Personal tools
spam_jja.html
I Don't Like Spam: A Personal History and Analysis
Jeff Johnson, CPSR/Palo Alto
Appendix A: Noteworthy Responses From ISPs
As Phil Agre's article "How to Complain About Spam" points out, when one tries to report spam to an ISP, one usually gets a bounce message. The next most common response is an automatic one, since ISP postmasters receive so many spam-reports that their staff can't possibly respond to them all.
However, the following, for your information and perhaps education, are some noteworty responses I've received. I've edited them for brevity and privacy. Each pertains to a different spam incident, i.e., these are not messages in a sequence.
-------------------------------------------------------- Date: Sun, 27 Apr 1997 02:17:34 -0700 To: jeffjohnson@igc.apc.org From: postmaster@centercomp.com Subject: Spam Update... It's not been verified yet, but here's the latest lead on the spam-boy: It appears that he actually has an account with "@bellatlantic.net", and picked our name out of a hat. Bell Atlantic is based in "Reston, VA", with dialups all around the area. After doing some digging, we found the following name: It hasn't been verified yet, but this could be our spammer... Postmaster p.s. I have talked with the postmasters of "Bellatlantic" and "ICON" (the two other sites that he "spammed" through, and they are seeking legal action with their local attorney general's office! I'll let you know if anything else happens. -------------------------------------------------------- From: NotesServer2@hotmail.com To: Jeff Johnson Date: Tue, 4 Nov 1997 17:41:28 -0800 Subject: Re: REMOVE We have closed the account referenced in your mail. Hotmail offers a unique service, providing individuals who might not have access to a computer messaging service the ability to send and receive e-mail messages without charge from anywhere in the world. Unfortunately, as is the case with most public services, there will be individuals who abuse their privileges by using the service in an improper manner. Hotmail does not in any way condone or support the sending of junk mail (aka spam) messages through our system. The Hotmail TOS strictly forbids this and we terminate all accounts that we are made aware that are in violation of the TOS. We appreciate your mail alerting us to the spammer using our system. Our ANTI-SPAM policy can be viewed at http://www.hotmail.com/nospam.html -------------------------------------------------------- From: "tech@antrasite.be" To: "'Jeff Johnson'" Subject: RE: The New De Facto Standard... Date: Sat, 8 Nov 1997 11:16:44 +-100 We please you to apologize us for the problems happend this thuesday 6th November . We are aware of the spam's problems. We will upgrade our e-mail server from sendmail to Qmail this following day in order to avoid this spam's problems. We thanks you for your understanding. Best regards, Antrasite -------------------------------------------------------- Date: Mon, 10 Nov 1997 20:14:07 +0100 From: Postmaster@cybertide.de To: Jeff Johnson Subject: Re: Business Loans For You SUBJECT: spamming incident - cybertide mailserver hijacked Valued customers, dear colleagues, on the 5th of October, someone hijacked our SMTP server and abused it to distribute spam-email for his fraudulent business schemes, soliciting money and having it sent to a phoney company called "Zion Worldwide". The spamming was in no way authorized by cybertide. "Zion" is no customer of ours and we were not officially involved in any way with this condemnable affair. The whole thing caught us off guard and got us into quite a lot of trouble. The masses of email illegally passing through our system caused great costs for us, as well as disturbances of the server's operation. We even had to shut down the entire mail system for a couple of days. We managed to get a hand on things though, by reconfiguring sendmail in a way that prevents people from outside our LAN to use our machine as mail relay. We will publish further technical information on this topic on our website shortly in order to help other people running a Linux server to prevent being victimized themselves. We apologize for all the inconviniences this incident has caused and assure you that we will take legal steps against whoever is responsible. We'd be thankful for your advice on this topic, since german laws are as always one step behind in this matter. Best regards, --Postmaster -------------------------------------------------------- Date: Mon, 03 Nov 1997 10:12:55 -0500 To: Jeff Johnson From: AT&T WorldNet Postmaster Subject: Re: << Just what you needed, just when you needed it! >> Thank you for alerting me to the suspected internet abuse you have received. Since the AT&T WorldNet Terms and Conditions of Service prohibits WorldNet members from e-mail and newsgroup spamming and/or engaging in other forms of internet abuse, we will investigate the message you have sent in an effort to facilitate an end to such abuse. I have forwarded your complaint to the Abuse Desk, which handles such issues. If you have not already, please send any future complaints to the Abuse Desk directly. Include the EXPANDED message header of the suspected abuser's e-mail, including the path and identifier (timestamp and IP address), and send it to: abuse@att.net Regards, Postmaster -------------------------------------------------------- From: postmaster@sol.helios.net Date: Wed, 12 Nov 1997 09:31:36 -0500 To: Jeff Johnson Subject: Re: "Your Report" (subject) Not me. I've got the anti-relay sendmail measures in place. postmaster@helios.net -------------------------------------------------------- From: System Administrator Date: Wed, 19 Nov 97 11:41:31 -0600 To: Jeff Johnson Subject: Re: Regarding the Internet telephone Thank you for contacting us but we did not send you the junk mail. The spammer used our mail server as a spam relay to send junk mails "PHONE". Point your url to http://anti-relay.unicom.com/anti-relay/relay-what.html to find out more about fighting mail spam. For now, we've successfully blocked this PHONE spammer from our mail server since last Friday. We'll continue to block the old and new spammers in the future. Regards, postmaster -------------------------------------------------------- From: policy@access.digex.net (Policy Review Board) Date: Wed, 19 Nov 1997 15:53:39 -0500 To: Jeff Johnson Subject: Re: FREE SOFTWARE TURN$ COMPUTER$ INTO CA$H MACHINE$!! DIGEX has terminated the account of this user and you should not receive any further UBE/UCE from them. Thank you, DIGEX Policy Review Board -------------------------------------------------------- From: postmaster@z91.org To: "Jeff Johnson" Subject: Re: WE'RE WINNING... ARE YOU? Date: Mon, 24 Nov 1997 11:24:35 -0600 I thought we had relaying turned off. Made some more adjustments. Hope I got it this time. Blessings, Postmaster -------------------------------------------------------- From: helpdesk@ibm.e-mail.com Date: Mon, 24 Nov 1997 19:12:11 EST To: JEFF.JOHNSON@Eng Subject: RE: VIETMAN - - SHOCKING NEW DISCLOSURES SUPPRESSED FOR 50 YEAR Thank you for taking the time to inform of us of this situation. The user of the Internet service account involved in this situation has been warned about the complaint we received. Future disruptive actions by the user of this Internet service account may result in account cancellation. Regards, Postmaster@ibm.net -------------------------------------------------------- Date: Wed, 26 Nov 1997 15:12:40 -0500 From: postmaster@intercom.com To: Jeff Johnson Subject: Re: CABLE DESCRAMBLER NOW ONLY $7.00! Jeff Johnson wrote: > The following spam email was apparently sent from or through your server. > Please squash this spammer. [snip] Just wanted to let you know that Intercom Online had NOTHING to do with this spam what so ever. Wilco is not a client of ours, nor was the spam relayed through our servers. If you notice, his mail program claims his machine IP is 204.258.545.77, which first off is not a part of our IP space, and secondly, is an invalid impossible to use IP address. > Received: from Wilco@intercom.com(204.258.545.77) by Nell@comet.com > (8.8.5/8.6.5) with SMTP id GAA06366 for ; Sat, 25 Oct 1997 ----------------------------------------------- From: postmaster@egghead.com To: jeff.johnson@Eng Date: Wed, 26 Nov 1997 16:39:21 -0700 Subject: Re: Egghead Mail Dear Sir or Madam: Egghead Computer sincerely apologizes for the recent e-mail you received from our mail server (Free Phone Calls on the Internet!). This message was not deliberately sent by Egghead as another source had illegally compromised our mail server. We are currently working to rectify this situation, and are taking steps to ensure that this will not happen again. Egghead Computer apologizes for any inconvenience this may have caused you and appreciate your understanding in this matter. Sincerely, Postmaster Egghead Internet Group ----------------------------------------------------- From: helpdesk@ibm.e-mail.com Date: Tue, 02 Dec 1997 20:35:19 EST To: JEFF.JOHNSON@Eng Subject: ADULTS ONLY HOT Ref #: UNKNOWN 0047395 Thank you for the feedback. The banet.net account responsible for this abuse has been terminated. Regards, postmaster@banet.net -------------------------------------------------------- Date: Wed, 3 Dec 1997 16:52:42 -0800 To: Jeff.Johnson@Eng From: NETCOM Policy Management Subject: NETCOM Policy Management: Thank you for your Report We have viewed the information in your report and determined that it did not originate from one of our users at NETCOM. As a service to you, We have forwarded your complaint to the proper domain. Please contact the postmaster of the following domain to have this issue resolved by using the contact information provided below. In this particular case, I suggest using: postmaster@shadow.net NETCOM Policy Management ------------------------------------------------ Date: Thu, 11 Dec 1997 09:46:18 -0800 (PST) From: Domain Role Account To: Jeff Johnson Subject: Re: Is it true? This email was relayed through our system, without our permission, through a unprotected mail server. The mail server has since been patched. Thank you for the email. ------------------------------------------------- Date: Tue, 9 Dec 1997 08:10:07 -0500 (EST) From: "Mike T." To: Jeff Johnson Subject: Re: Free Bulk-Email Software!!! As you may know, the mail you received was not sent from AOL, but from an unscrupulous spammer who has decided to hide behind a forged address that purports to be from AOL or that references a bogus AOL account. In some cases you can check the headers of the original message to discern the true origin of the mail. The last Recieved header line will tell you the domain from which the junk e-mail originated, though this method is not foolproof. You can also check the Message ID, but that can be forged too. AOL does not condone mass e-mailing. We are working closely with our legal and security departments to stop this sort of abuse. Thank you for reporting this misuse of AOL's name. FYI ... Any e-mail you see claiming to be from an AOL address with more than 10 characters is a forge. Valid AOL addresses CAN NOT have more than 10 characters. Thanks, postmaster@aol.net ------------------------------------------- Date: Mon, 15 Dec 1997 11:13:25 -0800 To: Jeff.Johnson@Eng From: NETCOM Policy Management Subject: NETCOM Policy Managment: Account Terminated. We have terminated the account of our user for breaking our policies. In the future we will not allow this person to purchase another account through us, at NETCOM. If you receive any further contact from this user through NETCOM, please contact us immediatly. For more information on these Acceptable Useage and Guidelines, please review them at this website. http://www.netcom.com/netcom/aug.html We apoligize for any inconveniance our user may have caused. NETCOM Policy Management --------------------------------------------- Date: Tue, 16 Dec PST 15:29:16 -0800 To: Subject: Re: Make $2,000 - $5,000 per week -NOT MLM From: abuse@netcom.com (NETCOM Policy Management) Thank you for your report. This user's account has been terminated for violations of NETCOM's Acceptable Use Guidelines. For more information on these Guidelines, please see the following site: http://www.netcom.com/netcom/aug.html NETCOM Policy Management
This page last updated on February 1, 1998 by Paul Hyland.
Return to the CPSR home page. |
Send mail to webmaster. |
Created before October 2004