Personal tools

spam_jja.html

I Don't Like Spam
CPSR Logo

I Don't Like Spam: A Personal History and Analysis

Jeff Johnson, CPSR/Palo Alto

Appendix A: Noteworthy Responses From ISPs

As Phil Agre's article "How to Complain About Spam" points out, when one tries to report spam to an ISP, one usually gets a bounce message. The next most common response is an automatic one, since ISP postmasters receive so many spam-reports that their staff can't possibly respond to them all.

However, the following, for your information and perhaps education, are some noteworty responses I've received. I've edited them for brevity and privacy. Each pertains to a different spam incident, i.e., these are not messages in a sequence. 

--------------------------------------------------------
Date: Sun, 27 Apr 1997 02:17:34 -0700
To: jeffjohnson@igc.apc.org
From: postmaster@centercomp.com
Subject: Spam Update...

It's not been verified yet, but here's the latest lead on the spam-boy:

It appears that he actually has an account with "@bellatlantic.net", and
picked our name out of a hat .

Bell Atlantic is based in "Reston, VA", with dialups all around the area.
After doing some digging, we found the following name:

   

It hasn't been verified yet, but this could be our spammer...

Postmaster

p.s. I have talked with the postmasters of "Bellatlantic" and "ICON" (the
two other sites that he "spammed" through, and they are seeking legal
action with their local attorney general's office!  I'll let you know if
anything else happens.
--------------------------------------------------------
From: NotesServer2@hotmail.com
To: Jeff Johnson 
Date: Tue, 4 Nov 1997 17:41:28 -0800
Subject: Re: REMOVE

We have closed the account referenced in your mail.
Hotmail offers a unique service, providing individuals who might not have
access to a computer messaging service the ability to send and receive
e-mail messages without charge from anywhere in the world. Unfortunately,
as is the case with most public services, there will be individuals who
abuse their privileges by using the service in an improper manner.
Hotmail does not in any way condone or support the sending of junk mail
(aka spam) messages through our system. The Hotmail TOS strictly forbids
this and we terminate all accounts that we are made aware that are in
violation of the TOS.
We appreciate your mail alerting us to the spammer using our system. Our
ANTI-SPAM policy can be viewed at  http://www.hotmail.com/nospam.html
--------------------------------------------------------
From: "tech@antrasite.be" 
To: "'Jeff Johnson'" 
Subject: RE: The New De Facto Standard...
Date: Sat, 8 Nov 1997 11:16:44 +-100

We please you to apologize us for the problems happend this thuesday 6th
November .
We are aware of the spam's problems.
We will upgrade our e-mail server from sendmail to Qmail this following
day in order to avoid this spam's problems.
We thanks you for your understanding.

Best regards,
Antrasite
--------------------------------------------------------
Date: Mon, 10 Nov 1997 20:14:07 +0100
From: Postmaster@cybertide.de
To: Jeff Johnson 
Subject: Re: Business Loans For You

SUBJECT: spamming incident - cybertide mailserver hijacked

Valued customers, dear colleagues,

on the 5th of October, someone hijacked our SMTP server
and abused it to distribute spam-email for his fraudulent
business schemes, soliciting money and having it sent to
a phoney company called "Zion Worldwide".

The spamming was in no way authorized by cybertide.
"Zion" is no customer of ours and we were not officially involved
in any way with this condemnable affair. The whole thing caught us
off guard and got us into quite a lot of trouble.

The masses of email illegally passing through our system caused great
costs for us, as well as disturbances of the server's operation.
We even had to shut down the entire mail system for a couple of days.
We managed to get a hand on things though, by reconfiguring sendmail
in a way that prevents people from outside our LAN to use our
machine as mail relay. We will publish further technical information
on this topic on our website shortly in order to help other
people running a Linux server to prevent being victimized themselves.

We apologize for all the inconviniences this incident has caused and
assure you that we will take legal steps against whoever is
responsible. We'd be thankful for your advice on this topic,
since german laws are as always one step behind in this matter.

Best regards,
--Postmaster
--------------------------------------------------------
Date: Mon, 03 Nov 1997 10:12:55 -0500
To: Jeff Johnson 
From: AT&T WorldNet Postmaster 
Subject: Re: << Just what you needed, just when you needed it! >>

Thank you for alerting me to the suspected internet abuse you have received.

Since the AT&T WorldNet Terms and Conditions of Service prohibits WorldNet
members from e-mail and newsgroup spamming and/or engaging in other forms
of internet abuse, we will investigate the message you have sent in an
effort to facilitate an end to such abuse.

I have forwarded your complaint to the Abuse Desk, which handles such
issues.  If you have not already, please send any future complaints to the
Abuse Desk directly.  Include the EXPANDED message header of the suspected
abuser's e-mail, including the path and identifier (timestamp and IP
address), and send it to:

                        abuse@att.net

Regards,
Postmaster
--------------------------------------------------------
From: postmaster@sol.helios.net
Date: Wed, 12 Nov 1997 09:31:36 -0500
To: Jeff Johnson 
Subject: Re: "Your Report" (subject)

Not me. I've got the anti-relay sendmail measures in place.

postmaster@helios.net
--------------------------------------------------------
From: System Administrator 
Date: Wed, 19 Nov 97 11:41:31 -0600
To: Jeff Johnson 
Subject: Re: Regarding the Internet telephone

Thank you for contacting us but we did not send you the junk mail.
The spammer used our mail server as a spam relay to send junk mails "PHONE".
Point your url to http://anti-relay.unicom.com/anti-relay/relay-what.html
to find out more about fighting mail spam. For now, we've successfully blocked
this PHONE spammer from our mail server since last Friday. We'll continue to
block the old and new spammers in the future.

Regards,

postmaster
--------------------------------------------------------
From: policy@access.digex.net (Policy Review Board)
Date: Wed, 19 Nov 1997 15:53:39 -0500
To: Jeff Johnson 
Subject: Re: FREE SOFTWARE TURN$ COMPUTER$ INTO CA$H MACHINE$!!

DIGEX has terminated the account of this user and you should not receive any
further UBE/UCE from them.

Thank you,

DIGEX Policy Review Board
--------------------------------------------------------
From: postmaster@z91.org
To: "Jeff Johnson" 
Subject: Re: WE'RE WINNING... ARE YOU?
Date: Mon, 24 Nov 1997 11:24:35 -0600

I thought we had relaying turned off.  Made some more adjustments.  Hope I
got it this time.

Blessings, Postmaster
--------------------------------------------------------
From: helpdesk@ibm.e-mail.com
Date: Mon, 24 Nov 1997 19:12:11 EST
To: JEFF.JOHNSON@Eng
Subject: RE: VIETMAN - - SHOCKING NEW DISCLOSURES SUPPRESSED FOR 50 YEAR

Thank you for taking the time to inform of us of this situation.
The user of the Internet service account involved in this situation
has been warned about the complaint we received.
Future disruptive actions by the user of this Internet
service account may result in account cancellation.
Regards,

Postmaster@ibm.net
--------------------------------------------------------
Date: Wed, 26 Nov 1997 15:12:40 -0500
From: postmaster@intercom.com
To: Jeff Johnson 
Subject: Re: CABLE DESCRAMBLER NOW ONLY $7.00!

Jeff Johnson wrote:
> The following spam email was apparently sent from or through your server.
> Please squash this spammer.

[snip]

Just wanted to let you know that Intercom Online had NOTHING
to do with this spam what so ever. Wilco is not a client of ours, nor
was the spam relayed through our servers. If you notice, his mail
program claims his machine IP is 204.258.545.77, which first off
is not a part of our IP space, and secondly, is an invalid impossible
to use IP address.

> Received: from Wilco@intercom.com(204.258.545.77) by Nell@comet.com
> (8.8.5/8.6.5) with SMTP id GAA06366 for ; Sat, 25 Oct 1997

-----------------------------------------------
From: postmaster@egghead.com
To: jeff.johnson@Eng
Date: Wed, 26 Nov 1997 16:39:21 -0700
Subject: Re: Egghead Mail

Dear Sir or Madam:

Egghead Computer sincerely apologizes for the recent e-mail you received
from our mail server (Free Phone Calls on the Internet!).  This message
was not deliberately sent by Egghead as another source had illegally
compromised our mail server.

We are currently working to rectify this situation, and are taking steps
to ensure that this will not happen again.  Egghead Computer apologizes
for any inconvenience this may have caused you and appreciate your
understanding in this matter.

Sincerely,
Postmaster
Egghead Internet Group
-----------------------------------------------------
From: helpdesk@ibm.e-mail.com
Date: Tue, 02 Dec 1997 20:35:19 EST
To: JEFF.JOHNSON@Eng
Subject: ADULTS ONLY                              HOT Ref #: UNKNOWN  0047395

Thank you for the feedback.  The banet.net account responsible for this
abuse has been terminated.

Regards,

postmaster@banet.net
--------------------------------------------------------
Date: Wed, 3 Dec 1997 16:52:42 -0800
To: Jeff.Johnson@Eng
From: NETCOM Policy Management 
Subject: NETCOM Policy Management: Thank you for your Report

We have viewed the information in your report and determined that it did not
originate from one of our users at NETCOM.

As a service to you, We have forwarded your complaint to the proper domain.

Please contact the postmaster of the following domain to have this issue
resolved by using the contact information provided below.

In this particular case, I suggest using: postmaster@shadow.net

NETCOM Policy Management
------------------------------------------------
Date: Thu, 11 Dec 1997 09:46:18 -0800 (PST)
From: Domain Role Account 
To: Jeff Johnson 
Subject: Re: Is it true?

This email was relayed through our system, without our permission, through
a unprotected mail server. The mail server has since been patched. Thank
you for the email.
-------------------------------------------------
Date: Tue, 9 Dec 1997 08:10:07 -0500 (EST)
From: "Mike T." 
To: Jeff Johnson 
Subject: Re: Free Bulk-Email Software!!!

As you may know, the mail you received was not sent from AOL, but from an
unscrupulous spammer who has decided to hide behind a forged address that
purports to be from AOL or that references a bogus AOL account. In some
cases you can check the headers of the original message to discern the
true origin of the mail.   The last Recieved header line will tell you the
domain from which the junk e-mail originated, though this method is not
foolproof.  You can also check the Message ID, but that can be forged too.
AOL does not condone mass e-mailing.  We are working closely with our
legal and security departments to stop this sort of abuse.  Thank you for
reporting this misuse of AOL's name.

FYI ... Any e-mail you see claiming to be from an AOL address with more
than 10 characters is a forge.  Valid AOL addresses CAN NOT have more than
10 characters.

Thanks,
postmaster@aol.net
-------------------------------------------
Date: Mon, 15 Dec 1997 11:13:25 -0800
To: Jeff.Johnson@Eng
From: NETCOM Policy Management 
Subject: NETCOM Policy Managment: Account Terminated.

We have terminated the account of our user for breaking our policies. In the
future we will not allow this person to purchase another account through us, at
NETCOM. If you receive any further contact from this user through NETCOM,
please contact us immediatly. For more information on these Acceptable Useage
and Guidelines, please review them at this website.

        http://www.netcom.com/netcom/aug.html

We apoligize for any inconveniance our user may have caused.

NETCOM Policy Management
---------------------------------------------
Date: Tue, 16 Dec PST  15:29:16 -0800
To: 
Subject: Re: Make $2,000 - $5,000 per week -NOT MLM
From: abuse@netcom.com (NETCOM Policy Management)

Thank you for your report. This user's account has been terminated for
violations of NETCOM's Acceptable Use Guidelines.  For more information
on these Guidelines, please see the following site:

        http://www.netcom.com/netcom/aug.html

NETCOM Policy Management

This page last updated on February 1, 1998 by Paul Hyland.

CPSR Logo
Return to the CPSR home page.
 Mailbox
Send mail to webmaster.
Archived CPSR Information
Created before October 2004
Announcements

Sign up for CPSR announcements emails

Chapters

International Chapters -

> Canada
> Japan
> Peru
> Spain
          more...

USA Chapters -

> Chicago, IL
> Pittsburgh, PA
> San Francisco Bay Area
> Seattle, WA
more...
Why did you join CPSR?

I support critical thinking--including ethical issues--when it comes to decisions about the use of technology. I want more people to have access to learn about technology. I would like to see resources go into finding and implementing technologies that provide the most public good.