VBOK Issue #16 - To catch a SPAMMER ______________________________________________________________________ TOC 1. To catch a SPAMMER 2. Software Review 3. Cool Sites 4. Tips, Tricks, Do's and Don't Do's 5. News that just plain ticks you off *NEW SECTION* If the columns in the below articles appear misaligned, it's because you are using a non-fixed width font. If you would like to see them nice and straight, change your E-mail font to Times New Roman. ______________________________________________________________________ 1. To catch a spammer ------ We all hate SPAM, some more than others (I'm in the more category), but what can you do? Actually, you can do quite a bit. Did you know, that with one single e-mail you can possibly shut down a spammers e-mail account or web site (provided that they listed one for you to get back in touch with them.) Even if they didn't you can set someone on their tracks, and it doesn't cost you a thing. So how do you do this? Glad you asked. Let's say you received this really great offer to make tons-o-bucks just by sitting on your keester. The guy said he made $20,000 in his first week right? It must be true or he wouldn't have sent you an e-mail right? WRONG! I know this seems like an obvious statement, but let's face the facts. How many people have you seen on TV like 20/20 and talk shows, that lost thousands in scams. Let's also face the fact, that if nobody fell for these scams, then nobody would send them to us. Somewhere, someone is gullible enough to fall for these. ISPs and e-mail providers are saying that they are doing this or that to stop spammers, that's great, but they can't do it alone. So, here's some helpful tips on what YOU can do to help. 1. When you get a SPAM, and there is an e-mail address provided for you to "unsubscribe", DON'T do it. One of two things will happen to you. The first is that the address is faked and you'll get a bounce message saying the account doesn't exist. This is the best that can happen to you. The second and more likely to happen, is that it is a valid address, and you just provided them with a known good spammable e-mail address; YOUR'S! If you've never posted messages to any newsgroups, never joined a mailing list, and never made public your e-mail address to locator services like the internet white pages, Peoplefinder etc. Then you are probably pretty SPAM free. Once you have done any of the above, then you'll have opened a really large can of worms. If just one spammer gets hold of your e-mail address, chances are very good that they will make a little more money by selling a list of e-mail addresses they have to other spammers. 2. Let's say you get SPAM from this e-mail address: , actually, this isn't a good example, because if the domain name is "spam-em-all.com", then chances are that they will not be very receptive to your complaints about SPAM ;) So let's try another. . Here's what you do: Cut and paste the address into a new message, delete the word spamboy (or whatever is to the left of the "@" symbol), and replace it with the word "root". So now it looks like . Almost all of the major servers for services like these have a valid "root" e-mail account. This is one place where you send SPAM complaints. From the SPAM message, cut and paste the whole message to include the headers (RFC-822). This is a very important step. You need to include the headers (the information that shows where the message came from etc.) It generally looks like garbage. Below is a sample of what headers look like: Received: from nf7.netforward.com (nf7.netforward.com [204.57.67.54]) by msw0.attnet.or.jp (8.8.8+Spin/3.6Wbeta7-CONS(09/18/98)) id FAA26243; Tue, 29 Sep 1998 05:27:21 +0900 (JST) X-Forwarder: NetForward.com Received: from default ([12.68.145.36]) by mtiwmhc03.worldnet.att.net (InterMail v03.02.03 118 118 102) with SMTP id <19980928202717.JISB6151@default> for ; Mon, 28 Sep 1998 20:27:17 +0000 Message-ID: <000f01bdeb1e$7948c3c0$2491440c@default> From: "Your friendly spammer" To: "Leif Gregory" Subject: Make tons-o-bucks Date: Mon, 28 Sep 1998 16:27:54 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 X-UIDL: 90ec3b8f3f25224f6d25cb98dc5ac57d If you don't include this information as well as the text of the spam, then it doesn't do any good to send it. They won't be able to track the message back through the hops to find it's origination (or as close as they can get.) Most often the headers are suppressed, with exception to the TO, FROM, SUBJECT, and DATE so that they don't clutter up the message. The difficulty here, lies in discovering where the option to show headers is in your e-mail program. The only advice I can give you is to open the message, and right click somewhere in the text portion. Hopefully, in the context menu that pops up will be an option to show the headers. Now, before you go sending off this message, you may want to find a couple of more addresses to add to your recipient list as well as tell them who you are and why you are sending them this information. 3. If your friendly spammer has provided a web site address in the spam for you to visit, copy that address to the clipboard minus everything except the domain name. i.e. the spammers URL is . The part you want to copy to the clipboard will be the word "spamworld" only. Now go to and paste the address into the "Search for your domain name" field. Select the proper domain (com, net, org, edu etc. from the combo box to the right), and click "Check Name". If the name was for a valid address, you should see a page with information pertaining to that server. Stuff like who owns it, the admin person's name and e-mail addresses etc. Just for explanation sake and to make sure we're all on the same sheet of music, enter the name "internic" into the "Search for your domain name" field and click "Check Name". First you see who it's registered to: Internic Software (INTERNIC6-DOM) P.O Box 761 Sunbury, Victoria 3429 AU The next section that we really want to look at is who to contact about abuses. This is usually the administrator. Sometimes they have a specific abuse e-mail address, so that's why I want you to come here and check before sending off your complaint to the wrong person. In our example, this is their contact section. Administrative Contact, Technical Contact, Zone Contact, Billing Contact: Administrator (ADM706-ORG) administrator@INTERNIC.COM +61 3 9348 2441 Fax- +61 3 9348 1928 Because they don't have a specific abuse address, the administrator will do, so add this person to the recipients of your complaint. If there is more than one person listed as an administrative contact, add them all. 4. Now that you have all the cannon fodder for your complaint, what should you say in your complaint? The first and most important aspect of your complaint is to be PROFESSIONAL. Do not whine, do not curse them out, don't threaten, and don't e-mail bomb them. I have sent literally hundreds of these complaints, and only a very few times has the administrator been a total waste of flesh who will do nothing. A great majority of them are just as motivated as you are to stamp out spam. ESPECIALLY if it's coming from their server/domain. Now I said don't threaten, but I always put everyone's e-mail address who is receiving the complaint in plain view in the TO header. I also point this out in the message (my way of saying "Don't just sweep this under the carpet.") So, here is what I usually say in my complaints: Dear sir or ma'am, I received the below attached spam message from on the 28th of Sept 98. The sender did *not* receive my express consent or solicitation before sending their message. According to the e-mail/web site address provided by them in their message, they are using your domain for their activities. I would appreciate any assistance you can provide in putting a stop to their spamming practices. This complaint has been mailed to the following people: etc... Another message I send sometimes is this one: I received an e-mail from on 28 Sep 1998 containing a "sales letter". The return address is of course faked, which is consistent with experienced and aggressive spammers. I've attached the header information to the bottom of this message. Possibly you can trace the IP addresses better than I. Also, Please take note that even though the subject line states "Hey, here's that info you wanted", the To: and From: fields are both addressed to . Generally people only do this for one of two reasons. The first is to test their send/receive capability (except that normally you don't put a subject header like that and a full length message. It's usually SUBJECT: Test, BODY: This is a test. etc...), the other reason, is to mass mail people by sending the message to a dummy address and BCCing all the intended spamees. The mass mailer doesn't even receive a bounce message for the address in the To: field because it doesn't exist 5. Don't get your hopes up too high that the person receiving your complaint will tell you the corrective action. Many times they only send a canned response saying how they will do what they can to take care of it. There are a few however, that will let you know that the spammers web site has been suspended or that their e-mail address has been cancelled etc. 6. There is an organization called CAUCE (The Coalition Against Unsolicited Commercial Email) who are dedicated to the fight against spam. This grassroots movement was founded by fellow netizens who lobby Congress in an attempt to get legal protection from spammers, they are always looking for new members. ______________________________________________________________________ 2. Software Review ------ Yamp by André Karwath Audio player;PC;Freeware Homepage: Download Software: Yamp is a very nice, complete audio player program. It plays WAVs (all formats, also compressed ones), MIDs, RMIs, MODs, S3Ms, XMs, ITs, AVIs, MPAs, MP1s, MP2s and MP3s. The really cool thing about this program is that you can create/download interface designs for it. This is something similar to changing the Windows theme. It also supports the .ZIP and .RAR compressed file formats for storing your audio files. ______________________________________________________________________ 3. Cool Sites ------ U.S.G.S. (U.S. Geological Survey) If maps are your thing, this is where you need to be. You can search for maps by name, lat/long and state. You can even order them from here. ------ Andy's Art Attack A very impressive site to help web-builders get the graphics and tips/tricks they need to make their site very eye pleasing. You'll also find free buttons, lines and other assorted web graphics here. ------ Price Watch Basically, this is a search engine for finding the lowest prices on computer hardware/software. Just select one of the numerous categories (systems, networking, output etc.), and you're well on your way to finding the lowest prices available. ______________________________________________________________________ 4. Tips, Tricks, Do's and Don't Do's ------ With the advent of Win98, there is a new option in your wallpaper settings called stretch (this was actually started in Win95 if you installed the PLUS! pack). You probably already know about the other two; tile and center and their purpose is pretty obvious. What stretch does is take the bitmapped image and stretches it vertically and horizontally to cover up the whole desktop regardless of the actual image dimensions. There are plusses and minuses to this, and the minuses outweigh the plusses if you have a really large desktop like me (1600x1200x24bpp). The plus is that you can now cover your whole desktop without the annoying half cut images on the right and bottom when the bitmap isn't a multiple of your desktop size (i.e. the bitmap is 320x445 and your desktop is 800x600). The minuses are one, that depending on how much the image needs to be stretched, you will lose resolution (clarity meaning the image will look fuzzy and pixilated). The second minus is that every time your desktop refreshes, it must recalculate the stretched image. This causes a slowdown (especially on very large desktops). It is most noticeable when you have your taskbar and/or the MS Office tool bar set to hide. As you move your cursor off the task/tool bar and it begins to scroll off the screen to hide itself you'll notice a jerkiness. If there is one image you just have to have, and you want it to fit your desktop, open it in a graphics editing program and resize the image to the same dimensions as your desktop (You may still lose clarity, but Win98 will not waste processor time on resizing it.) Then use this image as your wallpaper set to center. ------ Since installing Win98, has the time that your computer takes to connect to the internet increased considerably? I've gotten quite a few calls about this problem, and each time (seven so far) the "Log onto network" option was the culprit. So how do you fix this real pain in the neck "defaulted" Win98 option? Double-click "My Computer" Double-click "Dial-Up Networking" Right-click on whatever you named your internet connection Select "Properties" Select the "Server Types" tab Un-check the "Log onto network" option in the "Advanced Options" Click "OK" You should notice a *huge* decrease in your connect time now. ------ Do you know what programs are currently running on your machine right now? I can tell you there are a lot more than just the ones you see on your taskbar. Press CTRL+ALT+DELETE (All three at the same time, and only do it once. If you hit the key combination twice in quick succession, you will reboot your machine.) and you will see a nice little dialog box pop up, showing you what programs are currently running. If you see something in there that shouldn't be running, and you aren't loading it from the "Startup" folder, it is probably getting loaded by the registry. You can take a look by: Clicking the "Start" button and select "Run" Click the "Startup" tab Un-check anything that you think you don't need. Click "OK" Click "Yes" to the "Restart computer" question. If it turns out that you did need one of these programs, just go back into MSConfig and re-check it. ______________________________________________________________________ 5. News that just plain ticks you off ------ A photographer is trying to sue JC Penny, because he was able to find some of his pictures posted on a web site that was THREE links away from their web site.. Basically he's saying that webmasters should be held liable for the content of other web sites that you have links to (even if they are THREE links away). Go here to get the whole scoop. http://www.abcnews.com/sections/tech/DailyNews/websuit980921.html ------ How about a new copyright law that could make quite a bit of information unavailable to you on the internet unless you are a student or professor. http://www.abcnews.com/sections/tech/DailyNews/copyright980928.html Well, that concludes this issue. Have fun. Leif Gregory Copyright (c) 1998 by Leif Gregory. All rights reserved. You may share this copy of the VBOK newsletter with others as long as it is reprinted/resent in it's entirety to include this copyright notice. If you've received this edition of the VBOK newsletter from a friend or colleague and wish to start receiving your own copies, then click the below link and send the generated e-mail message. Virtual Book Of Knowledge (VBOK) VBOK Editor VBOK Homepage Unsubscribe Back-Edition Titles