Crimes of Persuasion

Schemes, scams, frauds.



Blocking and Reporting Spam

While most people simply ignore spam ( unsolicited e-mail ), others take an active role in shutting it down through both blocking techniques and reporting it to both authorities and the underlying service providers who can effectively close down the spammers' accounts. Even I had a complaint lodged against me for sending out my newsletter to someone who didn't remember subscribing.

List brokers and individuals who send spam use many tools and techniques to gather e-mail addresses wherever they appear online. Here are some suggestions to help you reduce the amount of spam that you receive.

Do:

blue bullet point   Remove yourself from any unprotected member directory.
blue bullet point   Open another e-mail account that you can use as an address for newsgroup and listserve publications or for posting on bulletin boards.
blue bullet point   Use the "Block Sender" option in Hotmail to block the delivery of e-mail from a specific sender.
blue bullet point   Use the Junk Mail Filter feature of Hotmail to filter spam into your Junk Mail folder.

Don't:

blue bullet point   Use your primary account to post to an online service or any Internet bulletin board.
blue bullet point   Use your primary account to post in a Usenet newsgroup or mailing list.
blue bullet point   Spend time in chat rooms or an online service that displays your address of your primary account.
blue bullet point   Include yourself in an unprotected member directory of an online service (the Hotmail Member Directory is protected because we do not display member addresses).
blue bullet point   Reply to unsolicited e-mail messages with a "remove" request because this only validates to the sender that your address is current.
blue bullet point It is advisable not to open the Spam mail because the sender can still validate your email address even if you don’t reply to it.

You can keep up to date with the fight against spam at:  http://www.cauce.org/

Spammers rarely use their regular e-mail addresses for the following reasons, among others:

  1. Their Internet Service Providers will realize they are spamming, and will take steps to prevent future spam (for example, by deleting their e-mail accounts)
  2. Spammers could become the victims of mail-bombing, as thousands of irate recipients strike back with messages of their own

Spammers therefore rely on anonymous e-mail addresses such as those available from free e-mail providers. Sometimes the addresses you see on spam messages are invalid (faked).

It is important to realize where the responsibility for spam lies. Spammers are often reasonably skilled frauds and thieves as well as highly annoying. Many have developed specific strategies in order to avoid responsibility for their actions, or to avoid mail blocking and filtering:

  1. They relay Spam messages off the mail server of an innocent third party. This technique requires an "open relay".
  2. They use the "drop box" strategy. This consists of sending mail out from an account that allows Spam, but putting another address in the "Reply to:" message header, so that anyone replying to the message is actually sending mail to an account that did not originate the Spam. Many spammers want to send out ads or sales info and do not expect a reply. By drop boxing they are forging their e-mail addresses and relieving themselves of accountability. Recipients should always check the full message headers to determine the origin.
  3. Spoofing. This fairly complex technique makes a message appear as if it is coming from an address that did not originate the message.
  4. Including a paragraph claiming that the law sanctions Spam as long as there is a "remove from list" address in the Spam message. Do not fall for this trick, as the "remove from list" address is almost always a sham. Not only do you generate useless traffic if you try to remove yourself from a large number of "lists", but in some cases they will be delighted to put an "active"; mark next to your name on their address databases upon receipt of your complaint. Spammers are dishonest people employing dishonest tactics. Don't trust them, report them.

SpamCop - report violators to their service provider.

SpamBlocker

SpamMotel

AbuseNet

HushMail - secure mail has a free option but lots of spam gets through even without using it.

http://www.cauce.org -- the Coalition Against Unsolicited Commercial Email.

http://www.efuse.com/Grow/postage_due.html -- Spam and the damage it causes

Rex Tincher's AntiSpam -- Comprehensive links and information on Spam

MailToProtector - a program for hiding email addresses on your website from extractors.

www.junkfax.org/ - Info and resources on stopping junk faxes.

Determining the origin of Spam

It is extremely important to identify the origin of a message. A useful technique in doing this is the correct analysis of the message headers contained in every e-mail message, which provide useful information on the message's origin and path. A little training is required to read message headers, but the links below should furnish the necessary information in a matter of minutes:

http://www.pop-cram-spam.net/SMTP.htm -- reading message headers.

http://samspade.org/ -- several useful tools available here


Reporting Spam Directly to E-mail Service Providers

Sometimes you can tell which service provider is being abused by looking at the ending of an email address such as ima_scammer@hotmail.com or nigerianprince@onebox.com.

By contacting the provider and having them close the scammers account ( which they are happy to do for abusing the conditions of service ) you can deprive the con of the numerous potential victims contacted using that address, provided they have yet to be lured into giving up their own contact location. Please send along appropriate contact addresses if you know them for this list.

Please be sure to forward the entire body and subject of the spammed email with the headers, subject, any URL, and the content to:

1) Original subject line. Please forward the email with a subject identical to the original subject.

2) Complete headers. Email programs often display abbreviated headers.

To learn how to display the full headers in a Yahoo! Mail account:

If you are using a different client to read your email, please consult your email program's help system for more information on viewing full headers.

3) Complete message body. Please include the complete, unedited content of the email message in question. Please do not change or edit the message in any way.

support@onebox.com   abuse@outblaze.com mail-abuse\\yahoo-inc.com
abuse@register.com abuse@geocities.com abuse@microsoft.com  

Major Reputable Opt-in, Opt out List Providers

You may have inadvertently signed up for offers and information and found yourself on a master list which is then resold over and over. Relatively few honor your request but I will try to list them here.

Spam complaint boilerplate examples

http://www.chebucto.ns.ca/~af380/boilerplates.links.html -- Offers boilerplates for categories of Spam, so you don't have to write a whole new message every time you report abuse to an ISP or Web site.


Wham, Bam, No Thank You Spam

NEW YORK, 05/14/03 (Reuters) - The man known as the "Buffalo Spammer," who has allegedly sent 825 million unwanted e-mails, has been arrested and arraigned, said New York Attorney General Eliot Spitzer.

Howard Carmack, a 36-year-old resident of Buffalo, New York, entered not guilty pleas before a Buffalo City Court judge and bail was set at $20,000.

"We believe Carmack is one of the largest (spammers) and believe there are a significant number of them," Spitzer said in a conference call. "Spammers who forge documentation and steal identities of others to create their e-mail traffic will be prosecuted."

Spam, or unwanted e-mail hawking everything from herbal sexual stimulants to mortgages, has become a growing issue as it now comprises as much as 75 percent of online messages.

About two-thirds of the spam that jams up in-boxes contains deceptive information such as false return addresses or pitches for miracle cures and work-at-home schemes, according to a recent analysis by the U.S. Federal Trade Commission.

The Attorney General's office said in a statement its Internet bureau receives more complaints about spam than about any other Internet-related issue.

"Spam itself is not -- of itself -- a crime," Spitzer said. "What makes this criminal conduct is the intersection of spamming with forgery and identity theft."

Carmack was charged with: stealing the identity of two residents to open Internet access accounts with EarthLink Inc.; falsifying the business records of EarthLink; forging the headers of e-mail sent from the EarthLink accounts; and possessing a software program designed to create the forged e-mails, the Attorney General's office said in a statement.

Spitzer said his office worked with the Federal Bureau of Investigation and EarthLink, the nation's No. 3 Internet service provider. Last week EarthLink won a $16 million settlement and injunctive relief against Carmack in U.S. district court in Atlanta after a year-long investigation.

"He cost EarthLink more than $1 million," Spitzer charged. "And he opened in excess of 343 e-mail accounts using stolen identities."

The prosecution is the first by Spitzer under New York's identity theft statute, which was enacted in November.

The arrest comes as Louisiana Republican Rep. Billy Tauzin plans to introduce an anti-spam bill this week that is expected to move quickly through Congress.


Power to the Peephole

06/11/03 WASHINGTON (Reuters) - The U.S. Federal Trade Commission asked Congress on Wednesday for additional authority to fight the unwanted Internet "spam" that now accounts for up to half of all e-mail traffic.

In testimony before the House of Representatives consumer protection subcommittee, FTC commissioners said they need the ability to secretly investigate those who send deceptive e-mail and more leeway to go after spammers who send their messages across international borders.

Though several anti-spam bills have been introduced in Congress, the request seemed to catch lawmakers off guard. House Commerce Committee Chairman Billy Tauzin, a Louisiana Republican, said he was "surprised" by the FTC's proposal but was willing to "refine and improve" an anti-spam bill he had developed.

FTC commissioner Orson Swindle told the lawmakers that spam "has become the weapon of choice for those engaged in fraud and deception" and is "about to kill the killer (application) of the Internet, specifically consumer use of e-mail and e-commerce."

"Dealing with the emotional reaction of spam by millions of users requires our immediate attention before it gets out of hand," Swindle said.

E-mail marketers should be required to describe their products honestly and honor consumer requests to be taken off their contact lists, the commissioners said, while criminal penalties should be explored for those who falsify their return addresses.

The proposals "would provide more effective investigative and enforcement tools and would enhance the FTC's continuing law enforcement efforts," the five commissioners said in a joint statement.

Unsolicited, unwanted e-mail has skyrocketed in volume over the past several years, flooding users' in-boxes and costing businesses billions of dollars in wasted bandwidth. Internet providers and filtering companies say spam now makes up between 40 percent and 80 percent of all e-mail.

The FTC has used anti-fraud laws and a database of millions of spams to prosecute some 53 spammers over the past few years, but FTC commissioners said they need additional powers to go after the worst offenders.

Because many spammers close up shop and hide their assets once they realize they are being targeted, FTC agents should be allowed to investigate them in secret for a limited period of time, commissioners said, or at least delay notification. FTC agents should be able to review spam complaints amassed by Internet providers and given greater latitude to go after spammers who hijack others' accounts, they said.

The new authority to go after spam should be modeled after the laws that give the FTC jurisdiction over telemarketers, the commissioners said.

That means requiring spammers to honestly reveal who they are and what they are selling. And a greater authority to cooperate with other countries would make it easier to track spammers and other scam artists who operate internationally, they said.

The commissioners also are seeking changes in the law that would allow them to cooperate more closely with overseas authorities to investigate cases of cross-border fraud, many of which are carried out via e-mail.

"Cross border fraud legislation is a necessary element to make spam legislation effective," FTC Commissioner Mozelle Thompson said.

The FTC also said Congress should revoke an exemption in the law that restricts its authority over telecommunications firms and other "common carriers."


Spam Nazi Makes Millions on Manly Measurements

Check out this article on Davis Hawke aka Dave Bridger, he's been recruiting evil hordes of spammers to sell his penis enlargement pills, and these X*&/%X are making WAY too much money:

http://www.wired.com/news/business/0,1367,59907,00.html

Oh, and there's more. It gets weirder ...

Spam Nazi

Jeffrey Mathews 09/03


Conspiracy to Commit Spam Not AOK With AOL

06/24/04 - PA-UK - An America Online employee stole a list of 92 million customer screen names that was eventually used to send massive amounts of e-mail spam, prosecutors said in New York.

Jason Smathers, 24, was fired from his job as a software engineer for the internet service provider after being arrested at his home in Harpers Ferry, West Virginia, company officials said. He was charged with conspiracy.

Smathers, who worked at AOL’s offices in Dulles, Virginia, sold the list to Sean Dunaway, 21, of Las Vegas, according to a criminal complaint.

Dunaway, also charged with conspiracy, then used it to promote an internet gambling operation and sold it to spammers.

Dunaway made an initial appearance in federal court in Las Vegas. He was released and ordered to appear on July 23 before a US magistrate judge in New York. Smathers was to appear in court in Virginia.

Kevin Kelly, Dunaway’s lawyer, said Secret Service agents confiscated his client’s computer equipment after they took him into custody yesterday.

David Kelley, US attorney for Manhattan, said the arrests were two of the first prosecutions under federal legislation that cracks down on spamming. AOL is a division of New York-based Time Warner.

Each man could face up to five years in prison and at least £150,000 in fines if convicted.

Prosecutors did not say how much they believe Dunaway paid Smathers for the list but said Dunaway later paid him £60,000 for an updated version.

Dunaway offered the list to spammers, charging them £1,200 for lists with names beginning with a single letter, or £30,000 for the entire list, the complaint said.


The Spam Report 2003 - article

E-mail spoofing virus notifications - article


Crimes of Persuasion Victim Section