Click on one of the following topics to go to that area of this page, there is a lot of stuff here (and a lot of it is technical), please forward any comments, suggestions, additions, and errors to: HELP!.
> If you receive an e-mail titled "Win A Holiday" DO NOT open it. It will
> erase everything on your hard drive. Forward this letter out to as many
> people as you can. This is a new, very malicious virus and not many
> people know about it. This information was announced yesterday morning
> from Microsoft, please share it again by passing this along to everyone
> in your address book so that this may be stopped.
The 'facts' stated in the above message really aren't true (as long as you have the latest updates and security patches to your e-mail software). The following general rules apply to e-mail and attachments:
1) You cannot reformat your hard drive just by *reading* an e-mail message 2) No actions will occur to your computer just by *reading* an e-mail message 3) However, any attachments that you receive from untrusted sources should be checked with a virus scanner, since many attachments are 'executable' files, you run the risk of data loss if you just run attachments without checking first.
Be advised, though, some newer e-mail virus' are becoming more deadly. They are taking credit for the fact that many e-mail programs have a default 'preview' window, which opens the e-mail automatically when the title is highlighted in the list of available e-mail messages. This can launch an e-mail virus, which can cause problems to your computer and operating system. The best advice in this case is to turn off any 'preview' windows and ALWAYS run a virus detection program.
At Surfari Internet we do not condone nor support UCE or SPAM techniques and actively take action to prevent unwanted e-mails from entering our system. Do realize, though, at the present time neither technique is illegal in the United States. What these people are doing may be annoying to you, but there is no present legal precedence to stop these techniques (although there is pending legislation to control these processes).
Although Surfari Internet has tecniques and controls in place, they are not 100% effective. Surfari Internet will do what it can to limit unwanted e-mail, but the user is generally the first line of defense.
If you receive UCE/SPAM and no longer wish receive it, it is requested that you take the first step. Attempt to remove yourself from the mailing list (if that is an option) or send e-mail back to the sender indicating you no longer wish to receive such mailings. You may have to do a little bit of detective work in order to do this, specifically you'll have to take a look at the 'message headers' of the e-mail. This is done within your e-mail program, usually a selection within the 'read' options/setups that gives you the opportunity to 'see full headers'.
It is easy for offenders to forge headers to make it look as if an e-mail has originated from a specific domain and in most cases you can quickly determine the *real* source of the e-mail. This information is hidden in the header of each e-mail.
------EXAMPLE E-MAIL HEADER-----
Received: from cachecow.surfari.net (cachecow.surfari.net [22.214.171.124]) by mail.surfari.net (8.8.5/8.8.5) with ESMTP id NAA28366; Sun, 23 Nov 1997 13:13:15 -0800 Received: from relay.spam.com relay.spam.com [126.96.36.199]) by ispam.com (8.8.5/8.6.5) with SMTP id GAA08489 for
; Sun, 23 Nov 1997 13:10:51 -0800 Date: Sun, 23 Nov 97 13:00:51 From: fake_email@some_poor_domain.com To: email@example.com Subject: MAKE A MILLION IN A MINUTE Message-ID: <firstname.lastname@example.org> Reply-To: email@example.com X-PMFLAGS: 34666848 0 X-UIDL: 3273376668a65eb1890m0762123a Comments: Authenticated sender is -----END E-MAIL HEADER-----
Received: from mail.surfari.net (mail.surfari.net [188.8.131.52]) by cachecow.surfari.net (8.8.5/8.8.5) with ESMTP id NAA28366; Sun, 23 Nov 1997 13:13:15 -0800The first *Received* line will indicate which mailserver was the last in the chain and has delivered you the e-mail, together with the IP address of the source of the e-mail (which in our example is 184.108.40.206). Remember just because a mailserver has delievered you an e-mail does not mean it is the offender in question.
In the example above you can see that although the e-mail was relayed by spam.com, it was received from IP 220.127.116.11. If you were to look up this IP address you would see it belongs to Surfari Internet Provider Services.
This lets you know that cachecow.surfari.net was sent this mail from Surfari Internet's mailserver. Surfari Internet is just as much a victim of SPAM as you.
Received: from relay.spam.com relay.spam.com [18.104.22.168]) by ispam.com (8.8.5/8.6.5) with SMTP id GAA08489 forThe line above tells you that the mailserver before mail.surfari.net was called relay.spam.com. Now this can mean that either relay.spam.com was just another innocent mailserver being abused or it was in fact the source of the e-mail. If relay.spam.com was innocent, we may not know how many servers before it have also been used to relay the mail.
; Sun, 23 Nov 1997 13:10:51 -0800
Date: Sun, 23 Nov 97 13:00:51 From: fake_email@some_poor_domain.com To: firstname.lastname@example.org Subject: MAKE A MILLION IN A MINUTE Message-ID: <email@example.com> Reply-To: firstname.lastname@example.org X-PMFLAGS: 34666848 0 X-UIDL: 3273376668a65eb1890m0762123a Comments: Authenticated sender isThis last part of the e-mail header usually contains information as to who sent the e-mail and who was supposed to receive it. Since most spammers will send the same e-mail to a list of users the *To* field may just contain a list name.
Naturally the From field and Reply-To fields will have non-existent addresses so no one can trace the real offender.
Sometimes you can find names and addresses of people in the actual e-mail message itself, particularily if it is a money making scheme or an invite to a web site. If you find such a mention, contact the address or person mentioned and make your complaint. If it is a web address, e-mail their postmaster or contact their provider and state your case. The provider will generally take some action. Common addresses to complain to are:
email@example.com or firstname.lastname@example.org
The nature of e-mail requires that out of courtesy mailservers relay email from other mailservers in order for an e-mail to reach its destination. Although steps are being taken to refine this old model and hopefully build mailservers that are a bit more intelligent and ultimately help reduce the relaying of SPAM, the problem of SPAM is not an easy one to tackle.
Companies who run mailservers can and most are also the victims of SPAM and different companies use different means to tackle the problem; from banning IP's to taking legal action or cutting off services to offenders. However there is no definitive way to stop Spam at this moment in time.
The best way to deal with spam is to try to make some sense of the e-mail headers and forward the original e-mail to each mailserver that you can identify in the header. If you can identify the domain of origin of the SPAM tell their postmaster that you are not happy with this situation and hopefully, collectively, they will take some action.
Try not to get to angry about it as this will achieve nothing and remember that most mailservers involved in a case of SPAM will always be willing and wanting to stop the unauthorised use and abuse of their systems as well.
If all else fails, Surfari Internet could possible block the offending domain from sending e-mail to our site. This has positive and negative aspects to the issue:
Controlling UCE/SPAM is certainly a balancing act, one which we will be dealing with for years to come. We appreciate everyone's pro-active approach to the problem and stand committed to helping to reduce the clutter in your e-mail inbox.
There are some e-mail hoaxes circulating the internet, regarding a person
trying to get money out of a foreign country. They need your help and just
want to have an American contact to send the money to. Check the following
links for information about this scam:
FBI's Internet Fraud Complaint
United States Secret Service
The state of California has a "Business and Professions Code" in effect, that
you can view at
THIS LINK. Specifically, you may want to look at Section 17534 or Section
Filter incoming e-mail
Many e-mail programs allow the 'filtering' of incoming messages to your system. Here is a tip that shows you how to filter incoming e-mail with Outlook Express:
Let's say you often get unwanted mail from email@example.com. You tell them to stop sending you the mail, but it never stops. Run Outlook Express and choose Tools, Inbox Assistant. When the Inbox Assistant opens, click Add. Now, click in the From entry box and type in:
Select the check box labeled Move To and then click Folder. Select Deleted Items and click OK. Now, click OK again to get back to Inbox Assistant. Your new description will read "If From contains 'firstname.lastname@example.org,' then move to 'Deleted Items'." Click OK to accept this condition and close the dialog box. From this point on, all mail from email@example.com will go directly to Deleted Items without ever appearing in the Inbox.
Get on 'opt-out' lists
Many reputable companies are attempting to answer the barrage of complaints about SPAM and UCE by providing 'opt-out' lists. These lists are designed to prevent you from getting on mass-mailing lists, hence reduce the amount of SPAM and UCE to receive.
Although this is a movement in growth, and a lot of your SPAMmers won't be using this technique, it is a start. Here's an example of an 'opt-out' mailing list company: Direct Marketing Association
Get Help from the Big Guys
Here's a novel approach that might catch on... A company is using the 'popularity' of the anti-SPAM movement to make a name for itself. If you send a copy of the SPAM or UCE to the following address, they forward it on to the government: spamrecycle@ChooseYourMail.com
This e-mail address is supported by a web site called The Spam Recycling Center
There is also a site that will send the "stop spamming me" mail for you, it's located at SPAMCOP.NET.
C.A.U.C.E. Coalition Against Unsolicited
Spam Abuse Net
SPAM-News Media Alert List -
A mailing list to keep you informed about SPAM news. To subscribe, send a message to SPAMfirstname.lastname@example.org with the following information in the BODY of the message: Subscribe SPAM-News [your email address here]
Also, be sure to read the Usenet newsgroup news.admin.net-abuse.email
If you suspect illegal activity -
There is a group called the FBI "SAFETeam", a group specifically designed to look into internet related crimes:
email@example.com (attn: SAFETeam)
310-477-6565 ext. 4120