...Use caution when giving your e-mail address to anyone.
...Be skeptical about any and all information in unsolicited e-mail.
...Report the spammer to the proper authorities whenever possible.
...Use multiple e-mail addresses to keep spam from getting into your real inbox.
...Munge your e-mail address when posting it in public. (See Spam Prevention for more info.)

...Ever buy anything from a spammer!
...Respond to any unsolicited e-mails.
...Propagate chain letters and hoaxes
...Click to REMOVE ME! Ever!
...Give out your e-mail address unless you have to.
...Post your e-mail address publicly.
...Choose an easy-to-guess e-mail address.

Spam is more or less defined as any e-mail you don't want and didn't sign up for. It is usually advertising something or promoting some kind of scam. Other terms for it include unsolicited bulk e-mail (UBE) and unsolicited commercial e-mail (UCE).

Spam is widely recognized as a serious problem facing ISPs and internet users, since it eats up bandwidth, defrauds people, and fills up people's inboxes with junk. It has the potential to become much more of a problem than junk snail mail or telemarketing (phone spam) because it is so unbelievably cheap to send spam e-mail rather than calling you or mailing you a piece of paper. Some people literally are forced to throw away their e-mail addresses because they receive so much unwanted spam.

If e-mail servers are continuously overwhelmed with spam, it could eventually become a threat to the very existence of e-mail as a communications medium.

Believe it or not, it's from the Monty Python "Spam" sketch. Spam e-mail drowns out e-mail conversations just as the men shouting SPAM SPAM SPAMMITY SPAM! drowned out the conversations around them in that scene.

You are getting spammed by strangers because they were able to get your e-mail address, one way or another, and are hoping to get money from you. See the Spam Prevention section to find out how to prevent this from happening in the future; and see the Spam Management section if it's already too late.

An opt-in list is one that you have to specifically request to be on - like signing up for a newsletter. If you opt-in, it's not really spam, because you requested it. There is usually a fairly simple way to get off the list in this case. (This is not a technique used much by spammers.)

An opt-out list is one where you are signed up for the list without your knowledge and you are responsible for removing yourself. Opt-out is usually a sign of bad intentions! Many people feel that any legislation which legalizes opt-out marketing is (almost) worthless.

In a word: NO!

Using the 'remove me' link (or e-mail) is never, repeat NEVER, a good idea, unless you requested to be on the list in the first place (in which case it is not really spam).

Most of the time, a remove request will just not work. However, when it does, it's even worse! It lets them know that you are reading and responding to their e-mail - that is, you are a sucker for spam. (Don't feel bad, just about everyone has done it at some point in their lives.)

If they find out that you clicked 'remove me', you will probably be deluged with spam pretty soon.

Deleting spam helps no one. Your silence will be taken as acceptance.

Bouncing spam is tricky; if you don't do it right, the spammer may realize that you faked it, and that your address is a legitimate one. This may get you more spam. Most of the time, the spammer will not include a legitimate address to bounce a message to anyway, so it's just a waste of time.

The best thing to do is report the spam to the proper authorities.

You should complain to anyone who is hosting any of the spammer's e-mail or web addresses. Decipher the headers of the e-mail address and complain to their ISP; do a lookup on the web address and complain to the company hosting it.

This can be tricky as spammers usually try to hide where they are spamming from.

Some sites that will help you with the details of spam reporting include Spamcop and UXN Spam Combat. These sites make it easy even for a relative newbie.

Once you've parsed the email headers and determined the injection point, you can visit the Network Abuse Clearinghouse, http://www.abuse.net/, and input the domain name to search their master database for the correct abuse address to send complaints.

There are lots. Here are a few places to start:

Spamcop - They will help you report spam and educate you on fighting the good fight. Both paid and free services.

MyRealBox - Providing spam-free e-mail.

MailWasher - Allows you to bounce, delete, filter, preview, blacklist, etc. your e-mail messages. Free!

CAUCE - An organization dedicated to fighting spam.

Spamfaq.net - A very extensive spam FAQ with lots of good links.

The Center for Democracy and Technology has put together a paper based on a study about what online behavior results in the most spam.

»www.cdt.org/speech/spam/030319sp···rt.shtml

Their analysis indicated that e-mail addresses posted on Web sites or in newsgroups attract the most spam.

There are varying laws in different states and countries. Check Spamlaws.com for information about your area.

New anti-spam legislation is currently in the works in the U.S.

Aside from the legality of it, it is against the Terms of Service of almost every ISP to use their servers or bandwidth to spam. This means that when you complain to a spammer's ISP, they may lose their Internet access (a good thing!).

This bill was never passed. Spammers often lie about this in their e-mails, saying that by doing something-or-other to comply with regulations, this e-mail you are reading is not spam. Well, they're wrong and it is still spam.

Bill 1618 is a popular thing for spammers to mention when they are trying to discourage you from reporting them to their ISP or web host. Don't let it stop you.

Spammers love to do this. They will quote Bill 1618, or say that you signed up to be on the list; or you signed up with their business partners; or even that you posted your e-mail in a public place. If this is not something you specifically signed up for, IT IS SPAM!

None of those excuses legalize what they are doing. You should report them just like any other spam, only more so because they are trying to trick you.

1. The Federal Trade Commission wants you to forward a copy of EVERY spam you receive to uce@ftc.gov.

2. If the spam you receive asks for money through the U.S. Mail, the United States Postal Inspection Service, forward a copy at fraud@usps.gov.

3. To report e-mails promoting medical products such as human drugs, animal drugs, medical devices, biological products, foods, dietary supplements or cosmetics, that you think might be illegal, forward the email to the Food and Drug Administration at webcomplaints@ora.fda.gov.

4. Suspected fraudulent nonprescription drug spam can be forwarded to the Food and Drug Administration at otcfraud@cder.fda.gov.

5. If spam you receive touts a stock opportunity forward it to enforcement@sec.gov.

6. Nigerian "419" scams can be forwarded to 419.fcd@usss.treas.gov.

Just as you would promote any other legislation. Fax, write, or call your elected representative and express your wishes. Tell your friends to do the same. You can find all the contact information you need on the web.

And don't forget who is working for your interests and who isn't when it's time to vote!

Gigalaw.com, a website devoted to Legal Information for Internet Professionals, has created another website specifically addressing the CAN-SPAM Act:
The CAN-SPAM Library

Prevention is key in fighting spam. It is usually impossible to 'rescue' an e-mail address that is being spammed to death, so you need to keep it from happening in the first place.

Here are some tips to prevent your e-mail being spammed:

Don't post a real e-mail address in a public place like Usenet or the Internet. If you have to have a legitimate address, use tricks to get around the automatic e-mail harvesters used by spammers.

For example, post your e-mail address on a web site in the form of a JPEG image instead of text. Or put it in some format that is difficult to automatically decipher, like this: myemail -( at )- domain )-dot-( com. Or you can 'munge' the address, by putting extra text in like myemailSPAMSTINKS@REMOVETHIS.domain.com. Don't do anything too obvious (like myemail@NOSPAM.domain.com) or the harvesters will be able to decipher it.

If you DO get spammed, never, ever reply to it or click any links in it. This will get you more spam.

Don't pick an address that is too easy to guess. If your e-mail is joe@somepopularISP.com, you can bet you will be first on every spammer's list. This goes especially for the bigger ISPs and free e-mail services that would have lots of e-mail addresses for spammers to mail to.

Don't give your real e-mail address to anyone who doesn't really need it. If you're buying something online, or signing up for a free service somewhere, keep a free e-mail address that you use for this purpose only. That way if you get spammed it won't bother you at your real e-mail address, and you will still have the receipt if you need to go find it. When this spare address gets too full of spam, you can throw it away and start a new one since you don't have anyone legitimately contacting you with that address.

Make sure you are using a reputable ISP that has a good privacy policy. In rare circumstances, ISPs will sell their e-mail lists.

Many web sites on the internet require registering with your email address in order to view content or download shareware. Some of these sites are entirely ethical and do not add your email address to mailing lists without your permission or they tell you up front that you will be added, but they bury that fact in their privacy policy somewhere. Some web sites are entirely unethical and not only add you to their lists, but sell your email address to other sites and/or to spammers.

One way to combat this is to use one of the Privacy.net Stealth Email Addresses they have created specifically to reply back if the address is spammed with:

"The person who provided you with this e-mail address did not perceive value in receiving your e-mail and/or did not want to provide you with their identity. The person did not "opt-in" to your e-mail and/or did not subscribe to your mailing list. If this address is "subscribed" to a mailing list then you have not taken steps to verify subscribers to the list. Please remove me@privacy.net from your list. You may wish to consider concentrating on improving the value of your offers so consumers will request to receive them rather than taking steps to avoid receiving your e-mail."

The addresses you can use are:
me@privacy.net
me0@privacy.net
me1@privacy.net
me2@privacy.net
me3@privacy.net
me4@privacy.net
me5@privacy.net
me6@privacy.net
me7@privacy.net
me8@privacy.net
me9@privacy.net

Of course, if the web site you are registering at requires you to reply to a confirmation email before you are truly registered, then this will not work, since you'll never receive the email. But . . . since this type of registration, known as "confirmed opt-in" is only practiced by ethical web sites and mailing lists, the question of trust is answered by the fact that they use "confirmed opt-in" registration.

Filtering is a good choice for people who can't throw an e-mail address away and have too much spam. (For some people, too much spam is 1 spam; for others, 50 a day. Make your own decision.)

You can either set up your own filters - most common e-mail programs support this - or use a third-party program like MailWasher.

Here's a great link at Spamcop.net with information on how to get many email clients to display full headers.

An increasingly popular method of spam delivery is using the Windows Messenger Service. Not to be confused with MSN Messenger, the chat program, the Windows Messenger Service is used by certain applications and system administrators to notify users of important events. An example of the spam follows:





So how do you prevent it? First, we should note that the ability to receive this spam may indicate a more serious problem: your computer's NetBIOS ports are open. Please see our Security Forum for more info on NetBIOS. The easiest solution is to install a firewall such as ZoneAlarm. Or if you are using Windows XP, you could enable the built in firewall.


If you'd like to completely disable the Messenger Service (please note this may disable some important alerts from firewalls or other programs designed to use the Messenger Service), follow these steps: (courtesy of guyver01 )

Click on the "Start" button.
Right-Click on "My Computer"
Choose "Manage" from the menu that appears.
In the left column Highlight "Services and Applications"
In the right column Double-Click on "Services".
Double-Click on the service called "Messenger".
Click the "Stop" button to stop the service.
Change the "Startup Type:" to "Manual"
Click "Apply".
Click "OK".
Close "Computer Management"

*If your computer is connected to a corporate network, please consult your System Administrator before making any changes!

More resources:
Microsoft Knowledge Base Article - 330904
The PopUP Spam thread here at BBR
The myNetWatchMan Alert
Full instructions for stopping pop-ups.

The Nigerian 419 scam

This one is old, real old. It used to be propagated through snail mail! The scam is that you receive a message from some person in a foreign country, often Nigeria, and he needs your help. He is (through some ethically dubious method) trying to get some huge amount of money, tens of millions of dollars, away from a company/government and he needs a contact in your country with a legitimate bank account so he can wire the funds out of his country. He says he will let you keep a (pretty large) cut of the money if you help. And all he needs is your name, phone number, bank account number, social security number, etc. etc. Needless to say, this is a BAD IDEA! Don't do it! This one hooks a lot of people and the scammers are allegedly netting millions of dollars a year from it. Whew. Send this one to uce@ftc.gov in addition to reporting it in the usual ways.

Viral marketing/pyramid scheme

This includes the MMF (Make Money Fast) type schemes. You send $5 to the people on the list, then put your name on it, etc. You will make thousands. Yeah, right. These do not work after the first couple of people on the list, and guess what, there are already a bunch of people on the list so you're too late. Don't fall for these - they are illegal almost everywhere. The best part is, the people usually include the names and addresses of several people taking part in the scam so you can actually report them to the police (...not that they will get arrested, but you never know).

Hoaxes and chain letters

These take many forms. Bogus virus warnings, or maybe they inform you that Bill Gates will give you money if you forward it to everyone you know. These messages are not exactly spam, but they have the same effect of clogging your inbox and mail servers in general.

I don't think I have EVER received one of these forwards that was actually true. Nothing bad will happen to you if you don't send it to everyone you know; nothing good will happen if you do! Please just delete it and tell your friends to stop sending them.

For a list of common e-mail virus hoaxes, check out Mcafee.com. For other hoaxes, check out sites like TruthOrFiction.com before forwarding it to anyone.

Some e-mail servers are (mis)configured so that anyone in the world can use them to send e-mail messages. This is called an open relay. (A normally configured server only lets authorized users send messages, e.g., only AT&T customers can use AT&T e-mail servers.)

Spammers use these to send mass amounts of e-mails because they are harder to trace, and since they are not a customer of the people who run the server, they can't be punished.

Some people who run servers don't realize that they are doing anything wrong, and if you politely inform them of this fact, they will close the relays. If they are using MS Exchange 5.5, point them here and if they are using 6.0, point them here for instructions on how to fix the problem.

In most cases, this is not really spam; this means that someone, somewhere has a mass-mailer virus.

Many viruses will send e-mails out with fake From: addresses, so it is hard to know just who is infected. The person almost never realizes that they are infected with a virus. Usually if you are getting it, it means you are in their address book.

If you can figure out who it is really from, let them know they are infected - but don't be rude about it, they are probably just clueless. They aren't sending you viruses on purpose to be mean! You might try sending them a link to a page about the virus and how to clean it up.

The exception to this rule is if you really pissed someone off and they decided to send you a bunch of viruses. But that isn't too common.

Web bugs are images in e-mail that confirm that your e-mail address is real, and you have just read the e-mail by downloading the image.

You might not see them at times as they can be 1x1, and transparent. Other times they appear as any ordinary image, but the one thing you don't see all the time is the string they send when requesting the image from the server. It could be some random number assigned to your address on the server, or it could be obvious with your e-mail address in the request.

These are easily blocked by a firewall that allows you to control the ports per application. Others might not allow this, and only allow/block/drop the packets from that application so you would have to allow the web bug requests along with the request to send/receive your e-mail. The simplest way is to allow your pop3(tcp 110), smtp(tcp 25), and imap(tcp 143) ports if necessary. Most of the time web bugs use port tcp 80, but this port can vary so securing which ports the programs use is the easiest route. What can complicate this is software proxies, here you just make sure that your mail application is not allowed to run through your software proxy if possible.

Many programs allow you to turn off this feature. In Outlook Express you can force your messages to appear in text in your options, and that will take care of web bugs if you have not also done the firewall route.

Answer submitted by: Blitzenzeus

Windows Messenger (and its sister program - MSN Messenger) are Instant Message clients, like ICQ or AOL Instant Messenger, that allow people to chat with one another across the globe. If you are wondering what the difference between Windows and MSN messenger are, another user has added a FAQ entry here to explain:
/faq/8133

The Messenger Service is a service in Windows 2000 and XP that allows messages to be sent from a server to a workstation or from workstation to workstation over a network via the 'net send' command. Unfortunately, spammers figured out how to send spams via the service, and a recent flaw was discovered in the service that would allow a hacker to take control of the computer.

If you are one of the many people who has received pop-up spam via the messenger service, or you think you might be receiving it, there is another helpful FAQ entry here that will explain how it works and tell you how to stop it from happening again:
/faq/5687

In a corporate environment, network administrators may use the messenger service to alert employees that a server is going down for maintenance, or they may set up a server to automatically send them a message when a virus is detected on a computer. Most home users have no need for the service, which is why so many sites suggest that it be disabled. In fact, Microsoft is going to disable the service by default in XP Service Pack 2, due out in summer of 2004.

Many news sites equate the two. They are not the same thing! Hackers cannot hack you because you use MSN or Windows Messenger, nor will disabling the Messenger Service prevent you from chatting.

Almost certainly, no. Reputable financial institutions don't ask for personal details in email nor send attachments - this is just asking for trouble and we hope you never fall for it.

If you've received something that purports to be from Citibank, please visit the main Citibank site and click on the "about e-mail fraud" link at the bottom of the page. Citibank does a pretty good job of keeping up with the latest scams: you can confirm and report yours via this page.

There are several Internet organizations, possibly most prominently MAPS, who maintain lists of IP addresses that are known in some way to support spammers (having open relays, hosting Web sites, distributing marketing spamming software, etc.). If you operate a mail server, usually there is something in its configuration (e.g., Sendmail's rulesets) which can consult these lists, called "blacklists" or "blocklists," in an automated way when receiving a piece of mail. Usually this takes the form of a DNS lookup of a specially crafted name. For example, if MAPS discovers there's an open relay at address 10.20.30.40, they will put an entry for 40.30.20.10.relays.mail-abuse.org in their DNS servers. When your mail server is receiving mail, it calls the operating system to ask it what the IP address of the email client is, comes up with 10.20.30.40, then does a nameserver (DNS) query for the above string. If your mail server gets an expected response, it throws an error back to the email client, and refuses to accept the email. If instead it gets back an error (due to no record being there for example), it assumes the email is coming from an OK source and proceeds.

As a form of even more severe punishment, some of the blacklist organizations distribute Internet routing information (BGP data) that cause ALL IP traffic from these networks to be effectively discarded. Effectively, this forms an Internet "blackhole" (it's unreachable from your network).

Since many spams originate from "throwaway" dialup accounts, and sometimes DSL or cable modems, another list that MAPS maintains is a list of blocks of addresses (netblocks) which ISPs have assigned to their dialup, cable modem, or DSL customers. These are somewhat effective, but often perfectly legitimate emailers send email autonomously (that is to say, without using their ISP's email relay).

As long as you are the one running the email server, this can be effective. If your ISP receives and stores (or forwards) email for you, this will be of no use, because the address from which the mail will be coming is your ISP, and it's pretty much a given that your ISP won't be on the RBL (realtime blackhole list).

Unfortunately, MAPS has become a subscription service, but it may be worth it if you're doing this as a service to a group, such as your family or your house of worship. But there are a few different possibilities; use your favorite WWW search engine to look for "email blocking lists" or similar phrase.

Background info:

»www.killfile.org/~tskirvin/nana/···ter.html
News.admin.net-abuse.sightings is a forum for reports of sightings of net abuse. It is a robomoderated forum, allowing only properly formatted posts. Followups are required to be set strictly out of the group and into the appropriate group in the news.admin.net-abuse.* hierarchy.
News.admin.net-abuse.sightings is moderated by a robot moderator, run by a team of operators. The robot will automatically approve and post messages according to a approved criteria:
Posting spam in this newsgroup is desirable since it's used as an evidence file documenting dates, injection points, URL hosts, drop-boxes, etc.

Posting in NANAS can be done in one of two ways, either directly thru your newsgroup client, or by email. The purpose of this post is to help you minimize collateral damage to your inbox by posting spam in this newsgroup. Spammers can and do frequently harvest email addresses from this newsgroup, so it's wise to take steps before posting to eliminate that potential beforehand.

===============================

Posting via newsgroup client:

1) First you need an email address to use, since your email address is visible in the headers of the postings as the author. The robot moderator does reply and confirm each post, (unless you configure your post beforehand NOT to do this), and posts with invalid email addresses are ignored. I recommend a throwaway address on any free email provider provided they allow you to configure your inbox to only allow email from addresses in your address book. Hotmail can work this way and so can Yahoo. Again, spammers harvest from this newsgroup frequently.

2) Set up your newsgroup client with your new email address and your name. Of course, if you don't know how to do this, you'll need to consult your HELP file or online documentation as to the correct method.

3) You can post in one of the *.test newsgroups if desired to see how your posts look, but this is really unnecessary.

4) Post a spam. Now, you'll need to ALWAYS munge personal information in the headers of the spam before posting. I replace all instances of my email with xxxxx's such as xxxxx@example.com or even xxxxx@xxxxxxx.xxx, or whatever strikes your fancy. If the spam contains other innocent email addresses, like in the CC: field, it's considered good netiquette to munge those also, so you are not responsible for having THEIR email address harvested. You MUST include a subject line in the format of: [email] insert subject here
EXAMPLE:
[email] Make Money Fast!
Failure to use this format will result in your post not appearing at all.

5) Once you post your spam example, you'll receive an email confirming your post to NANAS at the address that you used in your newsgroup reader, Yahoo . . . Hotmail . . . whatever. Now, go to your free email provider and set your options to only allow email from those addresses in your address book, and add the address from the confirmation mail you received. Now, if any spammer scrapes your email address off of NANAS and sends you spam, you'll NEVER see it.

===============================

Posting via email:

1) First you need an email address to use, since your email address is visible in the headers of the postings as the author. The robot moderator does reply and confirm each post, (unless you configure your post beforehand NOT to do this), and posts with invalid email addresses are ignored. I recommend a throwaway address on any free email provider provided they allow you to configure your inbox to only allow email from addresses in your address book. Hotmail can work this way and so can Yahoo. Again, spammers harvest from this newsgroup frequently.

2) Only send spam to NANAS from this email address . . . never any other. This makes it REAL easy to find all your posts using groups.google.com.

4) Send a spam to nanas-sub@cybernothing.org. Now, you'll need to ALWAYS munge personal information in the headers of the spam before posting. I replace all instances of my email with xxxxx's such as xxxxx@example.com or even xxxxx@xxxxxxx.xxx, or whatever strikes your fancy. If the spam contains other innocent email addresses, like in the CC: field, it's considered good netiquette to munge those also, so you are not responsible for having THEIR email address harvested. You MUST include a subject line in the format of: [email] insert subject here
EXAMPLE:
[email] Make Money Fast!
Failure to use this format will result in your post not appearing at all.

5) Once you send your spam example, you'll receive an email confirming your post to NANAS at your email address, Yahoo . . . Hotmail . . . whatever. Now, go to your free email provider and set your options to only allow email from those addresses in your address book, and add the address from the confirmation mail you received. Now, if any spammer scrapes your email address off of NANAS and sends you spam, you'll NEVER see it.

First: Get yourself a free throw-away email address, such as Hotmail. I recommend using some mix of characters and numbers to prevent this email address from being dictionary attacked, like gj85tm659@example.com. This address will be used for one thing, and one thing only . . . to sign up for a free spam reporting account at SpamCop. Never use it for anything else, ever. SpamCop protects your email address when sending reports. Report recipients will be able to reply to your reports, but they will do so through SpamCop. They will never know your email address unless/until you reveal it. Such replies from recipients of your reports will be delivered to the email address you provide. The advantage of using a free throw-away email address to report spam is pretty obvious . . . the recipient of the report does not know your real email address unless you reveal it.

Second: Signup for a SpamCop free spam reporting account at »spamcop.net/anonsignup.shtml . Use the throw-away email address you just created. All replies from the spam you report will arrive at this email address.

Third: Start reporting spam. It's very important to provide both HEADERS and the BODY of the email when reporting. The headers will reveal WHERE the email actually came from and the BODY of the email (often in html) will reveal where any web sites are located, which get a spam report also. It's very important to SHUT DOWN the spammers method of making money. With no web site, there's no reason to spam.

So, there's two more things you need to learn:
1) How to get your email client to reveal the email headers, and . . .
2) How to get your email client to reveal the HTML source code.

SpamCop comes in handy again . . . there's a page that tells you how to get your email client to reveal the email headers, »spamcop.net/fom-serve/cache/19.html .
As far as getting the HTML source, you'll need to consult the HELP file or documentation or web site of your email client.

Now . . . you get a spam you want to report.
I find it easier to open Notepad to paste the various pieces together.

1) Open Notepad.
2) Copy the email headers from your email client and paste into Notepad beginning on the first line.
3) After you paste the headers, skip one line.
4) Copy and paste the HTML source code of the spam into Notepad, if it's just plain text . . . copy and paste that.
5) Now copy EVERYTHING from Notepad.
6) Log onto your SpamCop account and paste EVERYTHING into the small window, hit the Process Spam button and SpamCop takes over, revealing who is responsible for EVERY aspect of the spam you received and offering to send a complaint to responsible parties.

ROKSO is the "Register Of Known Spam Operations", and it's a list of the top 200 spam sources in the world. To be listed in ROKSO, a spammer has to be terminated from at least three consecutive ISPs for Terms of Service abuse, and this cabal is collectively believed to generate 90% of the world's spam. This list is maintained by the Spamhaus Project.

By maintaining this registry, ISPs have an easier time researching new customers and (hopefully) not allowing one of these folks on their networks.