Here's what I can offer. By no means is it the only way, and it doesn't work with all emails. But it has been very effective so far (about 20 spammers, none of which has _ever_ been a repeat). First off, NEVER, EVER reply to any emails that are spam. For one thing, as you found out the email addresses are usually bogus. Those that aren't will NOT do what they claim (i.e. "reply below to be removed from our list....."). Those will either bounce or they'll give the spammer what they want, which is validation of an email address. Addresses are gathered through newsgroups, registrations, mailing lists, etc. Many times, they're made up. In other words, the spammer has no idea if the email address is real or not. They get by with it because they use a fake address and when mail bounces it never comes back to them. But, reply to the line that's supposed to remove you and you may find an increase in your spam. That's because they now know the email address is valid. Plus somebody responds to this stuff. So they make a CD with valid addresses on it and especially ones from which people actually respond. Bingo! You're now in other people's lists. What I do is try to track them down. I get anything I can from headers. Sometimes they can be tracked that way, and sometimes they can't. Many give URLs to webpages. I go there and attempt to find the validity of the URL and dig around a little. Sometimes the address in the opening URL isn't useful. But digging around can come up with one or more. Once I have useable domains I start doing whois on whatever I have (this may also come from headers). I find out who the likely originator is. I note who the contact(s) for this domain is/are. Many times this is bogus, too. They like to use hotmail.com or juno.com and just trash the address after registration verification is done. But, they're REQUIRED to have a valid postmaster address or they can lose registration, something nobody likes to do after paying for it. I take the information I get and put it in a file. I then forward the email I received, a copy of the whois query and a warning to the postmaster@domain.whatever address. I've attached one such email to this so you can see what I mean. I actually intend to followup with the warning given in this email the very first time anybody decides to call my bluff. I'm sufficiently confident that I'll win this in court if needed (small claims, of course) but, to date, nobody has tested it. I think they are fairly confident that I could win, too. So far, I'm 100% on about 20 found via the outlined method. I've managed to get 3-5 that were discovered via 800 numbers provided. None of them has ever bothered me again either. I'm not claiming that this is 100% perfect. I _am_ claiming that this has worked 100% of the time for me so far. -------------------------------------------------- MY EMAIL STUFF -------------------------------------------------- Date: Thu, 1 Nov 2001 01:00:16 -0600 From: ABrady <kcsmart@kc.rr.com> To: postmaster@411control.com Subject: Fw: Dirty Teen Schoolgirls 4211 Message-Id: <20011101010016.595089b2.kcsmart@kc.rr.com> X-Mailer: Sylpheed version 0.6.4 (GTK+ 1.2.10; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Please see the entire message as it may otherwise be unnecessarily costly to your organization. I received the following message and would like for this to stop: Begin forwarded message: Date: Wed, 31 Oct 2001 18:36:53 -0400 From: tlc1816@yahoo.com To: <tlc1816@yahoo.com> Subject: Dirty Teen Schoolgirls 4211 DARING and DIRTY young COED SLUTS want YOU!!!! Hardcore TEENS http://www.all-teen-sluts.com@411control.com/gc/allteens/?adv_id=107277 Don't miss this chance to see me and my friends get NASTY!!! Hugs, Amber To be removed from this list click the link below http://www.all-teen-sluts.com@411control.com/remove.php END FORWARDED MESSAGE I also include the following information: Whois Server Version 1.3 Domain names in the .com, .net, and .org domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: 411CONTROL.COM Registrar: TUCOWS, INC. Whois Server: whois.opensrs.net Referral URL: http://www.opensrs.org Name Server: NS3.WEB4PORNO.COM Name Server: NS1.STRIKE-UP.COM Name Server: NS2.REALSEXSURFING.COM Updated Date: 27-oct-2001 >>> Last update of whois database: Wed, 31 Oct 2001 17:04:14 EST <<< The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and Registrars. Found InterNIC referral to whois.opensrs.net. Registrant: Internet Power Inc 4577 Bender Blv Winnipeg, AB H2F6C7 CA Domain Name: 411CONTROL.COM Administrative Contact: Jolly, Scott salty_2011@yahoo.com 4577 Bender Blv Winnipeg, AB H2F6C7 CA 587-457-2555 Technical Contact: Jolly, Scott salty_2011@yahoo.com 4577 Bender Blv Winnipeg, AB H2F6C7 CA 587-457-2555 Billing Contact: Jolly, Scott salty_2011@yahoo.com 4577 Bender Blv Winnipeg, AB H2F6C7 CA 587-457-2555 Record last updated on 31-Oct-2001. Record expires on 20-Oct-2002. Record Created on 20-Oct-2001. Domain servers in listed order: NS1.STRIKE-UP.COM 209.88.67.237 NS2.REALSEXSURFING.COM 80.82.160.18 NS3.WEB4PORNO.COM 216.6.48.62 I want this stopped. I don't know if you are the individual that sent this, or it came from someone else within your domain. In either case it is within your control to put an end to this and I want that done immediately. You are hereby granted this single exemption to the paragraph at the end of this email. No other exemptions are implied or granted without explicit prior approval from me. All further transactions will result in billing action to your company, with whattever further actions deemed appropriate under the circumstances arising as a result. Alan Brady -- This mailing address is for private use only, as defined by the addressee. Exemptions are granted solely at the discretion of the addressee. Automatic exemptions are hereby granted to any mailing lists or newsletters to which the addressee subscribes, as well as any friends, family or other associates of a non-commercial nature. Any commercial solicitation or advertising sent to this address are subject to a $50-per-incident charge to cover the fair use of the addressee's time. Bills for the time and effort expended by the addressee will be forwarded to the appropriate entities and prosecuted for failure to pay valid outstanding bills. ----------------------------------------- END MY EMAIL ----------------------------------------- -- If only closed minds came with closed mouths. ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
