Unsolicited Commercial Email, Spam, is crippling the effectiveness of the Internet. Roughly 80% of the mail arriving in a typical email users' mailbox is spam. This is an incredible drain on users, involving millions of dollars of lost time for businesses, frustration for users old and new, and clogging system bandwidth and disk space.
Technology has not solved the spam problem, nor is it likely to. Filtering technology has been ineffective. Government will not enforce the laws that have been enacted until citizens start to demand action; so far, they have done very little. And the UCE industry has demonstrated a blatant disregard for the law of the land and common decency.
Therefore, we, the users of the Internet, are declaring war on spam. This war will continue until the UCE industry obeys the existing laws. We demand that the UCE industry:
provide functional optout procedures,
stop forging return addresses,
label advertisements in the subject line,
comply immediately with 'do not contact' requests.
The FTC has announced that it is 'collecting' spam. You can refer spam to uce@ftc.gov. Since the government refuses to take action to enforce the laws, we will send every piece of spam in our inboxes to the FTC until they take positive action.
There is a small underground movement of users who are already doing this on a case by case basis. The goal of SPAMWAR is to amplify this and give it a focused strategic goal.
We will conduct this war email by email, making the lives of the spammers hellish until they surrender unconditionally. It is time for the users to take back the Internet.
SPAMWAR TACTICAL MANUAL
Rather than attempting to deal with the situation passively by simply attempting to filter spam, we will take massive non-violent action to clog the inboxes of the spammers.
Every spam solicitation needs some kind of contact point. The goal of spamwar is to identify that contact point and send them email. Lots of email. Just like they do to us.
Each time you read your email, sort the messages you want from the spam. Move the letters you want to save into appropriate folders, and the spam into the trash, but don't delete the trash yet.
Go through each message in your trash.
Although the reply addresses are forged in 90% of all spam, it is a useful exercise to probe them. A technique called the 'dead cat bounce' is useful. Send an email titled 'You are an asshole and your cat is dead' with an empty body to each spam, being sure to BCC yourself. Write down the address of each dead cat email or cut and paste them into a temporary document.
If the email address is functional, you will get the BCC but not an 'undeliverable email'. Cross off the ones from the list which bounce.
Next, sort out the commercially bulk mailed spams from the amateurs. The amateurs will typically be text messages only, often poorly spelled and formatted. The commercial ones will have lots of color, images, and elaborate (but bogus) unsubscribe links. Focus on the high-gloss spam, as they are the worst offenders who occupy the commanding heights of spamwar.
If they have any kind of web presence, there will be some evidence in the email. After all, the point of spam is to motivate you to visit some website. In some cases this will be the website of the spammer, or a temporary one set up to service the spam responses. Note the domain name of this web presence. Sometimes the domain will have a sub-domain, such as marketer23.spammers.com. Strip off the 'marketer23.' portion.
Now take a look at the amateurs. These will often be scams like work at home, chain letters, the old Nigerian bank account scam, pyramid or Ponzi schemes, and so on. Since these are patently illegal for the most part, forward all of them to the FTC spam collection:
uce@ftc.com
and be sure to cc: the sender.
Next for the active response portion of SPAMWAR.
Once you have some valid email addresses, and the domain names of some of the responsible parties, obtain a copy of the great literary classic Moby Dick. This is a one-megabyte file which is available widely on the Net, courtesy of the Gutenberg Project. The file is small enough so that it can be attached and sent over a dialup line in a few minutes, but big enough to be quite obnoxious if it arrives in someone's inbox. Do everyone a favor and strip the 'Gutenberg Project' fine print out of the file before sending it. I have posted a clean version of this file at http://www.webweasel.com/moby.txt.
Attach a copy of Moby to an email and start CCing each of the non-bounced email addresses. Do NOT BCC yourself unless you want to clog your own mailbox. Give the email an innocuous sounding subject line, such as 'Proposal for your consideration' or 'Here's the info you requested'. After all they do this to us, so turnaround is fair game.
Let's say spammers.com is the domain of one of the UCE websites. CC the following addresses at spammers.com:
root@spammers.com
postmaster@spammers.com
admin@spammers.com
sysadmin@spammers.com
spam@spammers.com
abuse@spammers.com
sales@spammers.com
marketing@spammers.com
Hit send. Repeat as required.
Some things to note:
1. Use creatively abusive subject lines for 'dead cat bounce', but do not make any actionable threats. Note the difference between 'your cat is dead', and 'I'll kill your cat'. The first is acceptable (if distressing), the second could lead to legal action. Other good subject lines would be 'Your wife/husband/spouse is ugly' 'Your children are morons' 'Your wife/husband/spouse is having an affair', and so on. The point is to create mental distress for the recipient, as payback for the mental distress their UCE causes to consumers.
2. If the spam only has a link to a remove page with a fill-in text field, fill in 'uce@ftc.gov' as your email. This will put the FTC spam collection email into their database.
3. If the spam links to a fill-in form (such as 'get an insurance quote'), fill the form in with enough bogus data to fool the script (such as 'Joe Satan at 666 Evil Street'), and then give 'uce@ftc.gov' as your email.
4. Often times the website will have contact information, including email addresses. Do a dead cat bounce on them and if they check out, Moby them.
5. If you can locate the website for the marketer, but there is no contact information, go to the Network Solutions WHOIS database (http://www.netsol.com/cgi-bin/whois/whois) and look up the contact information for the domain. Then dead cat bounce the email addresses given (these are usually, but not always valid, since in order to set up the domain you have to have a valid email address). Dead cat bounce and Moby all of them.
6. Sometimes spammers give a Web address only as an IP address (xxx.xxx.xxx.xxx). You can resolve this by using a good reverse domain lookup service such as http://www.amnesi.com/hostinfo/ipinfo.jhtml. This will give you the actual domain name and the contact info, along with email addresses which you can then Moby.
7. If you have a company name for the spammer, type it into Google. Even if the company doesn't give a direct hit, there may be pages which tell you more information about the company. If there is a direct hit, and they have a web page with contact information, Moby them.
We've all seen these, that is if you've had email for more than five minutes. Or own a fax machine. And it's been spotlighted in the media countless times. The 'Nigeran' scam is just an old reworking of an age-old confidence game. However it must work occasionally, probably because there is always someone who just got online, opens their email for the very first time and gets this astonishing letter promising filthy lucre.
The pitiful thing is not so much that the scam works occasionally, but that the Nigerians (or whoever is sending out these scam-spams) are so clueless about spam. It's like they have a big 'email-bomb me' sign attached to their asses.
They generally get a free account at a second-rate mail service. These accounts have a very small mailbox size limit (a few megabytes). In my experience, three or four copies of moby.txt will result in that wonderful 'mailbox full' autoreply.
Why stop there? Just forward a message to 'abuse@' the mail provider with a copy of the scam-spam, with a short note at the top to the effect 'Please shut down {email address} before some sap gets taken in'. I find that this usually gets honored by the mail provider.
So before the 'Nigerian' gets around to unclogging their shiny new account, all mail will be bounced from it, and then it gets shut down. It takes about five minutes of your time, and it could save someone with low resistance to Jedi mind tricks their life savings.
Also, it needs to be said that if you're Nigerian or live in Nigeria, please accept my deepest sympathy. It must be rough to live in a country with such an image problem, unlike certain superpowers I could mention....