Uncle Romulus says,

* Electronic bulk mail (spam with small "s"), not the Hormel product
Revision Date: II/II/MMVIII (02/02/2008)

After the Romans killed every man in Carthage, they sold the women and children as slaves, looted and burned the city, and finally plowed up the fields and sowed them with salt so nothing would ever grow there again. When applied to spammers, those Romans had some good ideas!

• An interviewer asked Uncle Romulus how he knows he actually exists. "Caedo, ergo sum," he replied.  ("I kill, therefore I am.")
• Latin is an easy language to learn. If it's a verb, it probably means, "To kill." (Decimate = kill every tenth person, for example.) If it's a noun, it probably means war or something related to war.
  
• The gates of the temple of Janus were kept open in time of war and closed in times of peace. It is said that the gate became a regular thoroughfare.
  

• APNIC.net Asian/Pacific IP addresses
• ARIN North American
• LACNIC Latin American
• Registro.br Brazilian service providers
• RIPE.NET European

1. How to analyze and trace E-mail headers
2. How to trace Web pages that are advertised in spam
3. General examples (E-mail and Web page)
4. How to handle newsgroup spams
5. How to trace E-mail form spams that use JavaScript to generate the spammer's real E-mail address and Web site from ASCII character codes.
6. The Carthage Checklist: tracking down the name servers of the spammer's domain and their backbone providers

Important (10/28/97): DON'T use a block like nobody@realdomain.realsuffix, since the mail WILL go to realdomain.realsuffix. Instead, try realname@SPAMBLOCKrealdomain.realsuffix (realsuffix = com, org, net, edu, and so on). That is, make sure the spam is not deliverable to a real domain, even with a nonexistent user I.D. In summary, don't use a spamblocked (munged) address that will cause inconvenience to a real domain owner.

Warning! Address collection software like Extractor Pro, Floodgate, Web Weasel and so on may comb entire newsgroup postings or Web sites for addresses. The programs apparently look for xxx@yyy.zzz, where zzz = net, com, or org. (They may avoid .edu or .gov, I'm not sure.) This means that, if there is a mailto: expression on your Web page, the software will collect the address. The software may collect every xxx@yyy.zzz from your newsgroup posting or Web site. As long as it fits the pattern xxx@yyy.zzz, where zzz is a valid suffix, the program will extract it. Don't put a real address anywhere in a newsgroup posting, or it may be extracted.

Examples:

• nobody@landfill4spam is not extracted, since it lacks a valid suffix.
• nobody@landfill4spam.net is extracted, since .net is a valid suffix

E-mail header forgery: This involves forging someone else's E-mail address in the header of a spam. For example, a spammer can set the Identity preference in Netscape Navigator to myenemy@fake_domain_name_for_example.com. This is unlikely to get myenemy kicked off his service provider for spamming, since the forgery should be obvious from the headers (the message probably doesn't originate from fake_domain_name_for_example.com and, even if it does, the message I.D. won't trace back to myenemy.) However, the victim may get a lot of complaints from people who aren't familiar with this form of harrassment. Forward the spam to the postmaster of the originating mail ISP. They can track the real spammer with the message I.D.

Web site forgery. The spammer gets a throwaway account and spams an ad for someone else's web site. Spamming a Web site is cause for removal of the web site from many service providers.
A Web site was advertised on several newsgroups with a highly obscene .JPG. The site, however, looked reputable and had nothing to do with pornography. I forwarded the newsgroup spam to the E-mail service provider (NNTP posting host), since this is where the spam actually came from. I did not report the spam to the Web site's hosting ISP, but I forwarded it to the Web site's owner. I am not a lawyer, but he could probably sue the perpetrator for defamation (framing him for posting obscene materials on newsgroups). A court could probably order the E-mail provider to reveal the identity of the message's originator.

Spamming a link that shows one domain but connects to another. E.g. www.legitimatebusiness.com's hyperlink is http://www.legitimatebusinesss.com (it may differ by only one letter). Check the hyperlink.

How to tell:

• If the advertised Web site doesn't look like something a spammer would advertise, it's probably a revenge spam.
• If the advertised Web domain has no contact information (no E-mail contact address, home page is blank), it's probably a real spam. Domains owned by spammers usually don't contain contact information, but only forms for placing orders.
  

Warning: Any spammer who doesn't like me or this Web page, don't do it. Your identity can be traced via the E-mail service that you use to spam. The ISP will reveal your identity under a subpoena or court order. A civil tort (defamation) would probably be adequate reason for a judge to issue one. Forgery of my Web site in your spam would be prima facie evidence of malice, and malice is what brings the big punitive damages in defamation lawsuits. So be smart; it's not worth the risk.

• Spamhaus.org on closed-loop opt-in.
• Mail-abuse.com on closed-loop confirmation (same thing).
• Majordomo mailing list manager, with security feature

1. Yahoo groups and other discussion forums often use a confirmed opt-in mechanism. If you sign up for a distribution list, the site sends the E-mail address that you provided a link that you must click to confirm that you asked to be signed up. If you don't click it, you are not signed up. This is an example of closed-loop opt-in.
   
2. Consider having subscribers E-mail you, and return their E-mail to them for confirmation. If the subscription request was forged, the mail they sent you will contain full headers for abuse reporting.

FCC rules prohibit prerecorded advertising calls to home telephone numbers unless someone in the household has given prior express permission for the call to be made or has an established business relationship with the caller. For telemarketing purposes, making a purchase or having some other transaction within the past 18 months or making an inquiry or application within the past 3 months establishes a business relationship. Any allowable prerecorded telemarketing messages to residential telephone lines (those made under prior express permission or an established business relationship) must not be made before 8 am or after 9 pm.

The prohibition on prerecorded messages covers advertisements – “any material advertising the commercial availability or quality of any property, goods, or services.” Messages that claim to be surveys actually may be advertisements if they are a pretext for the promotion of any property, goods, or services. In addition, messages that offer “free” information or products may also be covered if the offer is a pretext to a sales pitch. Further, messages that invite you to press a keypad or call another number to hear an advertisement are also prohibited. The rules do not cover calls made by tax-exempt nonprofit organizations and calls that are not advertisements, such as solicitations for charitable contributions, political and religious messages, and debt collection calls.

At the beginning of the message, all allowable prerecorded messages must state the identity of the business, individual, or other entity that is responsible for initiating the call. During or after the message, the caller must give the telephone number (other than that of the automatic dialing system or prerecorded message player that placed the call) of the entity responsible for the call.

Automatic dialing systems that deliver a prerecorded message must release your telephone line within 5 seconds of the time that the calling system receives notification that your line has hung up. In certain areas, telecommunications systems may not be capable of terminating the call this quickly and there might be a delay before a dial tone is restored. Your local telephone company should be able to tell you whether there is a delay in your area.

1. Go to CONTROL PANEL ==> Administrative Tools ==> Services ==> Messenger and disable Messenger. This will not interfere with things like AOL and MSN Instant Messenging services, which do identify the sender.
• See the next items. Disabling Messenger might NOT be adequate by itself.
2. Per Bruce Lane, Blue Feather Technologies: block ports 135-139. "That will not only stop messenger spam, it will also keep outsiders from making NetBIOS calls to your system."
3. Also recommended: block ports 140 and 145.

Testing your system for vulnerability to messenger pop-up spams and other intrusions. From MyNetWatchman.com.
More information from stopmessengerspam.com

Selling pirated software is illegal. Ads for "backups" of commercial software are often really ads for pirated software.

• Adobe piracy reporting form, also piracy "at" adobe.com
• Borland: reportpiracy "at" borland.com
  
• Business Software Alliance piracy reporting form
• Also 1-888-NOPIRACY and software "at" bsa.org
  
• Corel: Canadian Alliance Against Software Theft
• Corel: nopiracy "at" corel.com
• Macromedia: tip "at" macromedia.com
  
• McAfee: piracy "at" mcafee.com
• Microsoft: piracy "at" Microsoft.com
• notheft "at" microsoft.com in Canada
  
• Software & Information Industry Association (SIIA):
• netpiracy "at" siia.net
• jlinder "at" siia.net
  
• SIIA Internet Software Piracy Intake Form
• Symantec (Norton) feedback; includes piracy reports
• piracy "at" symantec.com
  
• List of piracy reporting addresses

Report movie piracy to hotline "at" mpaa.org (Motion Picture Association of America). Dragonfans.net's customer, moviehours.com, spammed us with an ad for "Lord of the Rings: The Fellowship of the Ring" and other movies. (The site itself is advertising "Die Another Day.") It was in Chinese so we couldn't tell if the prices suggested piracy or not but Heaven help them if it is.

New (Feb. 2005) spam fighting tactic for dealing with product counterfeiters and software pirates

If the Internet Service Provider will not terminate the spammer's domain, E-mail both the ISP and the owner of the intellectual property (brand name or software) to put it ON RECORD that the ISP has been informed that it is hosting a product counterfeiter or a software pirate. As an example, if someone is selling "OEM Microsoft Warez," you send your complaint (in the same E-mail) to the ISP and to piracy "at" microsoft.com.

This tactic, which was apparently successful in getting a product counterfeiter kicked off at least two service providers, is based on the ancient adage "Do it but don't tell me about it." In King Richard II, one of Henry Bolingbroke's (later Henry IV's) retainers murders the deposed king (Richard II). Then he goes to Henry IV, tells what he has done, and expects to be rewarded. Instead, Henry IV exiles him from the kingdom on pain of death if he ever returns, because now that Henry "knows about it," he cannot be seen to condone or reward the murder of his rival. If, on the other hand, he had merely suspected his retainer, he might well have rewarded him had he (the retainer) kept his mouth shut.

Similarly, even an ISP that might be willing to tolerate a spammer cannot afford to know (officially) that the spammer is selling counterfeit watches or, for that matter, pirated software. The spammer may not have enough money to be worth a land shark's while. The ISP does. We suspect that, if an ISP sees a spam (and piracy) complaint copied to piracy "at" Microsoft.com, it is going to take the matter very seriously.

• Report Web sites to the Food and Drug Administration at http://www.fda.gov/oc/buyonline/buyonlineform.htm. 
• "To report e-mails promoting medical products that you think might be illegal, forward the email to webcomplaints 'at' ora.fda.gov."
• "Pharmacies are regulated by states, and must be licensed by the states they are in. The also nearly always must be licensed in other states to which they ship medicines. Doctors' activities are overseen primarily by state medical boards, and in evey state but Utah, it's not considered legal for physicians to issue prescriptions to people based soleley on an online consultation, said a spokesman for the Federation of State Medical Boards." Source: "Drugstore.com Battles Portals with Imported-Drug Ads," Wall Street Journal, 31 October 2003, pages B1 and B3.
• Report online pharmacy spams for controlled substances to the U.S. Drug Enforcement Agency at

• NEW (8/30/04), DEA takes complaints about illegal pharmacies here. The DEA is interested primarily in illegal sales of controlled substances. Not all prescription medications are controlled substances, although it is not acceptable to sell any prescription drug without a bona fide (i.e. based on an actual doctor-patient relationship) prescription.
• Report illegal online pharmacies that sell non-controlled prescription drugs like Viagra to the FDA. Also E-mail webcomplaints "at" ora.fda.gov.
• NEW (12/21/04) DEA Unveils International Toll-Free Hotline to Report Illegal Prescription Drug Sales and Rogue Pharmacies Operating on the Internet: Call 1-877-RxAbuse
• "DEA has launched a toll-free international hotline to report the illegal sale and abuse of pharmaceutical drugs.  People now will be able to provide anonymous telephone tips about the diversion of prescription drugs into the illegal market by individuals and suspicious Internet pharmacies. In addition, such information can be reported online through the DEA Webpage."
• Note: the DEA is interested primarily in illegal online pharmacies that sell controlled substances. Viagra and Lipitor do not seem to be on this list so Internet sites that sell them without a prescription should be reported to the FDA.
  
• U.S. Drug Enforcement Agency position on online pharmacies:

Pornography by itself is not illegal but sending it to minors is.

Transmission of pornography to minors.
I spoke with the National Fraud Information Center (~1997), and I understood that a "fig leaf" (my term, not NFIC's) disclaimer like, "Don't click on this URL if you are under 18," or "entry to this site means you are declaring yourself over 18" is enough to protect the porn spammer. If, however, the "fig leaf" is not there, and following the URL takes the viewer to explicit pornography (display of the female chest, male or female genitals; the posterior is not enough), that could be enough to burn the spammer for transmission of pornography to minors. Of course, an E-mail with such material embedded could easily violate this law.

• Child pornography reporting resouces: U.S. and European law enforcement links
• CyberTip Line
• Internet Watch Foundation (UK, works with other countries)
• U.S. Department of Justice page
• FBI Crimes Against Children page

• Report E-bay and PayPal phishing to spoof "at" Paypal.com and E-bay.com Be sure to include the full headers so they can trace the spammer.
  

• Child pornography
• Credit/Debit card fraud
  
• Counterfeit goods and materials (e.g. fake Rolex watches currently being spamvertized?)
• Internet auction fraud and other non-delivery of goods and services
  
• Software piracy

• 419eater.com
  
• ebolamonkeyman.com
  
• thescambaiter.com (people who waste the 419 scammers' time by pretending to go along with them)
  

Raising the Stakes for International Pirates and Counterfeiters

• Expose pirates and counterfeiters by publishing the names of overseas firms that produce or trade in fakes in the U.S. Trade Representative's annual Special 301 Report.
• Encourage companies to exercise their rights under the Lanham Act, which allows them to conduct private seizures of fakes when accompanied by federal marshals with seizure orders and injunction notices.
• Tighten the global noose on IPR thieves by seeking agreement with like-minded countries to block trade in pirated and counterfeit goods, conduct joint enforcement actions, and actively share information on the movement of suspected fake products.
• Bring pirates and counterfeiters to justice in America by amending and upgrading U.S. mutual legal assistance and extradition treaties.

U.S. Code Title 18 § 506. Seals of departments or agencies