Canada's National Amateur Radio Society
"We're ALL about Amateur Radio!"

<Tous ensembles pour la radioamateur!>

Answers to your complaints about spam.....

The folks at LINUX.ORG  are going through the same difficulties as we are at RAC.ca

If you want to try to understand the problem please read the story below.

It says it all.

To return to the RAC frequently asked questions, click here

(The following is presented with thanks to Linux.org)

Question: I have received an unsolicited email message that says 'whoever0000@linux.org'. Why are you sending me this mail?

Answer: We aren't. Our privacy policy expressly states that we do not send unsolicited email messages from Linux Online.

Question: How can I be completely sure it isn't you?

Answer: In the headers of the mail, look for this:

Received: from linux.org (IP ADDRESS numbers of the spam relay)
by YOUR ISP
for YOUR EMAIL ADDRESS

Question: How can somebody send out spam using a @linux.org address without your authorization?

Answer: All a person needs to do is put whatever they want before @linux.org and they can spam all they want with it. All you need is a mail server. It doesn't even have to be yours.

Question: Have you tried to do anything about it?

Answer: About a day after the first complaints came in, we contacted our lawyer. His advice, in a nutshell, was 'ride out the storm'. There wasn't too much we could do about it without spending about 100,000 US dollars, just to start with. There is a problem of the absence of spamming laws in the US in every state, not to mention what laws may or may not exist internationally. That means that we'd have to prove that our rights had been violated or the law had been broken in some other way that doesn't have to do with spam per se.

Question: Why so much money?

Answer: There are some serious issues here. One is that we don't know exactly where the spammers are located. We know that they are using some legitimate servers to relay spam and we would have to subpoena those ISP's administrators. They would also have to monitor it and report to us. They're not going to do this for free. Some of the servers are outside the United States, so that complicates the situation tremendously. There are also a number of cable/xDSL users with compromised systems that are being used to relay the spam. A network administrator commented to me that there may well be 1000 or more of these compromised home systems relaying spam out there. The bottom line: To find the actual interested parties, to find and shut down their spam relays and locate and notify the owners of compromised machines would be a truly Herculean task. Probably more like a job for Sisyphus, actually.

Question: Why don't you go after the people at those phone numbers?

Answer: In all likelihood, as has been seen in these types of cases, the person who owns the number could claim that they did not tell the "spamming agency" to send the advertisement using @linux.org in the From: and Reply To: headers. In order to prove otherwise, we would have to subpoena their accounting records and find the name of the agency (if there actually is one) that was used -- it may well have been a cash transaction in which case there'd be virtually no record. In the end, the burden of proof is on us, not the accused spammer.

Question: There must be some advantage to using @linux.org in the From: and Reply To: header?

Answer: I don't see any advantage to using our domain. A spammer normally uses From: and Reply To: that do not accurately reflect where they have sent it from or where you can actually reply to them. However, it is fairly standard practice for a spammer to use "throw away" addresses, which are usually from on-line web-based email services. It is quite unusual for a spammer to use an address from a major website like ours. I hate to admit it but, apart from not getting traced, I believe the individuals who are sending these messages used our domain name intentionally to discredit and embarrass us. This is unfortunate because we're just a few people working long hours trying to provide information about Linux. They have succeeded in creating a lot more unnecessary work for us and probably in making us look bad in the eyes of people who don't know too much about how spam works.

Update: January 28, 2002

First, I thought we had a breakthrough about a week and a half ago when I started sending to complaint mail to contacts for the domains mentioned in some of the mailings. One individual wrote me to apologize and claimed that "these people told me they were all opt in addresses. We found out it was spam and we're not going to pay them". This, of course implied that there is an agency that's doing the spamming. When we asked him who it was, he refused to tell us. Lawyers have indicated that this individual has no obligation whatsoever to name names. So much for the concept I had that being a party to illegal activity was in fact illegal in and of itself.

As I mentioned, I am sending complaint mail to the contacts for the domains. One of the domains brought me to a website that was claiming to be an affiliate of a legitimate company registered with the Better Business Bureau. When I complained to this legitimate company about their "business partner", the spammer's website came down in a matter of hours. I was provided with the name of the individual but no name or phone number. This information was essentially useless but I was grateful to this company for at least pulling down the affiliate's website (no doubt he'll set up someplace else tomorrow).

I have also noticed that some rather annoying anti-spam software just sends hate mail back to the 'From:'. Seeing that the 'From:' is faked about 99.99% of the time, I wonder what wizard of computer science dreamed this one up. I would like to send some recommendations to the company that sells/distributes this software, but I don't know what software we're dealing with exactly: The complaint mail that comes has these two paragraphs in it:

I have received the attached unsolicited e-mail from
someone at your domain.
I do not wish to receive such messages in the future, so
please take the appropriate measures to ensure that this
unsolicited e-mail is not repeated.

If anybody knows what software does this, I'd appreciate the info on the company that distributes it. I can be reached at Michael.Jordan@linux.org.

I'm having a particularly difficult time with two domains from Germany mentioned in a couple of spam mails. It seems that the IP addresses of the actual domains are faked. That means, when you run a traceroute, it resolves to an IP address that really isn't registered to the domain in question. If anybody in Germany has information as to how this effects German law (ie. is this illegal or not in Germany). Here are the domains in question:

One is:

http://crack.porno-hackz.de

The other one is obsfucated

http://%73p%79sp%79.%64%655%2Ed%65

but thanks to http://www.samspade.org (I'm going to end up having to pay these guys a fee!! - my many thanks to this website!!)- they decipher it for you:

http://spyspy.de5.de

As you can see, it seems like a rather nasty business goes on at these domains.

There are also new mailings that are chain letter schemes that are definitely illegal under US law, so we might get somewhere with those.

Update: February 23, 2002

Once again, my sincere thanks to those who have written to us expressing their support and understanding. I regret that I can no longer reply personally to these mails. Every mail gets read, I can assure you of that. (even the ones that say 'Your mail server is compromised, hacked, open, etc. -- *sigh*). Just a quick note to those who use this line in their complaint mails. We are not impressed by signatures at the end.

Harry S. Falseman
A Very Obscure Co. Inc.
Senior Network Administrator
MSCE, GIVEME, ABLT, ASAP

If you purport to be a sys admin and you've read the mail headers and you still feel compelled to write one of these "lock down your servers" complaints, the people upstairs must have been smoking something when they hired you.

I don't mean to be rude to anybody about this, but a lot of complaint mail is in fact rude and downright nasty. Imagine a situation where there are two almost identical dogs in a neighborhood. One belongs to you. You always walk your dog on a leash and he is never allowed to run free. The other dog runs free and goes around digging up everybody's flower gardens. A lot of people think the dog is yours and they come over to your house screaming at you. When you tell them about the other dog, they sheepishly say 'Oh, sorry. I didn't know'. But you still have some neighbors who, despite all the evidence, keep complaining. Then you send your dog away for two weeks with your sister who lives 2000 miles away. Some people still complain. You explain that the dog has been at your sister's house for a week. You call her and have her turn on her webcam and show the dog and have the dog bark into the phone. Some neighbors still complain. I think you get the idea. You just sigh, grin and bear it and chalk it up to your theory that there must have been a sale on lobotomies at the local hospital at some point.

I have noticed that the spam is coming in waves. We seem to get no complaints for a week or so and then someone opens up the spam flood gates and we start getting inundated with mails from people wondering why they're getting spammed from Linux.org. Each time one of these waves hits the complaints take on a theme, so to speak. What I am getting this week, or this weeks "theme" is the question "Isn't there something you can do about it?". As this started out as a FAQ (Frequently Asked Questions) about the incidents, I'll return to that format again, briefly.

Question: Isn't there something you can do about it?

Answer: Yes and No. If we had a giant parent company behind us throwing cash at everything and anything we might ask for, yes there's probably a lot we could do. We would have the necessary funds to find the "company" (if these spammers are actually operating as a legal entity somewhere) and then file a lawsuit against them. But even with money, this would be a tremendous task. First of all, the spammers are relaying through any number of hacked DSL/Cable users' machines that they control. They are also using a number of open relays from Korea. A lot of administrators from the Far East simply ignore any requests to close these relays. This piece from Wired about the Asian mail server problem, featured on Slashdot, talks about this. The spammers have free reign, I'm afraid.

If we had deep pockets, we could also attempt to sue the people who use the spamming agency. When we did contact our lawyers about this, they said this would be extremely difficult as well. I suppose it's like when you hire some young person to mow your lawn. Should you be legally held reponsible if it turns out that the young entrepreneur who so nicely manicured your grass had actually used stolen equipment? We have talked to some of the people who used the spamming service. They just paid for bulk email to be sent. If spamming isn't illegal in most places, they have done nothing wrong from a legal standpoint. In the cases of the people we have talked to, they claimed not to know that the service they had paid for was carried out by a company used "stolen" email addresses. This is just a way of putting the problem into perspective. I am in no way condoning the practice of sending unsolicited email, which is nothing but one giant scurge on the Internet. The people who actually think this is a legitimate practice deserve to be forced to use a 14.4 modem as their only way of connecting for a period of one year.

The short answer: We don't have a big parent company with deep pockets, so given a choice to keep servers running, keep paying for our leased lines and all the other costs of operations, we choose to just handle complaints with a polite "It ain't us" and go on with the business of providing Linux info. Even if we found them and won some lawsuit, I expect that the spamming would stop but we would never get back our investment in the fight. It would be worse than a Pyhrric victory. Even King Pyhrrus thought he would win at least one more battle before he lost everything.

It is becoming apparent that it may be a poor use of time if I reply personally to all the people who complain to us about the spam problem. Replies have become become automated. I give each mail a quick glance but unless it is really earth-shattering (like, you've discovered the way to stop this now), I can't reply personally. I have to focus on my webmaster duties and we can't have the spammer giving us a bad name and then wasting all of our time to boot. My apologies to those who are planning to write or have written in the past few days. Also my thanks to those who have written since my last update to share traceroute findings, nslookups and other information. Most of this information we already know but we sincerely appreciate the concern. There is occasionally a mail that provides us with info that I didn't know about and that is greatly appreciated.