In an effort to arouse more interest I should like to quote from the chapter "Fighting E-mail Spam and Scams."
Unsolicited e-mail is a major problem. Not only is it an annoyance to the recipient but it is a waste of internet resources. It is estimated that 45% of e-mail traffic is unwanted spam. Spammers distribute their materials by opening accounts with internet service providers (ISPs). They get a domain name or a server name and an associated IP number which consists of four numbers in the range of 0 to 255 separated by periods. This is the IPv4 format. There is also an IPv6 format which allows a greater number of addresses and is a bit more complicated.
Every e-mail contains a header that is not visible in the text of the message but which shows the origin of the message and the sender’s IP address. By looking up this address in an online database one can find out the ISP and their “abuse” e-mail address. Nearly all consider spamming a violation of their terms of service and will take action, first warning the customer and if no satisfactory response is received, terminating the account. In general the ISPs do not have access to their customers web sites or files and have no idea what they may be sending out. Consequently they must rely on recipients’ complaints to be informed of violations.
An internet search will reveal that there are vendors that sell lists of “verified” e-mail addresses to spammers for about $35. They verify these addresses by sending a message and getting a response and usually they employ deception to conceal what they are trying to do. The first rule is never to reply to a message you consider to be spam. If the message was sent by a list vendor, to do so will merely verify your account to be active and you will get on a list and receive lots more spam. E-mail users who have fallen into this trap get as many as 100 spam messages per day.
“Unsubscribe” messages or links can also be dangerous. While a few are genuine, most of those found in spam messages are not and merely serve to verify your address. The best way to unsubscribe from spam is not to reply to any of it and report it to the spammers ISP. In many cases this will result in the spammer’s account being deleted and will help others as well as yourself.
I have received many types of spam e-mails attempting to verify my account. The simplest merely says “Last chance to unsubscribe. Click here to stop receiving further e-mails.” Others are more creative. One starts with “This message is from a trusted sender.” There is a FedEx logo and the message “Your package could not be delivered because of an incomplete address. Please click below to confirm your complete mailing address.” Another pretends to be from Ebay and says “Your order is ready to be shipped. Please click below to confirm.” There is another button that says “No, this is not my order.” Either button gives the same result.
Another type of verification message is intended to provoke an indignant response. Many have received “Hey you: stop sending me your pictures.” I even received one saying “Stop stalking me, you piece of shit!” I always report the kinds of messages I just described and in many cases the spammer’s account has been deleted. In a few weeks I may get the same spam originating from a different server, but I have cost the spammer money and if more people would do what I am doing I think we could put a real dent in the problem. Responses like the following are always gratifying:
BP 438 - 75366 Paris CEDEX 08
Tel: 01 84 13 00 00
Subject : Abuse notification resolved
Dear Sir or Madam,
Your abuse number 217452 is now closed.
Here is a comment left by our customer:
We got this reply from our customer:
Sorry for the inconvenience caused. We have reviewed this matter thoroughly and identified that it was one of our subscribers using the IP address in question which was responsible for causing the spam complaints.
We have initiated immediate action against this offending subscriber by cancelling the associated subscription. To ensure that this kind of issues doesn’t happen again we will implement stringent steps by reviewing our subscription list and informing the existing subscriber about this .
Please restore server access, if something went wrong again we agree that you can terminate the service immediately.
Thank you for your assistance.
Nearly everyone on a spammers’ mailing list receives a message from ocn.ne.jp about twice a week with a particular form. The message usually starts with the name of a political figure, who may be domestic or foreign, or with the name of an officer of a bank. Even Melania Trump’s name has been used. The message typically says that $4 Million is waiting for you in a locked box at some airport and you must reply to a given e-mail address with personal information such as your name and address and bank information to be eligible to receive it. Sometimes instead of a locked box it is a prepaid debit card.
Variations on theme include a billionaire philanthropist who wishes to distribute his fortune to a few fortunate people or someone who has just won a lottery and wants to share his winnings. A link to a description of the philanthropist or to the lottery story is given.
All that is required is a little common sense to recognize a scam. The first tipoff is the server, ocn.ne.jp or some subdomain of this server. The second is “How would they know that I am entitled to this money if they don’t even know my name?” I did receive one from someone who knew my name. Someone in England with the same last name as mine had left a large estate and they were looking for possible heirs.
These messages tend to be quite long. Here is the full text of one of them:
Sir Charles J. Colocino Jr. <charlescolocino.@future.ocn.ne.jp> Sun, Jan 13, 2019 at 12:29 PM
Reply-To: "Sir Charles J. Colocino Jr." <firstname.lastname@example.org>
Hello Good Friend,
I have very vital information to give to you, but first I must have your trust before I review it to you because it may cause me my job, so I need somebody that I can trust for me to be able to review the secret to you. I am Mr. Charles J. Colocino Jr, head of luggage/baggage storage facilities here at the John F. Kennedy International Airport Queens New York during my search for undelivered parcels I discovered an abandoned shipment from a Diplomat from Benin Republic and when scanned it revealed an undisclosed sum of money in a metal trunk box. The consignment was abandoned because the Contents of the consignment was not properly declared by the consignee as “MONEY” rather it was declared as personal effect to avoid interrogation and also the inability of the diplomat to pay for the United States Non Inspection Charges which is $3,800USD. On my assumption the consignment is still left in our Storage House here at the John F. Kennedy International Airport Queens New York till date. The details of the consignment including your name, your email address and the official documents from the United Nations office in Geneva are tagged on the Trunk box.
However, to enable me confirm if you are the actual recipient of this consignment as the assistant director of the Inspection Unit, I will advise you provide your full information as below:
To enable me cross check if it corresponds with the address on the official documents including the name of nearest Airport around your city. Please note that this consignment is supposed to have been returned to the United States Treasury Department as unclaimed delivery due to the delays in concluding the clearance processes so as a result of this, I will not be able to receive your details on my official email account. So in order words to enable me cross check your details, I will advise you send the required details to my private email address for quick processing and response. Once I confirm you as the actual recipient of the trunk box, I can get everything concluded within 48hours upon your acceptance and proceed to your address for delivery.
Lastly, be informed that the reason I have taken it upon myself to contact you personally about this abandoned consignment is because I want us to transact this business and share the money 70% for you and 30% for me since the consignment has not yet been returned to the United States Treasury Department after being abandoned by the diplomat so immediately the confirmation is made, I will go ahead and pay for the United States Non Inspection Fee of $3,800 dollars and arrange for the box to be delivered to your doorstep Or I can bring it by myself to avoid any more trouble but you have to assure me of my 30% share.
I wait to hear from you urgently if you are still alive and I will appreciate if we can keep this deal confidential.
Mr. Charles J. Colocino Jr.
Assistant Inspection Director
John F. Kennedy International Airport
Queens New York, 11430
Obviously this message comes from ocn.ne.jp, a server in Japan, but in most cases it is not so obvious.
Finding the Source and Making a Report
I shall now go into detail on how to find the spammer’s IP address, identify his Internet Service Provider, and make a report. The message is the following:
Dear Gmail™ Customer,
You submitted a request to terminate your Gmail mail account and the process has started by our Gmail™ Team, Please give us 3 working days to close your mail account. To cancel the termination request reply to this mail. All files on your Gmail mail including (Inbox, Sent, Spam, Trash, Draft) will be deleted and access to your Gmail™ mail account will be Denied. If you wish to Terminate your Email Address, you can Sign Up for a new Gmail™ account.
For further help please contact by replying to this mail.
Gmail™ Account Services
While this looks official, I made no such request so I suspect that it is a verification message by a spam list vendor. The first step is to get the complete message, which includes the headers and formatting codes. For Gmail one clicks on the three dots at the far right of the title bar and clicks on “show original.” The complete text then opens in a new window. Instructions for other e-mail clients may be found online. Below I quote only the part of the header that we shall be using:
Received: from whitefide.com (whitefide.com. [184.108.40.206])
by mx.google.com with ESMTP id l33si3399707edl.79.2018.12.27.07.17.47
Thu, 27 Dec 2018 07:17:47 -0800 (PST)
This tells us that the sender’s IP address is 220.127.116.11. We then look this number up in an online database. The three most likely ones are
ARIN (North America) https://whois.arin.net/ui/
RIPE (Europe) https://apps.db.ripe.net/db-web-ui/#/query
APNIC (Asia and the Pacific) http://wq.apnic.net/apnic-bin/whois.pl
APNIC, if it is available, is the only one you need to query, for if your target is listed in another database it will query that database and display its results. In this case it is on RIPE and the ISP is OVH in Warsaw, Poland, whose abuse e-mail address is email@example.com. I forward the message to this address with the following:
“Reporting a scam message from one of your customers using whitefide.com. [18.104.22.168] Please see the attachment for details.”
I attach the original with the headers. It is important to do this because some servers or domains are shared and the ISP needs to see the time stamp to identify the customer.
Some ISPs ask that you fill out an online form. Among these are Godaddy.com and Hetzner.de. Hetzner has forms in both German and English.
Some ISPs are known to be friendly to spammers. I was getting a lot of spam from Amazon Web Services, a subsidiary of the online retailer and located in Seattle, Washington. They sent a boilerplate response but merely forwarded my complaint to the customer. They even were able to get my name this way and their spam became more personal. Finally I wrote them that I was an Amazon stockholder and would bring up their policy at the next shareholders meeting. That did the trick and spam from this source stopped.
For those who have trouble finding the source of spam and making a report there is an online service spamcop.net that does just that in the manner described. It is staffed by volunteers and has limited re-sources, so I encourage readers bothered by spam to do it themselves. I had better results with Amazon Web Services than Spamcop did. They asked Spamcop to stop sending them reports. I got results by threatening to raise the question at an Amazon shareholders’ meeting.