SPAM or UCE


SPAM: Originally defined the act of excessive message posting across Usenet Newsgroups (more specifically, the posting of the same message in multiple newsgroups). Now it used most often to refer to the act of sending multiple messages to a user or domain.


UCE: Unsolicited Commercial E-Mail, E-Mail received from a site advertising their services/products, that you didn't request. Usually e-mail addresses are culled from mailing lists or newsgroups. These messages are usually hard to trace back to their origins or were sent with temporary internet accounts to prevent retribution.

Click on one of the following topics to go to that area of this page, there is a lot of stuff here (and a lot of it is technical), please forward any comments, suggestions, additions, and errors to: HELP!.

Urban Legends
General Info about SPAM/UCE
How to find the *source* of SPAM/UCE (Locate the Site)
Who to complain to?
Other Solutions to the SPAM/UCE Problem
Some links to help you out



Urban Legends

Although not technically SPAM or UCE, this annoying bit of e-mail does generate the same traffic, as well as paranoia. Here is an example of a phoney e-mail sent out, probably for the express purpose of scaring people into forwarding it as many times as possible...who knows why, maybe just for the humor aspect or to gain some sort of notoriety.

> If you receive an e-mail titled "Win A Holiday" DO NOT open it. It will
> erase everything on your hard drive. Forward this letter out to as many
> people as you can. This is a new, very malicious virus and not many
> people know about it. This information was announced yesterday morning
> from Microsoft, please share it again by passing this along to everyone
> in your address book so that this may be stopped.

The 'facts' stated in the above message really aren't true (as long as you have the latest updates and security patches to your e-mail software). The following general rules apply to e-mail and attachments:

1)  You cannot reformat your hard drive just by *reading* an e-mail
    message
2)  No actions will occur to your computer just by *reading* an e-mail
    message
3)  However, any attachments that you receive from untrusted sources
    should be checked with a virus scanner, since many attachments are
    'executable' files, you run the risk of data loss if you just run
    attachments without checking first. 

Be advised, though, some newer e-mail virus' are becoming more deadly. They are taking credit for the fact that many e-mail programs have a default 'preview' window, which opens the e-mail automatically when the title is highlighted in the list of available e-mail messages. This can launch an e-mail virus, which can cause problems to your computer and operating system. The best advice in this case is to turn off any 'preview' windows and ALWAYS run a virus detection program.



General Background

Unsolicited Commercial E-Mail (UCE) and SPAM are 2 components of the internet that are different things to different people. To some it's a bother and invasion of their privacy, to others it's a marketing tool and a way of doing business.

At Surfari Internet we do not condone nor support UCE or SPAM techniques and actively take action to prevent unwanted e-mails from entering our system. Do realize, though, at the present time neither technique is illegal in the United States. What these people are doing may be annoying to you, but there is no present legal precedence to stop these techniques (although there is pending legislation to control these processes).

Although Surfari Internet has tecniques and controls in place, they are not 100% effective. Surfari Internet will do what it can to limit unwanted e-mail, but the user is generally the first line of defense.

If you receive UCE/SPAM and no longer wish receive it, it is requested that you take the first step. Attempt to remove yourself from the mailing list (if that is an option) or send e-mail back to the sender indicating you no longer wish to receive such mailings. You may have to do a little bit of detective work in order to do this, specifically you'll have to take a look at the 'message headers' of the e-mail. This is done within your e-mail program, usually a selection within the 'read' options/setups that gives you the opportunity to 'see full headers'.

It is easy for offenders to forge headers to make it look as if an e-mail has originated from a specific domain and in most cases you can quickly determine the *real* source of the e-mail. This information is hidden in the header of each e-mail.



Locate the Site!

Here is an example to help you determine the source of the e-mail. Please note that example IP's and company names are used for demonstartion purposes only and any coincidence is purely unintentional.

------EXAMPLE E-MAIL HEADER-----

Received: from cachecow.surfari.net (cachecow.surfari.net [207.114.135.2])
	by mail.surfari.net (8.8.5/8.8.5) with ESMTP id NAA28366;
	Sun, 23 Nov 1997 13:13:15 -0800
Received: from relay.spam.com relay.spam.com [111.111.111.111])
        by ispam.com (8.8.5/8.6.5) with SMTP id GAA08489
        for ; Sun, 23 Nov 1997 13:10:51 -0800
Date: Sun, 23 Nov 97 13:00:51
From: fake_email@some_poor_domain.com
To: poor_end_user@somewhere.com
Subject: MAKE A MILLION IN A MINUTE
Message-ID: <5.0.52.19970526663666.666a6e97@ispam.com>
Reply-To: this_address_does_not_exist@wolly.com
X-PMFLAGS: 34666848 0
X-UIDL: 3273376668a65eb1890m0762123a
Comments: Authenticated sender is 

-----END E-MAIL HEADER-----

Analysis

Received: from mail.surfari.net (mail.surfari.net [207.114.135.2])
	by cachecow.surfari.net (8.8.5/8.8.5) with ESMTP id NAA28366;
	Sun, 23 Nov 1997 13:13:15 -0800
The first *Received* line will indicate which mailserver was the last in the chain and has delivered you the e-mail, together with the IP address of the source of the e-mail (which in our example is 207.114.135.2). Remember just because a mailserver has delievered you an e-mail does not mean it is the offender in question.

In the example above you can see that although the e-mail was relayed by spam.com, it was received from IP 207.114.135.2. If you were to look up this IP address you would see it belongs to Surfari Internet Provider Services.

This lets you know that cachecow.surfari.net was sent this mail from Surfari Internet's mailserver. Surfari Internet is just as much a victim of SPAM as you.

Received: from relay.spam.com relay.spam.com [111.111.111.111])
        by ispam.com (8.8.5/8.6.5) with SMTP id GAA08489
        for ; Sun, 23 Nov 1997 13:10:51 -0800
The line above tells you that the mailserver before mail.surfari.net was called relay.spam.com. Now this can mean that either relay.spam.com was just another innocent mailserver being abused or it was in fact the source of the e-mail. If relay.spam.com was innocent, we may not know how many servers before it have also been used to relay the mail.

Date: Sun, 23 Nov 97 13:00:51
From: fake_email@some_poor_domain.com
To: poor_end_user@somewhere.com
Subject: MAKE A MILLION IN A MINUTE
Message-ID: <5.0.52.19970526663666.666a6e97@ispam.com>
Reply-To: this_address_does_not_exist@wolly.com
X-PMFLAGS: 34666848 0
X-UIDL: 3273376668a65eb1890m0762123a
Comments: Authenticated sender is 
This last part of the e-mail header usually contains information as to who sent the e-mail and who was supposed to receive it. Since most spammers will send the same e-mail to a list of users the *To* field may just contain a list name.

Naturally the From field and Reply-To fields will have non-existent addresses so no one can trace the real offender.



Who to complain to?

An e-mail may be routed through many servers before ending up in your mailbox and 99% of the time the mailservers are just doing their job of forwarding email to another mailserver or to a specified user. The mailserver does not know and can not distinguish genuine email from SPAM. This is the real problem.

Sometimes you can find names and addresses of people in the actual e-mail message itself, particularily if it is a money making scheme or an invite to a web site. If you find such a mention, contact the address or person mentioned and make your complaint. If it is a web address, e-mail their postmaster or contact their provider and state your case. The provider will generally take some action. Common addresses to complain to are:

abuse@domain.com or postmaster@domain.com

The nature of e-mail requires that out of courtesy mailservers relay email from other mailservers in order for an e-mail to reach its destination. Although steps are being taken to refine this old model and hopefully build mailservers that are a bit more intelligent and ultimately help reduce the relaying of SPAM, the problem of SPAM is not an easy one to tackle.

Companies who run mailservers can and most are also the victims of SPAM and different companies use different means to tackle the problem; from banning IP's to taking legal action or cutting off services to offenders. However there is no definitive way to stop Spam at this moment in time.

The best way to deal with spam is to try to make some sense of the e-mail headers and forward the original e-mail to each mailserver that you can identify in the header. If you can identify the domain of origin of the SPAM tell their postmaster that you are not happy with this situation and hopefully, collectively, they will take some action.

Try not to get to angry about it as this will achieve nothing and remember that most mailservers involved in a case of SPAM will always be willing and wanting to stop the unauthorised use and abuse of their systems as well.

If all else fails, Surfari Internet could possible block the offending domain from sending e-mail to our site. This has positive and negative aspects to the issue:

Positive Aspects

  • You can be fairly assured that you won't receive e-mail from that site
  • The offending site will eventually get the idea that most people aren't interested in this sort of activity and cease it's actions
  • Negative Aspects

  • If this is a site that hosts both private and business accounts, you will not be able to communicate with anyone on that site
  • The site administrator might take blocking mail as a sign of agression and attempt one of many possible offensive actions against your e-mail or our site
  • Controlling UCE/SPAM is certainly a balancing act, one which we will be dealing with for years to come. We appreciate everyone's pro-active approach to the problem and stand committed to helping to reduce the clutter in your e-mail inbox.

    There are some e-mail hoaxes circulating the internet, regarding a person trying to get money out of a foreign country. They need your help and just want to have an American contact to send the money to. Check the following links for information about this scam: FBI's Internet Fraud Complaint Center -or-
    United States Secret Service

    The state of California has a "Business and Professions Code" in effect, that you can view at THIS LINK. Specifically, you may want to look at Section 17534 or Section 17538.4



    Other solutions to the SPAM/UCE problem

    Although you may never be able to stop the incoming barrage of junk e-mail, there are a few things you can do to limit your contact with it.

    Filter incoming e-mail
    Many e-mail programs allow the 'filtering' of incoming messages to your system. Here is a tip that shows you how to filter incoming e-mail with Outlook Express:

    Let's say you often get unwanted mail from scam@pyramid.com. You tell them to stop sending you the mail, but it never stops. Run Outlook Express and choose Tools, Inbox Assistant. When the Inbox Assistant opens, click Add. Now, click in the From entry box and type in:

    scam@pyramid.com

    Select the check box labeled Move To and then click Folder. Select Deleted Items and click OK. Now, click OK again to get back to Inbox Assistant. Your new description will read "If From contains 'scam@pyramid.com,' then move to 'Deleted Items'." Click OK to accept this condition and close the dialog box. From this point on, all mail from scam@pyramid.com will go directly to Deleted Items without ever appearing in the Inbox.

    Get on 'opt-out' lists
    Many reputable companies are attempting to answer the barrage of complaints about SPAM and UCE by providing 'opt-out' lists. These lists are designed to prevent you from getting on mass-mailing lists, hence reduce the amount of SPAM and UCE to receive.

    Although this is a movement in growth, and a lot of your SPAMmers won't be using this technique, it is a start. Here's an example of an 'opt-out' mailing list company: Direct Marketing Association

    Get Help from the Big Guys
    Here's a novel approach that might catch on... A company is using the 'popularity' of the anti-SPAM movement to make a name for itself. If you send a copy of the SPAM or UCE to the following address, they forward it on to the government: spamrecycle@ChooseYourMail.com

    This e-mail address is supported by a web site called The Spam Recycling Center

    There is also a site that will send the "stop spamming me" mail for you, it's located at SPAMCOP.NET.



    Links to help you out

    Here are some links to help you in your fight against SPAM and UCE:

    C.A.U.C.E. Coalition Against Unsolicited Commercial Email
    Spam Abuse Net
    Hater, a program to 'get back' at SPAM Authors
    The Anti-Spam HOW TO
    Stop Spam FAQ
    The Email Abuse FAQ
    Fighting Email Spammers
    SPUTUM Tools Page anti-Spam tools interface (personal)
    Earthlink's Anti-Spam Resources Page
    "Get that Spammer!"
    SpamCop.Net
    Good article on how you get on spam lists
    REMOVEYOU.COM, a company that helps remove e-mail addresses from mass-marketing lists
    Death to Spam by Alchemy Mindworks

    SPAM-News Media Alert List -
    A mailing list to keep you informed about SPAM news. To subscribe, send a message to SPAM-news-request@concordia.ca with the following information in the BODY of the message: Subscribe SPAM-News [your email address here]

    Also, be sure to read the Usenet newsgroup news.admin.net-abuse.email

    If you suspect illegal activity -
    There is a group called the FBI "SAFETeam", a group specifically designed to look into internet related crimes:

    los.angeles@fbi.gov (attn: SAFETeam)
    or
    310-477-6565 ext. 4120

    Page Updated On