Slashdot Mirror
ISPs and Spam Enforcement...
mathowie asks: "I've been getting spams from "Benchmark Printing Supplies" for over two years, and I see an Atlanta-based PSInet dialup in the headers every single time. My messages to PSInet's abuse team asking why have gone unanswered every time. How can we stop spammers if ISPs don't take strong steps to hinder these guys from profitability?" Where CAN you go next if your ISP refuses to do something about the growing amount of SPAM in your inbox?
PSINet is a tier 1 provider. That means, basically, they have no upstream provider. Instead, they peer (exchange packets) with other providers at public and private peering points (as opposed to non-tier 1 providers who generally send all their packets through a single higher-level provider).
I don't know why you think SprintLink is their upstream; if you just tracerouted PSI and saw SprintLink before them that means very little.
Maybe they do cancel them but they just make another account and spam again. This is what people were doing on my system until we started fining them and that cut down a lot on spam. Just because you see PSInet in there, doesnt mean its the same account the whole time.
The reason that there is no police activity toward spam is because it unforturnately isn't illegal and they can't prosecute.
Stock market scams: the fcc What in the world does the fcc have to do with that? Isn't that the SEC's jurisdiction? Joseph Malicki
If your ISP is willing to join the RBL, and really want to dramatically reduce their incoming spam (as well as spam that may originate from their own systems) they may want to also use the following "databases". Some of these may be "extreme"; but they HAVE cut down the spam that I get dramatically...
RBL: http://maps.vix.com/rbl/
DUL: http://maps.vix.com/dul/
ORBS: http://www.orbs.org/
https://www.mav.net/teddyr/syousif/
--
Time is on my side
We're currently suing these folks. You can get the details here.
It seems like that I did not start to receive spam until I started to post on Slashdot
...
and
Every spam has a different 'remove email address' meaning that I must be on a million spam lists and me getting off them all is not a tractable possiblity.
That is because some spammer specialize in email harvesting. Using spider(automated software), they extract string looking like email adress from web page, Usenet news, etc. They then resell this list to other spammer that, in turn, resell it again and so on until you are in the adress book of literally hundreds of spammer. That's why so many people fsck'up their email (addind NOSPAM, REMOVEME, etc.) in the adress they post on web forum and Usenet. Since email harvester can't take the time to manually sort out the invalid email from the valid one, this give a level of protection from automated harvesting and bulk mailing.
However, this technique is not bulletproof. Using regular expression, a spammer could strip his email list of known "spam stopper" string. Personnally, I prefer the "login at isp dot com" scheme, since the automated email harvesting software are probably looking for "something@somewhere.somedomain". This is not bulletproof netheir, however.
As I understand this, the most valuable adress are those that are confirmed to be working. Thus, never respond to spam neither to flame the spammer nor to send "remove". This confirm that somebody is reading this mailbox, thus making your adress a more valuable target.
:wq
I'm gonna flame Concentric Network right here because they USED to control their spam, but no more. I used to be their customer, but I got two spams from another one of their customers (www.traderspain.com) and complained about both of them. The first time they said the problem was solved. The second time they ignored me.
So, that brings me to the main point. When you find that your ISP cannot control their spam, it's time to leave. I'm no longer a customer of Concentric network, and I tell EVERYONE that I know to stay away, far away, from Concentric.
The same should go for PSI too! If they started losing customers they would clean up their act. VOTE WITH YOUR FEET. It's the only language that companies understand.
End of rant.
If tits were wings it'd be flying around.
One of the ISP's in Australia has a good idea for this. They own their name in both the .net.au and .com.au domains. One is RBL's and one isn't, you give the Non-RBL one to your friends and your RBL'd one to the web page forms and usenet etc..
Don't some US states (Washington comes to mind) have rather strict anti-spam laws? It seems like a good avenue to pursue.
As for me, I just filter it all out into a "Possible Spam" folder. I filter for messages that don't specifically name one of my email addresses in the headers, so that most spam, which is bcc'd to people, will be caught.
As for DULs, a good portion of my mail would be blocked by a DUL. Why should i have to use an ISP relay when Linux can run exim and deliver mail itself?
Yes spammers are a problem, but you have to be careful when you block them that you don't hit normal people as well.
-----
--
perl -e'$_=shift;die eval' '"$^X $0\047\$_=shift;die eval\047 \047$_\047"' at -e line 1.
I actually heard one time if an ISP doesn't/refuses to stop illegal activity coming from their ISP, there are 'higher-ups' who you can contact (More then likely their provider of the line) who can give them an ultimadum(sp) to either take action or loose their lines. I think this can also be done through a gov office of one type or another. Sorry I don't have any names, but it's another thing to think about.
That was pretty uninformative.
If complaints get no answers or have no action taken on them, you complain the the upstream provider. When you run out of upstream providers to complain to, you still have a few options:
MMF or anything spam-scam which involves someone else making money off you: report him to the IRS. (spammers are almost all USAn)
Stock market scams: the fcc.
For addresses, chase up some antispam pages: look for "cancel moose" or "anti spam".
Also, check out the net.admin.net.abuse.* newsgroup FAQs at http://www.faqs.org
dave
It seems like that I did not start to receive spam until I started to post on Slashdot.
When I set up this account, the above email address got persistently spammed from home.net. No amount of complaining worked. I guess home.net aren't too clued in.
The spam I receive is not to any email address I have, but rather to another dumbqwerty@msn.com, how can this be so???
You need to look at your "Recepient:" line in the headers. That'll tell you which email address it was really sent to. Most spammers put a fake address in the "To:" field and bcc to their victims.
Every spam has a different 'remove email address' meaning that I must be on a million spam lists and me getting off them all is not a tractable possiblity. Why can't there be one list that these 'generic' spammers would have to check before doing my inbox?? Perhaps it could be federal law.
Never, EVER reply to a "remove" address. They only exist to harvest working email addresses.
Why can't there be a way to 'triangulate' packets to find a physical location for lawbreakers, and give them hard time so other spammers would be scared?? (is scared spammer an oxymoron??)
Nope, spammers are such lower order life forms that they're incapable of fear. They're about four steps below script-kiddies and have many of the same traits. They don't understand how to do what they do; they're just running someone else's program. Despite the fact that they keep losing accounts (and getting verbally abused if they post 1-800 numbers) they *still* think that spamming works.
Doesn't MSN and AOL have ways to keep track of ip addresses they assign dynamically, and thus trace spam??
Yes they do, or at least they have logs and can tell who posted what and when. You need to complain to the right people and send them the full mail headers. Check out http://www.samspade.org for info on how to track through headers.
dave
*sigh*
And that's the sad thing. They'll also write off the annoyed emails they get as 'just internet whingers'.
I live in Hong Kong, where the largest ISP (Hong Kong *Telecom*) nearly got RBLd because they didn't think there was anything wrong with spam...
dave
Appo-loagies.
I was thinking of SEC, not FCC.
dave
i think the FAQ is at junkbusters.com..gives you tips to deal with this situation.
The ISP upstream of them may be a good idea? In the case of PsiNet, I beleive that's Sprintlink. They have an acceptable use policy up at:
http://www.sprintlink.net/acceptableuse.htm
The DUL ("Dial-Up List", or list of dynamic IP pools used by ISPs) was incredibly effective when I implemented it. It blocked a lot of the spam that I couldn't filter out otherwise, and completely eliminated all shotgun-spam*.
If your ISP is reluctant to implement the other two (several very valid reasons come to mind) I would strongly recommend they consider the DUL. There are no liability, control, or loss of service concerns that could possibly be generated by it.
* Er, shotgun-spam: a term I (and probably others) use to describe spam sent to a large list of commonly-found usernames. Similar to the concept of a dictionary attack, most of the spam bounces to the sender (usually resulting in a double-bounce, since the sender almost never exists) but a percentage of the spam makes it to accounts that would otherwise not be found on normal spam lists. Ingenious, and terribly evil...
I actually heard one time if an ISP doesn't/refuses to stop illegal activity coming from their ISP, there are 'higher-ups' who you can contact (More then likely their provider of the line) who can give them an ultimadum(sp) to either take action or loose their lines. I think this can also be done through a gov office of one type or another. Sorry I don't have any names, but it's another thing to think about.
They may be able to ignore one e-mail from you. But what if, say, 100 or 1,000 antispam slashdot readers were all to e-mail them asking them to please stop?
This may not be completely ethical or legal, since it would bear a small resemblance to a DoS/spam scheme, but I know I'd be pissed if I got spam from the same company for 2 years straight. It would also be sort of hard to prevent false alerts, e.g. false alarms designed to piss off the recipient.
Possibly you could try e-mailing them with a different address, on a different subject, to get proof that someoene on the other end is listening. Could be an ISP run by slackers who never check e-mail not coming from their own subscribers, because it's just a waste of their time.
SupremeOverlord
---- "A programmer is a person who solves a problem you didn't know you had in a way you don't understand."
I recently got what appeared to be a legitimate email offer--figured they got my name from ZDnet lists or something. Turns out it was commonplace spam--addr.com evidently was their web host, and instead of just disabling the domain, they stated why (spam/abuse of account). The downside? There was a story recently where a Latin American site hosted in Chicago was cut off from service and redirected to a porn site. The reason? Unpaid bills the ISP claims, not so the client claims. It's going to be tricky to prove things either way unless more than one account of abuse from independent sources are found.
"In individuals, insanity is rare, but in groups, parties, nations, and epochs it is the rule." -Nietzsche
This isn't flame bait, its just that to marketing types, spam simply works. Its a sad truth, but there are millions and millions of people on the net and if only .001% of them respond, then free spam has paid off big. As long as it keeps working, they'll keep doing it.
The spam I receive is not to any email address I have, but rather to another dumbqwerty@msn.com, how can this be so???
Every spam has a different 'remove email address' meaning that I must be on a million spam lists and me getting off them all is not a tractable possiblity. Why can't there be one list that these 'generic' spammers would have to check before doing my inbox?? Perhaps it could be federal law.
Why can't there be a way to 'triangulate' packets to find a physical location for lawbreakers, and give them hard time so other spammers would be scared?? (is scared spammer an oxymoron??)
Doesn't MSN and AOL have ways to keep track of ip addresses they assign dynamically, and thus trace spam??
This may or may not work. As usual, do not reply to the "unsubscribe" address that may be given in the e-mail.
2) Contact *your* ISP. Mine has a simple address to send spam to: spam@erinet.com
They ask that you forward the message with full headers. What do they do ? I don't know... Block all e-mail from that address or higher up the chain ? Send an automatic message to the "other" ISP ?
3) This doesn't solve your problem, but at least you won't see the messages anymore. But, use your e-mail program to filter messages from this company and send them straight to your deleted mail. I know you can do this with Netscape's mail program. I only recently started using Mutt, but I'm willing to bet you can do it with it, too.
If these jokers are "spam-friendly", then they're surely on the MAPS RBL already; convince your ISP to join the RBL (words to the effect of "I'm really pissed off at this spam, and if you don't do something to stop it, I'll be forced to switch providers; the MAPS RBL is the best way to protect your customers from being harrassed like this.")
It's important to be as polite as possible.. try to present it as a solution that would help their customer base, as opposed to hurt it (most ISP's cringe at the though that one of their customers might not be able to send/receive email to a particular domain; for whatever reason.)
Are you absolutely, TOTALLY certain that you don't have a prior business relationship with these people? If you gave them your email address at some point in the past, and (probably inadvertently) checked one of those annoying "please send me news about our product" checkboxes, then they will feel justified in sending you commercial mail. Furthermore, their ISP will not do anything about it, because it is not UCE, or UNsolicited commercial email.
If this is the case (and ONLY if this is the case!) I would recommend that you use the removal address they provide. Otherwise, the business won't know to remove you and the ISP will laugh off any complaints they receive. If you ask to be removed and aren't, THEN you will have some ammo for the ISP.
Just please remember: commercial email, no matter how unwanted, does not equal spam. It's got to be unsolicited.
Hm, one additional point: Make ABSOLUTELY sure you know which email address the spam is being sent to. A lot of us have acquired countless old email addresses, and it's easy to forget that everything is getting forwarded to your current address. If you ask for the wrong address to be removed, it (obviously) won't work.
And if they're really spammers? Heh. Draw some blood for me, would you?