Slashdot Mirror

A huge proportion of spam that I receive arrives at my mail server from foreign machines, but more often than not, the foreign machines are merely open SMTP relays that have been used to try and obscure the original source - (usually a UUNET dialup customer), in addition to using a forged From: field.

Even if the spam originates from a foreign machine, the service they're offering is quite often located in the US. If they advertise a website, or the spam includes a submission form, it's relatively easy to locate the ISP that's hosting the spammer's site. Quite frequently, this is a violation the ISP's AUP, and a notification to the ISP will result in the spammer's site being removed (thus all their spamming efforts were wasted!).

There are utilities such as spamcop which are designed to assist in identifying the true source of junk emails. I generally do things by hand (traceroute, etc...), so I can't say whether or not spamcop is any good - just thought I'd mention that it exists.

Strags

TLD confusion is very real. I own Downside.com, which has financial information. I get misaddressed mail intended for:

• downside.net, a grunge band on Long Island (they don't generate much mail),
• downside.ws, which despite being in the Western Samoa TLD, is actually a band in California (who signed up with one of those branded E-mail services, offering their fans free E-mail ("name@downside.ws"), so they generate a fair amount of mail),
• downside.org, which redirects to downside.ws,
• downside.co.uk, Downside School and Abbey, a monastery in England (where all the students have individual E-mail addresses).

At first, I just ignored the misaddressed stuff, but I was getting misaddressed mail like "Why don't you answer my E-mail? Don't you love me any more?", and similar outpourings of teen angst.

So I routed incoming mail through SpamCop to bounce the drivel. The worst problem was students at Downside School signing up for mailing lists using "downside.com". All that stuff just bounces now.

So that's what it's like when you have a good name shared by different sites in different TLDs. (I've trademarked "DOWNSIDE", so I don't have to worry about that problem.) It's confusing.

This seems like a horribly contrived lead-in, but I can't resist. I've been planning the announcement of the Passive Privacy System proposed specification for a week or so, but we seem to have a window.

PPS is a propposed way of getting everyone to exchange public keys and passivlely encrypt email without a) burdoning the average user with the details of cryptography or b) providing enough impact on the average non-PPS user to matter.

It requires a great deal of work, both on the spec side and the coding side to come up with plugins for MUAs. But, in the end I think that the world will benefit from the resulting increase in passive key exchange and encryption.

Please, feel free to send mail about PPS to me.

Thanks.

I use Spamcop for this very reason. I want to shut down the people who spam me by getting their providers to harass them.

Now, someone is mis-using the providers to do the same to people who may have done nothing wrong.

What we really need is a formal (but government-independant) way of coordinating the complaints, arbirating them and deciding if a) the user should be removed b) the case merits being moved out of that forum and into the courts and c) which parties are actually involved. Something like Spamcop with more feedback (Spamcop's feedback process for ISPs is great, and there really is a lot of good you do for yourself by signing up if you send out ANY bulk email, even true opt-in). You track the complaints and allow ISPs to feed back the results of their research, closing a complaint if it's been resolved.

This would slow down our Mr Powell, but it would also give the pirates a force to fear, which, quite honestly is needed. It's *not* legal or even a particularly nice thing to steal someone's copyrighted work. At the same time, services like Napster should not have to pay the price for their users' indiscressions.

• Never buy from it - In getting rid of roaches, rule #1 is to remove their food source. Same thing here. Spammers only spam because they think it will profit them.
  
• Report it - I use SpamCop; it does 95% of the work.
  
• Automatically reject it - Tell your MTA to make use of the spammer blacklists at MAPS and elsewhere.
  
• Tell your friends - Most people don't realize that spammers inflate ISP fees and reduce service quality by clogging servers with garbage. Educate them!
  
• Tell your legislators - Some countries and US states have already outlawed spam. To help make this universal, you have to let your legal reps know how you feel. Check out The Coalition Against Unsolicited Commercial Email.
  
• Don't do business with spamhausen - Especially if you are a network admin, don't do businesses with companies that profit from spam. Check out spamhaus.org and spamsites.org for details. And make sure to let the sales droids know why you won't buy from 'em!

Sneakemail is a really cool service. It lets you create disposable emailadresses.
Whenever you need to give out your email-address (and it needs to be a real working address), you just create a new one at Sneakemail.

You should only use each sneakemail address for one service/site/whatever. Why, you ask?
Well, if you later gets spam on that address (which you only have given to the site "http://wesellsyouraddresstospammers.com" then you will know that either they have sent spam to you, or some spammer in some way have bought your address from that company. After telling that company how much you disgust them, you can just delete the address and they have a fake address.

Together with Spamcop you are ready to fight the spammers!

Greetings Joergen

I have to agree that banner ads are the commercials of the internet (while I would include legit, closed loop advertisement emails or newsletters).

Spam (UCE), is more analagous to driving down the street with a 6 meter amplifier broadcasting your commercial on a popular channel, overpowering the legit station on that channnel. Or perhaps renting lots of tapes at Blockbuster/Hollywood/local video rental store and taping your commercial over parts of the movie.

If people would stop bitchin about spam
and fight back we can do some serious damage to spammers
Call the 800 numbers in spam IT COSTS THEM MONEY!!
Process all spam thru spamcop
If enough of us fight back we can really make a difference
If you ignore spam you are HELPING SPAMMERS!
If you really hate spam follow the link in my sig.
YOU CAN MAKE A DIFFERENCE!

I see alot of posts saying to the effect "a little bit of spam doesn't cost or hurt" but it does really hurt.

When a kid can register for an hotmail address and a couple days later be receiving emails for porno that he didn't even ask for. That's just WRONG.

It's also wrong to have to "forge" email headers to deliver spam, because putting your real email address there would get you into trouble. Having to lie to do something is just plain WRONG.

The spam I get in my email box are not from anybody who wants to do me a favor (like get paid for having sex, we have free money to give you), but rather from people who want to rip me off. That's just plain WRONG.

Scraping my email off a website/newsgroup and because I like to participate in a specific discussion - and using it to try and rip me off is just plain WRONG.

There are no "good" spammers. Just people who think sending 50K emails an hour is "good". They're just plain WRONG

For the same reasons we have a post office that handles junkmail/direct marketing in a specific way with specific laws, so to we need laws to handle the "spam disease".

The lame "we can't pass any laws because the internet is "international" is bullshit. The telephone is international too, that doesn't mean you can harass me with it. Besides, all the companies above are US based. Let's start with taking out the bastard trash in our corner of the world, and worry about the rest later.

There is so much time-sucking, bandwidth-sucking, hassle-sucking spam out there, that for the same reasons people pass laws against mail and telephone fraud, so to people need to get sick of spam mail and pass laws against Unsolicited Bulk Email.

Here's a little something to help those of us who are fed up cope a little.

Indeed. A good bet is to:

a) use an email client that gives easy access to mail headers like mutt (you can get to them in {shiver} Outlook but it isn't as easy

b) Pay a visit to http://www.spamcop.net/ and run the mail through their service. SpamCop will check the ip addresses and compose emails to relevent abuse addresses for you.

I often prefer displaying my real email on web site, on news groups, because I love fighting spammers. we have _tools_. *grin*

uce :
before spam :


http://www.devin.com/sugarplum/ to protect your webserver from search bots.
teergrubing to protect your MTA :
http://www.iks-jena.de/mitarb/lutz/usenet/teergrub e.en.html
(and of course, hide your email like that : xavieratbocaldotcsdotunivdashparis8dotSPAMfr ;-)

after spam :


http://spamcop.net/
http://www.samspade.org
http://mail-abuse.org(RBL)

tools to semi-automaticly report/fight spam :

http://freshmeat.net/appindex/console/anti-spam.ht ml

irl :

As other says, send back the empty enveloppe.

One funny thing about phone spam is the possibility to talk to the person which is trying to sell you something, like to a human being. (after all, it's often a woman poorly payed to do this job. she(he) deserve humanity). I usually ask if the person is in good mood, and it's easier to say goodbye after this.

more spam gets spewed through UUNET than from all the other Internet service providers combined

check out spamcop. They'll notify abuse@, postmaster@, etc., on your behalf. Just cut and paste your spam into their web form. Their cgi does the rest. Scans the headers, locates the true source(s) of the spam, looks up any links/email addresses in the message itself. Works great.

Check out SpamCop for a great way to help deal with spam. SpamCop is free to use, but you can also sign up and pay them money.

Really, paying them money is to support their work, but you also get a spam-free email forwarding service where yourname@spamcop.net gets forwarded to your favorite mail drop without any of the spam (which they do a very good job of filtering).

I'm using harmil@spamcop.net now as my primary "public" email address for things like slashdot and USENET, and it works pretty well.

Their spam reporting service is very cool. It tracks down the ISP of the spammer, submits the IP address of relays to ORBS, and also tracks any URLs in the spam body. Plus, ISPs who play ball with SpamCop can mark accounts as deleted and otherwise feed back into the system to reduce their request-load. Such things can be appealed by paying SpamCop users, but for the most part, ISPs are pretty good about it.

For the record, I'm just a customer.

The Spam Bouncer, a procmail script to identify incoming spam and either tag it, move it to a different mailbox file, or bounce it.

SpamCop, to file official complaints about the spam that gets through.

Sugarplum, to stick lots of irrelevant fake email addresses (and the addresses of other spammers) up on my web pages. If spammers want to harvest addresses from MY pages, they're going to fill up their databases with useless data and end up spamming each other.

And finally, Web Ad Blocking is a site which provides a new 'hosts' file which redirects major web page ad sites to 127.0.0.1, which removes a whole lot of banner ads from web pages.

There is also an article on The Register about Europe considering a ban on spam.

I've also got a collection of Spam resources, along with details of WIndows spam prevention and details of spam filters.

--
You've got to fight the spammers that be!

They altered your preferences, and started sending you unsolicited mail? That's got to be against some privacy/spam law somewhere.

Alternatively, why not complain to SpamCop? It is technically unsolicited mail...

• ALL ISP's need to block outgoing port 25 from cablemodems / DSL / dialups. Require users to use the ISP's mail servers. Exceptions can be made for "powerusers" who sign a contract. (this can happen NOW and could drastically reduce spam today.)
• ISP's need to install rate limiters / spam detection on the mail servers (this can also happen today.)

Most ISPs are profoundly anti-spam, at least on paper. But what effect does that have? Spammers have plenty of time to generate thousands of messages before somebody notifies the ISP and they lose the account. If they're a serious commerical spammer, they just move on to another ISP. If they're victims of some scam ("For only $99.99, I can show you how to make big bucks on the Internet!"), they're soon replaced by another sucker.

Now, suppose your ISP had a port 25 filter, and you had to pay a deposit (refundable after 1 spam-free year) to bypass it. The professionals are going to be a lot more selective. And the get-rich-quick suckers (and judging from the spam I get, they account for about 90%) are simply going to disappear.

The same applies to rate limiters, but the deposits would have to be a lot higher.

The best part about this approach is that it places no limitation on content. Nobody can claim censorship. Which, incidentally, is not any nicer coming from an ISP than from the government.

All we need to do is get existing anti-spam organizations (my persoal favorite is SpamCop) to change their agitation from "Please punish your spamsters" to "Please make your spam policies proactive instead of retroactive."

Comments?

__________________

You give the mail, it gives the spammer and reports to their ISP.
Easy to use - and I received fewer spam mails after I constantly used it.

You give the mail, it gives the spammer and reports to their ISP.
Easy to use - and I received fewer spam mails after I constantly used it.

For those who haven't seen it yet, this is a great resource for reporting spam.

http://www.spamcop.net

The funny part is that since Earthlink spams their own customers (I've got several "Please get DSL now!" and a couple of "Get a digital camera free if you buy $PRODUCT from us" mails from them), Spaminator - at least at one point - filtered that out too :-)

That said, ISPs spamming their own customers is more of a customer support issue, rather than a spam issue - Earthlink owns the mail server on which my mail resides, and if they want to load it up with their own spam and alienate me as a customer, they have a right to do so.

Now, uu.net, on the other hand... or rather, their non-port-25-blocked reseller. Fuck uu.net with a wire brush. When Worldcom defaults on its bonds, I'm gonna be first in line to buy a uu.net RADIUS server at ten cents on the dollar, just for the pleasure of smashing it to bits with a wooden mallet.

If you look at the stats, you'll see that uu.net is the single largest source of dialup spammers on the planet, by a factor of ten.

That's right - 90% of the dialup spam comes from one ISP.

I don't give a damn how many rogue resellers they have - uu.net has refused to disclose the identities of these resellers since 1997.

IMNSHO, uu.net is culpable. They are nothing more than a spam support service, and deserve to have their netblocks filtered, BGPd, and otherwise obliterated. Turn spew-spew.net into the world's biggest LAN, and the world will be a better place.

But back to Spaminator -- the reason I don't use it is because I know how to read headers. And for every one of us who knows how to read headers and files abuse reports for every spam, several dozen dialup moles can be whacked per month.

Filters are an OK solution for deleting spam. But I much prefer to delete the spammer.

Note that a lot of the instructions given in the "death to spam" document can be consolidated and handed off to services like spamcop, which will do all the tracking down stuff for you and just tell you which address to send abuse complaints to. Very handy.

> An additional way to prevent SPAM is to directly get the spam accounts closed. The basic way is by extracting from the email header and a few pings/fingers which computer the SPAM actually came... It tends to take about 10 mins per account...

I would like to put in a plug for a free automated service that someone mentioned here a couple of weeks ago. Just forward the message to spamcop@spamcop.net, wait for the automated reply, visit the Web link mentioned in the reply, and click the "send" button. They do all the parsing and lookup for you.

I have found it fairly effective. In particular, Spamcop got me removed from an annoying commercial list which I had fruitlessly sent in multiple complaints about all through the past year. Now you can bust a spammer almost as easily as he can send out his spam, and since it's so convenient you can often get it done within seconds of receiving the message, instead of letting the tedious parsing stack up for a week while the trail grows cold.

[On the other hand, I've been getting a lot of .tw spam that has not subsided since I started using Spamcop. I rather suspect that the "abuse" handlers at some ISPs are actively involved in the spamming.]

For more information, visit spamcop.net, and read the instructions carefully. Notice that you have the option of "joining", but you can use the e-mail based service for free.

I am not associated with Spamcop; just a happy user.

Ah, there's some now! I hope the spamcop server isn't /.ed when I send in my fresh spam. And I would like to thank them for the service they are providing the public.

--

You shouldn't tar MAPS with the ORBS brush. For the last year or so, all of my mail gets extra headers added based on which of the lists (ORBS, MAPS RBL, MAPS RSS, MAPS DUL) it matches.

I frequently find that ORBS would block mail I'd like to receive, whereas the MAPS RBL and RSS never do, and the DUL would only rarely. For a normal ISP, I'd guess that ORBS would be a nightmare, but the RBL would be pretty much OK.

Of course, for me, I keep all my spam so I can feed it to SpamCop.

Uhm.. UUNET is only in charge of their own network. They are an ISP, and if one of their customers is sending spam then it has to be reported to them so they can get cut off.

UUNET isnt 'in charge' of anything other than that.. They arent 'in charge' of spam - each ISP is responsible for use of its own network.

Only mail that actually originated from (or was relayed through) a UUNET IP address should be reported to abuse@uunet.com - if you are (or were) sending ALL of your spam there then all you are doing is wasting their time..

There is no central organization in charge of spam, and even if there was it would be useless.. Go read http://maps.vix.com, http://www.mail-abuse.net and/or http://www.spamcop.net for real information on the topic of spam, and REAL things ISPs can do about it.

Here's a page from spamcop.net (a spam-reporting and filtering service which I highly recommend) that people might find interesting: http://spamcop.net/stats/biggest_source.html.

This is the list of top sources of spam as reported through their service - #1 is UU.net with 43811 reports. #2, a distant second, is sympatico.ca with 3168. Draw your own conclusions.

Public Service Announcement: Log entries are usually recorded using your local time, so you should always include a mention of your timezone when mailing the ISP your logfiles.

As for dshield.org, according to this, their internal format doesn't bother with the time of the incident; only the date. This, unfortunately, means that dshield is pretty impotent when it comes to dealing with dynamic IPs. If I remember, I'll try getting in touch with the guy who's running it after the Slashdot tide dies down. If run properly, I could see this easily becoming the anti-script kiddie equivilant to SpamCop.

Nowadays, there are an awful lot of people who are working to fight spam, which makes is quite a bit harder for a spammer. With cool services like Spam Cop (you copy-n-paste the spam w/ headers, and they track the spammer and stop that account, often within minutes), anyone can easily contribute to getting whatever account a spammer is abusing shut down as rapidly as possible.

It works. I've tried spamcop several times, and every time the result was that someone had already beat me to it and the ISP had already shut down the account that was being abused. The spammer wasn't caught, but they were delayed and their job was made harder.

This forces spammers to work harder, so the cost of sending a message is not zero. An an example, take a look at the material a hacker stole from spammer Premier Marketing, Inc. It's clear that they had to use multiple people and a never-ending supply of stolen dialup accounts. They went to a lot of trouble to compile a giant list of know anti-spam activists who used services like Spam Cop (or read the headers themselves and called ISPs), so that their stolen dialups would hold out a little longer.

It's easy to just throw your hands up in the air and accept spam as a fact of life. It's easy to feel like spammers are unstoppable. The truth is that these anti-spam countermeasures do make things harder for spammers. They increase the cost, from virtually nothing, to something. Admittedly, not much, but it doesn't take much to make some of the really lame-ass scams these folks spew unprofitable.

There's also hope for the world in the kick-ass efforts of Paul F. Pete Wellborn III, the lawyer who's taken down a couple big-time spammers, most recently that annoying printer supplies guy!

So don't give up. Even if you just press delete without a second though, don't discourage others. There is hope. A lot of people are working against spam, and as more things like this come on-line, the cost and risk of sending spam will continue to slowly rise. A very Good Thing!

The one I use, SpamcopWill alert ISPs of contact addresses. It's great!

Yup! I have my domains set up to send all improperly addressed stuff to me. I then route it to the proper recipient, which is usually me anyhow.

Unfortunately, some spam list now contain a number of fake e-mail addresses from scripts like this, all of which get delivered to me.

For me, that's fine; I just feed 'em to Spamcop. But I'd be pretty pissed otherwise.

This means, the "individual" gets a gentle slap on the wrist (if that), and they go about their business. PSI, UUNet, and all the big ISPs don't give a rat's ass about spammers. That's why a *very* good percentage of spam you get has 38.x.x.x or 63.x.x.x in the headers. 38 being PSI, and 63 being UUNet. Try it sometime. It'll suprise you.

According to the SpamCop statistics the biggest sources of spam are currently:

1. UU.NET (78,521 complaints)
2. DIALSPRINT.NET (9,638 complaints)
3. USS.NET (8,708 complaints)
4. BELLSOUTH.NET (8,348 complaints)
5. BELLGLOBAL.COM (6,404 complaints)
6. PSI.COM (6,139 complaints)
7. POPSITE.NET (5,733 complaints)

UU.NET wins this contest easily... :(

i wonder uu.net is worth than psi.net
i received each day spams from various account, and more than half of them comes from uu.net
i send all my spam to spamcop, sometimes it tak a while to process more than 30 emails, and see than more than 20 come from uu.net!
--

How many people think that perhaps we need more free (or minimum-pay) services like SpamCop? I forward spam to them on a fairly regular basis, with an average of one out of eight spammers' accounts being reported closed by their ISP. And to date, after a year and a half of usage, only two spammers have managed to avoid identification, the last being about seven months ago.

Questions, comments, flames? Operators are standing by...

This site uses some very tough filters:

• The MAPS RBL, which blocks notorius spammers and sometimes even puts their uplinks on the RBL.
• The Open Relay Behaviour Modification System which tests and lists open relays (This is the filter that blocks most of the SPAM for me)
• An ISP-"Scorelist", which means that email that comes from an ISP with a high score has to be confirmed again from the sender because SpamCop wants to see if the return address is forged.

The negative impact is that there is about one piece of mail per week SpamCop holds back. And people who send email to me are often people who cannot understand the confirmation request.

So I think that this war cannot be won. After my experiences with ORBS, MAPS and SpamCop, I must say that having a nearly spam-free mailbox has severe disadvantages, and I think that there are lots of people who will accept SPAM in the end; simply because it is too difficult to build filter software that filters most SPAM and is user-friendly at the same time.

That's what Spamcop does.

...another comment from Michael Tandy.

SpamCop seems to help me (and ISPs) out with legitimate spam.


-----------

• http://www.ecst.csuchico. edu /~atman/spam/adblock.shtml: This site provides you with a hosts file which maps dozens of web ad banner graphic sites to 127.0.0.1. The net affect is that many banner ads won't load at all, and instead will show up in your browser as broken images. This really speeds up the loading of web pages, especially if you're on a modem connection.

• http://spamcop.net/: SpamCop is a great site! For free, it lets you paste a spam email into its form, and then it analyzes the spam, decides who the appropriate ISP's are to complain to, and sends those people a detailed complaint with all the info they need to find and shut down whoever violated their terms-of-service. It also keeps stats on the worst spam offenders, and makes this information available to ORBS. I swear by it, and it's immensely gratifying when I (frequently!) get email from an ISP thanking me for my help and letting me know that the offending account has been terminated.

• http://www.spambouncer.org/: I haven't used SpamBouncer myself yet, but it's a procmail-based way to screen spam out of your mailbox. I've heard it's good.

(I got one spam recently that actually ha a return receipt attached; it was a pyramid scheme and Eudora beeped and told me 'The sender has requested notification that you read this email.' What gall!)

• 1. Don't use instant messaging. Use E-mail. You don't want other people pulling your chain at random times.
• 2. Get a spam filter that junks all the spam without bothering you. If it makes new senders do a confirmation (as Spamcop does), even better.
• Read E-mail twice a day, in the morning and after lunch. Answer most E-mails at those times. Get people used to the idea that if they E-mail you, they will get an answer, but only at the next scheduled E-mail time.
• Program the voicemail system so people have to go through a menu offering frequently asked questions and a link to your web site before they get to you. Once they finally get through, be very polite.
• Put routine stuff on your web site.
• Don't try to work more than 8-10 hours a day. Productivity maxes out around there.
• Get lots of exercise. Not only does it reduce stress, but having big muscles and technical knowledge really intimidates people.

Use Spamcop.

• You get TOSsed from your ISP and you'll have to spend hours on the phone to convince said ISP that "honest! it wasn't my fault!"
• 
  You lose some friends who now think your a MS sellout, spammer or worse
  Your email address will end up ORBS, RBL and several other blacklists, which means your (brand new!) email address is now useless
  Several of you friends will succumb to the suggestion, try MSN explorer and fsck themselves up too; hating you twice as much.

I nominate this one for the stupid crocky losing misfeature award of the year.
---

Somebody needs to write a service that reads and forwards Pipeline mailboxes. It would be great if SpamCop offered this. They poll POP mailboxes every 10 minutes, deal with the spam, and forward the rest, charging $0.50/megabyte of mail. All they need is another poller that talks to Pipeline instead of a POP.

True, or the one I use is spamcop.net.
Choice of two evils, I think. MAPS have several projects in which they're involved, including the DUL which is the worst piece of half-baked crap for valid (non-spam) emails I've ever seen, but the other approaches are at least generally a step in the right direction.
I've had so much shit from Harris before now, I've even reported it with aforementioned spamcop after complaints to harris failed to have any effect... in the end, I stuck a quick procmail rule in force to forward all their crap straight back where it came from.
Harris must lose. They must die. And then something really bad should happen to them.
~Tim
--
.|` Clouds cross the black moonlight,

See SpamCop.net - it's one of the most sensible ones I've seen, checking back "recieved:" headers until it finds the break in the chain, spotting faked headers, etc etc. It also checks websites and email addresses mentionned in the body of the spam. It checks IP addresses with ORBS and MAPS and things, it does various whois lookups and things... Once you're done, it lets you tick the boxes to decide which sysadmins to report the spam to, and whether to submit to SRC, ORBS, etc etc. It keeps track of sysadmins who have already done something about it, and refuses to re-complain after the problem's fixed, etc etc... all in all, it's quite a competent spam complaint thingy.

... and no, you don't need to pay for the full commercial version, just register for the free service and put up with a 5-second nag screen between each complaint.

AFAIK, most of the users of the RBL are admins for corporations who are simply trying to reduce the noise level within their company's network. Most ISPs seem to have an open-door policy and/or offer their customers options for spam filtering.

Of course, there are other ways to fight back:

SpamCop
ORBS

One is free: paste any spam email you receive into a form on their site, and it will analyze the spam's headers to find out who's responsible for that spam getting to you, then it will automatically email a complaint to the relevant postmasters and system administrators, and also pass information about open relay abuse to ORBS. I've been using SpamCop this way for a few months, and I've already received several dozen responses from ISP's that the offending email accounts have been shut down due to terms-of-service violations. It gives me that warm fuzzy feeling that I'm doing some small part to help stop spam.

The other service comes for a paltry fee: you can get a 'spamcop.net' email address which filters out email for you. I believe that it will still let you see spam if you want to, and I think you can customize it to make absolutely sure it doesn't block legitimate email, so this might satisfy the people here who want more control over the way their mail is filtered.

Here is a link to a page showing the biggest sources of spam. UUnet's abuse department does stop spam; the fact thet they have such a large dial-up pool (the largest?) adds to the appearance that they are spam tollerant. Putting UUnet addresses in your sig just makes you look like a jerk.

Your idea about sending a fake bill to spammers is a very BAD idea. By sending them email, you verify your existence. Once your address is verified as "legit", what happens? You get more spam. For the same reason, never click on their "click here to opt out" links!

I'd advise using Spamcop (spamcop.net) The free part of SpamCop un-obfuscates the email header information, then allows you to automagically send a letter of complaint to the appropriate authorities. Personally, I've seen several accounts (email and website) disappear after I've used Spamcop against them. It's quite satisfying. Spamcop also has a fee-service for filtering email (which I haven't tried yet).

I hope this helps!