(1) Privacy and Security resources
(2) Spam tracing resources. Domain lookup, IP
address lookup, registrars
(3) Protecting yourself from spam, revenge
spam, and subscription list abuse
(4) Messenger spams
(5) Illegal and tortuous spams. These are
punishable by criminal and/or civil sanctions.
(6) Links to other anti-spam pages
(7) Why we fight spam
(8) How to ban Web sites from your computer
Other pages in this domain
Web pages that are advertised in spam
trace E-mail form spams
address and Web site from ASCII character codes.)
Checklist: tracking down the name servers of the spammer's
Uncle Romulus' Internet Sideshow. Spammers as sideshow freaks.
Anti-spam songs and Net-NAZIs.
and "Just hit
Uncle Romulus says,
* Electronic bulk mail (spam with small
"s"), not the Hormel product
Revision Date: V/XIV/MMCIII (05/14/2013)
After the Romans killed every man in
Carthage, they sold the women and children as slaves, looted and burned
the city, and finally plowed up the fields and sowed them with salt so
nothing would ever grow there again. When applied to spammers, those
Romans had some good ideas!
- An interviewer asked Uncle Romulus how
he knows he actually exists. "Caedo, ergo sum," he
replied. ("I kill, therefore I am.")
- Latin is an easy language to learn. If
it's a verb, it probably means, "To kill." (Decimate = kill every tenth
person, for example.) If it's a noun, it probably means war or
something related to war.
- The gates of the temple of Janus were
kept open in time of war and closed in times of peace. It is said that
the gate became a regular thoroughfare.
It is the official position of Stentorian.com that spam (unsolicited
bulk commercial E-mail or UCE) raises the costs for all Internet users
while wasting users' time and impeding their enjoyment of the Internet.
Stentorian.com advocates the wholesale destruction of
spammers' online operations through all available methods, provided
only that they are legal and nonviolent. This page is intended to
provide resources for this purpose.
(8/12/12) Malwarebytes' free
download is effective against some browser hijackers (Google
(8/10/10) Verisign is now a Symantec company--and
we can tell.
(7/20/08) How to Ban Web Sites from Your Computer
(2/2/08) Report illegal telemarketing calls.
These include anonymous non-commercial (e.g. political "robocalls.") FCC Form 1088,
Junk Faxes and Telemarketing
(1/24/07) Report spam blogs to Blogger and
(10/19/06) Report fraudulent
domain registrations, e.g. where the spammer has entered inaccurate
contact information for his domain.
Problem Registrars that won't enforce ICANN standards
(5/12/05) Abuse of VeriSign and TrustE logos
(5/12/05) CAN-SPAM violation if sexually-explicit
spam is not labeled
(12/4/04) Netscape Communicator 7.2: NOT RECOMMENDED due to file
losses, no technical support
(7/7/04) Symantec security and
antispam products: NOT RECOMMENDED due to poor technical and
For the past few years, Symantec has been
getting deservedly-poor reviews at Amazon.com and elsewhere. Symantec
is permanently disqualified from selling us anything because of
essentially-nonexistent customer support and also the reputation of its
products for rendering some people's computers unusable. It is quite
clear from where we sit that the company's only interest is its
customer's money, and that neither quality or customer satisfaction are
important aspects of its business strategy. Update (8/10/10) Verisign
is now a Symantec company and, based on our efforts to contact it
with regard to an illegal online pharmacy that is misusing its logo
(endless hold on phone followed by being transferred to voice mail
after holding, "Message Refused" for an attempt to E-mail them), its
customer service is entirely consistent with our experience with
Section 1: Privacy and Security
Telemarketer cockroach exclusion
Do Not Call Registration can be completed at www.donotcall.gov or at 1-888-382-1222. It
will be illegal for telemarketers to continue to harass anyone who is
on this list after a certain date.
Violations, including not only of Do Not Call but also prerecorded
calls that fail to identify their source or a phone number/address for
the caller, can
be reported to the FCC here.
Internet Security and Privacy Resources
- F-Prot Antivirus (we
currently use this)
Personal Firewall (firewall)
- LavaSoft AdAware
- Freeware program that removes adware that advertising
systems (e.g. Doubleclick) plant on your computer. Version 6 available
as of October 2003.
- Security.kolla.de Spyware
Search and Destroy (anti-adware)
- Symantec Norton Internet Security
(firewall, antivirus, ad-blocking)
- NO LONGER RECOMMENDED.
We experienced what seems to be a very serious problem with
SYMPROXYSVC.EXE, with Web pages loading at 100 bytes per second
(dialup)-- if we were lucky. Symantec refused to provide technical
support for Norton Internet Security 2002, even though it was quite
willing to take our money to renew our subscription to it in 2004.
Customer service refused to reply to E-mails and even faxes addressed
to the manager (thus showing that the problem extends beyond lazy and
uncaring tech support people-- and this attitude may well come from the
- Symantec was given numerous negative recommendations on
Amazon.com. You might want to see what other users have to say about
Symantec's products before buying.
- Update (8/10/10) Verisign is now a Symantec company
and, based on our efforts to contact it with regard to an illegal
online pharmacy that is misusing its logo (endless hold on phone
followed by being transferred to voice mail after holding, "Message
Refused" for an attempt to E-mail them about this misuse of their
company seal), its customer service is entirely consistent with our
experience with Symantec's.
- We currently use F-Prot
Antivirus and will no longer buy any Symantec product or even
accept it for free.
Spam-blocked E-mail services
Banner advertisers: you can thank the proprietors of
refreshing (i.e. bandwidth-wasting) advertisements for having your ads
blocked on many computers. We never had a problem with simple banner
ads, but refreshing ones got Doubleclick banned from access to our
Section 2: Spam Tracing and
Key Antispam Resources
provision of inaccurate contact information a breach of contract
(b) Will terminate a domain registration
for confirmed spamvertising. Copy abuse "at" the indicated registrar's
- How to analyze
and trace E-mail headers
- How to trace
Web pages that are advertised in spam
- General examples
(E-mail and Web page)
- How to handle
- How to trace
real E-mail address and Web site from ASCII character codes.
- The Carthage
Checklist: tracking down the name servers of the spammer's domain
and their backbone providers
Report Fraudulent Domain Registrations
Many spammers provide phony E-mail addresses and inaccurate phone
numbers (including phone numbers that belong to innocent third parties)
in their domain registrations. This is cause for revocation of the
domain. Report it to http://wdprs.internic.net/
Report Spam Blogs to Blogger
Spammers are now creating blogs at Blogspot and Blogger for the sole
purpose of redirecting to other sites like illegal online pharmacies.
They will frequently try to spam these blogs' URLs onto other people's
blogs and bulletin boards. See this page for
reporting spam blogs to Blogspot and Blogger.
Section 3: Protecting Yourself
from Spam, Revenge Spam, and Subscription List Abuse
When posting your address on a Web page, don't use the mailto:
function. Instead, post your address as an image that cannot be
recognized by harvesting software, like this:
To prevent spam software from extracting your E-mail address from
newsgroup postings, set your mail I.D. to something like
yourname@SPAMBLOCKisp.###, where isp.### is your internet service
provider. Spam sent to this address will bounce or go into a dead
letter office (wastebasket, where it belongs), but people who actually
read your article and want to reply can delete SPAMBLOCK from your
Important (10/28/97): DON'T use a block
like firstname.lastname@example.org, since the mail WILL go to
realdomain.realsuffix. Instead, try
realname@SPAMBLOCKrealdomain.realsuffix (realsuffix = com, org, net,
edu, and so on). That is, make sure the spam is not deliverable
to a real domain, even with a nonexistent user I.D. In summary, don't
use a spamblocked (munged) address that will cause inconvenience to a
real domain owner.
Address collection software like Extractor Pro, Floodgate, Web Weasel
and so on may comb entire newsgroup postings or Web sites
for addresses. The programs apparently look for email@example.com, where zzz
= net, com, or org. (They may avoid .edu or .gov, I'm not sure.) This
means that, if there is a mailto: expression on your Web page, the
software will collect the address. The software may collect every
firstname.lastname@example.org from your newsgroup posting or Web site. As long as it fits
the pattern email@example.com, where zzz is a valid suffix, the program will
extract it. Don't put a real address anywhere in a newsgroup
posting, or it may be extracted.
- nobody@landfill4spam is not extracted, since
it lacks a valid suffix.
- firstname.lastname@example.org is extracted, since
.net is a valid suffix
Recognizing Revenge Spams or "Joe Jobs"
These take several forms, but they all involve framing
an innocent party for spamming.
E-mail header forgery: This involves
forging someone else's E-mail address in the header of a spam. For
example, a spammer can set the Identity preference in Netscape
Navigator to myenemy@fake_domain_name_for_example.com. This is unlikely
to get myenemy kicked off his service provider for spamming, since the
forgery should be obvious from the headers (the message probably
doesn't originate from fake_domain_name_for_example.com and, even if it
does, the message I.D. won't trace back to myenemy.) However, the
victim may get a lot of complaints from people who aren't familiar with
this form of harrassment. Forward the spam to the postmaster of the
originating mail ISP. They can track the real spammer with the
Web site forgery. The spammer gets a
throwaway account and spams an ad for someone else's web site.
Spamming a Web site is cause for removal of the web site from many
A Web site was advertised on several newsgroups with a highly obscene
.JPG. The site, however, looked reputable and had nothing to do with
pornography. I forwarded the newsgroup spam to the E-mail service
provider (NNTP posting host), since this is where the spam actually
came from. I did not report the spam to the Web site's hosting
ISP, but I forwarded it to the Web site's owner. I am not a lawyer, but
he could probably sue the perpetrator for defamation (framing him for
posting obscene materials on newsgroups). A court could probably order
the E-mail provider to reveal the identity of the message's originator.
Spamming a link that shows one domain but connects to
another. E.g. www.legitimatebusiness.com's
hyperlink is http://www.legitimatebusinesss.com (it may differ by only
one letter). Check the hyperlink.
How to tell:
- If the advertised Web site doesn't look like
something a spammer would advertise, it's probably a revenge spam.
- If the advertised Web domain has no contact
information (no E-mail contact address, home page is blank), it's
probably a real spam. Domains owned by spammers usually don't
contain contact information, but only forms for placing orders.
What to do:
Send a copy of the revenge spam, with full
headers, to the victims. This gives them the evidence they probably
need to subpoena the sender's identity and initiate legal action
Warning: Any spammer who doesn't like me
or this Web page, don't do it. Your identity can be traced via
the E-mail service that you use to spam. The ISP will reveal
your identity under a subpoena or court order. A civil tort
(defamation) would probably be adequate reason for a judge to issue
one. Forgery of my Web site in your spam would be prima facie
evidence of malice, and malice is what brings the big punitive damages
in defamation lawsuits. So be smart; it's not worth the risk.
Preventing Subscription List Abuse
Allowing people to enter E-mail addresses via Web page
is an invitation to subscription list abuse. Be VERY careful of how you
allow people to sign up to get E-mail from your company. More
- Yahoo groups and other discussion forums often use a
confirmed opt-in mechanism. If you sign up for a distribution list, the
site sends the E-mail address that you provided a link that you must
click to confirm that you asked to be signed up. If you don't click it,
you are not signed up. This is an example of closed-loop opt-in.
- Consider having subscribers E-mail you, and return
their E-mail to them for confirmation. If the subscription request was
forged, the mail they sent you will contain full headers for abuse
The excuse that "someone must have entered your
address on my Web page opt-in form" hasn't been accepted for years.
This problem has been known for years and, if you are stupid enough to
put up an attractive nuisance, you will have to take the consequences
(being reported for spam) when someone abuses it.
Dealing with Telemarketers
(1) Register your home or cell phone number on the Do Not Call registry.
(2) Although Do Not Call exempts political and other non-commercial
messages, automated or recorded messages ("robocalls") must still
follow certain rules. According to the
FCC rules prohibit prerecorded
advertising calls to home telephone numbers unless someone in the
household has given prior express permission for the call to be made or
has an established business relationship with the caller. For
telemarketing purposes, making a purchase or having some other
transaction within the past 18 months or making an inquiry or
application within the past 3 months establishes a business
relationship. Any allowable prerecorded telemarketing messages to
residential telephone lines (those made under prior express permission
or an established business relationship) must not be made before 8 am
or after 9 pm.
The prohibition on prerecorded
messages covers advertisements – “any material advertising the
commercial availability or quality of any property, goods, or
services.” Messages that claim to be surveys actually may be
advertisements if they are a pretext for the promotion of any property,
goods, or services. In addition, messages that offer “free” information
or products may also be covered if the offer is a pretext to a sales
pitch. Further, messages that invite you to press a keypad or call
another number to hear an advertisement are also prohibited. The
rules do not cover calls made by tax-exempt nonprofit organizations and
calls that are not advertisements, such as solicitations for charitable
contributions, political and religious messages, and debt collection
At the beginning of the message, all
allowable prerecorded messages must state the identity of the business,
individual, or other entity that is responsible for initiating the
call. During or after the message, the caller must give the telephone
number (other than that of the automatic dialing system or prerecorded
message player that placed the call) of the entity responsible for the
Automatic dialing systems that
deliver a prerecorded message must release your telephone line within 5
seconds of the time that the calling system receives notification that
your line has hung up. In certain areas, telecommunications systems may
not be capable of terminating the call this quickly and there might be
a delay before a dial tone is restored. Your local telephone company
should be able to tell you whether there is a delay in your area.
calls may be reported to the FCC on Form 1088
Section 4. Messenger Spams
|Spammers are now using direct
message systems to send advertisements. I got one in a grey box whose
only option was to check "OK" and close the box; there was no way to
discover who sent it. Advice from news.admin.net-abuse.email:
- Go to CONTROL PANEL ==> Administrative Tools
==> Services ==> Messenger and disable Messenger. This
will not interfere with things like AOL and MSN Instant Messenging
services, which do identify the sender.
Per Bruce Lane, Blue Feather Technologies: block
ports 135-139. "That will not only stop messenger spam, it will also
keep outsiders from making NetBIOS calls to your system."
Also recommended: block ports 140 and 145.
- See the next items. Disabling Messenger might NOT
be adequate by itself.
Here's what I did with ports 135-139 in Norton Internet
Click on HELP for an explanation of what this does.
|The following also may be helpful.
Furthermore, when someone attempts to send you a message box spam,
Norton Internet Security displays an alert and logs the attempt, with
the spammer's IP address number.
your system for vulnerability to messenger pop-up spams and other
intrusions. From MyNetWatchman.com.
information from stopmessengerspam.com
Section 5: Illegal and Tortuous
Spams (punishable by criminal sanctions and/or lawsuits)
This section's importance cannot be overemphasized. In
many cases, you will be dealing with unresponsive service providers
that are based in China or Russia, and they will not terminate their
customers for spamming. Even if they do, the spammer will simply find
another service provider. The spammer hopes that, if it can keep you
jumping through hoops long enough, you will wear yourself out and stop.
So we go to a new stance on dealing with spam: "Every time you (the
spammer) make us jump, we will hurt you as badly as we possibly can by
all available legal and nonviolent methods."
In other words, we use the moral equivalent of nuclear weapons as the first
resort. Causing the spammer to lose his domain, domain registration, or
E-mail account may cost him ten dollars and some inconvenience. That is
an example of using a conventional weapon. Getting him charged with a
crime or sued by a software company can cost him thousands of dollars
and perhaps everything he has. That is an example of dropping the Bomb
on him. In addition, even a spam-tolerant internet service provider
is not going to want to be around when the Big One lands on his customer;
too much fallout in the form of bad publicity, subpoenas, and that sort
of thing. To quote Major Kong in Dr. Strangelove: "YA-hooo!
missile animation and "Just hit Delete")
The Federal CAN-SPAM Act (Controlling the
Assault of Non-Solicited Pornography and Marketing Act)
Trade Commission site (As a publication of the U.S. Government,
this is believed to be in the public domain)
- It bans false or misleading header information.
Your email's "From," "To," and routing information – including the
originating domain name and email address – must be accurate and
identify the person who initiated the email
- It prohibits deceptive subject lines. The
subject line cannot mislead the recipient about the contents or subject
matter of the message.
- It requires that your email give recipients an
opt-out method. You must provide a return email address or
another Internet-based response mechanism that allows a recipient to
ask you not to send future email messages to that email address, and
you must honor the requests. You may create a "menu" of choices to
allow a recipient to opt out of certain types of messages, but you must
include the option to end any commercial messages from the sender.
- Any opt-out mechanism you offer must be able to process
opt-out requests for at least 30 days after you send your commercial
email. When you receive an opt-out request, the law gives you 10
business days to stop sending email to the requestor's email address.
You cannot help another entity send email to that address, or have
another entity send email on your behalf to that address. Finally, it's
illegal for you to sell or transfer the email addresses of people who
choose not to receive your email, even in the form of a mailing list,
unless you transfer the addresses so another entity can comply with the
- It requires that commercial email be identified as
an advertisement and include the sender's valid physical postal address.
Your message must contain clear and conspicuous notice that the message
is an advertisement or solicitation and that the recipient can opt out
of receiving more commercial email from you. It also must include your
valid physical postal address.
Each violation of the above provisions is subject to
fines of up to $11,000. Deceptive commercial email also is subject to
laws banning false or misleading advertising. Additional fines are
provided for commercial emailers who not only violate the rules
described above, but also:
- "harvest" email addresses from Web sites or Web
services that have published a notice prohibiting the transfer of email
addresses for the purpose of sending email
- generate email addresses using a "dictionary attack"
– combining names, letters, or numbers into multiple permutations
- use scripts or other automated ways to register for
multiple email or user accounts to send commercial email
- relay emails through a computer or network without
permission – for example, by taking advantage of open relays or open
proxies without authorization.
The law allows the DOJ to seek
criminal penalties, including imprisonment, for commercial emailers who
do – or conspire to:
- use another computer without authorization and send
commercial email from or through it
- use a computer to relay or retransmit multiple
commercial email messages to deceive or mislead recipients or an
Internet access service about the origin of the message
- falsify header information in multiple email
messages and initiate the transmission of such messages
- register for multiple email accounts or domain names
using information that falsifies the identity of the actual registrant
- falsely represent themselves as owners of multiple
Internet Protocol addresses that are used to send commercial email
Federal Trade Commission rules for
Starting May 19th 2004,
spam that contains sexually oriented material must include the warning
“SEXUALLY-EXPLICIT: ” in the subject line or face fines for violations
of federal law. The CAN-SPAM Act, passed by Congress in 2003,
directed the Federal Trade Commission to adopt a rule requiring a mark
or notice to be included in spam that contains sexually oriented
material. The purpose of the notice is to inform recipients that a spam
message contains sexually oriented material and to make it easier to
filter out messages they do not wish to receive.
...The FTC’s final rule prescribes the phrase “SEXUALLY-EXPLICIT: ” as
the mark or notice mandated by the CAN-SPAM Act. The final rule follows
the intention of the CAN-SPAM Act to protect email recipients from
unwitting exposure to unwanted sexual images in spam, by requiring this
mark to be included both in the subject line of any e-mail message that
contains sexually oriented material, and in the electronic equivalent
of a “brown paper wrapper” in the body of the message. This “brown
paper wrapper” is what a recipient initially will see when opening a
message containing sexually oriented material. The “brown paper wrapper
will include the prescribed mark or notice, certain other specified
information, and no other information or images.
Selling pirated software is illegal. Ads for
"backups" of commercial software are often really ads for pirated
Report movie piracy to hotline "at" mpaa.org
Picture Association of America). Dragonfans.net's
customer, moviehours.com, spammed us with an ad for "Lord of the Rings:
The Fellowship of the Ring" and other movies. (The site itself is
advertising "Die Another Day.") It was in Chinese so we couldn't tell
if the prices suggested piracy or not but Heaven help them if it is.
2005) spam fighting tactic for dealing with product counterfeiters and
If the Internet Service Provider will not terminate the
spammer's domain, E-mail both the ISP and the owner of the intellectual
property (brand name or software) to put it ON RECORD that the ISP has
been informed that it is hosting a product counterfeiter or a software
pirate. As an example, if someone is selling "OEM Microsoft Warez," you
send your complaint (in the same E-mail) to the ISP and to piracy "at"
This tactic, which was apparently successful in
getting a product counterfeiter kicked off at least two service
providers, is based on the ancient adage "Do it but don't tell me about
it." In King Richard II, one of Henry Bolingbroke's (later
Henry IV's) retainers murders the deposed king (Richard II). Then he
goes to Henry IV, tells what he has done, and expects to be rewarded.
Instead, Henry IV exiles him from the kingdom on pain of death if he
ever returns, because now that Henry "knows about it," he cannot be
seen to condone or reward the murder of his rival. If, on the other
hand, he had merely suspected his retainer, he might well have rewarded
him had he (the retainer) kept his mouth shut.
Similarly, even an ISP that might be willing to
tolerate a spammer cannot afford to know (officially) that the spammer
is selling counterfeit watches or, for that matter, pirated software.
The spammer may not have enough money to be worth a land shark's while.
The ISP does. We suspect that, if an ISP sees a spam (and piracy)
complaint copied to piracy "at" Microsoft.com, it is going to take the
matter very seriously.
"Pharmacies" selling Viagra and so on
- Report Web sites to the Food and Drug
- "To report e-mails promoting medical products that
you think might be illegal, forward the email to webcomplaints 'at'
- "Pharmacies are regulated by states, and must be
licensed by the states they are in. The also nearly always must be
licensed in other states to which they ship medicines. Doctors'
activities are overseen primarily by state medical boards, and in evey state but Utah, it's not
considered legal for physicians to issue prescriptions to people based
soleley on an online consultation, said a spokesman for the
Federation of State Medical Boards." Source: "Drugstore.com Battles
Portals with Imported-Drug Ads," Wall
Street Journal, 31 October 2003, pages B1 and B3.
- Report online pharmacy spams for controlled substances
to the U.S. Drug Enforcement Agency
Drug Enforcement Administration
2401 Jefferson Davis Highway
Alexandria, VA 22301
- NEW (8/30/04), DEA
takes complaints about illegal pharmacies here. The DEA is
interested primarily in illegal sales of controlled substances. Not
all prescription medications are controlled substances, although it
is not acceptable to sell any prescription drug without a bona fide
(i.e. based on an actual doctor-patient relationship) prescription.
- Report illegal online pharmacies that sell
non-controlled prescription drugs like Viagra to the FDA. Also
E-mail webcomplaints "at" ora.fda.gov.
- NEW (12/21/04) DEA Unveils
International Toll-Free Hotline to Report Illegal Prescription Drug
Sales and Rogue Pharmacies Operating on the Internet: Call
- "DEA has launched a toll-free international
hotline to report the illegal sale and abuse of pharmaceutical
drugs. People now will be able to provide anonymous telephone
tips about the diversion of prescription drugs into the illegal market
by individuals and suspicious Internet pharmacies. In addition, such
information can be reported online through the DEA Webpage."
- Note: the DEA is interested primarily in
illegal online pharmacies that sell controlled substances.
Viagra and Lipitor do not seem to be on this list so Internet sites
that sell them without a prescription should be reported to the FDA.
Drug Enforcement Agency position on online pharmacies:
Many people have asked about on-line prescribing.
A prescription for a controlled substance is valid only if it is
written by a DEA-registered practitioner acting within the course of
professional practice. This
includes having an established doctor-patient relationship based upon a
medical history, a physical exam and diagnosis. There must be a
logical connection between the medical diagnosis and the controlled
substance prescribed. A
prescription written based soley upon an on-line questionnaire does not
meet these requirements. It is not a valid prescription and the distribution of any controlled
substance pursuant to an invalid prescription is illegal.
The responsibility for writing a valid prescription for controlled
substances rests primarily upon the physician. It is his or her
obligation to ensure that controlled substances are prescribed for
valid medical reasons and according to state and federal regulations.
However, there is also a corresponding liability that rests on
pharmacists to ensure that they dispense controlled substances only
pursuant to a valid prescription. If
the pharmacist fills a prescription knowing that it is based soley upon
a 2-minute telephone consultation or on-line questionnaire, the
pharmacist is also violating the law.
Pornography by itself is not illegal but sending it to
Transmission of pornography to minors.
I spoke with the National
Fraud Information Center (~1997), and I understood that a "fig
leaf" (my term, not NFIC's) disclaimer like, "Don't click on this URL
if you are under 18," or "entry to this site means you are declaring
yourself over 18" is enough to protect the porn spammer. If, however,
the "fig leaf" is not there, and following the URL takes the viewer to
explicit pornography (display of the female chest, male or female
genitals; the posterior is not enough), that could be enough to burn
the spammer for transmission of pornography to minors. Of course, an
E-mail with such material embedded could easily violate this law.
Transmission of child pornography is automatically
But beware of revenge spams that advertise a domain
as child pornography simply to cause trouble for that domain's owner. W
would suspect (not legal advice) that revenge- spamming another
person's domain as a kiddie porn site is libelous because it is
automatically libel to knowingly and willfully make a false accusation
of a crime.
Transmission of pornography even to adults may be
"Starting May 19th 2004,
spam that contains sexually oriented material must include the warning
“SEXUALLY-EXPLICIT: ” in the subject line or face fines for violations
of federal law. "
in Media, Inc. Form for reporting illegal pornographic spam
to your state's attorney general
Securities Fraud (e.g. "pump and dump")
Report these to the Securities
and Exchange Commission, enforcement "at" sec.gov
Credit Card, Bank Account, and PayPal Phishing
"Phishing" means fishing for personal financial information like your
bank account number, PayPal or E-bay password, or credit card number.
This may fall under the FBI's jurisdiction (since it often crosses
state lines). Examples might include requests that are purportedly from
E-bay (report to spoof "at" E-bay.com) and PayPal to "verify your
credit card information." The idea is to get you to give the spammer
your credit card information. You can submit a tip to the FBI here.
- Report E-bay and PayPal phishing to spoof "at"
Paypal.com and E-bay.com Be sure to include the full headers so they
can trace the spammer.
Internet Fraud Complaint Center (IFCC)
Fraud Complaint Center (IFCC) and Internet
Crime Complaint Center (ic3.gov), run by the FBI
"IFCC provides a convenient and easy-to-use
reporting mechanism that alerts authorities of a suspected criminal or
civil violation. For law enforcement and regulatory agencies at all
levels, IFCC offers a central repository for complaints related to
Internet fraud..." Types of complaints processed include:
- Child pornography
- Credit/Debit card fraud
- Counterfeit goods and materials (e.g. fake
Rolex watches currently being spamvertized?)
- Internet auction fraud and other non-delivery
of goods and services
- Software piracy
the Nigerian "419" scam From "Nigeria - The 419
This scam is similar to the "Spanish Prisoner" scam in which someone
claims to have found a lot of money. He needs your help to get
it out of the country, though, and you have to put up money of your own
for fees, bribes, and so on before you can get your share of the
"found" money. "419 Fraud" (Four-One-Nine) comes from the relevant
section of the Criminal Code of Nigeria regarding cons. The U.S. Secret
Service has taken an interest in this scam.
"If you are a United States Citizen or Resident and have suffered No
Financial Loss write "No Financial Loss - For Your Database" on the
documents you received and Fax them to the US Secret Service Task Force
handling Scam matters at 202-406-6930 or 202-406-5031. Actual hardcopy
of the 419er document(s) is required to add your 419ers information to
the Task Force Database for legal reasons, merely telling Task Force
about it will NOT suffice." You are unlikely to get a reply, though,
unless you suffered a financial loss. Nonetheless, your report will
still help the task force deal with this scam.
"You may also email the 419er documents, especially any Banking Data
they may have given you, marked No Loss, to Task Force Main in DC; that
is also acceptable." E-mail 419.fcd "at"
usss.treas.gov (A good place to forward E-mail spams for 419 scams;
be sure to include the full headers of the spam.) Also copy 419
"at" nigeriapolice.org (if it's from Nigeria) and wafl "at"
phonebusters.com (especially if it has Canadian contact
information). "If you have NOT suffered a financial loss, so the
matter is not Urgent, you may alternatively SNAILMAIL the Scam
documents you have received to the United States Secret Service,
Financial Crimes Division, 419 Task Force, 950 H Street, Washington,
DC, 20001-4518, USA. But be sure to mark your documents "No
Financial Loss - For Your Database" as described above."
fraud.alert "at" met.police.uk for advance-fee frauds with United
Kingdom contact information
419-related humor, including photos of 419 scammers!
Misuse of the VeriSign or TrustE Logo
Seen at SecureHerbal.com, which was advertised to me by
In both cases, clicking on the VeriSign logo does nothing.
According to VeriSign's Web page, "When the seal is clicked, no
information pops-up" is evidence of misuse or fraudulent use. You
this misuse to Verisign.
was seen at http://www.cooleremail.com/index.ice after we received a
spam from that source.
(1) List of TrustE-registered domains
Check to see if a specific domain is registered with TrustE and
file a complaint if it is not. In this case, "The URL http://www.cooleremail.com/index.ice
does not belong to a TRUSTe licensee."
Counterfeiting (e.g. online-replica-store.com, sells "replica"
Rolex watches that use Rolex's distinctive mark)
Raising the Stakes for International Pirates and
- Expose pirates and counterfeiters by publishing the
names of overseas firms that produce or trade in fakes in the U.S.
Trade Representative's annual Special 301 Report.
- Encourage companies to exercise their rights under
the Lanham Act, which allows them to conduct private seizures of fakes
when accompanied by federal marshals with seizure orders and injunction
- Tighten the global noose on IPR thieves by seeking
agreement with like-minded countries to block trade in pirated and
counterfeit goods, conduct joint enforcement actions, and actively
share information on the movement of suspected fake products.
- Bring pirates and counterfeiters to justice in
America by amending and upgrading U.S. mutual legal assistance and
|Update (2/2/2008): Misuse
of the FDA and Health and Human Services seals or logos by illegal
online pharmacies may be a felony. (Not legal advice, we are not
Code Title 18 § 506. Seals of departments or agencies
(1) falsely makes, forges, counterfeits, mutilates, or alters the seal
of any department or agency of the United States, or any facsimile
(2) knowingly uses, affixes, or impresses any such
fraudulently made, forged, counterfeited, mutilated, or altered seal or
facsimile thereof to or upon any certificate, instrument, commission,
document, or paper of any description; or
(3) with fraudulent intent, possesses, sells, offers for sale,
furnishes, offers to furnish, gives away, offers to give away,
transports, offers to transport, imports, or offers to import any such
seal or facsimile thereof, knowing the same to have been so falsely
made, forged, counterfeited, mutilated, or altered,
shall be fined under this title, or imprisoned not more than 5 years,
You can tell the FDA about misuse of its logo here. http://www.fda.gov/oc/buyonline/buyonlineform.htm
Internet crime can also be reported to the FBI's Internet Crime Complaint Center (IC3)
Section 6. Links to Other Anti-Spam
Resources (last verified May 2005)
- Alchemy Mindworks Death to Spam
Stop phishing and E-mail scams
- The Coalition Against
Unsolicited Commercial E-Mail (CAUCE)
pornography reporting resouces: U.S. and European law enforcement
- U.S. Drug
Enforcement Administration. Report sites that sell controlled
substances like Valium, Xanax, and Phentermine here.
Intrusion Detection Shield
- Fight Spam on the
- U.S. Food and Drug
Administration, for reporting unlawful sales of prescription
medications over the Internet.
- gfi.com white paper on using Bayesian logic to
design a spam filter
- Internet Fraud
Complaint Center (owned by the FBI), for reporting illegal fraudulent activity
- ISP Knotwork
Privacy resources: anti-junk mail, cookie blocking software, and so on.
in Media, Inc. Form for reporting illegal pornographic spam
to your state's attorney general.
NetWatchman includes abuse/intrusion reports by IP address
- Net Demon Spam
- Network Abuse Clearinghouse
- Nigeria -
The 419 Coalition Website. Information about the Nigerian "419 scam"
- Photo Gallery of spam fighters, with links to home pages http://www.spamfighters.org/ not found
- Privacy Net
- Sam Spade, Spam Hunter
(tracing resources: extremely useful)
- Spamhelp.org SpamHelp
offers a diverse anti-spam resource, featuring everything from books to
appliances, from a customizable feature comparison to network tools,
- Spamlaws.com Federal
and State spam laws. Also European spam laws.
- Summary of spam laws by state.
It is illegal to send pornographic materials in some states unless a
warning is given in the subject line. It is illegal in some states to
alter the headers of bulk commercial E-mail to disguise its origin.
Reporting Addresses from Javawoman's Ban Spam page
- SPEWS (SPam
Early Warning System)
Postal Inspector's Web page
- XWhoIS. Very
useful, it seems to go to the correct registrar to get the full domain
Q: What's worse than finding two dead spam accounts lying face down in
pools of cyber-blood?
A: Finding one.
Why We LART (Loser Attitude
Readjustment Tool) Spammers
"Why We Need Nosy Parkers: Busybodies, it turns out, may help us
coexist." (U.S. News & World Report, June 13) explains why
Internet users take more time to report spammers than it takes to "just
"Social scientists call the behavior 'altruistic punishment': the
willingness to step in and enforce societal norms even if doing so
carries little chance of reward and significant personal costs."
The concept is demonstrated in a game in which players are given a
small amount of real money-- perhaps $20.00-- they are supposed to
invest in a joint venture that provides a modest return. Cheaters can
prosper by not investing anything while taking their share of the
(slightly lower) joint profits. When players are allowed to fine the
cheaters they will often do so even if they must forfeit some of their
own money to impose this penalty.
"Increasingly, researchers say, it's looking as if our tendency to
sanction breaches of social norms is the key to human cooperation."
How to Ban Web Sites From Your Computer
Web site advertising is often reasonable, and it is the way
that many sites earn enough money to deliver their content. We found
our Web hosting service (Pair Communications), which we have used for
more than a decade, through a dignified banner ad.
There are unfortunately advertisers that abuse the privilege
of access to people’s computers by pushing ads–usually Shockwave
Flash–with excessive bandwidth utilization that slows even DSL Internet
connections noticeably. (We banned Doubleclick.net from our computer
eight or nine years ago, when we were still using a dial-up connection,
because it kept refreshing its banner ads.) Other ads superimpose
themselves over the page content, and have no button on which to click
to close them. Still others vibrate or jiggle back and forth, and are
unpleasant to look at. Adding the domains to Internet Explorer’s “Red
Circle” list does not keep them off one’s browser, either.
We have found that the following method (which is apparently
what at least one shareware package does) will ban a Web site from all
access to one’s Internet browser. You need to find the HOSTS file on
your hard drive. Ours is at C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS. Edit
it as follows to ban Web sites from your computer. Note that you have
to add the virtual domain (e.g. ad.doubleclick.net) as well as the base
domain (doubleclick.net). Note: the sample banned sites are
not part of the original Microsoft material. (c) 1993-1999
Microsoft Corp. ends with ” # 18.104.22.168 x.acme.com # x client host.”
# Copyright (c) 1993-1999 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# For example:
# 22.214.171.124 rhino.acme.com # source server
# 126.96.36.199 x.acme.com # x client host
As an example, if we put ad.doubleclick.net into our browser
line, we get a blank page. We recall banning serving-sys.com from our
computer because of a Flash advertisement that covered the page content
we were trying to view, and there was no way to close it. It’s possible
that the ad did not display properly on the browser we were using, but
that is not our problem; it is the advertiser’s responsibility to
design the ad so it will work properly on all browsers.
The bottom line is that advertisers’ access to
people’s computers is a privilege and not a right, and abusive conduct as
perceived by the user (such as overuse of connection bandwidth,
intrusive ads, opening new browser windows without permission, and so
on) is a good way to have a privilege taken away.