ISPs and Spam Enforcement... 28
mathowie asks: "I've been getting spams from "Benchmark Printing Supplies" for over two years, and I see an Atlanta-based PSInet dialup in the headers every single time. My messages to PSInet's abuse team asking why have gone unanswered every time. How can we stop spammers if ISPs don't take strong steps to hinder these guys from profitability?" Where CAN you go next if your ISP refuses to do something about the growing amount of SPAM in your inbox?
Re:Legalities (Score:1)
Re:Convince your ISP to join MAPS (Score:1)
RBL: http://maps.vix.com/rbl/
DUL: http://maps.vix.com/dul/
ORBS: http://www.orbs.org/
https://www.mav.net/teddyr/syousif/ [mav.net]
Benchmark Print Supplies (Score:1)
Re:Please explain to me the mind of a spammer (Score:1)
and
Every spam has a different 'remove email address' meaning that I must be on a million spam lists and me getting off them all is not a tractable possiblity.
That is because some spammer specialize in email harvesting. Using spider(automated software), they extract string looking like email adress from web page, Usenet news, etc. They then resell this list to other spammer that, in turn, resell it again and so on until you are in the adress book of literally hundreds of spammer. That's why so many people fsck'up their email (addind NOSPAM, REMOVEME, etc.) in the adress they post on web forum and Usenet. Since email harvester can't take the time to manually sort out the invalid email from the valid one, this give a level of protection from automated harvesting and bulk mailing.
However, this technique is not bulletproof. Using regular expression, a spammer could strip his email list of known "spam stopper" string. Personnally, I prefer the "login at isp dot com" scheme, since the automated email harvesting software are probably looking for "something@somewhere.somedomain". This is not bulletproof netheir, however.
As I understand this, the most valuable adress are those that are confirmed to be working. Thus, never respond to spam neither to flame the spammer nor to send "remove". This confirm that somebody is reading this mailbox, thus making your adress a more valuable target.
Concentric Network (Score:1)
So, that brings me to the main point. When you find that your ISP cannot control their spam, it's time to leave. I'm no longer a customer of Concentric network, and I tell EVERYONE that I know to stay away, far away, from Concentric.
The same should go for PSI too! If they started losing customers they would clean up their act. VOTE WITH YOUR FEET. It's the only language that companies understand.
End of rant.
Re:Convince your ISP to join MAPS (Score:1)
Anti-spam laws? (Score:1)
As for me, I just filter it all out into a "Possible Spam" folder. I filter for messages that don't specifically name one of my email addresses in the headers, so that most spam, which is bcc'd to people, will be caught.
A problem with RBLs and DULs (Score:1)
As for DULs, a good portion of my mail would be blocked by a DUL. Why should i have to use an ISP relay when Linux can run exim and deliver mail itself?
Yes spammers are a problem, but you have to be careful when you block them that you don't hit normal people as well.
-----
Re:Legalities (Score:1)
I actually heard one time if an ISP doesn't/refuses to stop illegal activity coming from their ISP, there are 'higher-ups' who you can contact (More then likely their provider of the line) who can give them an ultimadum(sp) to either take action or loose their lines. I think this can also be done through a gov office of one type or another. Sorry I don't have any names, but it's another thing to think about.
That was pretty uninformative.
If complaints get no answers or have no action taken on them, you complain the the upstream provider. When you run out of upstream providers to complain to, you still have a few options:
MMF or anything spam-scam which involves someone else making money off you: report him to the IRS. (spammers are almost all USAn)
Stock market scams: the fcc.
For addresses, chase up some antispam pages: look for "cancel moose" or "anti spam".
Also, check out the net.admin.net.abuse.* newsgroup FAQs at http://www.faqs.org [faqs.org]
dave
Re:Please explain to me the mind of a spammer (Score:1)
It seems like that I did not start to receive spam until I started to post on Slashdot.
When I set up this account, the above email address got persistently spammed from home.net. No amount of complaining worked. I guess home.net aren't too clued in.
The spam I receive is not to any email address I have, but rather to another dumbqwerty@msn.com, how can this be so???
You need to look at your "Recepient:" line in the headers. That'll tell you which email address it was really sent to. Most spammers put a fake address in the "To:" field and bcc to their victims.
Every spam has a different 'remove email address' meaning that I must be on a million spam lists and me getting off them all is not a tractable possiblity. Why can't there be one list that these 'generic' spammers would have to check before doing my inbox?? Perhaps it could be federal law.
Never, EVER reply to a "remove" address. They only exist to harvest working email addresses.
Why can't there be a way to 'triangulate' packets to find a physical location for lawbreakers, and give them hard time so other spammers would be scared?? (is scared spammer an oxymoron??)
Nope, spammers are such lower order life forms that they're incapable of fear. They're about four steps below script-kiddies and have many of the same traits. They don't understand how to do what they do; they're just running someone else's program. Despite the fact that they keep losing accounts (and getting verbally abused if they post 1-800 numbers) they *still* think that spamming works.
Doesn't MSN and AOL have ways to keep track of ip addresses they assign dynamically, and thus trace spam??
Yes they do, or at least they have logs and can tell who posted what and when. You need to complain to the right people and send them the full mail headers. Check out http://www.samspade.org [samspade.org] for info on how to track through headers.
dave
Re:Because Spam works (Score:1)
And that's the sad thing. They'll also write off the annoyed emails they get as 'just internet whingers'.
I live in Hong Kong, where the largest ISP (Hong Kong *Telecom*) nearly got RBLd because they didn't think there was anything wrong with spam...
dave
Re:Legalities (Score:1)
I was thinking of SEC, not FCC.
dave
look at junkbusters (Score:1)
IMHO... (Score:1)
The ISP upstream of them may be a good idea? In the case of PsiNet, I beleive that's Sprintlink. They have an acceptable use policy up at:
http://www.sprintlink.net/acceptableuse.htm [sprintlink.net]
In case they blanch at the thought of the RBL... (Score:1)
If your ISP is reluctant to implement the other two (several very valid reasons come to mind) I would strongly recommend they consider the DUL. There are no liability, control, or loss of service concerns that could possibly be generated by it.
* Er, shotgun-spam: a term I (and probably others) use to describe spam sent to a large list of commonly-found usernames. Similar to the concept of a dictionary attack, most of the spam bounces to the sender (usually resulting in a double-bounce, since the sender almost never exists) but a percentage of the spam makes it to accounts that would otherwise not be found on normal spam lists. Ingenious, and terribly evil...
Legalities (Score:1)
Form a union? (Score:1)
This may not be completely ethical or legal, since it would bear a small resemblance to a DoS/spam scheme, but I know I'd be pissed if I got spam from the same company for 2 years straight. It would also be sort of hard to prevent false alerts, e.g. false alarms designed to piss off the recipient.
Possibly you could try e-mailing them with a different address, on a different subject, to get proof that someoene on the other end is listening. Could be an ISP run by slackers who never check e-mail not coming from their own subscribers, because it's just a waste of their time.
SupremeOverlord
tidbit: Addr.com enforces (Score:1)
Re:Because Spam works (Score:1)
Please explain to me the mind of a spammer (Score:1)
The spam I receive is not to any email address I have, but rather to another dumbqwerty@msn.com, how can this be so???
Every spam has a different 'remove email address' meaning that I must be on a million spam lists and me getting off them all is not a tractable possiblity. Why can't there be one list that these 'generic' spammers would have to check before doing my inbox?? Perhaps it could be federal law.
Why can't there be a way to 'triangulate' packets to find a physical location for lawbreakers, and give them hard time so other spammers would be scared?? (is scared spammer an oxymoron??)
Doesn't MSN and AOL have ways to keep track of ip addresses they assign dynamically, and thus trace spam??
Re:Please explain to me the mind of a spammer (Score:1)
Doesn't MSN and AOL have ways to keep track of ip addresses they assign dynamically, and thus trace spam??
yes, and there are other ways of tracing these things too. how come an arrest can be made within seven days of the author of a bad macro virus but no police activity goes into enforcing the laws on the statute books about spam emails?
surely Spam constitutes a legitimate threat to the effectiveness of the public internet infrastructure? does the NIPC have a view? isn't it only a matter of time before some idiotic spammer decides to use the XMAS.EXEC effect (== Melissa virus effect, for you youngsters) to get a more effective reach for their email?
Re:Please explain to me the mind of a spammer (Score:1)
The reason that there is no police activity toward spam is because it unforturnately isn't illegal and they can't prosecute.
Depending on where you live there are laws in existence regarding spam. Many of these laws themselves do not classify spam as a criminal action, but do provide the basis for civil actions.
My point is that there are also other laws in existence regarding unauthorized use of computer systems and these are not used sufficiently. When spammers abuse hotmail or an open mail relay to despatch their email, why are they not prosecuted?
Choices... (Score:2)
This may or may not work. As usual, do not reply to the "unsubscribe" address that may be given in the e-mail.
2) Contact *your* ISP. Mine has a simple address to send spam to: spam@erinet.com
They ask that you forward the message with full headers. What do they do ? I don't know... Block all e-mail from that address or higher up the chain ? Send an automatic message to the "other" ISP ?
3) This doesn't solve your problem, but at least you won't see the messages anymore. But, use your e-mail program to filter messages from this company and send them straight to your deleted mail. I know you can do this with Netscape's mail program. I only recently started using Mutt, but I'm willing to bet you can do it with it, too.
Convince your ISP to join MAPS (Score:2)
It's important to be as polite as possible.. try to present it as a solution that would help their customer base, as opposed to hurt it (most ISP's cringe at the though that one of their customers might not be able to send/receive email to a particular domain; for whatever reason.)
Unsolicited or solicited? (Score:2)
If this is the case (and ONLY if this is the case!) I would recommend that you use the removal address they provide. Otherwise, the business won't know to remove you and the ISP will laugh off any complaints they receive. If you ask to be removed and aren't, THEN you will have some ammo for the ISP.
Just please remember: commercial email, no matter how unwanted, does not equal spam. It's got to be unsolicited.
Hm, one additional point: Make ABSOLUTELY sure you know which email address the spam is being sent to. A lot of us have acquired countless old email addresses, and it's easy to forget that everything is getting forwarded to your current address. If you ask for the wrong address to be removed, it (obviously) won't work.
And if they're really spammers? Heh. Draw some blood for me, would you?