FTC Encourages Consumers to Forward Them Spam

Burl Ives writes "See this CNN Article. 'The FTC encourages consumers to forward any spam they receive to the e-mail address uce@ftc.gov'. I'd say if they've posted their e-mail on the web, they are probably getting as much as the rest of us already, which isn't to say I'm not hoping to see some discussion of using the statistical spam sorters to auto forward a lot to them in encouragement..." I've been using SpamAssassin for some time now with excellent results. Perhaps now I need to have my spam folder auto-forward to the FTC as well.

Sample .procmailrc and .forward file

To use with spamassasin username is "cartman"

bash-2.05$ cat .forward
"|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #cartman"

bash-2.05$ cat .procmailrc
LOGFILE=/home/cartman/proc.log

:0fw
| /home/cartman/SpamAssassin/spamassassin -P -c /home/cartman/SpamAssassin/rules

:0:
* ^X-Spam-Status: Yes
/dev/null

Yeah and lets stay anonymous not to be a carma whore...

/cartman

Re:Sample .procmailrc and .forward file

[tiny69]

# forward to ftc
:0 c
! uce@ftc.gov

That would forward _EVERYTHING_ to them. If you are going to do that, you might as well switch the email address with narc@fbi.gov. You need something to filter on:

# forward to ftc
:0c
* ^X-Spam-Status: Yes
! uce@ftc.gov

filtering

[Datasage]

I've been using SpamAssassin for some time now with excellent results. Perhaps now I need to have my spam folder auto-forward to the FTC as well.

I'm using spampal for Windows with Outlook. i have the filters set up to forward it to the ftc and delete the email. Spampal is avalable here.

Old news

[mutende]

The FTC encourages consumers to forward any spam they receive to the e-mail address uce@ftc.gov

This is old news (26th April 2001).

Re:from the posting

Incorrect. My .gov address (and my .mil address!) get almost as much spam as my other, more traditional and commercial, email addresses do. Have no doubt that the US government and the military get this crap too!

Re:Some costs of spam.

[realgone]

Ah, the "lost time" argument -- rhetoric at its most manipulative and least accurate. (Nothing personal against you, arkham. Your post was actually an entertaining read.)

The fallacy here is in assuming that every employee exists in a continual "on-and-working" state from the moment she sits down at her desk. Under such an assumption, 10 seconds spent doing something else equals 10 seconds of quantifiable production loss. Problem is, most white-color jobs are task based: I need to get X done today, where X equals a presentation, a subroutine, a sales call to Duluth -- whatever. Ten seconds spent doing something else don't result in 10 seconds less of X.

The only place where these efficiencies would truly come into play is repetitive (and, might I add, borderline inhumane) assembly line work like meatpacking. And I'm assuming most meatpackers are less concerned about getting spam than making it.

Heck, given the original argument, we could calculate astronomical amounts of monetary loss for just about everything. Employee time spent blinking could bankrupt a third world country. The time spent typing smiley faces? There goes Luxemburg. =)

Postfix spam filter

[Thoron]

Here is my very effective (IMHO) Postfix spam filter to be added on /etc/postfix/main.cf file.

http://cs.stadia.fi/~pkoistin/postfix-spam-filter. txt

NO WARRANTY!

Re: Scam Canada

[rakerman]

In Canada, the main organization set up to deal with phone / snailmail / email fraud is PhoneBusters.

You can forward email scams to them at the West African Fraud Letter address. The RCMP webmaster said "This is now a general account for all scam letters."

This is not the firts time ...

[Tsk]

This has already been done in France the email adress is spam@cnil.fr.
So many people did the forwards that the mailbox was Full almost everyday. They thought One person could deal with all the mails : they were wrong so they updated the mailbox and said they'll carry along with thos forwarded mails.
The results from these mails will permit to create a law to ban spamming in France, thus starting something in the EU, that would force a EU law for Spam.

SpamAssassin

[ceswiedler]

For me, the killer app for using Linux at home was fetchmail / IMAP / procmail / SpamAssassin. I was using POP3 to download email from several accounts, into mail clients at home and at work. I was tired of re-downloading the same messages, and of sorting the messages into folders in one place and having those changes not reflected other places.

So I set up my Linux server, which up to that point didn't do much except NAT, to fetchmail my messages from various accounts, run them through procmail and Spamassassin, and then publish the messages via IMAP. Now my email is accessible from anywhere, through an IMAP client or over the web (running IMP) or through ssh/pine. It's filtered for spam and sorted into folders, and I can back it up easily.

I wish Mozilla mail supported addressbooks stored in IMAP folders, but instead I have to run an LDAP server (way overkill) to manage contacts. IMP's address book component, Turba, is just about the only LDAP client which acts like a sensible contact manager and allows adding / editing entries.

I'm serious when I say this is a killer app for me. Before, I could have replaced my Linux server with a NAT router and not really missed it. Now it's essential to the way I work and communicate.

Re:SpamAssassin

[ceswiedler]

If I have time I'll write a formal HOWTO and maybe submit it to /. In the meantime, here's a synopsis:

You need a Linux machine with a static IP address. If you can't have a static IP I suppose you can play games with dynamic IP addresses to access the server. Get a DNS entry to make it easier to access.

Set up fetchmail . Fetchmail is a simple program (written by ESR) which downloads mail via POP or IMAP. You configure it with your mail server, username, and password, and it downloads mail to the local machine. Actually, it re-delivers your mail locally. Your remote email might be chris2912@earthlink.net, and your username on your Linux server might be ces; fetchmail delivers the mail it downloads to ces@localhost.

At this point, you can use pine or mutt to read your mail. By default, they read mail from your local spool. Note that your "inbox" is /var/spool/mail/username, but other mail folders are usually under your home directory. Configure pine or mutt to put your mail folders in ~/mail.

Install procmail. Procmail allows you to set up filters for handling mail. It will let you move mail to a folder based on sender (something like various mail client's rules) and more importantly, it will let you run SpamAssassin (or junkfilter, but I recommend SpamAssassin). Set up procmail to run SpamAssassin on each email, and then either delete the spam or move it to a certain folder. The SpamAssassin documentation is pretty clear on how to do this. Make sure procmail is configured to use the folders in ~/mail.

Install an IMAP server. I use the standard UW server; there are others. The UW server runs via [x]inetd. I recommend setting up the SSL support (imaps).

What IMAP does is allow you to access your email remotely, without downloading it like POP. Mail is kept on the server, in folders. Through an IMAP client, you "subscribe" to a certain set of folders; these are the only folders IMAP clients will see. You want to configure your IMAP clients to use ~/mail as your root folder; otherwise you will see any other folders in your home directory (IMAP isn't limited to email).

When you set up an IMAP client (Outlook will work, though Outlook 2000 has an annoying bug, always reporting "server dropped connection", I use Mozilla mail) you provide the IP address of your server, and your username and password on that server.

IMAP is strange about deleting. Many IMAP clients by default want to move deleted messages into a folder. That's okay if you want to do that, I prefer to actually delete them. Even if you actually delete a message, it is only marked as deleted; it's still there until you purge it. Pine asks if you want to purge messages when you leave a folder; other clients do similar things.

Finally, install a web email package. IMP is the best, but it can be very hard to set up. I resorted to another package called squirrelmail before I finally got IMP set up. Squirrelmail is perfectly fine. Configure the package to use IMAP, using localhost as the server.

That's the basic points. Email me at ceswiedler@mindspring.com if you want any further help.

Re:Ironic

[DraKKon]

it's fake... from the spamassassin mailling list:

It's a forgery. http://news.spamcop.net/pipermail/spamcop-list/200 2-September/015678.html

I received 3 this morning, at first I thought they were real although
the usual reports have an URL where you can comment on the report, etc.
Then I looked at the headers and noticed they all came from 64.70.191.50
which is nowhere close to the spamcop.net or julianheight.com IPs.

By the time the second and third messages came in, the IP was already
in bl.spamcop.net, which I thought was pretty funny.

Just treat them as spam and do your normal bit on them. :)

Hmm

[langed]

I hate to sound like I don't think this is news... But it's not. CNN just decided to let the rest of you in on something that the FTC has been doing for a long time. For example, even I mentioned it in one of my previous messages. And that comment was from a post called Spamming Gets Expensive in Utah and Ohio, which happened a little over a month ago. I've been emailing uce@ftc.gov messages for about 6 months now.

As for what they are going to do with it--us not-so-paranoid people would expect them to use it to generate a "paper trail", a collection of evidence, for the location, apprehension, and prosecution of said spammer. We who are paranoid may worry about the government taking a sudden interest in us when they discover we exist, but I would tend to think that argument is well worn and a little unfounded anyway.

Nevertheless, it's always nice to see it happen when the public gets a startling revelation of what they really have at their disposal--lots of people simply don't know, and since they don't know, they can't very well take proper advantage of the tools afforded them as US citizens.

Now, if you go look at Spam Laws you'll see the US has been considering a few federal bills, but haven't gotten anywhere yet. But a lot of states do have laws in effect--whether these have had stood up in court is another question...

Re:What will they do?

[Coppit]

They prosecute when they can. And (blatant self promotion) they use grepmail to help them. I got a bug report from a guy on the project:

Specifically, grepmail -r reports a grand total of 3,046,173 messages, but MHonArc generated only 2,558,869 HTML files.

And you thought your mail archive was big. ;)

WTF?

[CaptainSuperBoy]

They have been doing this for years now.. It could be as long as 5 years uce@ftc.gov has been accepting spam. Talk about your old news. And all the slashdot drones eat it up like it's some kind of spam revolution.. "Wow, Uncle Sam will help us fight spam! Gee whiz!"

Something similar in France

[somebaudy]

The french CNIL does the same. Feel free to send your french-looking spam to spam@cnil.fr.
Dust up your french and read the details here.

By the way Spamgourmet is the ultimate weapon for giving a self-destructing address to websites that require one for registration without getting spammed in the process. It's tested and approved by yours truly.