swamped in mail!

spam --

how to deal with it

Information pollution
on the Internet
and clogging up your email account


What's spam?

With all apologies to the meat-canning company in the UK, the computing meaning of spam is unwanted email, generally sent as thousands and thousands of messages to lists of email addresses which spammers sell to each other.

Spam can be:

The Internet was formed in the spirit of co-operation, mutual respect, the free sharing of knowledge and the efficient transfer of information.

Spammers use it to litter information -- they information pollute.
It is estimated that up to 75% of newsgroup information transfer, and 40% of email transfer, is spam.
This slows down the 'Net enormously.
Worse still, spammers' abuse of the 'Net is increasing at a rate which threatens the viability of the Net at all -- at this rate, in a couple of years, only a trickle of real communication will be able to get through!

Right now, quite apart from the personal inconvenience of getting spam, we all pay for all our connect time, regardless of what is slowing our connection down.


individual rights

Spam is not just like junk mail in your letterbox:

1. you don't pay for junk mail to be delivered to you, and
2. legally you can put a "GPO mail only" sticker on your letterbox,
and junk mail cannot be delivered there.

Spam is unsolicited, you didn't ask for it and you don't want it, but:

1. you pay the connect time to download it, and
2. there is as yet no legal defence against your privacy being invaded,
and your resources being abused in this way.

Larger ISPs, which have been massively affected by spamming, have sued major spammers and won their cases.

There is also currently a bill before the US govt, which will (everyone hopes) include email spam in the current law forbidding sending anyone junk faxes, since the process of sending someone something they don't want, down a phone line for which they are paying the costs, to their own equipment, is the same.

UPDATE: newsgroups have been discussing the legislation, and apparently there are 14 states [USA] currently reviewing anti-spam bills.
Washington State has passed the bill into law, and California is half-way through the process (voting ratio 100% approve, so far).
The Washington State anti-spam law allows up to $500 per violation for the victim, and up to $1000 for the victim ISP (Internet Service Provider).
The major ISP Earthlink took the mass spammer Cyberpromo to court some time ago, and Cyberpromo has been ordered to pay $2 000 000 U.S. in damages to Earthlink, and never to mail an Earthlink customer again (among other details).

For further information on spamming and what is being done about it, please see:

the Netizen's Guide to Spamming and

Netizens Against Gratuitious Spamming (Fight Junk Email)

both major sites which will give you lots of useful advice, software and links to other helpful sites.

and... to report spam (free and easy!) or to look at a service which works to stop spam getting to you in the first place, I recommend:



how can I prevent it?

Spammers use 'robot' programs

(which follow the same instructions over and over again,
wherever they are placed)
to crawl the 'Net looking for email addresses.

Once they have your address, it is placed on a list with many others, and the lists are sold to other spammers.

Spammers then use spamming-software to email thousands and thousands of people at one go, with their unwanted solicitations.
You can end up on several lists, and receive the same junk information (some of which is very long, or offensive) over and over!

Usenet, a free, easy-going network of newsgroups on every available topic, with millions of people reading and contributing, is not well protected against spam.
Whenever you post to a newsgroup (downloading and/or reading doesn't identify you), you include your email address as one of the headers, and the robots simply collect these headers.

Although it's a pain for your friends wanting to reply to you, it is advisable to make your Return Address header in your newsreader a fake one, and to include your real email address later in the message, in a form which is not recognizable (by the spam robots) as
username@servername.kind of organization.country

For example, a fake Return Address header:


where the .invalid ending lets everyone know that this is a spam-protective header and not your real address
(there are some weird real addresses around!),
will fool the spam-robots.

While at the end of your message, in your sig (signature file), for example:

clytie in the domain riverland which is net in au

(the robots have now been programmed to pick out at or dot instead of @ and . so making your email address look like normal text is the best camouflage)
allows your real email address to be seen by your friends.

Other protective measures are:


how do I deal with spam?

You can trash it, or use your email program's filter

(no filters? very useful for sorting your incoming and outgoing mail -- Eudora has them)
to send it straight to the trash when it comes in.

But that doesn't stop it at all.

The way people all over the 'Net are stopping spammers, is to complain to the ISP (Internet Service Provider) which hosts the spammer's account

(meaning it is the spammer's connection to the Internet, just as your ISP is your connection to the Internet).
All major ISPs, and most small ones, have an AUP, Acceptable Use Policy, which prohibits spamming.
As soon as you email an ISP complaining about a spammer, the ISP closes the spammer's account down.

It means you put some time into it, but you're not just target practice anymore.
You are actually fighting back.


how to read headers

Spammers forge some of the headers that you see at the top of the email message, but we can still trace them.
After all, we have to be smarter than people who spend all their time junkmailing other people! ;-)

Let's have a look at some typical spams:

here's a typical example of the sex spam (not so much offensive as nauseating, but please be warned etc.), sent to my old email address:

X-POP3-Rcpt: clytie@main
From: MSaint1018@aol.com
Date: Wed, 11 Feb 1998 18:56:59 EST
Mime-Version: 1.0
Subject: Re:

The Virtual Girlfriend and Virtual Boyfriend are artificial intelligence programs for your IBM PC or compatible and also for MACINTOSH. You can watch them, talk to them, ask them questions, tell them secrets, and relate with them. Watch them as you ask them to take off different clothes and guide them through many different activities. Watch and participate in the hottest sexual activities available on computer, [etc etc {yawn}]

Notice the headers, the information at the top:

X-POP3-Rcpt: clytie@main

meaning received at my address by POP (Post Office Protocol)
From: MSaint1018@aol.com
from this address,
but people on aol.com can have several email addresses,
and in any case it may be forged, which is also illegal; we'll see
Date: Wed, 11 Feb 1998 18:56:59 EST
the date it was sent (US)
Mime-Version: 1.0
the type of encoding
(often means the message comes from a Windows system)
Subject: Re:
the subject  line shows up in your In Box, so this one just said "Re:", which would give someone no warning that they were about to read stuff that would put them off their lunch

Not much to work on, huh?

If you have Eudora, you will notice that it shows a "blah blah" button at the top of each message, which when pressed will show you all available headers.

[If your email program doesn't have this feature, to deal with spam you need one that does.]
You don't need to see all the headers on every email message, but they're very handy for tracking down spammers.
Let's press "blah blah" on this spam:

X-POP3-Rcpt: clytie@main
Received: from imo29.mail.aol.com (imo29.mx.aol.com [])

this is the first Received line, telling you which server sent the message to your server;
it shows that murray.net, like any responsible ISP, has done a reverse DNS (Domain Name Server) lookup, which will not allow forged "from" hosts (a good start!)
murray.net finds that this message did come in from aol.com
by main.murray.net.au (8.8.8/8.6.12) with ESMTP id NAA11087 for ; Thu, 12 Feb 1998 13:22:16 +1100
From: MSaint1018@aol.com

Received: from MSaint1018@aol.com by imo29.mx.aol.com (IMOv12/Dec1997) id CCAHa29294;
the second Received line doesn't tell us anything more: either the message only came from aol.com, or it's been forged to look like it did.
Wed, 11 Feb 1998 18:56:59 -0500 (EST)
Message-ID: <3e42fb78.34e23ace@aol.com>
Date: Wed, 11 Feb 1998 18:56:59 EST
Mime-Version: 1.0
Subject: Re:
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7bit
X-Mailer: AOL 2.5 for Windows

Either way, if that's all the information you can find, you go to your email program's Message menu, choose Forward

(you can quite easily Forward the same message to each ISP involved,
with full headers but deleting the message,
apart from any names, addresses, weblinks or other identifiers)
then enter the address
[the aol spam-abuse address; most large ISPs respond to abuse@hostname, or if not, to postmaster@hostname]
including all the headers, any identifying info in the message, and mentioning that you received this spam which appears to come from them.
They do the rest.

Let's see if we can find something to get our teeth into...

My, there are some crackpots out there today:

X-POP3-Rcpt: clytie@main
Date: Mon, 9 Feb 1998 09:00:22 +1100
To: cufuloo72@ldl.net
From: cufuloo72@ldl.net (Comments: Authenticated sender is private.company.and.not.an.ISP)
Comments: Authenticated sender is cufuloo72@ldl.net
Subject: The Internet Specialist .007

Are you tired of using the internet for just email? Have you heard about all the information out there but just don't know where to find it? Do you want to find a wealth of information on all the people you know, including yourself? Want to learn EVERYTHING about employees, neighbors, family, boyfriends or girlfriends, ENEMIES and even your boss? [etc. etc. and of course more etc.]

So let's start with the ordinary headers:

X-POP3-Rcpt: clytie@main

received by me, unfortunately
Date: Mon, 9 Feb 1998 09:00:22 +1100
date sent
To: cufuloo72@ldl.net
this "To" header indicates that he is sending the command to a list of addresses
From: cufuloo72@ldl.net (Comments: Authenticated sender is private.company.and.not.an.ISP)
I should hope not, any ISP would have more sense; probably a fake email address
Comments: Authenticated sender is cufuloo72@ldl.net
s/he does keep saying that
Subject: The Internet Specialist .007
an immature and bragging subject line, very common among people who spam you but wouldn't look you in the face

Now pressing the "blah blah" button on this spam message gets us some very interesting headers:

X-POP3-Rcpt: clytie@main
Received: from webfarm.ficnet.net.tw (webfarm.ficnet.net.tw [])

by main.murray.net.au (8.8.8/8.6.12) with ESMTP id JAA09811 for ; Mon, 9 Feb 1998 09:00:22 +1100
Date: Mon, 9 Feb 1998 09:00:22 +1100
Received: from C.D-king ([]) by webfarm.ficnet.net.tw

yes, from Taiwan, and the next thing we can do is to check that DNS number to see if it turns up a host name, which of course will be connected through an ISP to whom we can complain ;-)
(Netscape Mail Server v2.0) with SMTP id AAA9914; Mon, 9 Feb 1998 05:00:53 +0900
To: cufuloo72@ldl.net
From: cufuloo72@ldl.net (Comments: Authenticated sender is private.company.and.not.an.ISP)
Comments: Authenticated sender is cufuloo72@ldl.net
Subject: The Internet Specialist .007
Message-Id: <199802084352QAA4694@CDKing.com.tw>

Oh, puh-leeze...

Step one is to forward the message to postmaster@webfarm.ficnet.net.tw

[postmaster@hostname is an address which should always exist]
asking them to block relays of spam,
or, in the event that this spammer is somehow a customer of theirs, to stop the spam.

Step two is to start using 'Net tracing utilities.

On a Macintosh, I'm using MacTCPWatcher, an excellent shareware product from Australian Peter Lewis, to be found at his site:


MacTCPWatcher will

There are a number of programs that will do all these same jobs for Windows
in the local Tucows software archive,
but for Windows 95 I recommend CyberKit, found at the top of:


So, having showed all the headers, and checked them, the next step is to get online and use these 'Net tracing tools:

As it happens, DNS lookup confirms as
in other words, a customer of dialsprint.net
so we can also forward the message to abuse@dialsprint.net (a major ISP)

Next step? To find out which ISP is supplying that host.
For this we use traceroute in your Net tracer.
Traceroute sends a very small amount of data from where you are, to the host you name, and shows you all the hops in between (and how long it takes).
Let's do it:

TraceRoute to host sdn-ts-006mdrelrp07.dialsprint.net

#    Address         Host Name                                   Response Time

1   riverland-ppp.riverland.net.au                    156 ms
2   renmark.netconnect.com.au                         157 ms
3    bal-rt1-s0.5.netconnect.net.au                    367 ms
4  Serail4-2.lon3.Melbourne.telstra.net              650 ms
5 Fddi0-0.lon5.Melbourne.telstra.net                260 ms
6  borderx2-hssi2-0.Bloomington.MCI.net              393 ms
7   core2-fddi-1.Bloomington.MCI.net                  698 ms
8     core3.Bloomington.mci.net                         1024 ms
9   somerouter.SPRINTLINK.net                         979 ms
10    sl-bb22-ana-1-1.sprintlink.net                    1400 ms
11    sl-bb3-ana-4-0-0.sprintlink.net                   1467 ms
12 sdn-pnc1-ana-12-0.dialsprint.net                  874 ms
13                   No response from this hop                         
14                   No response from this hop                         
15                   No response from this hop

...with delay and maybe a broken link toward the end in this case, but we can see that the data went:
from Renmark [where I am]
via netconnect in Ballarat,
through various Telstra servers in Australia,
over to the MCI 'backbone' in the US,
then was routed into Sprintlink,
and thus to dialsprint.net (which we already knew from the DNS check).

Doing a traceroute gives you additional evidence: you can include it with your complaint, and keep it so if the spammer's closest upstream ISP doesn't act effectively, you can complain to the next ISP up.

It sounds like a lot of hassle, but it's worth it, firstly to have some say in what uses up your connect time, and secondly to do something effective towards stopping this waste of everybody's resources.

If you want to experiment with traceroute, whois, finger and other 'Net tracing tools, they are available to useon the webpage:


Information is power, and sharing information to empower everybody was what the Internet was originally about (not ripping people off for money).

There is no reason why you should be at all powerless in your contact with the 'Net.

If you get spammed, and need some help reading the headers or working out to whom to complain, feel free to Forward the spam to me, with full headers, and only identifying info (names, addresses, links) left of the text.


email Clytie!

back to 'Look Here First'

spun with PageSpinner made with a Macintosh