[skip nav]

www.ackadia.com

  • addthis

  • Check out the Thesis Wordpress Theme from Chris Pearson and DIYthemes

  • Follow me on Twitter
    (Also @ackadia)



  • Alexa

» Spam Faq, the ugly truth about Spam and Spammers «

Solutions & FAQ's




New entry

[Δ]


(New section to go in): What is THIS?

This new section will be for understanding the gibberish if you look at the raw message and related topics...

<table width=3D"555" height=3D"441" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0">

Becomes : <table width="555" height="441" border="0" cellpadding="0" cellspacing="0">

It's an encoding thing... For example:
The value 12 (ASCII form feed) can be represented by "=0C"
The value 61 (ASCII EQUAL SIGN) can be represented by "=3D"


Why do they do it ?

[Δ]


Why DO they do it ? It's not like hardly anyone answers!

Here's a Spam I let through in this mornings mail (4th Dec 2003):

MARKETING SERVICES

Get your own mail server, dedicated to sending just your message for a week or even a month

Dedicated Servers 1Week - 8 million plus emails sent $750 (Less than $100.00 cost per million)
Dedicated Servers 1Month - 32 million plus emails sent $2000 ($62.50 cost per million)

Business and Sales Leads

Below are examples Of current campaigns, we can get you the business to business or business to customer sales leads your company needs. Call us for a custom quote

University Leads: $12.50 / lead
Merchant Account Leads: $10 / lead
Cash Adavance : $13 / lead
IRS Leads : $15 / lead
Credit Repair : $12 / lead
Home Based Business/MLM Opps: $10 / lead

Call 1-800-591-7751 ext:101

Received: from 2-227.tr.cgocable.ca ([24.122.2.227])
Received: from [130.99.213.52] by 2-227.tr.cgocable.ca id 5NkI6hEDRoK5; Thu, 04 Dec 2003 04:55:25 -0600
From: "Terra Woodward" <mccs16wzv@ab-ovo.hu>


Why should this Canadian care whether you read the message or not. He's getting greedy / stupid / illegal businesses to pay him $2,000 a shot to send out millions of spoofed Spam from open-relay servers and infected computers in wierd and wonderful places like Hungary, at no cost to himself. On course there's always the real - and rather greater chance - that the Canadian sender was not the person that sent it, but some careless individual with a virus...
And yes, like all Spam I let through, I do take great delight in reporting these thieves to their ISP and to the FTC.


According to MessageLabs (Dec 2003) : Two thirds of spam sent via hijacked PCs
'You have new mail'
'You have have Spam, worms and viruses…

Apparently, last December (2002), 1 email in 212 had a payload. Now 1 in 33 have one. With the viruses circulating now (Jan 2004) these figures can olny get worse.

Most alarming, however, is the calculation that two-thirds of spam is now sent via hijacked PCs, potentially yours or mine. In other words, viruses are being used by spammers to leave machines vulnerable to being used as relay stations for pumping out the unwanted emails.



Here's another few snippits...

Apparently, to make 'phishing' worthwhile they one need 1 reply in a million
That's the likes of fake letters from Paypal and Nigerians with millions they want YOU TO HELP US WITH - to con you into giving up your bank details while so they can empty it...
Yep. That's right. They will annoy a million people - to steal from one gullible one. Nice folk, eh!



The Viagra? That's a mere 50 in a million responces to be worthwhile!



Now read these few extracts from an online contest...

...for a $2,000 vacation by [ 247cashgenerator.com ]
(Owner is Levang, Amanda sales@generationx-solutions.com )

4.) Odds of winning the vacation sweepstakes are 1: 10,000,000

and

5.) You agree to receive snail mail, email, telephonic and any and all other types of advertising solicitations from GenerationX-Solutions, Inc. and its business divisions.

Click and you agree … to others parts of the T&C that are more Draconic, but it gives you an idea!

Honest businesses with a client base of 10 million sell for telephone figures. Heck, is common - very common - for businesses to buy smaller competitors for millions because they have a client list of say 10 to 50,000.

Those of you in business, especially those in charge of client databases, get your head round this maths:

For a cheap holiday holiday - for a maximum of 2¢ (a single English penny) - they want names, address, email, work and home telephone numbers - AND a ten minute survey (read demographics) of TEN THOUSAND clients - and the rights to Spam you - using any medium they want.

They will then use this VALUABLE information for high profile clients that, apparently, includes President Bush's Republican Party…
…For a copper penny per 10,000 names, addresses and phone numbers.


Incidentally, here's a Spam from them....
It was sent from [ ezisearch.net ] ( Technical Contact: EziSearch Inc, email: support@lottoforever.com ) using [ mail.com ]
Err, no, I never requested them... There's a violation of the CANSpam act for a start!

You have requested two roundtrip airline tickets good for worldwide travel worth $1600 by paying just $189. To reserve your tickets call 1-800-856-3040 or visit our website at http://www.247cashgenerator.com/1.htm

For a limited period we shall offer you a free CRUISE worth $1400. Call 1-800-856-3040 and mention above this offer! www.247cashgenerator.com/1.htm


This is a commercial solicitation. For company information and to unsubscribe click on the link below:
www.247cashgenerator.com/sub.php?table=Email1


The link directs you to [ 123freetravel.com ]




Spammers tricks

[Δ]


This line of code was hidden at the bottom of one of today's Spam:

<img src="http://www.ebarks.com/click/ubo.cfm?122432755-331-48-3" height="1" width="1" border="0">

OK. If, you can see it, this is what you are looking at: [ 1 pixel square ]

I've made it black and put it in brackets to give you a chance! Wave your mouse around it, see how easy it it to find.

Now, this image is 10 pixels a side, or 100x bigger than the one above: [ 10 pixel square ]

See that tiny black dot in the middle, if you can make it out, that is the size of the images!

Legally, I'm assured, this is a valid tracking method for email marketing company.
Morally, I reckon it sucks...
Used by Spammers, you are stuffed!
That number after 'cfm' in the middle has just told them you aren't filtering your Spam, and you even look at the rubbish. It virtually guarantees a jump in the Spam you get. Remember, next time you get your email, you are looking for a white picture the size of a pin head - on a white background.

Of course you can trust Spammers…
You go ahead, give them your money, your bank details, your life savings…



Denial

[Δ]


First the big question - "Why me?"

Then the denial - "But I never"

Then the anger - "The dirty little... I'll..."

Been there, done that and hear it all the time!

It's a simple matter down to any and often all of the following, none of which need involve you in the equation - greed, fraud, immorality and stupidity.

Actually, I fibbed, the last one might be you, which is why I want to educate you...

First the ecomonics. There are Spam lists available for buttons, some of which hold over 500 million email addresses. That's like twice the entire population of America. And it costs them nothing to send. It might cost businesses $50 a head to deal with it, but them, not a blind penny! One professional Spammer in Florida alone sends out an estimated 50 million unwanted and often illegal offers a day, every day.

Given they have no overheads and less morals what's in it for them? Well literally millions actually. Quite often the people sending out Spam are either criminals or little better than that and if they get 1 reply in 2,000 or even in 1 in 20,000 hey, they just made a few dollars. Just don't expect what they promised you to turn up, or to be what they claim if it even does, hmmm. Suffice to say it has made a number of them multi-millionaires.

The Spam isn't the fault of Spammers, per se, but the gullible, the greedy and the 'others' who reply to Spam and make it worth their while. If idiots didn't send these parasites money, they wouldn't bother.

The how? Two ways. Firstly, when you give your email and details to reputable companies - like your insurance company, like Dennis Publishing, or any of the host of others, you have just given them marketable information - gold dust. Quite often they will have tiny little tick boxes with comment like "May we pass your details to our partners?" or more defarious and underhand, "Tick here if you don't want us to pass on your details" (which I believe is morally wrong).

Up to a point, this is fine. I get a large number of legitimate email this way.

Then comes the crunch, that information says you are a probably a real person, we know where you live. Let's sell your details we obtained freely, or even under duress to our partners. Heck, we'll sell the list to all our partners, money for old rope.

And so it goes on, all down the line. My young children have only ever used their email address (with my wife supervising) to respectable sites like the BBC, CITV and Flipside. Somewhere down the line it fed straight to the sewers and I've point blank refuse her young eyes near email after that graphic sending my daughter "opted-in" for.

Then there's the other way, which I've read is how the other 80% of emails are harvested - spam-bots. You know how search engines work? They send out little spiders, mini programs, to gather information from webpages and pass it back to Google or whoever. You load up the search engine, put in a few words and there's your answer. Well, spam-bots work the same way, only they are purely interested in email addresses. The smarter ones will skirt around the .gov ones unless they want the provential 'men in black with no sense of humour' kicking in the front door.

Given my email is - was - only every single page of Ackadia I get battered with Spam from no-marks that have stolen my details. But your e-mail is still at the bottom of the page! Actually it's not, it's parsed to the page when it's loaded. At present, as I understand it, the spambots aren't bright enough to run and de-code scripts. When, if ever, they do, I'll change everything again. The easy answers are to not put in my email or to use frames and keep changing my address. And I should do that why? Sorry kids, but closing your eyes doesn't make the problem go away...

Here's a typical example of the breed :

Your email address was subscribed using an online form.
Please accept our apologies if you have been subscribed in error
If you do not wish to receive future information, click here
We honor all remove requests


Lets take this obviously reputable advertiser apart...


So, they lie about me subscribing to them, hide one company behing another, run a wholesale distribution (for ink cartridges (- and drugs)) from an office, use a toss away free email address.
They are safe in the knowledge they can legally Spam me because they included the options to unsubscribe thus I can't sue them...

- and they want me to trust them?
I have since formally complained to the FTC against this idiot after he began sending over 20 messages a day. I don't know if it's possible but I'm going to try and sue did under some "nuisanse calling" type law... I imagine there's a million others who'll join the suite as he's a known mass Spammer!


As for actions? Let the govenments and corporates get evangelical about it. The cost to business is said to rise to over $200 billion ($200,000,000,000) a year by 2007 and keep rising exponentially. Sooner rather then later the powers that be will decide enough is enough and come down on them like a tonne of bricks.

So, what can you do to help? Just delete them on sight, never ever respond to offers, no matter how tempting, that just encourages the beggers to send even more. Remember, 10,000 or 100,000 more folk have the same message and it's almost never FROM who they say it's from.



Opting out and unsubscribing

[Δ]


NEVER, EVER, EVER click on 'unsubscribe' !!!

Yes, three exclamations. Even if they are reputatable and remove you, they will also add you to the "mug lists" and sell your now even more valuable address to someone else. If, as is far far more likely, they are dishonest they you are beggered 'cos you mail box is going to get battered!

Look at is like this. You almost certainly never opted in in the first place. Far, far more likely they have illegally obtained your email, or have even just guessed it. Added the this, Spam is generally sent illegally via fake accounts. On top of this, a huge percentage is run by criminals and organised crime gangs. And they want you to trust them...

<img src="http://www.SOMESpammer.com/tracking/mailtracker.cfm?cid=99&uid=1234567&type=view" width="1" height="1" nosend="1" alt="">

If you downloaded an e-mail hidden lines like the one above can send a request to this company confirming the email was real and recieved. I have it on very good authority that this is used by reputable direct mailing companies to validate mail dispatches. Sadly, as with all good things, it is open to abuse by less scrupulous members of society.



Hide your address from Spambots

[Δ]


Eensy meensy spider, crawling ... through my drive...
... and you can't even pull it's thieving little legs off.
For instance, this is one of the nastier ones I noticed...

Date: Wed Jan 28 03:14:44 2004
IP Address: 66.130.150.162
(Arrived from): Videotron.com, Montreal
Browser/OS: EmailSiphon

There are ways to poison the beggers mind, which I'll look into another day Smiley Smile!

If you put your email address on the net, this, and it's evil cousins, will steal a copy and sell it to Spammers.


First off, don't publish your e-mail unnecessarily, there are bots out there picking up email addresses from web pages and compiling them for spammers - I know 'cos I must be on every other list! *Mutter*

Never put your email address in the likes of ICQ lobbies, some of the parasites in these places will pick it up in minutes.

And don't bother replying to 'remove me' links at the bottom - they just tell the beggers you have an honest to goodness email address and are naive enough to reply to spam. Net result? They move you up to mug class in a higher value mailing list and you get even more junk. Conversely, some third party software like McAfee's SpamKiller have a feature to bounce the message back saying that the person doesn't exist. This may help get you off the lists - apart from the fact mostly they are spoofed and so can't be bounced back!

Most ISP's employ filters to hold back the tide - it's their bandwidth getting eaten too - but some will go a step further and allow you to add your own filters to stop it at the mail server.

You can also create your own lists of undesirables and add them to the filters on your web browser. As I was getting well in excess of 200 a day I monitored the content and where they originated from and blocked the lot. A huge percentage was coming from free email providers like MSN, Hotmail and AOL so I blanketed the lot of them. It's unfortunate for anyone there trying to genuinely contact me, but I've wasted that much time killing spam that I prefer overkill to the stuff my children almost saw. My attitude is that the ISP's and businesses with mail servers should police their own networks to stop this nuisance at the source and if they don't, I don't have a problem with blocking them out completely.

As a result of implimenting all the above, I've gone from peaks of 400-500 messages a day to the odd one slipping through, or at least not going straight in the waste basket.


One common method a faked email address using something like [ humpty@dumptyNOSpam.com ] the idea being folk will understand to remove the NOSpam part. This unfortunately has a few flaws. It relies on people understanding to edit the address, then it assumes they will notice it and not just have it bounced back and finally it takes a leap of faith that folk, being what they are, can be bothered and don't just say, "Begger that" and close the mail program. Finally we find a client willing to pass the obstacles Smiley Smile! WooHoo
Ooops!
The 'client' was actually one of the newer, smarter spambots that know to edit that, or the stolen email will go into a database which will automatically removed to NOSpam element. Gotcha! [ humpty@dumpty.com ] has just "opted-in" via a 'partner' for…


Another, common method is to use a picture, like this: e-mail me HERE
As long are your email is memorable, and people can be bothered to type it in, then this is good. I've added the link code without the address. Gets people a tad more motivated to reply to you


Here's one I never thought of - thanks to the helpful staff at Webfusion - using javascript to hide you email.

Here's a few examples...

<!--
This file retrieved from the JS-Examples archives
1000s of free ready to use scripts, tutorials, forums.
Author: JS-Examples - www.js-examples.com/
-->

<script type="text/javascript">
var _u = "someone";
var _d = "somewhere.com";
var _l = _u + "@" + _d;
var _m = "Click Here to E-mail Me";
document.write("<a href='mailto:"+_l+"'>"+_m+"</a>");
</script>



Here's an almost identical code I got from Netmechanic : Hide From Email Spiders


<script language=javascript>
<!--
var contact = "Newsletter Editor"
var email = "news"
var emailHost = "netmechanic.com"
document.write("<a href=" + "mail" + "to:" + email + "@" + emailHost+ ">" + contact + "</a>" + ".")
//-->
</script>



Note
: Please be aware that this code is client-side JavaScript and screen readers for blind and low vision users cannot parse it.

Also a bit of a problem with XHTML if you are a webmaster, but for the average person, it's one solution.

A few more solution can found here at Expert Exchange.



I'll rehash them a tad, thus:


<script type=text/javascript>

<--

var _u = "someone";
var _d = "domain.com";
var _s1 = "?subject=";
var _s2 = "feedback";

var _l = _u + "@" + _d + _s1 +_s2;

var _m = "Click here to E-mail Me";

document.write("<a href=" +"mail" +"to" +":" + _l +">" + _m + "</a>" );


// --> </script> <noscript>e post to Paul at...</noscript>


For some reason for the subject line message to work you can't have spaces. Underscore, hyphens and even the space code &nbsp; do the trick. I'll look at it when I learn more Javascript. Had it working once too :(

The <-- and // --> part is to hide the code from older browsers.
Note that while this is recommended with HTML 4.01 it's invalid for XHTML 1.0 so bear that in mind.

The Noscript part is for browsers that either don't support javascript, or have it disabled. It's also needed under the Web Accessibility Initiative. Admitedly it's a bit slap-dash, but we are fighting a guerilla war here. Make up your own format that tells visitors how to send you email, without giving up too much.

If you wanted you add the image with your email too. Remember the "alt" part of it though, there are people out there who can't or won't use images and scripts.

Sigh - Now I just have to add the code to all the pages in Ackadia... (Done)


Here's another solution I found at [ www.hillscapital.com/html2iso.htm ] Hill's Capital (since gone)...

You enter your HTML in the top text area and click 'Convert' to change it to the corresponding ISO-Latin-1 number below.

This is then used to try and obfuscate HTML that shows email addresses.

ie "user@nospamhere.com" gets converted to :
"117,115,101,114,64,110,111,115,112,97,109,104,101,114,101,46,99,111,109"

<script type="text/javascript" language="javascript">
<!--
{
     document.write(String.fromCharCode(PASTE NUMBERS HERE))
}
//-->
</script>



Robots

[Δ]


As an addenda to this, did you know you can specify which pages can or can't be accessed by bots and indexers and similarly disallow some. There's a good tutorial on this at Search Engine World.

Whether they obey the rules is debateable but if you have set the robots name in your "robots.txt" file and the offenders keep coming I believe you can sue them. Especially if they use the gathered email addresses for unsolicited comercial mail campaigns against you... That said, folk I've talked to about it say it's just not worth the hassle.



Use Throw-away email addresses.

[Δ]


It's far too late for myself, but get yourself a copy of disposable email addresses if you are registering for stuff like competitions, drivers or maybe even newsletter online. Quite often even the more legitimate places will sell that address on. So, as soon as it starts getting Spam - within days probably - disgard it One of these days I'm going to register about 500 email addresses, register them with sites I believe are selling from on without permission and moniter them for Spam.

Oh yes, I will be naming and shaming the lot of them on these pages when I do...



Use Firewalls and Anti-Virus protection

[Δ]


Did you know that YOU could be sending me Spam ?

There's increasing evidence that Spammers are adding viruses to the junk with the sole aim of infecting you and using your account to send out their rubbish. Nice of them, eh.

One friend, who should have known far better was recently riddled with viruses. "I only connect using dial-up, I didn't think it mattered." Well D'oh!

No firewall, no anti-virus, but that's OK, that won't send you viruses and trojans if you only have a slow connection, do they ? No, of course not, silly. Of course they won't want to steal your credit cards to go on a fraudlent spending spree if you only have a 56kb/s modem… And next time your shopping, leave your purse on top of the groceries, easier to pay at the tills dear. No-one will pick your purse if it's to invitingly open...

Sarcasm is wasted on some folk, I tell you!

At the very, very, very least* use a free antivirus like [ Grisoft's AVG ] and the (laughable) firewall that comes free with Windows XP or [ ZoneAlarm ]

*Yes, 3 very's

Really though, for peace of mind you want to go with a more professional suite like Symantec's Norton Internet Suite

Similarly, try some of the free, trial and commercial anti-spam tools, many of which are listed in the tools and links pages of this section.

And make sure it's up to date! - Ideally, it should be updated daily!



Disable Windows Messager

[Δ]


This is available in full at Microsoft: Disabling Messenger Service in Windows XP (Knowledge base 330904)

The Messenger Service was originally designed for use by system administrators to notify users about the network and is turned on by default. However, some Spammers are now using this and some of these messages are believed to be used maliciously to distribute viruses.

Here's how to disable it:

Control Panel  >  Administrative Tools  >  Services  >  Messenger

In the Startup type list, choose Disabled and OK to confirm.


Note:
This 'Messenger Service' in Windows XP is not related to IM programs such as Windows Messenger and MSN Messenger. If your computer is part of a corporate network, ask the network administrator before disabling Messenger Service!



Spoofing is Identity Theft, official

[Δ]



Had YOUR name used to spread Spam?
Angry ? I know I am!
Don't get mad, get even, as the saying goes. If this person (or anyone else for that matter) has used you to take the blame for his illegal activities, let me know. The more that want to take action, the faster this criminal (and others like him) can be taken out of our mailboxes.
We all know Spoofing is naughty, yadda yadda, but the more I build my case against the 'Carnegie Sun' spammer and his associates and supporters, the more precidents like the one below I find. And, incidently, the better I get and tracing them. Bear in mind the case below came just before the CAN-Spam act became law. Anyone subsequently prosecuted will face far harsher penalties.

DoJ Seal Extract from the U.S. Department of Justice:


October 7, 2003 - PHILADELPHIA
United States Attorney Patrick L. Meehan today announced the unsealing of an indictment returned on September 25, 2003, against ALLAN ERIC CARLSON. Agents of the Federal Bureau of Investigation arrested Carlson this morning at his residence. Carlson is charged with "hacking" into computers around the country, hijacking or "spoofing" the return addresses of e-mail accounts of reporters at the Philadelphia Inquirer and the Philadelphia Daily News and e-mail accounts at the Philadelphia Phillies, and launching spam e-mail attacks. He is also charged with identity theft for illegally using the e-mail addresses of the reporters.


Here's the DoJ Details of his Indictment

If you are a lawyer, solicitor or attorney specialising in Spam abuse, identity theft and related crimes, let me know. I want to build a country by country list where folk can go for reliable legal help and advice. Needless to say I am particularly interested in practices in Canada, America, the UK, Germany and Australia.



Spam: Making a Distinction

[Δ]


Note:
For the record, there's a distinction between legitimate direct marketing associations and companies of the type that keep accurate records, have real email addresses and act professionally as against the unscrupulous Spammers who use shotgun tactics with a million messages, relying on faked emails, identity theft and other dirty tricks, ruining the Internet for their own selfish, often illegal gains. This applies equally to all the big-names companies that are happy to use such Spammers.

Putting it another way...

Offers and such from companies and sites I KNOW I have SPECIFICALLY opted-in, that I have specifically confirmed I want or accept mail from are not Spam.

IN CONTRAST there's offers from 'partners', mortgages from 'real estate' companies in the States and coffee perculators from Maine, generally from false and throw-away Hotmail accounts (etc) are clearly Spam. The rest and murkier side of Spam I needn't comment on!

Unless I have doubly opted-in and have a confirmed record, it's automatically deleted and/or reported for the trash it is...