Monday, January 25, 1999
CYPERSPACE
A Message for Spammers: Beware
How to Trace the Source of a Junk E-Mail and Exact Revenge
By KAREN KAPLAN, Times Staff Writer
|
Monday, January 25, 1999
CYPERSPACE
|
|
|
|
||||||||||||
|
 or more than a year, I was able to tolerate occasional junk
e-mail. My solution was simple: just hit the delete key.
But now that the volume of incoming unsolicited e-mail--also known as spam--has mushroomed from a few a week to a dozen a day, simply deleting messages is no longer sufficient. Now I'm looking for revenge. The Web is full of others who have had it with spammers. Some have posted step-by-step instructions for tracing the source of spam and offered suggestions for lodging effective complaints. Paul Vixie, chief technology officer of Cupertino, Calif.-based Vayu Communications, maintains the "Realtime Blackhole List" (http://maps.vix.com/rbl) of networks that are friendly or neutral to spammers. Network administrators can block incoming e-mail from the suspect sources by subscribing to Vixie's list. Bright Light Technologies, the San Francisco spam-fighting company backed by Internet guru Esther Dyson, created a Spam Calculator (http://www.brightlight.com/cgi-bin/spamulator2.cgi) to highlight the global cost of junk e-mail. Skeptics can estimate how many spammers are out there and how many messages they send, then watch as the worldwide cost of spam runs into the millions of dollars. One frustrated spam recipient named Jeremy J. Olson has created a Web site (http://home.ici.net/~olson/spam/kills.html) listing the names of the Net's top "spam busters" and the number of junk e-mailers those people have had kicked off their Internet service providers. The No. 1 spam buster, Travis G., has racked up at least 475 kills, according to the site. I doubt I'll come close to that, but at least I can try to do my part. Armed with advice from several Web sites listed in Yahoo's "Junk E-Mail" category (http://dir.yahoo.com/Computers_and_Internet/Communications_and_Networking/ Electronic_Mail/Junk_Email/), I set to work. Many suggestions are easy to follow. But some are too complicated for a first-time spam buster such as me. Because spammers use a huge arsenal of tricks to hide their true identities, there's no single solution that works every time. But there are several things a person can try. My target is "JC," who says he quit his job as a lawyer and is much happier now that he is making more than $100,000 a year in a multilevel marketing venture with a "revolutionary concept including cyber-shopping." I am highly skeptical. Even if I were interested, I'd be out of luck because JC says "this opportunity is for Canadians only." The first task is to figure out who is responsible for JC's unsolicited e-mail. If possible, it's good to identify not only the actual sender, but also his or her Internet service provider. This information can sometimes be teased out of the header--the long part at the top or bottom of the e-mail that contains technical language documenting where the e-mail came from. In some cases, this is straightforward. But clever spammers have learned how to tweak headers to conceal their identities. The format for headers is not universal, but they almost always contain a line that says something like (in JC's case) "From: rep@marketingsecrets.net." In most cases, this is not the spammer's real e-mail address. In fact, this address is routinely fake so complaints never reach the real spammer. For the same reason, the "Reply to:" address in the header is often fake. A more reliable place to look is in the "X-sender:" line. In this case, the X-sender is also rep@marketingsecrets.net. (It's important to note that spam fighters strongly urge you to fight the instinct to reply to junk e-mailers to ask to be removed from their mailing lists. By replying, you confirm that your e-mail address is legitimate, which is likely to result in even more spam.) Another place to look for clues is in the "Received:" lines in the header. This header information traces an e-mail's route backward from its final destination to its source. That means the most relevant line is the last line. JC's pitch apparently originated from "imarket2001.net." Unfortunately, this too can be forged, so it may not be reliable. The next step is to visit InterNIC, the organization that registers Internet domain names. At http://rs.internic.net/cgi-bin/whois, visitors can type in a domain name (or a few other possible identifiers) and find out who owns it. This site is understandably popular, and the server is sometimes too busy to perform a search. A search of marketingsecrets.net showed it is registered to a British Columbia firm called Internet Marketing Secrets, and that imarket2001.net belongs to an Oakland company called Internet Square. Contact names, phone numbers and e-mail addresses are listed for each company. You can do more digging by checking out the IP, or Internet protocol, numbers that sometimes go with the domain names. Simply type the IP numbers into the InterNIC search engine and see what you get. In JC's case, only the imarket2001.net domain was followed by an IP number. When I searched for it at InterNIC, I was told there was "no match." So I went to ARIN--the American Registry for Internet Numbers--at http://whois.arin.net/whois/arinwhois.html and typed in the number. ARIN told me the IP number belongs to Epoch Networks in Irvine and provided a contact phone number and an e-mail address. InterNIC also lists the "domain servers" used by each domain. These domain servers are typically Internet service providers or Web hosting systems, and InterNIC provides contact information for them as well. But the accuracy of that information depends on the honesty of domain name owners, and a determined spammer could forge that as well. If none of this helps identify the spammer's Internet service provider, one last trick is to use Traceroute, which can trace the Internet path from one computer to another. Head to http://www.ixa.net/cgi-bin/trace and type in the IP number that goes with the domain name server listed by InterNIC. In this case, it took 11 steps to get from my computer to the domain name server for marketingsecrets.net. Therefore, the IP number listed in the 10th step is most likely the ISP for marketingsecrets.net. A quick search at ARIN revealed that the IP number belongs to a Michigan firm called Diverse Service Corp. It included a phone number and e-mail address. Now for the really satisfying part: writing a complaint letter. An effective letter is firm but polite. (Netiquette dictates that spam victims refrain from long, rambling diatribe.) Ask the spammers to remove you from their mailing list and remind them that the law requires them to comply. You can also tell spammers that their unsolicited messages waste your time and computer resources and that you won't be doing business with them now or in the future. By writing to the spammer, you are revealing your e-mail address. But this should be less risky than sending a message to a "Reply to:" address that is set up to capture incoming e-mail addresses for the next bulk mailing. It's also a good idea to let Internet service providers know that one of their customers is sending junk e-mail and to ask them to put a stop to it. Many ISPs--especially the big ones--have policies prohibiting spamming as an abuse of network resources, and they are eager to kick offenders off their networks. Spam busters recommend e-mailing a complaint to abuse@, postmaster@ and root@ at each of the domains that is involved with a junk e-mail. To help them track down the spammer, include a copy of the original junk e-mail that contains all of the headers. (Some of the more aggressive spam busters insist that with repeat offenders, polite letters must eventually give way to threats. In one sample letter, a spam victim vows to register the spammer on hundreds of Internet mailing lists that will deluge his in-box to let him know how it feels to receive reams of unwanted e-mail.) The process of tracking down a spammer can be a lot of work. Many e-mail programs have settings that can be adjusted to weed out spam. America Online members, for example, can go to keyword "Mail Controls" and choose from several options for blocking some or all incoming e-mail. Several other companies make software to filter out spam, but it can be a blunt instrument. The filter in Microsoft's Outlook Express sometimes treats legitimate messages as spam. Earlier this month, a California judge ordered the company to warn customers of the problem. It may be more satisfying to report a spammer to the proper authorities and let the professionals do the rest. General scams and fraud can be reported to the National Fraud Information Center by calling (800) 876-7060, sending an e-mail to fraudinfo@psinet.com or filing a report at the group's Web site at http://www.fraud.org. Scam-related spam can also be forwarded directly to the Federal Trade Commission at uce@ftc.gov, although people interested in filing a more formal complaint can do so at http://www.ftc.gov/ftc/complaint.htm. Any e-mail that asks you to send money through the mail can be forwarded to the U.S. Postal Service, which investigates mail fraud and violations of the Postal Lottery Statute, which generally prohibits sending money through the mail to participate in games of chance. Simply forward the message to fraud@usps.gov. Junk e-mail that advertises unsolicited stock tips can be sent to the Securities and Exchange Commission at enforcement@sec.gov. Complaint forms can also be filled out online at http://www.sec.gov/enforce/con-form.htm. I know my individual complaints aren't likely to make a dramatic difference for my electronic in-box. But complaining can be cathartic. And if enough people do it, it could actually produce results. Times staff writer Karen Kaplan can be reached via e-mail at karen.kaplan@latimes.com.
Copyright 1999 Los Angeles Times. All Rights Reserved
|
|||||||||||||
Search the archives of the Los Angeles Times for similar stories about: