:


     Subject: FAQ: Help! I've Been Spammed! What do I do?
     Date:    8 Sep 1997
     From:    gbyshenk@tezcat.com (gregory m. byshenk)
     Newsgroups:
           news.newusers.questions, news.admin.net-abuse.misc, news.answers

Archive-name: net-abuse-faq/spammed-FAQ
Posting-Frequency: weekly
Last-modified: 1997/08/07
Version: 0.8
URL: http://www.tezcat.com/~gbyshenk/ive.been.spammed.html
Copyright: (c) 1996, 1997 Gregory Byshenk, Chris Lewis
Maintainer: Gregory Byshenk 


Help!  I've been Spammed!  What do I do?
A guide for the beginner.

By Greg Byshenk, based in part on an original by Chris Lewis

Comments welcome.

Posting-Frequency: weekly
Version: 0.8
Last-Modified: 1997/09/07
Text-URL: http://www.tezcat.com/~gbyshenk/ive.been.spammed.txt
HTML-URL: http://www.tezcat.com/~gbyshenk/ive.been.spammed.html

----------------------


1.1:  Introduction
1.2:  Email versus Usenet spamming
1.3:  What is Spam?
1.4:  That's not spam!
1.5:  A note on "flaming" and other "abuse".

2.1:  Ok, I understand that, but what can I _do_ about it?
2.2:  Some things _not_ to do.
2.2a: What about "UNIVERSAL" Remove Lists?
2.3:  What about messing with my email address?
2.3a: A better solution than munging your address.
2.4:  So what _should_ I do?

3.1:  Make Money Fast!/chain letters.
3.1a: Other Frauds and Scams.
3.2:  Email Spam / Junk Email.
3.2a: I got junk email that wasn't even addressed to me...
3.2b: Someone told me that sending junk email is _illegal_.
3.2c: How do junk emailers get my address, anyway?
3.3:  Spam on Usenet.

4.1:  Usenet groups for reporting spam.
4.2:  Reporting Spam to Usenet.

5.1:  When to send a "REMOVE" request.

6.1: Further info.

----------------------

    1.1: Introduction

"Spam", either via email or on Usenet, seems to be a growing problem, and one that hits more and more people, new users and old hands alike. Unfortunately, the new user may not be sure about what to do when spammed: some actions are useless or even counterproductive, while others require a bit of knowledge to put into practice. This FAQ attempts to give general suggestions on what you can do about spam, including how and to whom to complain, and where you can report spam and learn more, as well as some recommendations on what _not_ to do. -----------------------

    1.2: Email versus Usenet spamming

For the most part, the general guidelines we'll give here are common between email and Usenet spamming. -----------------------

    1.3: What is Spam?

Know your terms! Spam is essentially the same thing posted many times. On Usenet, spam is the same (or substantially the same) article posted multiple times (to many groups, to one group many times, or to many groups many times). Email spam is the same message broadcast to multiple recipients who did not request it. For more details, see The Net Abuse FAQ, at URL: The Current Spam thresholds and guidelines FAQ, at URL: and/or The Email Abuse FAQ, at URL: FTP: -----------------------

    1.4: That's not spam!

Yes, there are a lot of annoying, off-topic and stupid postings out there. But that doesn't make it spam. _Really_. Spam is almost always off-topic, at least in some of the groups to which it is posted, but just being off-topic does not make a post spam. The defining characteristic of spam is _volume_, and volume _only_. The content is irrelevant. -----------------------

    1.5: A note on "flaming" and other "abuse".

"Flames" and other verbally abusive posts and emails are _not_ spam. Nonetheless, in sufficiently egregious cases, you may wish to complain about them. If you wish to do so, you can use the suggestions below to complain to the administrators of the site from which the abuse comes. Some providers prohibit random flames and abuse, and may discipline the person bothering you. Note that this is _not_ universal, and the administrators may tell you to get stuffed. If this happens, there is little you can do but ignore the messages. Do _not_ report such things to the news.admin.net-abuse.* newsgroups, which are intended to deal with abuse _of_ the net (things that are damaging to the net itself) rather than abuse _on_ the net (such as "abusive" language that just happens to occur on the net). Note further that, while harrassment or threats may be illegal, they are not abuse _of_ the net. If you are being harrassed or receiving threats via the net, then you should take it up with the administrators at your provider, and perhaps even with the police. The readers of the net-abuse groups may be able to provide assistance in tracking down from where such messages are coming (if, for example, they are forged), but are not charged with enforcing civil or criminal law. -----------------------

    2.1: Ok, I understand that, but what can I _do_ about it?

The easiest thing is simply to ignore it. That's what most people do, and there's nothing at all wrong with doing so. Doing anything more will require at least a bit of thought and effort, in part because so much spam is forged or has its true source hidden in some way, and in part because even reporting the spam to despammers can be counterproductive if not done carefully. So, if you're not interested in expending the effort, feel free simply to ignore the spam. Don't worry, it almost certainly will be dealt with in time. You can even automate (to varying degrees, depending on your software) the process of ignoring it: use your newsreader's killfile and/or learn to filter your mail (see "2.3a: A better solution than munging your address" below). Another option is to join the Coalition Against Unsolicited Commercial Email, or at least check out the information they provide, at URL: In addition to providing a lot of information, CAUCE is also involved in backing legal solutions to junk email. Check out their site or "3.2b: Someone told me that sending junk email is _illegal_," below for more on this. -----------------------

    2.2: Some things _not_ to do.

- Don't mailbomb or threaten. Anyone. Especially ISPs. It's too easy to forge spams in other people's or ISP's names, or just not be able to read the header right. If you mailbomb, chances are you'll mailbomb the wrong person. Recently, a site was knocked off the net due to a revenge spam. A spammer that was kicked off forged a massive email spam to look like it had come from the site, and many people attacked the innocent site -- just what the revenge- spammer wanted. So don't. Apart from that, mailbombing can be considered to be a denial of service attack. In some cases, you could end up with criminal charges against you. In most cases, you will be violating the policies of your own site, and could end up losing your own account. - If the spam article is more than 4 or 5 days old, _don't_ bother with it -- it's past history. On Usenet, even if it hasn't already been dealt with, it's probably too late to despam it. Their ISP probably knows all about it, as well. So, in such a case, just ignore it. - Never, _never_, repost or remail the spam where you found it. Especially with chainletters -- your group already got hit with it, so why make it worse? On usenet, the only place one should repost spam is in one of the news.admin.net-abuse.* groups (see "4.2: Reporting Spam to Usenet" below). - If you get email spam with a long CC: list, do _not_ under any circumstances issue a "reply all". Doing "reply all" in this situation can actually result in a virtually unstoppable mail loop. This applies even more if the From: addresses appears to be a mailing list exploder (such as a "listserv" or "majordomo" address). If you reply to one of these, hundreds or perhaps thousands of people will see your complaint. And complain to you. Etc. - This is not a definite "rule", but it is the considered opinion of those who deal with it that you should _not_ send in a "REMOVE" request when you recieve junk email (except in a few special circumstances: see "When _should_ I send a REMOVE request?" below), even if the junk email says that you can be removed from the mailing list by doing so. The reason for this is that, in far too many cases, sending a REMOVE request is ineffective: even if the junk emailer actually _does_ remove your name from their current list, when they rebuild their list the next time, you will be added right back in again. In addition, there is some evidence that some junk emailers use REMOVE requests as addresses to be _added_ to their mailing list. So don't waste your time. -----------------------

    2.2a: What about "UNIVERSAL" Remove Lists?

The latest thing these days is that junk email will arrive with instructions on how to not just have your name removed from future mailings by the current joker, but also to have your name added to a "universal" REMOVE List. Should you sign up? The best answer is probably the same one given above: "don't waste your time." Why? Because a "universal" remove list will most likely be just as much a waste of time as a plain ol' ordinary REMOVE List. In the first place, there are several "universal" remove lists, none of which are truly universal. In the second place, there is no evidence that being on a "universal" remove list does anything at all to reduce the amount of junk email sent to you. The best known (so far, anyway) "universal" remove list is that produced by the Internet Electronic Mail Marketing Council (IEMMC). You may have seen references to this group in the headers of junk email you've received, along with comments about "responsible email marketing" or some similar twaddle. If the fact that the IEMMC is made up of the most abusive junk emailers on the net were not enough to raise serious doubts about the value of the organizations "universal" remove list, the evidence that IEMMC members themselves show no interest in abiding by the remove list or any other of the IEMMC's rules should be sufficient to consider signing up to be a waste of time. You can get the IEMMC's side of the story (if the site is up -- very often it is not) at: URL: Reasons for ignoring what the IEMMC says are available at Tom Betz's "Proof That AGIS Lies pages" at: URL: There are other lists and organizations that claim to be able to remove your name from the junk emailers' mailing lists, such as that of Aristotle, at: URL: but I have seen no evidence _whatsoever_ that any of them accomplish anything at all. -----------------------

    2.3: What about messing with my email address?

It is becoming rather common for people to mess up their email address when they post to Usenet, so that the headers say it came from "no.spam@no.spam.org", "gbyshenk@tezcat.NOSPAM.com", or "gbyshenk@REMOVE.THIS.TO.REPLY.tezcat.com". The reason for this is to foil the address-gathering bots that junk mailers use to cull email addresses from news spools. Certainly the actions of the junk emailers are unacceptable, but it is not clear that messing up headers is any better. I am unhappy (as are quite a few others) with this state of affairs. In the first place, it is a violation of RFC 1036, which requires that the From: line of a Usenet post contain the address of the person sending the post. In the second place, it can make even the appropriate replies to a post difficult or impossible to send. Finally, if the address is messed up in the wrong way, it can lead to further problems down the road. But it is fairly common. If you _are_ thinking of messing up your address, however, there are a few guidelines to keep in mind: - Make sure that doing so does not violate the policies of your provider. Some providers require that posts contain a real, deliverable email address, and in such a case, messing yours up could cause you to lose _your_ account. - Make sure that however you mess with your address, you make it _obviously_ wrong. For example, "gbyshenk@REMOVE.THIS.TO.REPLY.tezcat.com" is obviously, wrong while "gbyshenk@tezcat.foo.com" looks just like a real address. Something like "gbyshenk(at)tezcat(dot)com" should also fall under the heading of "obvious". - Whatever you do, it is polite (at least) to include a way to decode your address, perhaps in your .signature. You could say: "to reply by email, remove REMOVE.THIS.TO.REPLY from my address." The point, here, is to do something that makes it difficult for a 'bot to read your address, while making it easy for your readers to figure it out. - Don't use a totally bogus address. That is, unless your email address is actually no.spam@no.spam.org, then you shouldn't put that in the From: line of your posts. This just makes you completely unreachable by others; the best spamblockers are those that block the spammers' 'bots, while not making it overly difficult for real people to reply to you. - Make sure that you aren't accidentally including a _real_ deliverable address or domain. This can be a problem with what you think are totally bogus addresses: nowhere.com, for example, is a real domain, and the folks there have no more desire to recieve boatloads of junk email than do you. - Make sure that the address you use is _totally_ undeliverable. The reason being that, should the address be collected by a 'bot, you don't want to be wasting resources on your machine or that of some other innocent party while it tries to deliver the junk email. For example, "gbyshenk@REMOVE.THIS.TO REPLY.tezcat.com" is ok on these grounds, because there is no host with that name at tezcat, which means that the mailer will just bounce the mail immediately. "gbyshenk.REMOVE.THIS.TO REPLY@tezcat.com", on the other hand, is _not_ a good idea, because (depending on the mailer) the mailer at tezcat.com may spend its time trying to find the user named "gbyshenk.REMOVE.THIS.TO REPLY", which wastes the resources of your own provider. Indeed, if you put a spamblocker _before_ the "@" in your address, some mailers may even deliver the mail to you. Of course, none of the above should be taken as _approval_ of messed-up email addresses. I think it is a bad idea and certainly do _not_ approve of doing it. I recognize, however, that some people are going to mess up their addresses regardless of what I or anyone else thinks. I include the suggestions above because following them will at least serve to limit the damage caused by bad addresses. -----------------------

    2.3a: A better solution than munging your address.

A better way to deal with the problem is to filter your mail. You can use something like Procmail (mail filtering software for UNIX machines) or the built-in capabilites of your mailer (most mailers have at least minimal filtering abilities). Filtering will usually take at least a bit of effort, but the results can be quite good. For more info, check out the Filtering Mail FAQ, available through the Infinite Ink FAQ Launcher, at URL: URL: You can also ask your provider to block out the more insistent junk email sites. AOL allows you to reject such mail using AOL's filters, and many providers will block sites that send nothing but junk email. Some others provide site-wide filters that you may choose to use. There are also some more-or-less automated mail-filtering solutions. - Adcomplain, by William McFadden, is a bit of software for UNIX, that automatically composes and mails complaints about various types of spam. It is available at: URL: - Also for UNIX is the NAGS Spam Filter, available from Netizens Against Gratuitous Spamming, at: URL: - And there is a similar program for PCs called "Spam Hater", available from Net Services at: URL: - Finally, for those who use Netscape to read mail and had despaired of being able to filter out junk mail, there is a piece of software from Voidstar Systems called NS-Route that would appear to allow at least some minimal filtering for Netscape. You can find it at: URL: -----------------------

    2.4: So what _should_ I do?

There are a number of possible actions that can be taken, varying somewhat depending on whether the issue is usenet spam, junk email spam, or a chain letter, and also depending on how much work you want to do. Some general rules: - In most cases, it is best to report spam to the "postmaster" or"abuse" address at the site where the spam originated, and not to reply to the person who sent it. The reason for doing so is that the vast majority of spam is produced by people who know quite well that it is annoying and abusive, but simply don't care, so there isn't much point in letting them know that you find it annoying and abusive. The only response that complaints will garner is an abusive one, or more spam. It is generally better and more productive to report spam to the administrators of the site from which the spam came. Spamming violates the Terms of Service (TOS) or Acceptable Use Policy (AUP) of most sites, and the administrators are the ones who are best able to deal with it. In addition, responsible administrators will want to know if one of their users is spamming. - The easiest (although not always the best) place to complain to is the "postmaster" address at the site where the spam was sent. This will often (though not always) take the form: postmaster@site.xyz, where the spam was sent by spammer@site.xyz. That is, if the spam was sent by bulkmail@cyberpromo.com, the postmaster address would be postmaster@cyberpromo.com. The "postmaster" address is required by RFC 822 for all machines from which mail is sent, and mail sent there should reach some appropriate person except for the most worthless, abusive sites. [Note: cyberpromo.com is used above only as an example. Cyberpromo is one of the _most_ obnoxious junk email sites, and sending to postmaster@cyberpromo.com is (at best) equivalent to sending your mail to the trash (at worst, it could get you on _more_ junk email lists).] In addition, many sites also provide an "abuse" address, which is often in the form: abuse@site.xyz. It generally won't hurt to try to send a response to the abuse address, since mail to "abuse" will often get to the right people more quickly than will mail to "postmaster". Unfortunately, mail to "abuse" may bounce when the site doesn't use this address, and some sites have created their own rather odd names for reporting abuse. If you are interested in sending to the right address, a list of proper reporting addresses is available at: URL: FTP: - And there's another problem. The From: and Reply-to: addresses in email and on usenet are extremely easy to forge, and many (if not most) spammers use this factor and spam using forged addresses. Figuring out where such a spam came from requires knowing something about how to read headers, which is beyond the scope of this FAQ. Fortunately, there is another available that covers just this subject: The alt.spam FAQ or "Figuring out fake E-Mail & Posts", at URL: Another guide to reading headers and figuring out where to complain (targetted especially toward spam) is: The Anti-Spam How-to, at URL: - Also useful in this area is "How To Complain To The Spammer's Provider" from the abuse.net folks, which provides a good introduction to how and to whom to complain about spammers. Find it at: URL: The folks at abuse.net also provide a complaint service. If you register with them, you can send any junk email to their address and they will forward it to the most likely complaint addresses. Info on the service is at: URL: - If you wish to go it alone, a good way to track down info about the source if spam is the "Sam Spade, Spam Hunter" ACME Address Digger, at: URL: The address digger provides access to a bunch of useful tools for tracking the source of spam, all in one convenient location. - Whenever and wherever you complain, _always_ include the _full_ headers of the spam about which you are complaining. Without full headers, it is generally impossible to be sure from whence the spam really came; because so much spam is forged, just the From: line isn't enough. - Apart from complaining to the source, you can also report spam to the usenet newsgroups where the despammers hang out. You can also get help in figuring out spam yourself from some of the "old hands" reading these groups. (See "Usenet groups for reporting spam" below.) -----------------------

    3.1: Make Money Fast!/chain letters.

The easiest spams to deal with are probably chain letters (generally referred to on the net as "Make Money Fast" or MMF, due to that being the subject of one of the more common chain letters): - Be sure that you understand what chain letters are - see the URL below. - There are only a few different varieties: "Charles Kust", "Dave Rhodes", Recipes, another that goes like "I found it!", and a new one that tells you to "Post the article to at least n newsgroups", where "n" is most often 200. - The first time you see a chainletter, report it _only_ to the originator and/or their postmaster . _Never_ repost it or followup to it in the group where you found it. A chain lettter is one case when it doesn't hurt to respond to the one who posted it. Because these are actually _unlawful_ in the US (see the URL below), they are generally posted only by those who don't know any better, and letting the one who posted it know is usually enough. - Write your message reasonably politely. One possible message could be: Hi, Please be aware that your message (included below) is both spam (one of many thousands of copies posted), and an illegal chain letter fraud. Please stop posting them immediately, and cancel them if you can. Please read the following URL for a full explanation of the legality of these messages: http://www.usps.gov/websites/depart/inspect/chainlet.htm ------------------------

    3.1a: Other Frauds and Scams.

Various other forms of fraud may be unlawful, as well, and they do not magically become lawful by being disseminated via the net. For example: dealing in securities (stocks, etc.) is pretty strictly regulated, and someone touting stocks via spamming is probably at least close to the legal edge; health claims made for any drug are regulated and must be demonstrated, and someone spamming the health benefits of their product probably does not have FDA support; there are certain legal requirements regarding what is a legitimate Multi-Level-Marketing program (as opposed to being an illegal pyramid scheme), and the _vast_ majority of so-called "MLM" programs advertised via spamming do not meet the legal test, thus being illegal; etc. There are a number of email addresses to which you can forward information on suspected fraudulent offers: pyramid schemes (FTC) postal fraud (including chain letters) fraud office (IRS) food/drug fraud (FDA) National Fraud Info Center More information on fraud is available from the Internet Consumer Fraud Information Service, at: URL: For chain letters originating in Canada, or using Canadian mailing addresses, you can try: Bureau of Competition Or use the fill-in form on the RCMP web site, at URL: ------------------------

    3.2: Email Spam / Junk Email.

Email spam is easy to identify -- if you receive some junk mail that you didn't ask for or end up on a mailing list that you didn't ask to be put on, then it's spam -- but identifying its source can be much more difficult. The problem here is that junk emailers all know that everyone hates to receive junk email, so they have become quite creative in forging their addresses. Some junk emailers for hire offer "flame-proof mailboxes", and Cyberpromo (one of the big junk emailers who tried to get an injunction barring AOL from blocking mail -- and failed) has gone so far as to create whole new phony _domains_ to send junk mail from in an attempt to get past people's mail filters. So, in order to complain effectively about junk mail, you will need to learn at least a little bit about reading headers; just sending to postmaster@sendingdomain.xyz will more likely than not just cause your mail to bounce. But there is one trick that sometimes works. Because junk emailers generally want to sell you something, they have to give you some way to contact them. So you can check out the _body_ of the message, which will very often contain an email address or a web page to go to for "more information". And you can try complaining to the postmaster at the domain in _that_ address. And you could always check out the URL above (under "So what _should_ I do?") and learn to read email headers. Finally, you can report junk email spam to news.admin.net-abuse.* on usenet and let the despammers take a crack at it (see "Reporting spam to usenet" below). And, remember, _always_ include full headers whenever you complain. ------------------------

    3.2a: I got junk email that wasn't even addressed to me...

This probably wasn't a "mistake", but mail sent using the Bcc: header. What the Bcc: (Blind Carbon Copy) header does is send email to an address without including that address in the mail when the recipient finally gets it. Some junk emailers use this feature to send the same email to hundreds or thousands of different people without having a To: or Cc: list that is hundreds or thousands of lines long. What the recipient sees is a piece of email that is addressed To: someone else. Some junk emailers even try to make their junk mail look like it was personal mail intended for someone else that "accidentally" got mailed to you. Don't be fooled. There isn't any way that mail sent to someone.else@somewhere. else could end up in your mailbox "by mistake". (If your ISPs mailer is messed up, it might be possible for mail addressed to someone.else@your.domain to arrive in your mailbox, but mail sent to some other ISP should _not_ end up in your mailbox.) ------------------------

    3.2b: Someone told me that sending junk email is _illegal_.

- Maybe that person was right... then again, maybe not. [note: this section on the legality of junk email is almost entirely US-centric, for a number of reasons: 1) so far as users on the net are concerned, the US is still the big boy on the block; 2) the overwhelming majority of spam on the net originates in the US (even if it might be sent to those outside the US or pass through sites outside the US on the way to its destination); and 3) I am not a lawyer even in the US, and any attempt to cover legal issues outside the US would be well beyond my abilities. That said, it should be noted that just _sending_ junk email may be a violation of the law in some countries; spammers and spammees should check their local laws.] As of July, 1997, there is movement on this front: whether or not junk email _is_ illegal now, at least certain forms of it may become so in the near future. There have now been introduced _three_ different bills dealing with junk email: HR 1748 by Chris Smith in the House of Representatives, S 771 by Murkowski in the Senate, and S 875 by Toricelli also in the Senate.. They are not at all the same: the Murkowski bill bans address-forging and requires the use of keywords in junk email, but permits its sending; the Toricelli bill requires that junk emailers remove you from their lists if you so request, but still permits them to send it until you "opt out"; the Smith bill amends the "Junk Fax" law to prohibit unsolicited commercial email, but does not prohibit non- commercial bulk email. The text of the Murkowski bill is available at: URL: the Torricelli bill at: URL: and the Smith bill at: URL: More information on these bills is available at: URL: URL: and at the Coalition Against Unsolicited Commercial Email's site, at: URL: CAUCE supports the Smith bill. There has also been considerable discussion of these bills in the news.admin.net-abuse.email Usenet newsgroup. Until such time as a new law is enacted, the legal status of junk email remains unclear. - One reading of the "Junk Fax" law (US Code, Title 47, Sec. 227) is that, because of the way if defines "fax machine", a computer with a modem and printer is a fax machine under the law, and thus, sending junk email to such a computer is a violation of the law. On another, equally plausible reading, the "Junk Fax" law cannot possibly apply to email, because (among other things) if it did, then just about _every_ email message would be a violation. Because there has not yet been any judgment by a court on this matter, the question remains open. In any case, junk email has _not_ (yet, anyway) been held to be illegal by a court, which is what matters where the law is concerned. If you wish, you can read the relevant parts of the law yourself at: URL: - There are those who have attempted to collect "proofreading" or "data storage" fees from those who send junk email, by giving notice that they will charge fees for junk email received. As in the case of the "Junk Fax" law, however, there has not yet been a judgment by a court that such charges are legally enforceable. In addition, many knowledgeable people argue that any such notice cannot be considered a binding contract. - In addition, it is _possible_ that some junk emailers could be in violation of fraud statutes when they forge their messages to appear to come from sites other than their own. Again, this has not, to my knowledge, been tested in court. - Finally, there is the possibility that the "Junk Fax" law could _explicitly_ be extended to embrace junk email, as is proposed in the Smith Bill (HR 1748). Until such a bill is actually _passed_, though, it has no force. - So, the answer so far is: the possibility of junk email being declared illegal remains open, as (again, to my knowledge) no court has expressly _rejected_ the arguments above, but neither has any court ruled that junk email _is_ illegal. The current status of Cyberpromo v. AOL suggests that no one has the "right" to send you email, but this means only that you can block attempts by anyone to send you email, not that they can't try to send it to you. - Also available is a somewhat longer discussion of the ways to respond to junk mail using legal means, provided by a reader, at: URL: - And, finally, there is an excellent review of the legal issues involved in UCE by Michael W. Carroll in the Berkeley Technology Law Journal, at: URL: - All that said, remember also that even if just sending junk email is not illegal, the mere fact that something occurs via email does not mean that other laws do not apply. Chain letters and other forms of fraud are unlawful even if the communication occurs via computer (see 3.1 and 3.1a above). ------------------------

    3.2c: How do junk emailers get my address, anyway?

The most common source of email addresses seems to be posts to usenet. It is fairly easy to use or write a program to collect From: addresses from usenet posts, and if you post to usenet, it is likely that your email address will be collected. Some mailing lists allow anyone to get a list of subscribers, and it is possible that your email address was collected in this way if you are on a mailing list. Some machines allow outsiders to collect users addresses, and this is another possibility. Finally, once you are on one list, that list is quite likely to be sold to other junk emailers or for a junk emailer for- hire to use the same list to send junk email for large numbers of people. ------------------------

    3.3: Spam on Usenet.

The first thing to do with spam on usenet is to be sure that it actually _is_ spam. Remember, what makes something spam is that there are _lots_ of copies. You'd be surprised how many people will post one, but only one, wildly off-topic article into one group. Remember, a single post, no matter how wildly off-topic, is not spam. If you see a single massively cross-posted article (typical multi-group trollbait), it probably _isn't_ spam. Such massive crossposts may be supremely annoying, but a crosspost (even a massive one) is only a single copy of the article on the news server, so it isn't the same thing many times. - You may wish to report even a single massively cross- posted article to the poster and their ISP, as some people post such articles without meaning to be abusive, and some ISPs have policies against such posts. Be prepared for a nasty response, though. There are people who enjoy massively crossposted trolls and post them just to muck things up on Usenet, and there are many ISPs who see this as sufficiently close to attempting to control content that they will not get involved. You can't really consider something spam on usenet unless you see multiple copies of it, either the same thing posted multiple times (with different message-ids) in one newsgroup or posted individually (not crossposted) to multiple newsgroups. In short, if you don't see more than one copy, you can't say that it's spam. - The one exception to this rule is the "alpha-spam", which is the practice of attempting to post to _every_ usenet group (in alphabetical order, hence the name). If you see something that looks like: Newsgroups: alt.conspiracy.netcom,alt.conspiracy.usenet-cabal, alt.construction,alt.consumers.experiences, alt.consumers.free-stuff,alt.corel.graphics,alt.cosuard, alt.coupons,alt.cows.moo.moo.moo,alt.crackers,alt.cracks, alt.creative-cook,alt.creative-cooking,alt.cuddle, alt.cult-movies,alt.cult-movies.evil-deads, alt.cult-movies.rocky-horror,alt.culture.alaska, alt.culture.argentina,alt.culture.austrian, alt.culture.bullfight then it's _probably_ an alpha-spam, and, thus, a spam. If you see something that you think _might_ be spam, and you want to get a better idea, you can check with dejanews, at URL: You can go to dejanews and do a search on the subject of the post you're wondering about: if dejanews shows that the same article has been posted 20+ times, then it is definitely spam. Complaining about usenet spam is more or less the same as complaining about email spam. - You can try complaining to the postmaster or abuse addresses at what seems to be the poster's site, but usenet spams are forged so often that this will often be unsuccessful. - You can learn to read usenet headers so that you can get a better idea of where forged posts _really_ came from (again, check out the URL above under "So what _should_ I do?"). - You can report the spam to the despammers reading the news.admin.net-abuse.* groups. And _always_ include full headers whenever and wherever you complain. -----------------------

    4.1: Usenet groups for reporting spam.

There is a whole hierarchy, news.admin.net-abuse.*, related to spamming and other net-abuse. Each of the groups in this recently reorganized hierarchy has a specific function, and reporting of spam will be most useful if it is done in the right place. The relevant groups are: - news.admin.net-abuse.sightings (nanas) - A group specifically and only for the reporting of cases of net abuse (including spam), this is _the_ best place to post reports of spam to usenet. nanas is robomoderated, and posts to nanas must have the Followup-to: line set to either nanau (for reports of usnet spam) or nanae (for reports of junk email spam). Further info on nanas should be available from "The news.admin.net-abuse.* Homepage," at the URL below. - news.admin.net-abuse.usenet (nanau) - A group primarily for _discussion_ of net abuse on usenet, including spam. Followups to reports of spam on usenet are directed to nanau, but nana.sightings is a better place for the first report. - news.admin.net-abuse.email (nanae) - A group primarily for _discussion_ of net abuse via email, including spam. Followups to reports of spam via email are directed to nanae, but nana.sightings is a better place for the first report. - news.admin.net-abuse.policy, news.admin.net-abuse.bulletins, and news.admin.net-abuse.misc also exist, but are of less relevance in terms of reporting spam. - More info on the news.admin.net-abuse.* hierarchy is available at "The news.admin.net-abuse.* Homepage," at URL: ------------------------

    4.2: Reporting Spam to Usenet.

General guidelines: - On Usenet, the only places where you should post copies of spams are in "abuse" groups designed for it. Such as news.admin.net-abuse.usenet (nanau), news.admin.net-abuse.email (nanae), or news.admin.net-abuse.sightings (nanas). - If you do copy spams to abuse groups, ensure that the posting is a proper "followup" format, with ">" or "|" indentation. If you don't, then your posting might be considered part of the original spam and cancelled by the despammers. - Check nanas/nanau/nanae first to see if the spam already has been reported. If it has, consider not reporting, unless you have additional information to add, such as different From: or Received: lines, paths, etc. Posts with different headers can be useful in better analysis of the origin of a spam, but a bare "I got one, too!" adds nothing of value. - Be sure to include _all_ headers. Without full headers, it is usually impossible to tell for certain where a spam really came from, and little can be done about it. Make Money Fast! Chain Letters: - Do not report first-time MMFers to nana*. Most administrators will reeducate their users when they're notified. The URL above (in the sample MMF complaint letter) will reform 99.9% of the remainder. - If you see more MMFs from the same person more than a day or two later, _then_ report it to nanas. And, when reporting it to nanas, include no more than the headers, the first paragraph,and the list of suckers. There are only a few basic variants of the letter, and the despammers have seen them all, more times than they would like. Posting the full letter is just a further waste of bandwidth. Junk Email Spams: - Always check nanas/nanae _first_. If the spam has already been reported, don't bother reporting it again unless you have something new and important to add. - If you've complained to the site from where the spam was sent, and received a useful response (saying, for example, that the sender is being dealt with), then consider not reporting the spam to nana*. Any site can have an occasional junk emailer, and if the administrators deal with the problem, it isn't really necessary to publicize the junk mail. And this leaves nana* free to concentrate on the problem sites and dedicated spammers. - Always include full headers, especially the Received: lines. Usenet Spams: - Always check nanas/nanau _first_. If the spam has already been reported, don't bother reporting it again unless you have something important to add. - Don't report any potential spams to nanam unless you are pretty darn sure that it really is spam. If you don't see at least two separately posted copies in at least 4 groups total, then you can't be sure. - If it doesn't appear to be "it's everywhere it's everywhere!", consider reporting only to the user and their ISP. In such cases, the article is probably not something that the despammers can do anything about, and reporting it on usenet is just a waste of your time and a further waste of bandwidth. - Always include full headers. ------------------------

    5.1: When to send a "REMOVE" request.

There are at least three cases in which you may, despite what is said above (under "Some things _not_ to do"), wish to send in a REMOVE request to a junk emailer. - Some people are attempting to _bill_ junk emailers for the use of their equipment to receive and store junk email. I don't put much faith in the success of such efforts (see 3.2b above), but if you choose to attempt this route, you _must_ let the junk emailer know that you plan to charge them. If there is to be any chance of collecting, you will need something that at least _could_ be a contract: if the junk emailer isn't even _aware_ of your charges, it will be nigh on impossible to convince a court that the junk emailer has agreed to them. Technically, such a message would not need to be a REMOVE request -- it could be a notification of the archiving charges and a notice that further mail will constitute acceptance of the terms -- but the terms must be communicated to the junk emailer. - Some people are arguing that the continuing sending of junk email messages constitutes "harrassment". It is possible that continuing to send junk email after a request to cease _could_ be considered harrassment, but such a charge would require at the very least that the one being harrassed tell the harrasser to cease. If you haven't told the junk emailer to stop sending mail, then you won't have much to stand on in a harrassment complaint. - Some junk emailers are attempting to (and, in some cases, succeeding at) snowing providers by claiming to be "responsible" junk emailers. One supposed hallmark of being a "responsible" junk emailer is that one actually _honor_ REMOVE requests. If you wish to convince such a junk emailer's provider that the junk emailer is _not_ "responsible", then demonstrating that they do _not_ honor REMOVE requests (by showing that they continue to send junk email after receiving a REMOVE request) may succeed. Of course, in some cases, the provider doesn't really care, and even such a demonstration of lack of responsibility will accomplish nothing: anyone who buys the "responsible junk emailer" defense probably won't take action even when the defense is shown to be a sham. In addition, acceding to the demands that you should send a REMOVE request also serves to legitimize sending the junk email in the first place, something that many people find completely unacceptable: if everyone wanting to sell something were to send you just _one_ junk email, you would spend all of your time sending REMOVE requests. ------------------------

    6.1: Further info.

- If you wish to start tracking spam, there are lots of sources of information. Some of them are: The Net-Abuse FAQ, at URL: the Internet Spam Boycott, at URL: The Coalition Against Unsolicited Commercial Email, at URL: the Network Abuse Clearinghouse, at URL: Fight Spam on the Internet, at URL: the SpamFAQ, at URL: Stop Junk Email, at URL: the Stop Spam FAQ, at URL: - In addition, I have quite a few links to information, tools, and suggestions at URL: -- gregory byshenk "Help! I've been Spammed! What do I do?" at chicago, illinois usa gbyshenk@tezcat.com gbyshenk@prairienet.org Take a bite out of SPAM!

Last-modified: Wed, 17 Sep 1997 11:01:15 GMT
: