NET CRIMES & MISDEMEANORS:
Outmaneuvering Web Spammers, Stalkers, and Con Artists

 

  PARTIAL SAMPLE CHAPTER

Chapter 3

Spam Not In A Can

“I realize now I was one of the first computer professionals to experience the feeling of dread evoked by a flood of spam complaints.”
- Ray Everett-Church

Spam: Unsolicited electronic junk mail, usually advertisements or offers, and more often than not, unwanted by the receiver; sometimes used as a revenge tactic by pretending to be someone, then spamming messages to hundreds, sometimes thousands of people.

In the early 1990s, as the Internet became accessible to more people, junk mail found its way online in the form of e-mail advertisements. Almost always unsolicited, these messages began appearing in e-mailboxes, mailing lists, and newsgroups a handful at a time, and were seen as more of a minor annoyance than anything.
But someone back in 1975 had seen the potential for a problem with online junk mail. Jon Postel wrote in November of 1975 that host computers had to read every e-mail message coming in, but if there was a malfunctioning host that began sending too many or unwanted messages, there could be a problem. "It would be useful for a host to be able to decline messages from sources it believes are misbehaving or are simply annoying," he wrote.
Prophetic words.
Although most people called it junk e-mail and promptly tossed it in their “trash ,” in 1994 a new term was coined for this problem: Unsolicited Commercial E-mail, or UCE. This was due to a now infamous story, the telling of which follows.

The Green Card Spam
Ray-Everett Church was working as an information specialist with the Washington-based American Immigration Lawyers Association (AILA). His job was to look for any news items related to U.S. government immigration policies. As their resident techno-geek, he began putting together an online newswire of the information he found. He was also generally answering any technical questions.
"When I arrived in the office on the morning of April 13, 1994, the receptionist handed me a stack of angry faxes and forwarded a voice mailbox full of furious calls," he recalls. "By the time I stumbled to my cubicle, I had met the enemy. Their names were Laurence Canter and Martha Siegel."
For a little background: In the early 1990s, Congress created the Green Card Lottery program. Although it offered a great opportunity to immigrants, it also provided an opportunity for scammers to make money by charging hopeful immigrants high fees to file lottery entries when all it actually took was a postcard, a stamp, and the person's name and address.
Canter and Siegel were a husband-and-wife law firm who saw dollar signs and wanted to jump on this potential money-making bandwagon. They were also technically savvy and began sending hundreds of messages to newsgroups.
"The faxes and phone calls I fielded asked what could be done to stop them and to sanction them for their activities," Church says. "As a voluntary association, AILA's only recourse was to throw them out of the association. However, when I went to AILA's senior staff to ask what that procedure entailed, a director of the organization said, 'Canter and Siegel? What did they do this time?'"
It turns out the pair were notorious for this sort of thing and had been disciplined many times. And now they were the initiators of the Green Card Spam, which is the term the media gave to it.
"They effectively were the ones that I consider ‘the spam that started it all,'" says Church with a laugh. "I went on to get my license to practice law. They lost theirs. I realize now that I was one of the first computer professionals to experience the feeling of dread evoked by a flood of spam complaints. I've never quite forgotten that feeling, and it's part of the reason I've spent so much time combating Internet abuse."
As Counsel for CAUCE (Coalition Against Unsolicited Commercial E-mail) at www.cauce.org, Church now helps address legal problems related to spam and spammers.
"We're focused on lobbying in favor of federal legislation to combat spam," he notes. "We're also educating companies on how to use e-mail for marketing in a responsible manner as well as working with state legislators to teach them about anti-spam laws -- what makes good ones, how to avoid constitutional issues, and why not to accept marketers' whining at face value."
This is valuable work, and Russell Allyn, whom you’ll read about next, probably wishes it had started prior to the summer of 1997.

Samsung’s sad song
No one knows the exact number, but it's estimated that over 12 million people accessed their e-mailboxes on August 9, 1997 to find the following message:

From:          webmaster@compuserve.com
Date:          Sat, 09 Aug 97 10:47:22 EST
To:            suspected_flamer@somewhereincyberspace.com
Subject:       Cease And Desist Flaming
Reply-to:      khskllp@aol.com

On behalf of our client, Samsung America Inc., ("Samsung")
we hereby request that you cease and desist all
inflammatory internet hacking, telephone hacking, flaming,
jamming, and other illegal activities.

If you have responded aversely to a recent bulk e-mail
message from our client, Samsung America, Inc., or from any
of its subsidiary companies, then you may be one of the
people who has performed fraudulent and actionable
transgressions, thereby causing severe harm to our client.

Your e-mail name was provided as being suspected of
connection to various acts of internet terrorism. Your acts
are illegal.

Several messages have suggested that Samsung and/or its
subsidiaries, including but not limited to Sailahead Global
Emporium, www.sailahead.com, and Samsung Electronics,
www.sosimple.com, violated US Federal Laws through
activities commonly called "spamming."  This allegation is
unfounded in the law, as spamming is a protected activity
under the laws of free speech.

Our client has asked us to inform you that all of your
future correspondences should be directed to their counsel:

Russell L. Allyn, Attorney at Law
California Sate Bar Number (SBN) 143531
Katz, Hoyt, Seigel & Kapor LLP
Los Angeles, CA
khskllp@aol.com
310-555-1212
310-555-1212 (fax)

All incidents of internet terrorism will be prosecuted
where possible, and reported to appropriate law enforcement
authorities as warranted.
Please consider this as your notice to cease all attempts
to harm multi-national corporations who conduct legitimate
commerce on the internet.

Russell L. Allyn, Attorney at Law

To put it mildly, those affected by this were not amused. Russell was inundated with angry e-mails, phone calls, and faxes from around the world. His superiors were contacted and told to fire him. Some people even contacted the American Bar Association to file complaints. The media began bombarding Russell's office for comments. He was overwhelmed by them and by the complaints. "It's not from our office; it's not from me," he said over and over.
Russell was trying to think of who might have done this. Though he couldn’t name a specific person, he thought it might be someone dissatisfied with the settlement in a case in which Russell represented Samsung, and now this was that person’s way of achieving retribution.
Russell and the law firm he worked for weren't the only ones getting complaints. Samsung was receiving 6,000 to 10,000 e-mail complaints a day, as well as hundreds of phone calls. It wasn't only as a result of this spam either. Since mid-July, Samsung had been dealing with angry people who were receiving forged messages from Samsung's newly established Internet service provider, Sailahead Global Emporium. There were over a dozen different forged spams being sent out.
"We've spent millions and millions to maintain our reputation and our brand image," Sang Cho, the in-house counsel for Samsung of America said at the time. "We don't care about retaliatory action, we just want it to stop."
Samsung officials thought they knew who was doing it. They'd recently had a conflict with a Southern California man who ran a religious Web site using Samsung's Internet service and who was behind in payments by $2,400. Company officials tried to collect but the man told them that if they didn't pay him $1.2 million, he was going to ruin their business.
When the spams first started, Samsung contacted UUNET Technologies, the originating ISP, but they refused to give out any information about the account involved without a subpoena. Samsung hoped things would die down. Then, on August 9th, the Russell Allyn spam was sent out, again through UUNET. Subpoenas were issued this time, but it was found that fake names, addresses, and other information were used to open the accounts.
Samsung was so inundated with angry e-mails that they set up all of their public e-mail accounts to respond automatically with the following message:

This is an Auto-Response message:

If you are responding to the e-mail SPAMMING, please accept our apologies.
I want to assure you that SAILAhead/Samsung IS NOT the originator
of this spam. This is not the type of activity Samsung condones.

Please help us remove Spamming from the Internet.  DO NOT SPAM US.
I know you are angry.  So are we.  We need everyone's cooperation
to catch the perpetrator of this fraud.  Spamming us back just
makes it harder to isolate the source.

If you have any information which may help in identifying and
apprehending this offender, please contact me at 800-943-4252 ext. 4.
We are offering a reward.

Thank you,

Avram Grossman
Manager, SAILAhead Internet Services

Eventually, the furor died down, and the spams stopped. But the person responsible was never found. Russell's life was turned upside down -- rumors swirled that he almost lost his license to practice law because of the spams. He now works for a different law firm in Los Angeles.


What’s In a Name?
Wait a minute, isn’t SPAM the luncheon meat in the familiar blue can?
Meri Harris, media spokesperson for Hormel Foods, the makers of SPAM, admits the company wasn't too thrilled when the term spam started being used to describe junk e-mail.
"But what can you do?” she says. “It's become so much a part of the Internet culture that as long as people don't come to us complaining about online spam and it's not spelled out in capital letters, like our trademark name, then we can live with it. We did get some people e-mailing us, thinking online spam came from us and it got to a point where we put up a page on our site explaining the difference."
So, why is the junk mail called spam? According to the narrative at the SPAM web site, "Use of the term spam was adopted as a result of the Monty Python skit in which a group of Vikings sang a chorus of 'spam, spam, spam . . .' in an increasing crescendo, drowning out other conversation. Hence, the analogy applied because UCE was drowning out normal discourse on the Internet."
Usenet spammers
Usenet, also known as newsgroups, discussion groups, and forums, has a similar problem with spam. Since there are literally tens of thousands of newsgroups that cover possibly any subject you can think of (from Harrison Ford to writing to bicycling to sex), spammers have an easy way to send their messages. More likely than not, these spams contain fake return e-mail addresses, which makes it harder to track them down but not impossible. However, what's considered spam in e-mail isn't the same definition for spam on Usenet. On Usenet, spam is when the same message is posted an unacceptably high number of times to one or more newsgroups, whether or not the content of the message is relevant to the newsgroup(s). Although no specific number has been agreed upon, if a message is posted 20 times to the same newsgroup or to 20 different newsgroups, it is considered spam. Some ISPs consider as little as five postings of the same message to be spam, and may cancel the offender’s account. The message here is to be careful when posting messages to newsgroups.
Usenet spam is primarily aimed at lurkers -- people who read newsgroups but rarely or never post and give their e-mail address away. The spammers are hoping one of the lurkers will actually read their spam and maybe even visit their Web site or reply to the spam (some people do). Usenet spam makes it difficult for regulars to navigate their favorite newsgroup(s). Some of them are sick and tired of spam, which leads this discussion to: spamhunters.
Spamhunters on Usenet eagerly send copies of spams to newsgroups devoted to spam, such as news.admin.net-abuse.sightings. Usenet management then makes sure the right ISPs are notified of the spammers. Sometimes the accounts of the spammers are canceled, but if they are persistent they'll get a new account and begin spamming again.
If an ISP seems to be harboring spammers, a UDP (Usenet Death Penalty) will be set by Usenet administrators. A UDP effectively blocks all messages posted from the offending ISP, not just the spams. This means that if someone has a legitimate e-mail account with that ISP, they won't be able to post to any newsgroups. This usually gets a quick reaction from the ISP by becoming aggressive in stopping spammers from using their services, or they readjust their services to prevent spamming.
Luckily, Microsoft Internet Explorer, Netscape Navigator/Communicator, Forte Agent, and other newsreader programs offer a killfile feature, which can be used to filter out Usenet spam so that it almost never shows up when reading in the newsgroups you've subscribed to. Each program has a different way to set up killfiles (which are also available in most e-mail programs), so it’s best to consult the HELP files in your program(s) for instructions on how to use killfiling.
When setting up a killfile, you can input an e-mail address or specific words found in the subject line of common spams, such as Make Money Fast, Free Software, Lose Pounds Quickly, etc. Some people put dollar signs ($$$) in a killfile, as many spams include them in the subject line to try to entice you to read the spam. Other commonalities includes sexx (with two x's), penis (because the subject line usually reads Grow Your Penis Larger or Bigger Penis Guaranteed), two or more exclamation marks (!!!!), or question marks. Once the killfiles are set, you'll see a dramatic drop in Usenet spam.

How To Avoid Spam
You can't avoid it entirely, just like the junk mail that comes to your mailbox at home. But there are some things you can do to combat it. (Thanks go to Ray-Everett Church for some of these tips):
1. Know where your e-mail address can be found (white pages, web pages, etc.) Do you know who has your e-mail address? Do you participate in chat rooms? Message boards? Newsgroups? Do you have your e-mail address posted on your web page? Spammers look for legitimate e-mail addresses everywhere on the web.
2. Guard your primary e-mail address. When somebody asks for it, think twice before giving it to them.
3. Choose an ISP that actively blocks spam.
4. Learn to filter your e-mail. Some e-mail software has pretty decent filtering features that, if you take the time to read the instructions, can be useful in helping you manage your mailbox, and may even help you filter spam into the trash. It won't save you money, but it might save your sanity.
5. Don't hit Reply! Most of the return addresses in spam are faked in order to deflect complaints. However some spammers use real addresses because they really do want to hear from you. Why would they want to hear your angry diatribe? Because then they know that your e-mail address is functioning and that there's a real live body on the other end of that connection. By replying, you wave a big red flag that says, "Spam me some more!" So, don't hit Reply.
6. In newsgroups or forums where spam appears, again, don't reply to a spam. If you want a good laugh, read some of the responses to spam on various newsgroups; they can be quite humorous. (For example, someone posted the following reply in response to an "enlarge your penis” spam: "Hey, I’m a woman – if it works, I can get rich!")
7. Establish secondary "screen names" for chat rooms/boards. These are among the most appealing places for spammers to gather e-mail addresses. Many ISPs like AOL, AT&T, and CompuServe allow you to create secondary screen names or additional e-mail addresses at little or no cost, shielding your main address from the flood.
8. Give/use false e-mail addresses. Many people know that spammers troll through chat rooms and message boards looking for e-mail addresses, so they use fake or altered (sometimes called "munged") e-mail addresses. For example, "JohnDoe123@hotmail.com" might give out his address as "JohnDoe123@I-hate-spam.hotmail.com" and then give instructions to remove the "I-hate-spam" part before sending him e-mail. This tends to confound many spammers, particularly those who use automated e-mail "harvesting" programs that gather anything with an @ sign in the middle. Since they're too lazy to sort the millions of addresses by hand, they'll usually end up sending to the altered address.
9. Establish valid secondary e-mail accounts at free e-mail services (such as Hotmail, Yahoo!, etc.). This is useful if your ISP doesn't let you create secondary accounts easily or cheaply.
10. Use unique e-mail account names not found in a dictionary. A growing number of spammers are grabbing names out of dictionaries, randomly sticking numbers in there, and then pasting on an @hotmail.com or @aol.com, or @wherever.com. This way they don’t have to gather addresses. Thus was born the "dictionary" spamming attack, and this is why you might want to pick an e-mail address that is less predictable.
11. Learn how and where to complain to get spammers shut down, such as using SpamCop or other programs or Web sites listed in the Resources section at the back of this book.

Fighting spam
CAUCE is an ad hoc, all-volunteer organization created by Netizens and is a good first stop for everything you want to know about online spam, anti-spam legislation, and what to do about spam. It costs nothing to join CAUCE and each person who joins makes CAUCE's "voice" stronger on Capitol Hill (Washington, D.C.) and in member states -- and better able to get anti-spam legislation passed and enforced.
SpamCop puts you in control of the spam you receive. Register for free. When you receive a spam, activate the full headers (see previous chapter for instructions) and copy and paste the spam into the text box. SpamCop then does the work, figuring out who to report the spam to. All you need to do is click on SEND and it's taken care of.
Created by Julian Haight in 1998 to deal with spam he was getting in his personal e-mailbox, Haight's first SpamCop program was a simple, 100-line script he put up on his personal web page.
"When it was released, there was a lot of skepticism in the spam-fighting community," says Haight. "I received a lot of criticism but also a lot of feedback, which helped make it what it is today."
SpamCop works by using a combination of Unix utilities such as nslookup and finger to crosscheck all the information in an e-mail header to find the correct e-mail address of the administrator on the network where the message originated. It then formulates a polite request for discipline, including all the information needed to track down the user responsible. Sometimes the person reporting the spam through SpamCop will receive a reply from the ISP involved thanking them for reporting the spam, and sometimes the account involved is canceled.
"SpamCop gets about 100,000 reports a day, if that gives you an idea of the scope of the problem with spam," Haight says. "There are some spammers who aren't too happy with my site. A couple of years ago someone sent out a spam ‘advertising’ SpamCop, which caused a problem. Thankfully, it has always been hosted on my own server, so there has never been a real threat of getting it shut down. Now I co-locate my server with nyi.net, a company who approached me specifically because they wanted to host SpamCop."

The SpamCon Foundation Law Center, founded by Tom Geller in January of 1999, is for those who have been damaged by spam, or "e-mail vandalism," as Tom calls it. This site provides a list of states with anti-spam laws, the status of any state or federal legislation, information on how to sue spammers in states where there are current laws, a forum to discuss spam and spammers, and resources.
If you're really angry about spam, go to www.madaboutspam.org, sign the online petition, and join their boycott.
If you want all the technical details of spam, go to http://spam.abuse.net, where you'll find tutorials on filtering, blocking, and more.
Sometimes the war against spam can be won, if you take the initiative to fight it.


On The Other Hand. . .

If you want to receive some random spam, go to Random Spam and you'll see … random spam. Hit your Reload/Refresh button on your Web browser and you'll see more random spam.

In Defense of Unsolicited Bulk E-mail (spam) provides news and information from the spammers’—or to use a nicer word—marketing perspective.

A little humor goes a long way at Satirewire’s Annual Poetry Slam, er, Spam. All of the poems were written using words from actual spam that the contestants had received in their e-mail inboxes. If this doesn’t make you laugh, nothing will.

For more on the lighter side of spam, visit Spam humor. This site has anti-spam humor and spam cartoons.

Finally, 101 Things to Do With a Spammer. Don’t try these at home. My favorite is #32, “See how many spammers you can stuff into a phone booth.”

If you want to receive spam, go to IWantSpam. This site lets you receive all the spam you want. Really. Advertisers can submit one ad (spam) per day and recipients who sign up for the free service will receive one message in their e-mailbox each day, not exceeding 100K in size.
In Defense of Unsolicited Bulk E-mail (spam) provides news and information from the marketing -- spammers’ -- perspective.
A little humor goes a long way at www.cspam.com, a site that lets you listen to your choice of classical music while you view a scrolling list of (real) spams. If this doesn't make you laugh, nothing will.
Get all the latest news about spam sent to your e-mailbox with the Petemoss.com SpamNews digest. It's free.
Finally, 101 Things To Do With A Spammer. Don't try these at home. My favorite is #32. "See how many spammers you can stuff into a phone booth."