September 06, 2002
Call your own spammer!

After the massive response to my "I've caught a spammer"-posting last night, I thought I'd post an update on my investigations, and also share some tips and tricks on how each one of us can make a difference fighting spam...

First of all - yes, for those of you who wonder, I did have a 20 minute phonecall with the president of the "advertising company" I mentioned I had hunted down yesterday. I will also keep this dialogue going, as he was "surprised" by my call -- apparently they've been in business for a year, and mine was the first call they ever got.

I got some initial insight into their business, and I will share this with you separately later on; quick summary: basically there is this whole massive industry of collecting and reselling """legitimately opted-in mailadresses""" of people who, when signing up for various sites have allowed the site to """share your mailaddress with selected, carefully screened partners"""... This, of course, should set off all ones alarm bells, and if it doesn't, you really have noone but yourself to blame for at least some of the spam you're receiving.

However, their current claim is that "by mistake" a list of "bad addresses" (apparently slang for adressees that are not opted in) has been purchased and added to the "opt-in mailinglist". We'll leave them with the benefit of the doubt for now; I've traded some sample messages for contact information of the people that actually send out the messages, and of course I will keep you posted. I expect to dig into this either tomorrow night (I'm in a different timezone than the people I'm looking for) or Monday. Watch this space regularly for more updates ;-)

In the meantime, I thought I'd share some techniques and tips you can use if you want to call your spammer:

Some of the next tips are easiest to use if you have access to a UNIX shell account. If you don't I'll try to come up with some web-based alternatives.

First; how can we find out who the spammer is? My approach was to actually access one of the URLs that was marketed in the mailing I received. If the spam does not advertise a URL but rather a phone number, you're done (this doesn't happen all too often nowadays, does it...? :-)

Visit the URL, often a page inviting you to enter additional information about yourself in exchange for something (free legal advice, discounts on spam software, dodgy pictures, you name it). Look for contact information in the "Contact us" or "Privacy policy" section of the page if such exists.

Find out who owns the domain name by doing a "whois". From a UNIX shell account, type

whois domainname.com

and if it is registered with someone else than Internic/Verisign, they will at least return the name of the whois-server to query. If the site is hosted with for example GoDaddy.com, type

whois -h whois.godaddy.com domainname.com

This website seems to do the trick as well.

Businesses registering a domain name are obliged to give a valid email address and other contact information (including phone and fax) to go with their registration, and this is publicly available information. You might come across a few fake ones, but don't give up.

If all digging into the domain records fails; find their ISP. There are a variety of ways to go about this. If the company uses a webhosting company, you can usually go about doing the above whois on the company that is listed as their "name servers" when you looked up the whois on domainname.com

Unix users can also do a

host -al domainname.com

or, if that's refused, at least a

host -t MX domainname.com

should yield the names of the mailservers serving the domain and

host -t NS domainname.com

the name servers. Most ISPs have an "abuse@" address, and emailing abuse@domainname-you-just-found-for-nameservers.com should definitely get you an response.

If there are no domain-names; just IP addresses, you can try to find the corresponding domain name by using a tool named "nslookup" and then go ahead as mentioned above.

In case there is no corresponding domain name, you can make an attempt to find the owner of the net or the administrative contact by using the whois servers of the three network coordination centres based in Europe, USA and Asia.

The centres are RIPE (Europe, Middle East, parts of Africa ), ARIN (North and
South America, the Caribbean and sub-Saharan Africa) and APNIC (Asia Pacific) and their whois servers are located at:

If this fails, try to Traceroute to their address and contact the ISP of the ISP...... and so on and so on.... Go for a "full header view" of your email to view all the servers your mail has passed through before reaching you, and try contacting them to help you find your target...

Good luck! Don't blame me if you don't get hold of the spammer in the end, though... Here's some more you can do:

  • Cactusoft Director Paul Gay pissed off Sprint:
    The saddest part is that after getting zero response or action for any complaint sent to the Sprint abuse address, we decided to send each spam report to every email address (including press contacts and executive-offices) we could get off the Sprint site. All of a sudden we've had real people contacting us, even if it is only because we've annoyed them.
    Not the most polite way to go, but there you go -- it has been tried before ;-)
  • What is spam and what can I do about it?
  • Run SpamAssassin... it will keep the number of spams in your inbox a lot lower than it is now...
  • Report spam to Razor
  • How to identify the servers sending or relaying the spam - more info
  • Never assume that the "From" field is either a valid adress (and if it is) nor that is the real sender - many spammers fake the From field
  • Be polite! Just because someone just spammed you does not justify you starting a Denial of Service attack on them. Be polite, explain the situation, explain that spam is not legal nor very likely to gain the business many new customers...
  • Additional tips? Add yours by writing a comment below!

Sponsored links
Related Entries
Comments

hello andersja, i just wanted to send you a message but although i can find your phone numbers and IM addresses, no email address. If you're worried about spammers grabbing your address, you should maybe just make a quick web form cgi for general messages?

anyhow, any chance you can do a movie review repository similar to your book review repository?

Posted by: dav on September 6, 2002 05:40 AM

btw, here's a comment i made on MT support forum that led me to the book review repository:

Posted by: dav on September 6, 2002 05:43 AM
Post a comment
Name:


Email:
(Will not be displayed if you enter a website below. Otherwise, it will be displayed "spam protected")


Website:
(if you have one)


What do you want to say?
(please don't bother posting "spam" (pornography, viagra-sales etc - I will delete such comments anyway))


Remember info?



Referrers to this page
TrackBack URL for this entry:
http://www.jacobsen.no/cgi-sys/cgiwrap/anders/MT/mt-tb.cgi/276

56938 visits (3 today, 6 this week)

© Anders Jacobsen
[weblog / photography]