From: IN%"ERIC@SEARN.SUNET.SE" "Eric Thomas" 10-OCT-1995 14:38:39.87 To: IN%"PKLAMMER@CASTLE.CUDENVER.EDU" "PETE KLAMMER" CC: Subj: RE: stop spamming Return-path: Received: from SEARN.SUNET.SE by CASTLE.CUDENVER.EDU (PMDF V4.3-9 #7435) id <01HWA1LVISHC0009Q1@CASTLE.CUDENVER.EDU>; Tue, 10 Oct 1995 14:38:37 -0600 (MDT) Received: from SEARN.SUNET.SE by SEARN.SUNET.SE (IBM VM SMTP V2R2) with BSMTP id 0266; Tue, 10 Oct 95 21:38:02 +0100 Received: from SEARN.SUNET.SE (NJE origin ERIC@SEARN) by SEARN.SUNET.SE (LMail V1.2b/1.8b) with RFC822 id 7945; Tue, 10 Oct 1995 21:38:01 +0100 Date: Tue, 10 Oct 1995 21:37:59 +0100 From: Eric Thomas Subject: Re: stop spamming In-reply-to: Message of Tue, 10 Oct 1995 13:56:44 -0600 (MDT) from PETE KLAMMER To: PETE KLAMMER Message-id: <01HWA1M16A420009Q1@CASTLE.CUDENVER.EDU> Content-transfer-encoding: 7BIT Comments: This is a "standard reply", generated by a program This message is being sent to you because you reported a spamming incident to us and suggested that the spam originated at our site. L-Soft international, Inc. is the company that licenses the authentic LISTSERV(TM) software, originally developed in 1986 by Eric Thomas and now available for VM, VMS, 13 brands of unix, Windows NT and Windows 95. We are definitely not in the business of spamming. In fact, spamming is the single largest threat to our business, because it makes people want to refrain from using mailing lists. We are actively developing technology to filter out spams from LISTSERV lists. The current version of LISTSERV (1.8b) comes with a spam filter that has proved to be very effective in detecting spamming attempts, but that does not always react quickly enough to catch the first few occurrences of the spam, especially if the spam was sent during peak hours or while a major network hub is down. In other words, a few spams can "leak" through the current version of the detector. We are working on improving detection speed and our latest current prototype appears to be able to catch most spams from the very first copy. Note that older versions of LISTSERV did not have a spam detector, as spamming was virtually nonexistent at the time they were released. L-Soft is not an Internet Service Provider. We do not sell Internet access or shell accounts. The reason the spam may have appeared to have originated from our site is that we deliver a lot of traffic on behalf of some of our customers, and also as a public service to the BITNET community. They run the lists, and we deliver their mail. We deliver about 1,500,000 messages in this fashion on a typical business day (OCT95). If a list at one of the sites using this service gets spammed, our machines will deliver the spam and leave a trace in the "Received:" lines. This is sometimes the first "Received:" line because it is common for people to configure their lists to eliminate "Received:" headers before reposting the message. Again, we do not sell Internet access in any form. People cannot possibly spam from our site because only employees and business partners have accounts on our machines. Finally, we would like to propose the following guidelines for reacting to unwanted solicitation on your lists: 1. DO NOT FLAME ON THE LIST! The spammer is not subscribed, so you would just be adding to the noise level. 2. Remember the name of the company that sent you the ad, and make sure never to buy anything from them. Call their corporate headquarters and let them know how much you were upset by the spam. 3. Do not bother flaming the spammer. By the time you read the spam, his account will already have been closed, assuming it isn't a bogus account to start with. At any rate, the spammer will not bother reading people's indignant replies. The spammer knows very well what he is doing, and isn't interested in your feelings. So, replying is just a waste of your time. 4. Do not flame the service provider. It is easy to say "You shouldn't be allowing people like XXXX to get an account!", but it's impossible to implement in practice. Even if someone developed a psychological test that enabled service providers to detect would-be spammers in advance with 99.9% certainty, it would be a legal nightmare to put the test in operation. And it would be completely useless. All you need to spam millions of people is a free 10-day trial diskette from any major online provider. All in all, it's absolutely impossible to run a free interchange medium like the Internet without getting a number of unwanted people in the lot. There are murderers and drug dealers on the Internet, and there isn't much anyone can do about it, because until they speak up they're just an e-mail address like any other. The same goes with spammers. 5. Do not press the service provider for assistance in "tracing" the spammer. In most countries it would be unlawful for them to release such information to you. The spammer probably provided a snail-mail address or phone number in his message, or some other contact point to place orders. If you really want to find out more about him, this is a good starting point, and it places you squarely in the realm of real world law, which is well understood by the judges and lawyers. 6. If you want to inconvenience the spammer in retaliation for the spam, by all means do go ahead, but NOT OVER THE INTERNET! Mail-bombing the provider's Postmaster address will inconvenience the provider, not the spammer, and in most cases the provider is a victim, just like you. It's going to cost them thousands of dollars in wasted manpower just to discard all the flamage they will receive. Instead, what you should do is use the real world contact info that was provided with the advertisement. This will actually reach the spammer, because this is where he is hoping to receive the checks. Yes, it means you will have to use a real world communication medium, but that's your only option. The hard reality is that complaining over the Internet will accomplish nothing. After sending the ad, the spammer is *gone* from the Internet. Orders will be placed using real world methods and that is your only means to reach the spammer from then on. 7. When accusing people or companies in public, make sure to check your facts carefully before pressing the SEND button. Remember how spamming works. The spammer abuses the computer resources and manpower of hundreds of thousands of sites worldwide to deliver his advertisement. The victims are you, us, and just about everyone on the Internet. Yes, even people whose name or hostname is mentioned in the mail header are likely to be victims; spammers have no qualms about forging mail, and even when they don't, it still doesn't mean the parties involved had knowledge of the spammer's activities and will share the profits. So if you have to make an assumption, it should be that the people involved in the delivery of the message are victims, just like you, except that the spam will waste even more time for them than for you. The last thing you need, when you have just spent four hours answering spam complaints from (other) victims, is to see a message where someone accuses you and/or your employer of being the master mind of organized spamming and suggests that you should be shot for the public good, or at least that someone should send the FBI to your house and have you put under arrest, followed by a dozen of messages agreeing with the previous one or suggesting more barbaric forms of punishment. In fact, such messages are taken seriously by some of the people they target and may result in serious psychological trauma. They may also result in a lawyer or police officer giving you a phone call, when you did not really mean what you were typing. So far spamming has yet to result in human death; let's keep it this way. Finally, you should bear in mind that spams have become a commercial industry. There are books telling you everything you have to know to make a "successful" spam, and there are companies that will spam millions of people for a fee (usually a few hundred dollars). The basic facts of spamming are that: 1. ANYONE CAN SPAM: anyone with Internet access can spam. It's impossible and undesirable to control who has or does not have the right to access the Internet, so there's nothing you can do to *prevent* people from sending out spam mail over the Internet. 2. SPAMMING IS LEGAL (UNFORTUNATELY): to date, spamming breaks no laws. As long as it remains legal, there can be no fine or other punishment for the spammers. This is a very profitable, if disreputable, form of business, so one can safely assume that it will only grow. 3. PEOPLE SPAM BECAUSE IT ACTUALLY WORKS: if spamming did not turn up any sale, it would have died out pretty quickly. Unfortunately, people are actually buying from the companies that spam, making spam the most cost effective form of advertisement currently available. As long as this remains the case, companies will use it. As a proof of concept, you will find that (real world) junk mail is virtually nonexistent in some European countries, for the very simple reason that people never buy when solicited in this fashion. It ends up costing more than the revenue it brings, and people don't do it. Point 1 is pretty much a given. There isn't much we can do about it. The key problems and points 2 and 3. Point 3 is the most irritating, but probably very difficult to change, at least in the US. People who react positively to junk snail-mail will probably do the same with junk e-mail. The only credible solution seems to update the legislation that is currently in place for phone solicitation and extend it to electronic media. After all, unwanted solicitation is unwanted solicitation, and it doesn't really matter whether it comes in audio or digital signals.