Section 3: Customer Anti-Spam Responsibilities
by Frank Durda IV

[Copyright 2002,2003,2004 Frank Durda IV, All Rights Reserved.
Mirroring of any material on this site in any form is expressly prohibited.
The official web site for this material is:  http://nemesis.lonestar.org
Contact this address for use clearances: clearance at nemesis.lonestar.org
Comments and queries to this address: web_reference at nemesis.lonestar.org]

I. EVERY Internet user has the power and should reward Internet providers that don't tolerate abuse and punish those providers that do.

Any Internet customer (and that includes individuals and businesses who buy services from Internet Service Providers (ISPs) or other connectivity providers, and ISPs and other entities who in turn buy connectivity or peering from larger ISPs or carriers/backbone providers) should examine the Terms Of Service and Acceptable Use Policies of the companies that there are getting connectivity from. If these policies seem to lack strong enforcement against abuse of the network OR you have actually encountered this companies reluctance to deal with an abuse problem, terminate your connectivity purchases from this organization and get service from some other company who will take positive and aggressive action when there is abuse.

If you decide to terminate service because of spam problems, be sure to tell the provider why you are terminating service and what you feel they need to change.

This may not sound like you are doing very much, but combined with other tactics, a sizable backbone provider called AGIS was almost driven out of business a few years ago, entirely because they not only refused to disconnect a spammer but actually helped the spammer to avoid the spam blocks established at other Internet Providers. Eventually AGIS relented and disposed of their liability (the spammer), but their lack of prompt enforcement cost AGIS dearly and they are still parts of the Internet that won't route traffic to and from AGIS because of that incident.

Don't wait for your provider to become an unreachable network, also known as "radioactive", because of their lack of aggressive response to spam problems coming from their own customers. If they are having abuse problems that they clearly won't address, leave now.

II. The Internet Users connectivity shopping checklist.

If you are an individual, a business or even an Internet Provider that is looking to purchase service from a connectivity provider, when considering factors like the cost and service availability, be sure to evaluate these items too:

1. Have you had trouble getting this very company to stop a spammer or other abuse coming from their network in the recent past?

   If you reported an abuse incident and all you got back was a form letter saying that they might investigate your complaint in the next five business days or you got no reply at all, this provider is not serious about dealing with abuse and doesn't deserve your business.

2. Is their Terms Of Service or Acceptable Use Policy that they want you to agree to weak and ineffective when it comes to abuse?

   Spammers love weak contracts with weak Acceptable Use Policies that can be disputed, which can allow the spammer to keep their service running while waiting on legal squabbles that could drag on for weeks or months. In the meantime, the spammer has nothing else to lose, so the spammer will spam like there is no tomorrow.

   If you can see ways that you could spam or cause other abuse without violating the agreement, that Internet Provider should not get your business.

3. Are you receiving spam now that originated on that providers network?

   If the network already has a spam problem, why are you expecting the abuse situation to get better after you pay them money? The fact is that if the provider already has a spam problem that is not being seriously addressed, you giving that company money won't improve the situation. Seek another provider.

4. Does the netblock registry for this provider fail to show detailed assignments of the netblocks that are assigned to their customers, and instead the provider simply lists only the entire master netblock of address space as belonging to the provider, with no visible detail at all?

   Spammers love to hide behind providers that won't publicly identify individual netblock assignments. This is because while other Internet Providers may hesitate to block 16,000+ IP addresses (or more) because of spam coming from a few addresses in that 16,000, those other Internet Providers would not hesitate to block the 16 IP addresses that they can see are assigned to the place where spam is consistently coming from. (The Internet Provider doesn't and should not have to disclose that this block is used by John Smith who lives at 123 Any Street with phone number 800 555-2121, while this other block is used by to Jill Schmidt, along with all her private information. Just having the Internet Provider disclose that there are smaller blocks inside the big one is more than sufficient to allow other Internet Providers to take unilateral (but limited) defensive action when spam or other abuse appears.)

   When an Internet Provider doesn't allow other Internet Providers to be able to determine how much address space is assigned to an active spammer, that Internet Provider is effectively assisting and defending the spammer. That attitude can also result in mail being blocked for non-spamming customers of that pro-spamming Internet provider when the other Internet Providers just throw up their hands and block all access from all IP addresses at the uncooperative Internet Provider.

5. Are you having trouble sending mail, reaching web servers, or getting mail from clients on that providers network now?

   All of these are symptoms of a provider who is already having abuse problems on their network that they are not addressing, issues that have gone on so long that it has caused other providers and carriers to block connectivity to that provider. Even your current provider may have decided that blocking traffic from a troublesome provider is worth the small amount of pain of having a few of their customers complaining about not being able to reach the provider with the spamming problem.

   You might contact the Policy Enforcement department of your current provider and ask if they are aware of any recent or current abuse issues with the provider you are thinking of switching to.

   If you find that your current provider has blocked some other provider due to abuse, switching to the provider that is having the abuse problem is probably not the best move. If your Internet Provider has blocked a provider with an abuse problem, it is likely that numerous other Internet Providers have them blocked as well.

III. The Internet Users spam handling responsibilities.

Although your Internet Provider can be doing many things to prevent your computer from being hijacked by spammers or hackers, and your Internet Provider should be doing things to filter spam before it reaches your mailbox, some spam will still reach your mailbox. How you respond to the spam that you receive is the key to whether the spammer benefits from you or not. Here are important guidelines to use when you receive spam:

1. Never, ever buy anything from anyone who offers you products unsolicited. Don't even show any interest. Each person who buys something from a spammer funds the spamming of millions of others. Do not encourage spammers.

2. Never, ever respond to or participate in any offer or arrangement that:
   • Arrives unsolicited,
   • Claims to have been sent only to you, or
   • States that it is important that you not tell anybody else about the offer or opportunity.

   This is likely someone trying to defraud you. No one is going to give you money for you doing little or nothing, and certainly not in exchange for you giving them your bank or credit card account number.

3. Never, ever send mail to the "Remove" or "Unsubscribe" address in spam. All this does is let the spammer know that your mailbox does work and its contents are read. The spammer can then send you more spam, and sell your address to other spammers, allowing the spammer to make money off you even if you don't buy anything.

4. Never, ever call the toll free number in a spam that offers to take you off the spammers mailing list. If you call this number from your house, the spammer now knows what e-mail address goes with what telephone number (the spammers have Caller ID or something better than Caller ID, called ANI), and with a telephone directory search the spammer can then determine your full name, all information that can be used to send you even more spam, not only in e-mail, but via postal mail and by telephone. The spammer can also then sell this collection of information about you to other spammers.

5. Never, ever write to the postal address (frequently an address in Florida, California or Virginia) that appears in some spams that offers to take you off the spammers mailing list. If you send mail to the spammer, the spammer will know that your mailbox works, and if you include your postal address or your name in the letter you send (which the spammers invariably ask you to include in your removal request), the spammer can now determine that this e-mail address goes to the same person living at this street address, and from that the spammer can determine your telephone number. The spammer will not only use all three methods to spam you from now on, but will sell that information to other spammers.

6. If you receive spam, just delete it. If you want to report it to someone and your Internet Provider will accept such reports (good Providers will), send the complete spam (including all headers of the spam intact) to your Internet Provider and let them take actions against the spammer. (If your Internet Providers lacks such service, maybe you need a different Internet Provider.)

   There are a couple of exceptions. In the United States, some government agencies are interested in receiving copies of spams that you have received that involve illegal activity. For example, unsolicited investment or "hot stock tip" spams should be sent to enforcement@sec.gov. Check with your national law enforcement for instructions on how to report fraudulent and other illegal activity.

7. If you want to complain about a piece of spam to someone other than your Internet Provider, never, ever reply to spam directly. Even if you want to just complain to the Internet Provider where the spam came from, use SpamCop or a similar service that will help conceal your address from the spammer, who may get to see your complaint. Again, you must include the complete headers of the spam if you expect anyone to be able to investigate your report.

   Note that these double-blind services are not perfect. Sometimes spammers will put unique numbers and codes throughout the spam message so that they can figure out who is complaining about the spammer even if the addresses in the headers are obscured, and if the spammer is able to determine who is complaining about them, that will only get you more spam, not less.

   Some Internet Providers and backbone providers refuse to accept spam or other abuse reports that pass through double-blind reporting services. In general, these Internet Providers will not disclose your identity to the spammer, but there are a few "pro spammer" Internet Providers who will inform their customer (the spammer) of exactly who is complaining about the spamming activity.

   When you encounter a pro-spammer Internet provider, the best action is to make sure that you never ever buy services from that provider and that you immediately cancel any services you currently obtain from that provider. In some states, you can use this as a way to terminate contracts that you have with such a provider, without penalties.

   Avoid reporting spam that was relayed through, originated on, or has a web site at a site in a country that doesn't speak the same language as you. The operators of that Internet Provider are likely to ignore your complaints or simply pass them on to the spammer with no other action, and now the spammer has the opportunity to know who is complaining about them.

8. Never, ever mail chain letters to others, even if you apparently got the mail from someone you know. Spammers (and sometimes hackers) utilize chain mail to collect the addresses of dozens of people who know each other. Many Internet Providers prohibit their customers from participating in chain letters, so you could lose your own Internet account if you send chain letters to anyone (other than to your Internet Provider).

9. If your Internet Provider provides a way to send a simulated "bounce" back to a spammer, use that service. Although many spammers put false return addresses on their messages, a few use valid return addresses and will stop spamming an address from which they receive a bounce.

IV. The Internet Users spam prevention responsibilities.

Every user of the Internet can take deliberate steps that will help prevent spammers from locating your mailbox, and can prevent spammers and other hackers from taking over your computer and using your own computer to spam or attack others. Although your Internet Provider can do some things, it is your responsibility to make it hard for spammers to locate your mailbox, and your responsibility to protect your computer from being used by spammers and hackers.

Here is a list of effective measures you can take to protect your mailbox and your computer:

1. If you get to pick your mailbox address, don't use a common word or proper noun for your mailbox name. For example, JSMITH is always going to get a lot more spam than JZ6SMITH. Businesses sometimes want to use common mailbox names like "info" or "sales", but using a "getinfo" or "ask4sales" address or something other than plain words will cause that mailbox to receive less spam.

2. Make sure that you have selected strong passwords for your Internet accounts. At least one in five Internet accounts are protected with passwords so weak that they can be guessed immediately by knowing some details about the account holder or can be guessed in a few dozen tries by checking passwords that are commonly used.

   Never use a password that consists of the account name, any part of your name or the name of anyone else in your household. Do not use your telephone number, house number, or other information that someone could determine if they knew your name. Don't use dates for passwords that are part of public records or dates of famous events. Don't use the names of local professional sports teams or star player names in passwords. Always make your password impossible for others to guess. If your Internet Provider offers a way to generate a hard to guess password, take advantage of that service.

3. Make sure that you change all of your Internet account passwords at least once a year, although experts recommend doing it a lot more often than that. If you have multiple accounts or multiple sites that you visit where you must enter a password, avoid using the same password at all of them. This can be a hassle, but will limit what damage can be done by hackers or spammers in case one of your passwords is guessed or becomes known.

4. Change your mailbox address from time to time, particularly if there sudden increase in spam coming to that mailbox. For businesses, changing addresses may not be practical, but for individuals it is usually not too much trouble to tell your friends that your mail address has changed. If your Internet Provider offers dated mailbox services, consider using them as they are very effective in blocking spam.

5. Make sure that you are only sending mail to people you know. If you are replying to a piece of mail from a friend, delete any Cc'ed addresses that you don't know from that mail when replying. Also be aware that a piece of mail may say that it is from a friend, but look at the e-mail address carefully and make sure that any reply you make will really be going to where you think it should go, and not to some unlikely address, such as an address in a country other than the one your friend is in.

6. Don't blindly forward mail you receive to different people, and avoid anything that looks like a chain letter. These messages can gradually accumulate large numbers of addresses, and spammers only have to come across one copy to get every address of the people who handled that message.

7. If you post to USENET news (in any group), always alter the name portion of your e-mail address and leave the domain name (also known as the Right Hand Side of the address) intact. For example, change "j6mith@myisp.net" to "hatespam.j6mith@myisp.net" or "dropthispart.j6mith@myisp.net". Be sure that whatever you pick can't possibly be someone else's e-mail address.

   Spammers search USENET posts looking for addresses that they can spam. Addresses used in USENET posts that are not altered will start getting spam in as little as 48 hours and start receiving copies of viruses in as little as TWENTY MINUTES!

8. Using IRC, peering systems, and other chat services are all monitored by spammers to collect e-mail addresses. Use these systems with extreme caution as you could start getting spam (or your computer could be under hacker attack) within a few minutes.

9. Using your real e-mail address on public message boards (such as those on Yahoo), can also make your address available to spammers. Avoid this if at all possible. Consider getting a throw-away mail account somewhere that you use only for accessing these message boards and keep your main mail account for your private correspondence.

10. Make sure that unneeded mail services on your computer are disabled. UNIX and UNIX like systems with sendmail or similar mail server software must disable that software's ability to accept mail on port 25 (the SMTP port), unless you specifically need that feature. Windows systems also have similar mail server and mail relaying capabilities as well, plus innumerable security vulnerabilities that can be exploited by spammers and hackers. Regardless of the operating system and software that you use on your computer, if you leave port 25 enabled, make sure your mail server software has the relaying capability disabled.

11. Do not run SOCKS or any other proxy or any remote access software unless you are completely sure that only you can access your system using that software. Many of these software packages have hidden access doors that allow anyone in the world to access your computer and can then use your computer without your knowledge (some proxy packages even make their presence known by broadcasting an alert so that the hackers and spammers will know exactly where your computer is on the Internet), so be extremely cautious if you must run this type of software.

    Many Internet Providers forbid customers from running such software, or the Internet Provider requires that such software be configured so that only the customer can operate and use the proxy.

12. In the software you use to read mail, always disable any included (but hazardous) features like Active-X, Java, Javascript, automatic URL fetching, auto-preload and anything else that will run programs or access web sites based on instructions contained in the mail you receive. Not only can these immediately alert the spammer that you have read the mail, these "features" of your mail program can install viruses and other undesired software on your computer. Microsoft Outlook is probably the worst mail program in this respect because of its ability to do things without asking you for permission first. Netscape 7 also has significant issues that directly benefit spammers in finding out more about you. Consider using other software programs to read your mail. (Mozilla and Eudora are both good choices, as both resist many of the spammers tricks that would have Microsoft Outlook telling the spammers every confidential detail about you that it can find on your computer.)

13. Ask your Internet Provider to restrict inbound port 25 access (as well as blocking the other ports that can be used to compromise and exploit Windows-based computers). Doing this prevents outbound spamming and reduces inbound spamming and hacking. (Details on how the Internet Provider can do this are found elsewhere on this web site.)

14. Ask your Internet Provider about any "hints" that they add to mail that they place in your mailbox. Some Internet Providers add a warning to the headers of messages that the Internet Provider (or other spam reporting services) suspects of containing spam. These headers usually start with the phrase "X-RBL-Warning". Most mail reading software packages allow you to specify that mail containing certain headers or certain words in the message should be discarded without being shown to you, so you can filter your mail if this warning is present.

15. Ask your Internet Provider if they provide any customer configurable mail filtering. Most Internet Providers don't provide this feature on standard mailboxes, but some offer offer it as an extra cost option. If your mail software can't do mail filtering to your satisfaction, consider upgrading to one of these fancier mailboxes and let the Internet Providers mail equipment handle some of the spam filtering for you.

16. If you have a web site, avoid putting your e-mail address anywhere on any web page you build, because spammers use automated software to search web pages for e-mail addresses. If you put an address on a web page in the form myname@myisp.net, that address will start getting spam in as little as 15 days.

    You can conceal addresses on web pages and in other publicly-visible messages from these address-reaping programs simply by not using @ in the address. Instead, use " at " as in "j6mith at myisp.net". A human who reads your web site will figure out how to send you mail if they really want to. The spammers software that scans your web site won't even realize that "j6mith at myisp.net" was a mail address.

    Do not use HREF or other HTML tags that contain your e-mail address and avoid using the "mailto:" mechanism. If you want customers visiting your web site to be able to send mail to you, allow messages to be sent to you directly from your web page using a CGI. If you do this, use a CGI that is safe. Some CGIs, such as FORMMAIL, should be avoided due to known security flaws that allow spammers to use your web site to send spam to others. Many Internet Providers now ban all versions of the FORMMAIL CGI since it seems to be fundamentally flawed.

17. If a major business (such as a national Pizza chain) that you frequently buy goods or services from sends you spam (without your permission), warn the local store management that you will never buy anything from their company EVER again if the spamming is repeated, or if you discover that they have sold your address to others. If they spam you again, you know where to move your patronage. It's reasonably safe to write to the headquarters of such companies when they send you spam, and they will usually apologize and might give you some free pizza coupons for your trouble. If the spamming continues, a letter to the editor of the local newspaper (that includes a copy of the corporations letter that promised not to spam again) is always a nice way to embarrass a corporation that should know better.

18. Of course, write to your congressman and senators and tell them that you want strong laws enacted that prohibit the sending of unsolicited commercial e-mail *period*, not some scheme where you have to "opt-out" or something to get control of your mailbox back. Say you want legislation with specific civil and criminal penalties against the sender and the benefactor of spam. Tell your representatives how much money and productivity that spam is costing you or your business. Although the spammers contribute heavily and lobby government representatives in order to keep laws prohibiting spam off the books, enough voices might sway your representatives to do something constructive about spam.

This information is provided by the author and contributors "AS IS" and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the author or contributors be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods of services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this information even if advised of the possibility of such damage. There is no obligation to provide any form of support, updates or assistance, and such queries may not receive any acknowledgment.

Related Topics

Section 4: Internet Customer Anti-Spam Firewall and Router Configuration (HTML) [NEXT]
(NOT YET AVAILABLE)

Section 5: Internet Provider Anti-Spam Responsibilities (HTML)

The Anti-Spam Index (HTML)

[Copyright 2002,2003,2004 Frank Durda IV, All Rights Reserved.
Mirroring of any material on this site in any form is expressly prohibited.
The official web site for this material is:  http://nemesis.lonestar.org
Contact this address for use clearances: clearance at nemesis.lonestar.org
Comments and queries to this address: web_reference at nemesis.lonestar.org]

Visit the nemesis.lonestar.org home page and index