Spam e-mail...now what?

nealk@net66.com@net66.com

unread,

May 20, 1997, 3:00:00 AM5/20/97

to

Ok...

So I got some e-mail spam that wasn't very anonymous:

------------------------
Received: from ispam.net (ro...@ispam.net [205.199.212.34])
by winslow.net66.com (8.8.5/8.8.5) with ESMTP id QAA13450
for <ne...@net66.com@net66.com>; Mon, 19 May 1997 16:03:29 -0500 (CDT)
From: hom...@204.188.52.117
Received: from --- CLOAKED! ---
Date: Mon, 19 May 1997 17:05:52 -0400 (EDT)
X-1: This email was sent by "Cyber-Bomber" ... Details at http://www.cyberpromo.com
X-2: This server only relays mail from other sources.
X-3: To report abuse, please send email to ab...@cyberpromo.com.
X-4: Coming soon --> Master remove list implementation by I.E.M.M.C.
Message-Id: <1997051921...@ispam.net>
To: ne...@net66.com@net66.com
Subject: HELP WANTED
X-UIDL: c0bb0e6b8b52273f71578f0f44629f66
------------------------

As it turns out, this guy (at 204.188.52.117) it running a web server.
It's a PC.
The web server is:
204.188.52.117 Server: Mini-Proxy/1.0

I have downloaded everything I could, including his list of e-mail
addresses (1.1Megs).

Now for the question: what can I do to hurt this guy's business so he
learns not to spam.

I also have his home address and an 800 number:
Mailing Address: 3818 E Joseph #C, Spokane, WA 99202
Voice Mail: (800) 262-8356
24-Hour FAX Line: (509) 482-4081

I'm very open to suggestions.

-Neal
ne...@net66.com

Paul Murphy

unread,

May 20, 1997, 3:00:00 AM5/20/97

to

ne...@net66.com@net66.com wrote:
>
> Ok...
>
> So I got some e-mail spam that wasn't very anonymous:
>

<snip>

> Now for the question: what can I do to hurt this guy's business so he
> learns not to spam.
>
> I also have his home address and an 800 number:
> Mailing Address: 3818 E Joseph #C, Spokane, WA 99202
> Voice Mail: (800) 262-8356
> 24-Hour FAX Line: (509) 482-4081
>
> I'm very open to suggestions.
>

1. You have no way to be sure that the mail you received was actually
from this address - it could be faked to make you think it was, perhaps
by a competitor or ex-employee who'd like nothing better than for you to
mailbomb the site on their behalf without even realising it....

2. In responding in a manner which you may feel is appropriate, you
could be breaking the law, and could also be persecuting an innocent
site.

3. The standard practice is to mail the sender and explain that they
are wasting their time. Also mail their service provider and complain.

4. Implement mail blocking within sendmail so that you do not accept
mail from addresses which cannot be verified - there are add-ons and
configuration options to block messages where there is no sender
address, or where the sender's address does not resolve either directly
or via MX records to a valid host.

Paul.

Neal Krawetz

unread,

May 20, 1997, 3:00:00 AM5/20/97

to

> ne...@ks.uiuc.edu (Neal Krawetz) wrote:
>
> >Since he's going to bomb again, how can we prevent this?
>
> The simplest way? Grab a free email account with someplace like Juno, and
> only use it in usenet posts. Seriously. Maybe 10% of my mail at Juno is
> something I'm interested in reading, but I do want a way for people to
> correspond with me via email. I average 50 or so unwanted messages a week.
> Much less time consuming to simply delete them than bother with them.

I'd prefer not to have hundreds of accounts. I could corrupt the news header
from my PC newsreader, but then I wouldn't get valid responses (like yours).

> I also have a kill filter on my regular email, as well. The simplest one is
> that anything that does not contain my name in the "to" or "cc" fields is
> automatically junked. That stops 90% of junk mail. Start adding filters to
> remove things with "work from home" and "$50,000" in the bodies, and pretty
> soon, you won't have to look at any junk mail ever again. :)

I don't like the idea of e-mail filtering since it masks the problem rather
than provides a solution.
I'm also very fearfull of losing "real" e-mail due to a filter. I do
consulting and frequently e-mail is sent to me as BCC, so I'm not listed
in the CC: to TO: lines. Also, some (rarely, but it's happened) of my e-mail
contains numbers like $50,000 (equipment purchases, etc.).

>
> Also, check out the Coalition Against Unsolicited Commercial Email at
> http://www.cauce.org/ .
>

Awesome suggestion. I've e-mailed them. (Nice site too.)

Anybody else have suggestions or people to contact?

-Neal

Marty Malinowski

unread,

May 20, 1997, 3:00:00 AM5/20/97

to

On 20 May 1997 01:56:50 GMT, ne...@net66.com@net66.com wrote:

>Ok...
>
>So I got some e-mail spam that wasn't very anonymous:
>

>------------------------
>Received: from ispam.net

Typical Cyberpromo crap, I normally have a shell script (my
autoresponder which is activated by certain junk email) grep my mail
file for certain unique words used by them and return it to them after
making the original email a little larger. It goes back to various
accounts on their systems until the counter reaches 100. It is also a
good idea to send email to one of their autoresponders with the "from"
address of another one of their autoresponders. Also write a letter to
the PA Attorney General's office asking to stop this place from
interfering with your ability to use your computer. A copy of my
letter to the AG is on my web page, use the "Suck Page" link from the
home page. Lots of info in news.admin.net-abuse.email.
martym
http://www.frontiernet.net/~martym
Help Save the Canadiana!

Neal Krawetz

unread,

May 20, 1997, 3:00:00 AM5/20/97

to

In article <338176...@gemini-research.co.uk>, Paul Murphy

<p...@gemini-research.co.uk> writes:
|> ne...@net66.com@net66.com wrote:
|> >
|> > Ok...
|> >
|> > So I got some e-mail spam that wasn't very anonymous:
|> >
|>

Among the things I downloaded was a 1.1Meg file of e-mail addresses.
My e-mail address was included in the list.
The list seems to be taken from newsgroup headers.

|> 2. In responding in a manner which you may feel is appropriate, you
|> could be breaking the law, and could also be persecuting an innocent
|> site.

What manner would that be?
I did not "hack" the site for the info -- I used a web crawler to download
the web site. It's not my fault their web server is configured to reveal
much of their hard disk.

|>
|> 3. The standard practice is to mail the sender and explain that they
|> are wasting their time. Also mail their service provider and complain.

The sender is anonymous. Based on the HTML documents I found, it appears that 1
person responds to all the e-mail addresses at that host. (A good assumption
since it is a PC.)

The sender, according to some of the non-anonymous HTML documents and whois, IS
also the sysadmin. Their ISP is CyberPromo.
I don't think that complaining to the user, root, postmaster, or ISP would
help.

|> 4. Implement mail blocking within sendmail so that you do not accept
|> mail from addresses which cannot be verified - there are add-ons and
|> configuration options to block messages where there is no sender
|> address, or where the sender's address does not resolve either directly
|> or via MX records to a valid host.

Even though the username is anonymous, the host is verifiable. That's how I
found them.

I was thinking more of phoning him at night (at his home number) and possibly
having someone in Spokain, WA walk to his door and kindly ask him to stop.

5/19/97 11:27 PM 2343474 may19b
5/19/97 11:33 PM 1631314 may19c
5/19/97 11:41 PM 2343474 may19d
4/24/97 11:04 PM 1138460 names.txt
5/20/97 2:47 AM 105616 opportunity_seekers
5/19/97 11:56 PM 4421526 removes
5/19/97 11:46 PM 1056280 Removes2

By the way, he just updated his lists. 3 new files (may19*) totalling over 5
megs of e-mail addresses. The may19d file contains 106056 e-mail addresses.

From the timestamps, I'd guess that either he has a real job and does this late
at night, or he has a cron job collecting e-mails around 11:PM. Since it's a
PC, I'd guess he's a night-owl.

Anyone interested in viewing his "latest" mailing lists can do so freely on the
web.

Since he's going to bomb again, how can we prevent this?

-Neal

brian moore

unread,

May 21, 1997, 3:00:00 AM5/21/97

to

In article <5lsj8t$n...@vixen.cso.uiuc.edu>,

ne...@ks.uiuc.edu (Neal Krawetz) writes:
> Anybody else have suggestions or people to contact?

If it's from CyberPromo, try mailing in...@attorneygeneral.gov: that's the
PA Attorney General's office, and they are now reportedly looking into
the matter of UCE, perhaps with a focus on CyberPromo, which is in
Philadelphia.

--
Brian Moore The opinions expressed above are my own, not
Sysadmin, C/Perl Hacker necesarily my employers'.

Jackie K. Bates

unread,

May 21, 1997, 3:00:00 AM5/21/97

to

I don't know about CyberPromo. I keep sending my mail with REMOVE in the
subject, but it just keeps coming. hmmmm.... maybe I need to send more
than one? hehehehe
--
Jackie K. Bates
staf...@brightok.net

brian moore <b...@news.cmc.net> wrote in article
<5ltdu1$gpe$1...@news.cmc.net>...

Tracy R. Reed

unread,

May 21, 1997, 3:00:00 AM5/21/97

to

Jackie K. Bates (jkb...@brightok.net) wrote:
: I don't know about CyberPromo. I keep sending my mail with REMOVE in the

: subject, but it just keeps coming. hmmmm.... maybe I need to send more
: than one? hehehehe

Putting remove in the subject and replying simply tells them that your
email address is a live one and only makes your problem worse. Never
reply with "remove" because it's simply not gonna happen. Instead, mail
the local officials. Someone suggested attorney general, that's a good
start.

I read on www.news.com in a little side bar that someone in
congress is proposing anti-UCE legislation. Anyone have any details? I
hope they succede.

----------
Tracy Reed
http://ultraviolet.org
http://www.linux.org - Escape the Gates of Hell

Boyd Roberts

unread,

May 21, 1997, 3:00:00 AM5/21/97

to

In article <3385cdb8...@nntp.ix.netcom.com>, e...@juno.com writes:
>
>The simplest way? Grab a free email account with someplace like Juno, and
>only use it in usenet posts.

Hmm, that could be fun:

----- The following addresses had permanent fatal errors -----
<N...@juno.com>

----- Transcript of session follows -----
... while talking to c.mx.juno.com.:
>>> RCPT To:<N...@juno.com>
<<< 552 <N...@juno.com>... Mail quota exceeded
554 <N...@juno.com>... Service unavailable

Looks like some of juno's worthless spammers have lost.

--
Boyd Roberts <bo...@france3.fr> N 31 447109 5411310

``Not only is UNIX dead, it's starting to smell really bad.'' -- rob

Justin M. Streiner

unread,

May 21, 1997, 3:00:00 AM5/21/97

to

On 21 May 1997 01:43:22 GMT, Jackie K. Bates <jkb...@brightok.net> wrote:
>I don't know about CyberPromo. I keep sending my mail with REMOVE in the
>subject, but it just keeps coming. hmmmm.... maybe I need to send more
>than one? hehehehe

You're most likely better off setting up spam filters on your machine using
procmail or adding the spam-blocking functionality to your machine using
sendmail or qmail if you have root. The amount of spam I got since I
started implementing such measures a few months decreased significantly.

jms

--
----- justin m streiner -------------------------------------------------
System / Network Administrator, Stargate Industries, Inc.
email: stre...@sgi.net
phone: 412-930-7827
fax: 412-930-7110

Neal Krawetz

unread,

May 21, 1997, 3:00:00 AM5/21/97

to

In article <01bc6588$ef9665e0$a6621ece@default>, "Jackie K. Bates"

<jkb...@brightok.net> writes:
|> I don't know about CyberPromo. I keep sending my mail with REMOVE in the
|> subject, but it just keeps coming. hmmmm.... maybe I need to send more
|> than one? hehehehe

|> --

Well, he has you in his "removes" file...

But his removes and Remove2 files seem to be in the same format as his normal
mailing lists. Congradulations! You're in 2 lists now! ;-)

-Neal

Neal Krawetz

unread,

May 21, 1997, 3:00:00 AM5/21/97

to

In article <slrn5o5q0f....@orion.bv.sgi.net>,

stre...@remove-to-mail-me.sgi.net (Justin M. Streiner) writes:
|> On 21 May 1997 01:43:22 GMT, Jackie K. Bates <jkb...@brightok.net> wrote:

|> >I don't know about CyberPromo. I keep sending my mail with REMOVE in the
|> >subject, but it just keeps coming. hmmmm.... maybe I need to send more
|> >than one? hehehehe
|>

|> You're most likely better off setting up spam filters on your machine using
|> procmail or adding the spam-blocking functionality to your machine using
|> sendmail or qmail if you have root. The amount of spam I got since I
|> started implementing such measures a few months decreased significantly.
|>
|> jms

I consider mail filters a poor solution for many reasons:

1) It masks the problem without fixing it. (Like taking pseudophed for a cold
-- make you feel good but doesn't cure anything.)

2) The spam is still consuming bandwidth and still is being received by mail
servers. It can still take down mail servers if too many accounts receive the
spam at one time.

3) It consumes valuable CPU time when the filters are used. This, of course,
depends on the type and implementation of the filter, but there is still an
extra amount of computational overhead. Enough spam can be quivalent to a
denile of service attack by making a hyperactive filter which blocks delivery of
"good" e-mail.

4) Some systems, especially dial-up ISPs, may not be equiped to filter incoming
mail. They place the spam at the pop server and require the user to download
the files, where filters on the local PC could remove the spam. This still
costs bandwidth and time for downloading. Anyone using a 14.4. modem who
receives 50 spams a day knows that this takes a while.

5) I've heard of many bad experiences with filters. Some are configured to
reject mail where the recipient is not explicitly listed in the TO: or CC:
fields. This filters out BCC: -- thus, a bad filter. Others try to verify the
originating host. This can either be forged or a real host, but either way is
easy to get around. And some filters reject based on key words. "$50,000" and
"free" and "Call now!" and "Cyberpromo" would all seem like good key words to
filter out, but may reject good e-mail. For example, this news thread discusses
Cyberpromo, and consequently would be filtered out. (Reminds me of the
comp.risks article where programs like NetNanny wouldn't allow people to view
the congressional electronics decentcy act since it has the words "sex" and
"pronography".)

6) Bulk filters and black-list filters are equally bad. Each time companies
like CyberPromos changes IP addresses, the filters must be changed. I feel
sorry for the next net-savvy company who is assigned one of the old,
black-listed IP addresses; they won't be able to contact valid customers. As we
all know, once something is introduced to the 'net, it stays around forever
(Good Times, Pkzip virus, Send a postcard to a dying child, etc.) Old
blacklists never die, they just get passed around.

The best solution I have seen so far is to fight spam with spam. Since we know
the culprit and we know his 800 number, and can probably find his home phone
number, we should e-mail everyone in his "removes", "Remove2", and
"opportunity_seekers" files the culprits' name and number. Ask them to voice
contact him if they wish to be removed. I suspect the phone company would come
down very fast (appearantly our spammer received 236,037 remove requests in 24
hours, as opposed to the 5012 "opportunity seekers"). My only fear with this
approach is that someone would decide to be cruel and include an inocent (or
anyone who they disliked) person's phone number instead. Worse: this could turn
into another internet hoax where people would, for years, be calling that
number, regardless of the person who owns it. Also, people hate spam; would
they equally hate the spammer who is trying to fight spam?

Instead, I propose a walking campaign. Let's find someone in the Spokane, WA
area who would be willing to go to the spammer's house and kindly ask him to
stop the UCE. He/She could go and represent all of the 300,000 people he has
recently spammed. No threats, no violence, just a "we know where you live and
would like you to stop." We could also try to find the spammer's employer and
discuss the problem with his boss (I have a few friends who went to another
friend's husband's boss to discuss spousal abuse. The abuse stopped very
quickly. We were amazed.)

Comments? Suggestions? Volunteers?

-Neal

Jackie K. Bates

unread,

May 21, 1997, 3:00:00 AM5/21/97

to

Tracy R. Reed <tr...@rohan.sdsu.edu> wrote in article
<5lu3n3$l0j$1...@hole.sdsu.edu>...

> Jackie K. Bates (jkb...@brightok.net) wrote:
> : I don't know about CyberPromo. I keep sending my mail with REMOVE in
the
> : subject, but it just keeps coming. hmmmm.... maybe I need to send
more
> : than one? hehehehe
>

> Putting remove in the subject and replying simply tells them that your
> email address is a live one and only makes your problem worse. Never
> reply with "remove" because it's simply not gonna happen. Instead, mail
> the local officials. Someone suggested attorney general, that's a good
> start.

Darn!!! That's why it seems to get worse. CyberPromo floods me with junk
some days. I guess I need to upgrade sendmail and start blocking them, or
atleast kick it back so they think its a bad address.

Justin M. Streiner

unread,

May 21, 1997, 3:00:00 AM5/21/97

to

>|> You're most likely better off setting up spam filters on your machine using
>|> procmail or adding the spam-blocking functionality to your machine using
>|> sendmail or qmail if you have root. The amount of spam I got since I
>|> started implementing such measures a few months decreased significantly.

>1) It masks the problem without fixing it. (Like taking pseudophed for a cold
>-- make you feel good but doesn't cure anything.)

Getting 'totally cured' is unlikely to happen unilaterally any time soon, as
the resolution to the problem is both technical and legislative. Most
states / countries presently don't have laws specific to spam or have
retro-fitted old laws to address the problem. Another problem is that
accounts are entirely too easy to get these days, what with the number of
AOL sign-up disks and free email services such as Juno or Hotmail floating
around. There is no shortage of throw-away accounts for spammers to use.

Bearing this in mind, individual users and sysadmins will need to address
the problem more directly.

>2) The spam is still consuming bandwidth and still is being received by mail
>servers. It can still take down mail servers if too many accounts receive the
>spam at one time.

Until tighter controls are placed at the sender's end and policies are more
widely established for the handling of spam, this will continue to be a
problem. I can put every mail block under the sun on my boxes. however
people will still try to spam me because it gives them some sort of cheap
thrill, I guess...

>3) It consumes valuable CPU time when the filters are used. This, of course,
>depends on the type and implementation of the filter, but there is still an
>extra amount of computational overhead. Enough spam can be quivalent to a
>denile of service attack by making a hyperactive filter which blocks delivery of
>"good" e-mail.

Not necessarily. There are some sites that I feel confident about blocking
mail from entirely (cyberpromo.com, etc...), and others that I feel
confident (to a lesser degree) about blocking a user@host combination.
There will be the occsaional whack-a-mole spammer using a hotmail account or
something that might get through, but overall, the signal-to-noise ratio in
my inbox is acceptable these days.

>4) Some systems, especially dial-up ISPs, may not be equiped to filter incoming
>mail. They place the spam at the pop server and require the user to download
>the files, where filters on the local PC could remove the spam. This still
>costs bandwidth and time for downloading. Anyone using a 14.4. modem who
>receives 50 spams a day knows that this takes a while.

Generally, that functionality isn't hard for ISPs to add at the front end,
assuming that the ISP is using a competent mailer such as qmail or sendmail
8.8.5. I won't get into issues with sites (not ISPs, necessarily) running
Microsoft Exchange or Lotus Notes/SMTP Agent :-)

>5) I've heard of many bad experiences with filters. Some are configured to
>reject mail where the recipient is not explicitly listed in the TO: or CC:
>fields. This filters out BCC: -- thus, a bad filter. Others try to verify the
>originating host. This can either be forged or a real host, but either way is
>easy to get around. And some filters reject based on key words. "$50,000" and
>"free" and "Call now!" and "Cyberpromo" would all seem like good key words to
>filter out, but may reject good e-mail. For example, this news thread discusses
>Cyberpromo, and consequently would be filtered out. (Reminds me of the
>comp.risks article where programs like NetNanny wouldn't allow people to view
>the congressional electronics decentcy act since it has the words "sex" and
>"pronography".)

I typically don't use subject-based filtering unless there's a need, like I
get 200 messages with the subject "MAKE $50,000 IN 5 HOURS!".

>6) Bulk filters and black-list filters are equally bad. Each time companies
>like CyberPromos changes IP addresses, the filters must be changed. I feel
>sorry for the next net-savvy company who is assigned one of the old,
>black-listed IP addresses; they won't be able to contact valid customers. As we
>all know, once something is introduced to the 'net, it stays around forever
>(Good Times, Pkzip virus, Send a postcard to a dying child, etc.) Old
>blacklists never die, they just get passed around.

I doubt that Cyberpromo's relationship with AGIS will end anytime soon. As
such, I don't think they'll be doing as much IP-jockeying as they did
before. If AGIS starts playing the IP 'shell game', then I'll block their
whole address space as a last resort. I remember hearing rumors that MCI
was going to pull the plug on all non-CIDR address blocks (hi Matt :) ) in
the near future. That being the case, AGIS would stand to lose a good chunk
of its IP blocks.

jms

Keyser Soze

unread,

May 21, 1997, 3:00:00 AM5/21/97

to

Isn't there a site where you enter the name and address of the spammer
(if you can find it) and the site will go and subscribe them to several
magazines?

Craig H. Rowland

unread,

May 22, 1997, 3:00:00 AM5/22/97

to

Marty Malinowski wrote:

>
> On 20 May 1997 01:56:50 GMT, ne...@net66.com@net66.com wrote:
>
> >Ok...
> >
> >So I got some e-mail spam that wasn't very anonymous:
> >

> >------------------------
> >Received: from ispam.net
>
> Typical Cyberpromo crap, I normally have a shell script (my
> autoresponder which is activated by certain junk email) grep my mail
> file for certain unique words used by them and return it to them after
> making the original email a little larger. It goes back to various
> accounts on their systems until the counter reaches 100. It is also a
> good idea to send email to one of their autoresponders with the "from"
> address of another one of their autoresponders. Also write a letter

. . .

I tend to think more vile of this subject because it really is an
Internet attack more than just a commercial freedom issue. Spammers take
from the community, yet give nothing in return. They forge messages,
register bogus domains, and abuse system resources of sites they don't
administer to push their garbage messages onto the citizens of the
Internet.

I equate spammers and domains that sponsor them more to a crack house in
a good neighborhood. It's a place for sleeze-balls to hang out, think of
new ways to skirt the system, do nothing productive, and still have some
time left over spray graffitti all over the place....

The question to ask then is simply: Would anyone really care if someone
tossed a molotov cocktail into the house late a night to burn it down?
It would probably solve a lot of problems...

-- Craig

Paul Murphy

unread,

May 22, 1997, 3:00:00 AM5/22/97

to

Hey, that's a great idea - if you get spam from anyone, write to
Reader's Digest and ask them to send all correspondence to your name at
the spammers postal address!

Maybe we could kill two birds with one stone???

Paul.

--
------------------------------------------------------
Paul J. Murphy - System and Network Manager
Gemini Research Ltd, 162 Science Park, Cambridge
Phone: 01223 435305 Fax: 01223 435301

Neal Krawetz

unread,

May 22, 1997, 3:00:00 AM5/22/97

to

In article <3383DFE7...@psionic.REMOVE-SPAM.com>, "Craig H. Rowland"

The same was thought of FAX-spammers. After years of complaining, it wasn't
until the FAX-spammers started to spam government agencies that laws began to
get passed.

Now FAX-spamming is illegal (federal, and most states).

The main argument with FAX-spamming was that paper and toner cost money.
Legislatures have not yet equated e-mail (disk space, viewing time, bandwidth)
as money, yet.

|> I equate spammers and domains that sponsor them more to a crack house in
|> a good neighborhood. It's a place for sleeze-balls to hang out, think of
|> new ways to skirt the system, do nothing productive, and still have some
|> time left over spray graffitti all over the place....
|>
|> The question to ask then is simply: Would anyone really care if someone
|> tossed a molotov cocktail into the house late a night to burn it down?
|> It would probably solve a lot of problems...

I truly appreciate the aggression you feel. :-)

but...

Buring down the house doesn't do much good. To continue this example, if the
people get out alive, they will just move to another house and start again.
Moving the problem does not solve the problem. (I like that "whack-a-mole"
term. Very appropriate.) Most city managers are aware of the NIMBY problem
(Not In My Back Yard) -- moving the problem just makes the previous neighbors
passive (out of sight, out of mind) while angering the new neighbors.

Worse: The authorities (sysadmins, and possible federal/government agencies)
will immediately start looking for the arsonist. It is likely the person will
be caught (most hackers leave some type of trail, although it may be very hard
to follow). Even though the arsonist did a good thing (removed the immediate
threat of the crack house), he did it in a bad way.

In my case, I know exactly who the spammer is, where he used to work, etc., but
how many other people can be as certain? Many spammers use forged addresses.
Do we want ignorant users to follow the false lead and burn down the wrong
house? This should not be turned into a which hunt. Rather, an alternative
method should be use to inform, without threats or harassment, the spammer that
his work is not appreciated. Clearly e-mail is not the proper medium (my
spammer just makes it into another mailing list!). Nor is removing his internet
access a powerful threat. (Unlike drivers who have their licenses revoked,
getting new internet access simply requires a single phone call.) No states
have laws to protect the public, yet, but PA may be the first; this won't hurt
my spammer since he's in Washington state.

I suggest an alternative method. I believe the spammer is not truly aware that
the e-mail addresses correspond to real people who get frustrated. We should
try to organize local user groups to picket the hacker. A physical presence
would achieve 4 goals: (1) it would reduce the risk of ignorant people
retaliating against the wrong person because people generally like to "know"
what they are physically doing, (2) it would reduce the likelihood of an
internet hoax where years after the problem people are still trying to solve it,
(3) it would paint a clear picture to the spammer that "we know where you live
and we don't appreciate your work", and (4) it would bring in the media which,
as we all know, will make the world a very unhappy place for the spammer.

Does anyone know which user groups (Unix, Sun, PC, what the hell...Mac) exist in
Spokane, WA?

-Neal

Neal Krawetz

unread,

May 22, 1997, 3:00:00 AM5/22/97

to

My guess would be that CyberPromo probably doesn't really have a fax machine at
the number. Just a computer with a fax-modem. Having 300,000 people fax them
would not hurt their business at all. In fact, it could be worse...

Faxing them could:
(1) give them your phone number and let them know you have a fax machine want
want correspondence. (Most fax machines are configured to include voice and fax
numbers at the top of the fax.)
(2) cost you money to send the fax (probably 6-25 cents for the call).
(3) tie up all the phone lines as the phone company tries to handle the
bombardment.
(4) People who use internet-to-fax gateways would tie up valuable bandwidth and
system resources across the country.

On the other hand, if they did have a real fax machine...
Faxing them would:
(1) Waste a lot of their paper (no more than 1 ream).
(2) Have them disconnect their fax machine and prevent "real" business responces.

Here's a question for you...
If 300,000 people send 1 fax (or e-mail) to one person, is it still a denile of
service attack?

-Neal

Don Nichols

unread,

May 22, 1997, 3:00:00 AM5/22/97

to

In article <5m0mre$4u2$1...@news.chatlink.com>,
The Shadow <shad...@aracnet.com> wrote:

Is that a real e-mail address? If not, could *that* be why you have
little spam these days?

>Did you ever stop to think that maybe the reason these so
>called E-Mail Spammers use fake headers etc. is because of
>the so called Anti-Spam people who do more damage than the
>spammers? Several years ago, my address was forged onto a
>SPAM E-Mail. I don't really think it was intentional by the
>spammer, just coincidence. Anyway, I was continually mail
>bombed for over 2 months before I closed out that account
>because of the problem. Because of that, and a lot of
>E-Mail Spam I regularly was receiving, I did a little
>research, and found out just how easy it really is to NOT
>GET JUNK E-MAIL!!!! All the complaining is bogus as far as
>I am concerned now. I went to an E-Mail filtering service,
>and have never had a problem since. This tells me that the
>people complaining, are not using such a service, and
>therfore are bringing on their problems themselves.
>
>If you want to use the service I use and am happy with, try:
>http://spnt.com/~d_troy/page2.html

**** Why should I have to pay someone to *not* receive e-mail? ****

And it wouldn't work for me, anyway. At home, I've been getting not
only spam from the postings which I make to a few newsgroups, but also
*more* spam which comes to me as postmaster of my domain, because they are
grabbing parts of "Message-ID: : headers which look somewhat like e-mail
addresses. They bounce, the bounce fails, since they have a bogus return
address, and then they are delivered to me as postmaster.

What I've done for them is set up an alias so they all get delivered
to a file which collects the spam (up to eight copies of each may come in)
in case they are needed as evidence in the future.

DoN.

--
DoN Nichols work:nic...@nvl.army.mil (703)704-2280
Disclaimer: No statements herein are to be considered as necessarily
representing the opinions of the Department of the Army or Night Vision Labs.
Black holes are where GOD is dividing by zero -- (author unknown)

Ric Steinberger

unread,

May 22, 1997, 3:00:00 AM5/22/97

to

Here are the name servers used by cyberpromo.com:

Domain servers in listed order:

NS7.CYBERPROMO.COM 205.199.2.250
NS5.CYBERPROMO.COM 205.199.212.50
NS8.CYBERPROMO.COM 207.124.161.65
NS9.CYBERPROMO.COM 207.124.161.50

[from the whois command].

Here are the services running on the first one, courtesy of strobe:

205.199.2.250 tcpmux 1/tcp TCP Port Service Multiplexer [MKL]
205.199.2.250 echo 7/tcp Echo [95,JBP]
205.199.2.250 discard 9/tcp Discard [94,JBP]
205.199.2.250 daytime 13/tcp Daytime [93,JBP]
205.199.2.250 chargen 19/tcp Character Generator [92,JBP]
205.199.2.250 ftp 21/tcp File Transfer [Control] [96,JBP]
205.199.2.250 telnet 23/tcp Telnet [112,JBP]
205.199.2.250 smtp 25/tcp Simple Mail Transfer [102,JBP]
205.199.2.250 time 37/tcp Time [108,JBP]
205.199.2.250 domain 53/tcp Domain Name Server [81,95,PM1]
205.199.2.250 pop3 110/tcp Post Office Protocol - Version 3 [122,MTR]
205.199.2.250 sunrpc 111/tcp SUN Remote Procedure Call [DXG]
#205.199.2.250 sunrpc2 111/tcp SUN Remote Procedure Call [DXG]2
205.199.2.250 auth 113/tcp Authentication Service [130,MCSJ]
205.199.2.250 printer 515/tcp spooler (lpd)
^C

Here are the RPC services, courtesy of rpcinfo -p:

I am open to hearing about denial of service or other attacks that
can be launched against these machines. At minimum, seems like one
could forward all spam mail to the postmaster account(s), send some
print jobs, launch low-level denial-of-service attacks. If we all
act together......

--
Ric Steinberger Email: r...@sri.com
SRI Consulting Phone: 415.859.4300
333 Ravenswood Ave AH301 Pager: 415.907.4598
Menlo Park CA 94025 FAX: 415.859.2986

Barry Margolin

unread,

May 22, 1997, 3:00:00 AM5/22/97

to

In article <5m0mre$4u2$1...@news.chatlink.com>,
The Shadow <shad...@aracnet.com> wrote:
>If you want to use the service I use and am happy with, try:
>http://spnt.com/~d_troy/page2.html

At $20 per address to filter, this can get quite pricey for those of us
with a number of valid addresses. I frequently get 3-5 duplicate messages
from the same spammer, indicating that they've got me listed with several
different addresses (I post from a different machine when I read news in my
office than when I login from home).
--
Barry Margolin, bar...@bbnplanet.com
BBN Corporation, Cambridge, MA
(BBN customers, call (800) 632-7638 option 1 for support)
Support the anti-spam movement; see <http://www.cauce.org/>

The Shadow

unread,

May 22, 1997, 3:00:00 AM5/22/97

to

Did you ever stop to think that maybe the reason these so
called E-Mail Spammers use fake headers etc. is because of
the so called Anti-Spam people who do more damage than the
spammers? Several years ago, my address was forged onto a
SPAM E-Mail. I don't really think it was intentional by the
spammer, just coincidence. Anyway, I was continually mail
bombed for over 2 months before I closed out that account
because of the problem. Because of that, and a lot of
E-Mail Spam I regularly was receiving, I did a little
research, and found out just how easy it really is to NOT
GET JUNK E-MAIL!!!! All the complaining is bogus as far as
I am concerned now. I went to an E-Mail filtering service,
and have never had a problem since. This tells me that the
people complaining, are not using such a service, and
therfore are bringing on their problems themselves.

If you want to use the service I use and am happy with, try:
http://spnt.com/~d_troy/page2.html

"Craig H. Rowland" <crow...@psionic.REMOVE-SPAM.com> wrote
in message <3383DFE7...@psionic.REMOVE-SPAM.com>:

>I equate spammers and domains that sponsor them more to a
crack house in
>a good neighborhood. It's a place for sleeze-balls to hang
out, think of
>new ways to skirt the system, do nothing productive, and
still have some
>time left over spray graffitti all over the place....
>
>The question to ask then is simply: Would anyone really
care if someone
>tossed a molotov cocktail into the house late a night to
burn it down?
>It would probably solve a lot of problems...
>

>-- Craig
>
>

peter hakanson

unread,

May 22, 1997, 3:00:00 AM5/22/97

to

I wonder, don't Cyberpromo advertized a fax number ?

They seem not to respond to mail addressed to
ab...@Cyberpromo.com, maybe redirecting mail to
their fax number would set cyberpromo on fire ?

I guess it's app. one hours work to create such an
fax-mailer.(for someone familiar with this)

Anyone cares to show me how to integrate this with sendmail ?

peter h

Marty Malinowski (mar...@frontiernet.net) wrote:
: On 20 May 1997 01:56:50 GMT, ne...@net66.com@net66.com wrote:

: >Ok...
: >
: >So I got some e-mail spam that wasn't very anonymous:
: >
: >------------------------
: >Received: from ispam.net

: Typical Cyberpromo crap, I normally have a shell script (my
: autoresponder which is activated by certain junk email) grep my mail
: file for certain unique words used by them and return it to them after
: making the original email a little larger. It goes back to various
: accounts on their systems until the counter reaches 100. It is also a
: good idea to send email to one of their autoresponders with the "from"

: address of another one of their autoresponders. Also write a letter to
: the PA Attorney General's office asking to stop this place from

: interfering with your ability to use your computer. A copy of my
: letter to the AG is on my web page, use the "Suck Page" link from the
: home page. Lots of info in news.admin.net-abuse.email.
: martym
: http://www.frontiernet.net/~martym
: Help Save the Canadiana!

--
Unsolicited commercial/propaganda email subject to legal action. Under US
Code Title 47, Sec.227(a)(2)(B), Sec.227(b)(1)(C), and Sec.227(b)(3)(C), a
State may impose a fine of not less than $500 per message. Read the full
text of Title 47 Sec 227 at http://www.law.cornell.edu/uscode/47/227.html

<peter....@cyklop.volvo.se> (remove ".devnull" before use!)
Peter Hakanson VolvoData Dep 2580 phone +46 31 66 74 27

The Shadow

unread,

May 23, 1997, 3:00:00 AM5/23/97

to

I've got a MUCH better idea!!!!!!! Instead of being a part
of the problem, why don't you focus your energy on being a
part of the solution..... I use to feel the same way you
do, but I have to tell you that since I found an E-Mail
filtering service about 2 years ago, I no longer get any
junk e-mail, and have come to the conclusion that there are
4 types of people on the internet.....

[1] Those who don't know what to do about junk e-mail
[2] Those who don't care about junk e-mail
[3] Those who don't want junk e-mail so have done something
constructive about it
[4] Those who don't want junk e-mail, so try to make
everyone elses lives miserable.

If you really don't want junk e-mail, then go to:
http://205.139.105.240/~d_troy/page2.html

Otherwise, I will conclude you fall into category 4
above....

The Shadow

unread,

May 23, 1997, 3:00:00 AM5/23/97

to

Yes, it is my real e-mail address. Don't take my word for
it though, try it, I'll reply....

Ok, you asked why you should have to pay to your e-mail
filtered.... That is a good question, and a legitimate one,
let's take a look at it for a moment....

If your ISP does the filtering, such as these proposed laws
say, then they are going to pass the cost on to us. My ISP
says $10-20 per month extra per user....

If you do the filtering, you still have to read it once, to
decide it is junk, before you can filter it. Even so, the
mail is still getting sent out over the internet and using
resources, for no gain for anyone. You might also be paying
for software to filter them out.

Ok, the other solution, is to use a filtering service. The
one I use now charges a 1 time fee of $19.95... When I
signed up 2 years ago, I think it was only $9.95, but
obviously if their costs have gone up, so does what they
have to charge, but you should note that this is a one time
fee, not monthly, or yearly or whatever.

Now, if you or your ISP is doing the filtering, the
un-wanted mail is still consuming internet resources, the
cost of which is passed on to you. Bigger hard drives etc.
If you use a service, then your name is actually removed
from the mailing lists BEFORE that mail ever gets sent out
in the first place.

So I guess the question comes down to whether you would
prefer to pay a small fee once, or continue to pay more and
more each month, for a solution which may not be nearly as
effective.

I'll take the one time pittance any day!

As for your ISP problem, why not sign up your ISP with the
service, presto, problem solved.......

The address is: http://205.139.105.240/~d_troy/page2.html

nic...@nvl.army.mil (Don Nichols) wrote in message
<5m214m$eng$1...@izalco.nvl.army.mil>:

>In article <5m0mre$4u2$1...@news.chatlink.com>,
>The Shadow <shad...@aracnet.com> wrote:
>

> Is that a real e-mail address? If not, could *that* be
why you have
>little spam these days?
>

>>Did you ever stop to think that maybe the reason these so
>>called E-Mail Spammers use fake headers etc. is because of
>>the so called Anti-Spam people who do more damage than the
>>spammers? Several years ago, my address was forged onto a
>>SPAM E-Mail. I don't really think it was intentional by
the
>>spammer, just coincidence. Anyway, I was continually mail
>>bombed for over 2 months before I closed out that account
>>because of the problem. Because of that, and a lot of
>>E-Mail Spam I regularly was receiving, I did a little
>>research, and found out just how easy it really is to NOT
>>GET JUNK E-MAIL!!!! All the complaining is bogus as far
as
>>I am concerned now. I went to an E-Mail filtering
service,
>>and have never had a problem since. This tells me that
the
>>people complaining, are not using such a service, and
>>therfore are bringing on their problems themselves.
>>
>>If you want to use the service I use and am happy with,
try:
>>http://spnt.com/~d_troy/page2.html
>

Neal Krawetz

unread,

May 23, 1997, 3:00:00 AM5/23/97

to

I would like to thank each and every one of you who have helped in this
discussion, both through the newsgroup and personal e-mail. I have finally made
contact with the spammer. His name is "Jason" and he used to work at "Eager
Beaver Computers" in Spokane, WA.

Any thoughts how I should respond?

I have included his e-mail to me. I apologize for his language, but I though I
should not edit his message. (I am aware that including personal e-mail is
considered bad netiquette, but I feel the people in this thread are all
involved.)

-----------------------
From <@ieway.com,@erc.wisc.edu:jas...@orion.ieway.com> Fri May 23 09:36:20 CDT 1997
Received: from radish.interlink-bbs.com ([206.153.192.125]) by
london.ks.uiuc.edu with ESMTP
(1.37.109.20/16.2 [TBG Mods]) id AA037078177; Fri, 23 May 1997 09:36:17 -0500
Return-Path: <@ieway.com,@erc.wisc.edu:jas...@orion.ieway.com>
Received: from pezmonster.altair.com (anon...@pezmonster.altair.com
[198.87.88.47]) by radish.interlink-bbs.com (8.6.12/8.6.9) with SMTP id JAA15073
for <ne...@ks.uiuc.edu>; Fri, 23 May 1997 09:35:54 -0500
Received: from ieway.com(really [ieway.com]) by pezmonster.altair.com
via sendmail with smtp
id <m0wUvRb...@pezmonster.altair.com>
for <@interlink-bbs.com:nea...@ks.uiuc.edu>; Fri, 23 May 1997 10:35:47 -0400
(EDT)
(Smail-3.2.0.92 1997-Feb-9 #1 built 1997-Apr-14)
Received: from erc.wisc.edu by ieway.com id ma49120;
May97 15:35:14 COT
Received: from orion.ieway.com (orion.ieway.com [132.143.244.94]) by
erc.wisc.edu (3.1.3/8.1.1) with SMTP id RXJ04794 for
<@ieway.com,@altair.com,@interlink-bbs.com:nea...@ks.uiuc.edu>; Fri, 23 May 1997
15:35:14 PGT
Message-Id: <2679693384...@ieway.com>
X-Mailer: Elm 2.4 (unix)
Date: Fri, 23 May 1997 15:35:14 PGT
To: ne...@ks.uiuc.edu
From: ja...@orion.ieway.com
Subject: Fucking looser: MYOB
X-Priority: 1
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Status: RO

Dear Neal:

FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.
FUCK YOU DIRTY SON OF A BITCH. DAMN LOOSER.

Very best regards, Up Yours ;-)

-----------------------

Comments?

-Neal

Neal Krawetz

unread,

May 23, 1997, 3:00:00 AM5/23/97

to

More update. "Jason" has subscribed me to over 200 listserve mailing lists.
(Jerk...)
Comments?

-Neal

In article <5m4ama$b...@vixen.cso.uiuc.edu>, ne...@ks.uiuc.edu (Neal Krawetz)
writes:

Don Nichols

unread,

May 23, 1997, 3:00:00 AM5/23/97

to

In article <5m2nvg$pf3$1...@news.chatlink.com>,

The Shadow <shad...@aracnet.com> wrote:
>Yes, it is my real e-mail address. Don't take my word for
>it though, try it, I'll reply....
>
>Ok, you asked why you should have to pay to your e-mail
>filtered.... That is a good question, and a legitimate one,
>let's take a look at it for a moment....
>
>If your ISP does the filtering, such as these proposed laws
>say, then they are going to pass the cost on to us. My ISP
>says $10-20 per month extra per user....

I have my own class-C subnet, and handle my own mail, which comes in
directly.

>If you do the filtering, you still have to read it once, to
>decide it is junk, before you can filter it. Even so, the
>mail is still getting sent out over the internet and using
>resources, for no gain for anyone. You might also be paying
>for software to filter them out.

From any known spam system, plus ISPs who do little or nothing to
discourage spammers from using their services, I simply block the attempted
smtp connection. (tcp-wrappers plus qmail makes that easy -- and does not
cost me anything.) As it is set up, the response refusal message is set up
to go in two parts, the first an hour before the second, so one of their
sendmail daemons is hung waiting for my systems to finish replying to them.
(In some cases, with very agressive spammers, there are more than one
attempt hanging on at once.) This consumes very little net bandwidth, and
makes things more expensive for the system trying to send to me. (It is
about time that they pay some of the associated costs.)

>Ok, the other solution, is to use a filtering service. The
>one I use now charges a 1 time fee of $19.95... When I
>signed up 2 years ago, I think it was only $9.95, but
>obviously if their costs have gone up, so does what they
>have to charge, but you should note that this is a one time
>fee, not monthly, or yearly or whatever.
>
>Now, if you or your ISP is doing the filtering, the
>un-wanted mail is still consuming internet resources, the
>cost of which is passed on to you. Bigger hard drives etc.
>If you use a service, then your name is actually removed
>from the mailing lists BEFORE that mail ever gets sent out
>in the first place.

Which means that you are in effect paying the *spammers* to not spam
you. If this filtering is going on at the source, that means that they have
the list of systems/individuals to not spam in *their* hands. This is fine
until they get a sufficiently attractive offer to send spam to everyone on
*that* list. Don't believe that they won't. They regularly add people who
respond with a "remove" request to a list of verified active accounts, which
they sell for more.

>So I guess the question comes down to whether you would
>prefer to pay a small fee once, or continue to pay more and
>more each month, for a solution which may not be nearly as
>effective.
>
>I'll take the one time pittance any day!

I'll not pay spammers to not spam me.

>As for your ISP problem, why not sign up your ISP with the
>service, presto, problem solved.......

It is not my ISP problem. *I* am handling the e-mail coming into my
domain. As such, *I* get the bounces to postmaster.

Since the spammers are grabbing bogus addresses built from news
articles' "Message-ID:" headers, there will be a constantly growing list of
these addresses which need to be added to the filter service -- at $19.00
per crack. There are already over a hundred dollars worth of these at that
rate. And there are spams coming in to me at my real address, and at an
address matching the machine name from which I am posting, and that doubles
the cost to me.

Since the attourney general of Pennsylvania is now looking into the
activities of their local spammer (who is a *major* source of the spam),
perhaps legal remedies will work.

Barry Margolin

unread,

May 23, 1997, 3:00:00 AM5/23/97

to

In article <5m2m29$muv$1...@news.chatlink.com>,

The Shadow <shad...@aracnet.com> wrote:
>I've got a MUCH better idea!!!!!!! Instead of being a part
>of the problem, why don't you focus your energy on being a
>part of the solution..... I use to feel the same way you
>do, but I have to tell you that since I found an E-Mail
>filtering service about 2 years ago, I no longer get any
>junk e-mail, and have come to the conclusion that there are
>4 types of people on the internet.....

This is the third message I've seen this guy post about this filtering
service. Am I the only one who thinks he's getting a kickback (maybe he
even runs it)?

I'm certainly not going to spend around $100 ($20 per address) to add my
name to a filtering service. I also have very little expectation that this
will really cut down much on the spam I receive (20-40 messages a day).
According to the web page, spammers have to send their lists to this
service so that they can filter out the addresses that don't want UCE. I
find it difficult to believe that most of the spammers do this. If they
do, why doesn't he make his money by charging *them* for the service of
filtering, rather than charging the recipients?

I also didn't like the fact that the web form for signing up for this
requests my checking account information rather than credit card info.
Credit cards have limits on the amount of liability customers have for
fraudulent charges, but I'm not sure there are similar protections for
checking accounts. And his web page doesn't use SSL!

Alun Jones

unread,

May 23, 1997, 3:00:00 AM5/23/97

to

In article <5m4fis$9...@tools.bbnplanet.com>, Barry Margolin <bar...@bbnplanet.com> wrote:
>In article <5m2m29$muv$1...@news.chatlink.com>,
>The Shadow <shad...@aracnet.com> wrote:
>>I've got a MUCH better idea!!!!!!! Instead of being a part
>>of the problem, why don't you focus your energy on being a
>>part of the solution..... I use to feel the same way you
>>do, but I have to tell you that since I found an E-Mail
>>filtering service about 2 years ago, I no longer get any
>>junk e-mail, and have come to the conclusion that there are
>>4 types of people on the internet.....
>
>This is the third message I've seen this guy post about this filtering
>service. Am I the only one who thinks he's getting a kickback (maybe he
>even runs it)?

He doesn't necessarily have to be running it. Maybe it's one of those "Get
free internet access by signing up five friends who will never speak to you
again." pyramid schemes. I mean, you just can't argue with the Mathematics,
unless you happen to realise that the population interested in the Internet,
even the whole population, is finite enough that this scheme is a _loser_.

My favourite of late is the "Pay us and we'll filter anything from Spamface
Warlord" people at Aristotle. Great - I'm already pissed off because he's
sending me crap I didn't want to read, and he's making me bear the brunt of
the charges, and now he wants me to pay even more for him to stop doing so?
Wait, even better than this - I can't sign up even if I wanted to fuel more
money to the guy - I'm "Not from 'round these parts" as they say here in
Austin, and so I can't be a registered voter until at least next year, and
that's what they require to stop my spam.

I guess I'll just have to fall back on the nice spam-filter my technically
competent (and more) ISP has installed. Yes, Illuminati Online, the same
champions of Free Speech whose equipment was seized by the Secret Service back
when they were just a BBS run by Steve Jackson Games - they are fortunately
wise enough to notice that Free Speech stops when I am required to pay for
something I don't wish to receive. It's not Free Speech, it's free theft - of
resources and time, not to mention stealing the usefulness of my email
accounts.

Anyone thinking of sending mass quantities of unwanted email, remember that
the arguments offered by the Spammers are not good ones. Those of us that
protest Spam are not offended by commercial use of the Internet (otherwise my
sig file wouldn't have anything in it about my own programs). We're not
trying to stop free speech - just trying to stop having to pay for someone
else's. And "remove" requests are not honoured. As Spamface mentions when
you ask to be removed from his lists, it doesn't necessarily mean you'll be
removed from his customers' lists - what it actually means is that you'll be
_added_ to them - after I told his lot to remove my name, the quantity of Spam
coming through "savetrees.com" et al more than tripled. Overnight.

(Anyone get the feeling "I don't like Spam"?)

Alun.
~~~~

---
Texas Imperial Software | Try WFTPD, the Windows FTP Server.
1602 Harvest Moon Place | Available at the web site
Cedar Park TX 78613 | http://www.wftpd.com
Fax +1 (512) 378 3246 | or email me at al...@texis.com
Phone +1 (512) 257 2578 | Now accepting credit card orders!
===================================================================
***** WFTPD Pro, an NT Service FTP Server supporting multiple *****
** simultaneous virtual hosts, is now available for $80 per copy **

Francois Baligant

unread,

May 24, 1997, 3:00:00 AM5/24/97

to

On 21 May 1997 20:28:28 GMT, Justin M. Streiner <stre...@remove-to-mail-me.sgi.net> wrote:
>
>>2) The spam is still consuming bandwidth and still is being received by mail
>>servers. It can still take down mail servers if too many accounts receive the
>>spam at one time.
>
>Until tighter controls are placed at the sender's end and policies are more
>widely established for the handling of spam, this will continue to be a
>problem. I can put every mail block under the sun on my boxes. however
>people will still try to spam me because it gives them some sort of cheap
>thrill, I guess...

When ISP starts to make business from spamming I wonder which
kind of control one can still hope.. God.. I got spammed by them
too and the message got directly delivred from them to my mailbox..

From: tel...@savetrees.com
Received: from relay4.ispam.net ([205.199.212.35]) by pctrading.be
(Netscape Mail Server v1.1) with ESMTP id AAA230
for <acc...@pctrading.be>; Sat, 24 May 1997 06:12:17 +0200
Received: from --- CLOAKED! ---
Received: from --- CLOAKED! ---
Date: Fri, 23 May 1997 13:39:00 -0400 (EDT)
X-1: This email was sent by "Cyber-Bomber" ... Details at
http://www.cyberpromo.com

I guess a procmail filter can get rid of that kind of spam..
The received line just scream "delete me!" ... I will
redirect my mail to a unix account and see what i can do with
a nice .procmailrc (any suggestions for effiency?)

Also, on a legal point of view, what can I do ? I live in
Belgium .. They are in the usa.. It's going to take ages..
I think the solution isn't on the legal side for one time...

Or.. Maybe if 100.000 people on that guy's email list email
CyberPromo
's ISP only one times, they are maybe going to cut the feed..
Of course they will just move to another ISP but it's going to
cost them money at least...

We can't stay inactive against that.. it's just too annoying..

regards, Francois

--
- access/pulpe - access dot pctrading.be - http://cubic.pctrading.be/~access -
- wired'97 organizer - http://people.pctrading.be/wired - cyou there! -
- Linux, for IQ higher than 95 -

Jerry Leslie

unread,

May 24, 1997, 3:00:00 AM5/24/97

to

Francois Baligant (acc...@pctrading.be) wrote:

: When ISP starts to make business from spamming I wonder which

: kind of control one can still hope.. God.. I got spammed by them
: too and the message got directly delivred from them to my mailbox..

: Also, on a legal point of view, what can I do ? I live in

: Belgium .. They are in the usa.. It's going to take ages..
: I think the solution isn't on the legal side for one time...

See the Cyberpromo FAQ:

"Web Site: http://members.aol.com/macabrus/cpfaq.html
Text Only: ftp://members.aol.com/macabrus/cyberpromofaq "

--Jerry,

Gerald (Jerry) R. Leslie jerry....@aspentech.com Aspen Technology, Inc.
(my opinions are strictly my own)

The Shadow

unread,

May 25, 1997, 3:00:00 AM5/25/97

to

The answer to your problem can be found at:
http://205.139.105.240/~d_troy/page2.html

jle...@dmccorp.com (Jerry Leslie) wrote in message
<5m7h2p$4...@igate.dmccorp.com>:

The Shadow

unread,

May 25, 1997, 3:00:00 AM5/25/97

to

A far better solution is to get your name removed from their
mailing lists BEFORE they ever send you the junk. That's
what an ouside E-mail filtering service can do for you. I
have used such a service for 2+ years and been spam-free
ever since. Since you can't seem to find them in the search
engines, we need to spread the word I guess. I use Donna
Troy's, and her address is:
http://205.139.105.240/~d_troy/page2.html

acc...@pctrading.be (Francois Baligant) wrote in message
<slrn5odvo9...@jack.pctrading.be>:

>On 21 May 1997 20:28:28 GMT, Justin M. Streiner
<stre...@remove-to-mail-me.sgi.net> wrote:
>>
>>>2) The spam is still consuming bandwidth and still is
being received by mail
>>>servers. It can still take down mail servers if too many
accounts receive the
>>>spam at one time.
>>
>>Until tighter controls are placed at the sender's end and
policies are more
>>widely established for the handling of spam, this will
continue to be a
>>problem. I can put every mail block under the sun on my
boxes. however
>>people will still try to spam me because it gives them
some sort of cheap
>>thrill, I guess...
>

> When ISP starts to make business from spamming I wonder
which
> kind of control one can still hope.. God.. I got spammed
by them
> too and the message got directly delivred from them to my
mailbox..
>

>From: tel...@savetrees.com
>Received: from relay4.ispam.net ([205.199.212.35]) by
pctrading.be
> (Netscape Mail Server v1.1) with ESMTP id AAA230
> for <acc...@pctrading.be>; Sat, 24 May 1997
06:12:17 +0200
>Received: from --- CLOAKED! ---
>Received: from --- CLOAKED! ---
>Date: Fri, 23 May 1997 13:39:00 -0400 (EDT)
>X-1: This email was sent by "Cyber-Bomber" ... Details at
>http://www.cyberpromo.com
>
> I guess a procmail filter can get rid of that kind of
spam..
> The received line just scream "delete me!" ... I will
> redirect my mail to a unix account and see what i can do
with
> a nice .procmailrc (any suggestions for effiency?)
>

> Also, on a legal point of view, what can I do ? I live in
> Belgium .. They are in the usa.. It's going to take ages..
> I think the solution isn't on the legal side for one
time...
>

Andrew Dunstan

unread,

May 25, 1997, 3:00:00 AM5/25/97

to

why don't you tell us this is YOUR service, and that your posts are
just advertising?

Connected to jumping-spider.aracnet.com.
Escape character is '^]'.
220 jumping-spider.aracnet.com ESMTP Sendmail 8.8.5/8.8.5; Sun, 25 May
1997 02:50:31 -0700
helo magellan.maynick.com.au
250 jumping-spider.aracnet.com Hello magellan.maynick.com.au [203.1.223.1], pleased to meet you
vrfy shadow01
250 Donna Troy <shad...@jumping-spider.aracnet.com>
quit
221 jumping-spider.aracnet.com closing connection

and whoever aracnet is still has vrfy on, too. well done.

cheers

andrew

The Shadow (shad...@aracnet.com) wrote:
: A far better solution is to get your name removed from their

: >
: >

--

-------------------------------------------------------------------------
There's nothing either good or bad, but thinking makes it so - Hamlet
http://www.gr-lakes.com/~andrew (including PGP key)
PGP Key fingerprint = 5C 44 7D E4 76 A3 31 DE 3D 11 FA 15 4D 87 1F 5E
-------------------------------------------------------------------------

A. Nonamus

unread,

May 25, 1997, 3:00:00 AM5/25/97

to

In article <5lub90$fgj$1...@route1.mdrf.france3.fr>,
Boyd Roberts <bo...@france3.fr> wrote:
>
> ----- Transcript of session follows -----
> ... while talking to c.mx.juno.com.:
> >>> RCPT To:<N...@juno.com>
> <<< 552 <N...@juno.com>... Mail quota exceeded
> 554 <N...@juno.com>... Service unavailable
>
>Looks like some of juno's worthless spammers have lost.

Don't fall into the trap of believing that these messages actually
came from JUNO.COM. I've probably got dozens of examples of
message headers with a "From: xx...@juno.com" address, and NONE of
them appeared to originate at JUNO.COM or even be bounced off JUNO.

It is a separate issue of whether these people actually have
accounts at JUNO. I haven't had much luck getting word from the
staff at JUNO as to whether any of these addresses ever existed
at JUNO.COM, or not.

I suspect some jerk wrote a spamming tool and put in a default address
of "xx...@juno.com", with instructions to replace the "xxxx" with
something appropriate. If the body of the message then points you
off to some web site that features bodybuilders in intimate relationships
with baby goats, then they really don't care (or want) an email reply--
they just want you to visit their web site. So the From address is
probably bogus.

One way of dealing with the "JUNO" problem is to bounce all email
with a JUNO.COM From address that IS NOT sent directly from one
of the following addresses:

205.231.100.0/24
205.231.101.0/24
205.231.102.0/24
149.77.0.0/16

This doesn't work if you have a MX forwarder for your domain
that is outside your protection perimeter.

Anon

[ Reply to tmp...@escom.com if you want to communicate via email.
[ That address is temporary, and will go away without notice
[ when I start getting junk mail there.

Stephen Hammill

unread,

May 26, 1997, 3:00:00 AM5/26/97

to

My first attempt to post failed... I'll try again:

I've been replying to the spammer with the SUBJECT changed to "You've
just spammed the president" and the CC: filled with the mail addresses
of the president, the vice president, the senate and congress, and
evey bigdog internet committee I can hit...

Be sure to include mail routing info!

ne...@net66.com@net66.com wrote:

>Ok...

>So I got some e-mail spam that wasn't very anonymous:

>------------------------
>Received: from ispam.net (ro...@ispam.net [205.199.212.34])
> by winslow.net66.com (8.8.5/8.8.5) with ESMTP id QAA13450
> for <ne...@net66.com@net66.com>; Mon, 19 May 1997 16:03:29 -0500 (CDT)
>From: hom...@204.188.52.117

>Received: from --- CLOAKED! ---

>Date: Mon, 19 May 1997 17:05:52 -0400 (EDT)

>X-1: This email was sent by "Cyber-Bomber" ... Details at http://www.cyberpromo.com

>X-2: This server only relays mail from other sources.
>X-3: To report abuse, please send email to ab...@cyberpromo.com.
>X-4: Coming soon --> Master remove list implementation by I.E.M.M.C.
>Message-Id: <1997051921...@ispam.net>
>To: ne...@net66.com@net66.com
>Subject: HELP WANTED
>X-UIDL: c0bb0e6b8b52273f71578f0f44629f66
>------------------------

>As it turns out, this guy (at 204.188.52.117) it running a web server.
>It's a PC.
>The web server is:
>204.188.52.117 Server: Mini-Proxy/1.0

>I have downloaded everything I could, including his list of e-mail
>addresses (1.1Megs).

>Now for the question: what can I do to hurt this guy's business so he
>learns not to spam.

>I also have his home address and an 800 number:
> Mailing Address: 3818 E Joseph #C, Spokane, WA 99202
> Voice Mail: (800) 262-8356
> 24-Hour FAX Line: (509) 482-4081

>I'm very open to suggestions.

> -Neal
> ne...@net66.com

Stephen Hammill

unread,

May 26, 1997, 3:00:00 AM5/26/97

to

My recent solution is to reply to the spammer with a subject of: Hey
stupid, you just spammed the president...

And in the CC: are the emails of the president, vice president, the
house committee on the internet, big time internet postmasters, and
dozens of congressmen and senators.

I figure that will make a point...in more ways than one!

I've automated the process in include all the mail routing information
of the spammer!

David Malone

unread,

May 26, 1997, 3:00:00 AM5/26/97

to

amd...@its.maynick.com.au (Andrew Dunstan) writes:

>and whoever aracnet is still has vrfy on, too. well done.

Whats the problem with vrfy ?

(and doesn't overquoting freak anyone else out ?)

David.

Neal Krawetz

unread,

May 27, 1997, 3:00:00 AM5/27/97

to

In article <5mcj36$krp$1...@juliana.sprynet.com>, sham...@sprynet.com (Stephen

Probably not the smartest thing to do... (Although I will not denounce it since
the spammer has since subscribed 2 of my accounts to over 200 listserve mailing
lists.)

1. Although the may may seem to be from the spammer, the mail repeaters will
show a trail leading to your ISP.

2. Most ISPs keep a mail-log showing who sent e-mail to whom, when, and in the
case of 2 ISPs I know, what IP address they originally sent it from. This
information, in conjunction with their connection logs (which username connected
to which phone number and IP address at what time for how long) will quickly
point to you.

3. Luckily, the U.S. has no laws against this, otherwise, you could be in
trouble. Unless the spam had a threat in it; then you'd be in trouble fast. I
recall hearing recently about a 12-year-old (14?) who was investigated by the
government for e-mailing a threat to the president. Then there was that
comp.risks which told about that teacher with a writing assignment to threaten
the president...

4. I still must ask, is spamming a spammer OK? I don't think it is since it is
still a denial-of-service attack. Similarly, mugging a mugger or stealing from
a thief may make you feel better, but it doesn't make you better than him.
Worse: when someone spams they use other people's resources (mail-routing,
listservers, usenet services) which means, to abuse the abuser you must abuse
inocent people too.

Comments?

-Neal

The Truth

unread,

May 27, 1997, 3:00:00 AM5/27/97

to shad...@aracnet.com

The Shadow wrote:
>
> A far better solution is to get your name removed from their
> mailing lists BEFORE they ever send you the junk. That's
> what an ouside E-mail filtering service can do for you. I
> have used such a service for 2+ years and been spam-free
> ever since. Since you can't seem to find them in the search
> engines, we need to spread the word I guess. I use Donna
> Troy's, and her address is:
> http://205.139.105.240/~d_troy/page2.html

Donna,

Your software sucks, and so do you for trying to make us believe you are
offering "Friendly Advice" as a considerate third party.

What a joke.

*plonk* -- welcome to my killfile.

Matthew Kelly

unread,

May 27, 1997, 3:00:00 AM5/27/97

to

In comp.security.unix The Shadow <shad...@aracnet.com> wrote:
> A far better solution is to get your name removed from their
> mailing lists BEFORE they ever send you the junk. That's
> what an ouside E-mail filtering service can do for you. I
> have used such a service for 2+ years and been spam-free
> ever since. Since you can't seem to find them in the search
> engines, we need to spread the word I guess. I use Donna
> Troy's, and her address is:
> http://205.139.105.240/~d_troy/page2.html

For someone who obviously likes the filtering idea, you certainly aren't
following the spirit of the Murkowski ammendment by tagging all your
ads for what they are in the Subject... "ADVERTISEMENT"

Matt

> >Received: from --- CLOAKED! ---
> >Received: from --- CLOAKED! ---
> >Date: Fri, 23 May 1997 13:39:00 -0400 (EDT)
> >X-1: This email was sent by "Cyber-Bomber" ... Details at
> >http://www.cyberpromo.com
> >

--
-------------------------------------------------------------------------
Matthew Kelly
ma...@hwcn.org

Andy Smith

unread,

May 30, 1997, 3:00:00 AM5/30/97

to

Matthew Kelly wrote:
>
> In comp.security.unix The Shadow <shad...@aracnet.com> wrote:
> > A far better solution is to get your name removed from their
> > mailing lists BEFORE they ever send you the junk. That's
> > what an ouside E-mail filtering service can do for you. I
> > have used such a service for 2+ years and been spam-free
> > ever since. Since you can't seem to find them in the search
> > engines, we need to spread the word I guess. I use Donna
> > Troy's, and her address is:
> > http://205.139.105.240/~d_troy/page2.html

The solution that I use is two fold. One is to use mail filters
in Sendmail, which are now being implemented at this site. The
second is to forward all spam mail to pres...@whitehouse.gov
asking that the US government do something about the problem, as
non of these mails are relevant to us.

If we all forward the spam mails to the whitehouse mail server,
they may get the message!!

Andy

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Andy Smith
Systems Security Specialist
ID/IR, Esrin Tel. +39 (0)6 94180465
European Space Agency Fax. +39 (0)6 94180442
Via Galileo Galilei - C.P. 64 asm...@esrin.esa.it
00044 Frascati - Italy

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Shmuel (Seymour J.) Metz

unread,

Jun 23, 1997, 3:00:00 AM6/23/97

to

Clearly he should call the guy's 800 number and 1-800-380-AGIS and
complain (after asking for the supervisor of whoever answers). Formal
complaints to the AG of Michigan (for AGIS) and Pennsylvania (for Cyber
Promotions) may also be in order. He might want to subscribe to
news.admin-net-abuse.email as well.

Stephen Hammill wrote:
>
> My recent solution is to reply to the spammer with a subject of: Hey
> stupid, you just spammed the president...
>
> And in the CC: are the emails of the president, vice president, the
> house committee on the internet, big time internet postmasters, and
> dozens of congressmen and senators.
>
> I figure that will make a point...in more ways than one!
>
> I've automated the process in include all the mail routing information
> of the spammer!

--

Shmuel (Seymour J.) Metz
Senior Software SE

The values in from and reply-to are for the benefit of spammers:
reply to domain eds.com, user msustys1.smetz or to domain gsg.eds.com,
user smetz.

Shmuel (Seymour J.) Metz

unread,

Jun 25, 1997, 3:00:00 AM6/25/97

to

The Shadow wrote:
>
> The answer to your problem can be found at:
> http://205.139.105.240/~d_troy/page2.html

Sounds like a protection racket to me; subscribe or we'll send you spam.

Shmuel (Seymour J.) Metz

unread,

Jul 2, 1997, 3:00:00 AM7/2/97

to

The Shadow wrote:
> Because of that, and a lot of
> E-Mail Spam I regularly was receiving, I did a little
> research, and found out just how easy it really is to NOT
> GET JUNK E-MAIL!!!! All the complaining is bogus as far as
> I am concerned now. I went to an E-Mail filtering service,
> and have never had a problem since. This tells me that the
> people complaining, are not using such a service, and
> therfore are bringing on their problems themselves.

Those people who complain about arson are not using Guido's anti-arson
program, and are just bringing the problem on themselves. If they would
just pay Meir Lansky a modest fee they wouldn't have these arson
problems.

Shmuel (Seymour J.) Metz

unread,

Jul 2, 1997, 3:00:00 AM7/2/97

to shad...@aracnet.com

The Shadow wrote:
>
> Now, if you or your ISP is doing the filtering, the
> un-wanted mail is still consuming internet resources, the
> cost of which is passed on to you. Bigger hard drives etc.
> If you use a service, then your name is actually removed
> from the mailing lists BEFORE that mail ever gets sent out
> in the first place.

That's what the spammers say, but a few simple tests have demonstrated
that it's a lie.

> So I guess the question comes down to whether you would
> prefer to pay a small fee once, or continue to pay more and
> more each month, for a solution which may not be nearly as
> effective.

"E - None of the above." Either way it's theft of service; the spammers
are using our money to serve their business needs. I prefer to do my
best to put them in jail.

Shmuel (Seymour J.) Metz

unread,

Jul 2, 1997, 3:00:00 AM7/2/97

to

Neal Krawetz wrote:
>
> Here's a question for you...
> If 300,000 people send 1 fax (or e-mail) to one person, is it still a denile of
> service attack?
>
> -Neal

If each of those people is sending a legitimate complaint and only
sending it once per spam then it is not a DOS attack.

Shmuel (Seymour J.) Metz

unread,

Jul 2, 1997, 3:00:00 AM7/2/97

to

Ric Steinberger wrote:
>
> Here are the name servers used by cyberpromo.com:

...

> I am open to hearing about denial of service or other attacks that
> can be launched against these machines. At minimum, seems like one
> could forward all spam mail to the postmaster account(s), send some
> print jobs, launch low-level denial-of-service attacks. If we all
> act together......
>
> --
> Ric Steinberger Email: r...@sri.com
> SRI Consulting Phone: 415.859.4300
> 333 Ravenswood Ave AH301 Pager: 415.907.4598
> Menlo Park CA 94025 FAX: 415.859.2986

That would be illegal. However, it *is* legal to complain to each cyber
promo and agis address and phone number that you can track down, e.g.,
1-800-380-agis, as long as you only do it once per spam. If you live in
Michigan or Pennsylvania, you might also file a suit in small claims
court at $500/crack.

Kari Salmela

unread,

Jul 3, 1997, 3:00:00 AM7/3/97

to

> > So I guess the question comes down to whether you would
> > prefer to pay a small fee once, or continue to pay more and
> > more each month, for a solution which may not be nearly as
> > effective.
>
> "E - None of the above." Either way it's theft of service; the spammers
> are using our money to serve their business needs. I prefer to do my
> best to put them in jail.

I have understood the U.S.A. is the promised land of lawyers. Now
I wonder if anyone has been collecting names to group cases against
businesses spamming with unsolicited e-mail. Grounds for sue could
be from trespassing to distribution of obscene material to minors,
sexual harrassment, unauthorized use of private computer equipment,
attempt to compromise computer security etc.

I'd be happy to testify against some idiots sending me all kinds of
pornographic material ads etc. providing air fare tickets are covered :-)

[NOTE all prominent lawyers: you keep 50% of everything you can collect
from spammers, we "the victims" split the rest, OK?]

--Kari
--
Kari T. Salmela, Computer Services Center, University of Oulu
<a href="mailto:Kari.S...@oulu.fi">E-mail welcome</a>
Phones: +358 8 553 3987 (work) +358 400 689862 (mobile)
SnailMail: Yliopistokatu 44 B 314, FIN-90570 OULU, Finland

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQBtAzJ/eqgAAAEDANSsxmh2OBgFZqVJPuzUf+N6jDjL5E2H4iswDw6oeEDcM1Bt
l9vi3+RxMqy0/RfEw5K/9w/3OKuUotvGm3B7B+YWLLknpl4eOPXBb2O16rwkY7IK
atQvxZExyP93KXFE/QAFEbQmS2FyaSBULiBTYWxtZWxhIDxLYXJpLlNhbG1lbGFA
b3VsdS5maT6JAHUDBRAyf3qoMcj/dylxRP0BATMkAwChlvzhXZGbrLtaZP+8jy+G
dlJEDk4cQIEr8rbwzWgSpCEmBhPqnWKZr0l5XSyuaJ/RPn+CyoEE/fjMXliQ1mkz
wl3LVViDyXjeYK9NZoEKsUW1xyW/2RfcTaJ5m/DPgRs=
=PIcM
-----END PGP PUBLIC KEY BLOCK-----

nealk@net66.com@net66.com

unread,

Jul 3, 1997, 3:00:00 AM7/3/97

to

In <KSALMELA.9...@sun4.oulu.fi>, ksal...@sun4.oulu.fi (Kari Salmela) writes:
>
>> > So I guess the question comes down to whether you would
>> > prefer to pay a small fee once, or continue to pay more and
>> > more each month, for a solution which may not be nearly as
>> > effective.
>>
>> "E - None of the above." Either way it's theft of service; the spammers
>> are using our money to serve their business needs. I prefer to do my
>> best to put them in jail.
>
>I have understood the U.S.A. is the promised land of lawyers. Now
>I wonder if anyone has been collecting names to group cases against
>businesses spamming with unsolicited e-mail. Grounds for sue could
>be from trespassing to distribution of obscene material to minors,
>sexual harrassment, unauthorized use of private computer equipment,
>attempt to compromise computer security etc.
>
>I'd be happy to testify against some idiots sending me all kinds of
>pornographic material ads etc. providing air fare tickets are covered :-)
>
>[NOTE all prominent lawyers: you keep 50% of everything you can collect
>from spammers, we "the victims" split the rest, OK?]

I'd be happy with a T-shirt. Let the lawyers earn their keep (just as long
as they pay for my air-fair, hotel, and food).

BTW, the spammers I tracked down (204.188.52.117) haven't send anything since
we began phoning them at their homes, work, and friend's homes.
(Note: I never made any phone calls, but apparently a half-dozen other people
did.)
Their last spam occured on 5/20.

-Neal

Elias Halldor Agustsson

unread,

Jul 4, 1997, 3:00:00 AM7/4/97

to

Svo mælti Shmuel (Seymour J.) Metz <nos...@gsg.eds.com>:

# Neal Krawetz wrote:
# >
# > Here's a question for you...
# > If 300,000 people send 1 fax (or e-mail) to one person, is it still a denile of
# > service attack?
# >
# > -Neal
#
# If each of those people is sending a legitimate complaint and only
# sending it once per spam then it is not a DOS attack.

And then, if they won't get a reply, I can't see why they couldn't
send one a week later ... and a week later (in fact, put it into crontab).

--
|--Elias Halldor Agustsson----|-Implementation: The fruitless struggle-|
| Unix System Administrator | of the talented poor to fulfill what |
| University of Iceland | the ignorant rich have promised. |
|--Tel. +354 525 4903-- http://www.hi.is/~elias -----------------------|

Elias Halldor Agustsson

unread,

Jul 4, 1997, 3:00:00 AM7/4/97

to

Svo mælti Shmuel (Seymour J.) Metz <nos...@gsg.eds.com>:

# "E - None of the above." Either way it's theft of service; the spammers
# are using our money to serve their business needs. I prefer to do my
# best to put them in jail.

They are also destroying a very rare and valuable commodity, the IP
address number space. The filters erected against them will continue
to exist long after they have gone bankrupt.