benefit, this would allow me, as the recipient, to find out who is sharing my email address without my permission so that I can stop doing business with this person or entity.

Thank you for your time,
Chris


Dear Postmaster,

Platinum Credits (whoever they are) is full of poo. I am not registered with them, I have had no association with them, and the email message I am forwarding you is spam.

Here is a little sample of the turd (enclosed below in its entirety). I found this nugget particularly smelly: "By continuing to receive emails from Platinum Credits you agree to our Privacy Policy." What kind of intestinal contaminant would think that my FAILURE to complain about their dung constitutes any sort of AGREEMENT?! What would you think if I took a dump on your keyboard and told you that your failure to click on my belly button constituted a contract between you and me that I could continue to defecate on your computer system?

I would respectfully suggest that you, as sysop, yank the dungaroo's internet service and relieve the world wide web of a little sewage.

Thank you for your time and sorry about the smell,
Chris


Happy spammer busting. :)


p-ctcn@physics.utah.edu