Welcome
CV
Projects
  NFSNET
  Harp
  Reviews
  Big Brother
  Generate
  Recover
  SpamKills
    AllHosts
    SomeHosts
    ATT
    mediaconnect
    Vibora
    Fake AOL
    AOL
    hotmail
    EarthLink
    Justresults
    Savvis
    vienna.at
    USONET
    ABANET
    wpcd
    210.141.105.98
    199.171.54.114
  WINE
  Merchandise
  SimThrow
Interests
Links
Statistics
About

The purpose of this page is to talk a bit about my ongoing project to stop getting spam mail anymore.

First of all let me say that I'm in no way saying others should do as I do, since that takes quite a lot of time including the time needed to get some knowledge about how mail is sent and relayed, but on the other hand, from time to time, it's rewarding as well.

My main decision has been to not go the cowards way of "protecting" a mail address of always using a mangled address such as eg. henrik@nospam.iaeste.dk which is a normal thing to do to prevent a program from grabbing the address.

Neither do I go the berserker way of mailboming, nuking or otherwise attempting to "punish" the server the mail apparently came from.
This I don't, both because as a systems operator I can't condone such actions and because the berserkers seldom take the time to figure out exactly what the offending machine was, so tend to wreak havok in all the wrong places.

Instead I try to go the active way of educating administrators of open relays about the problems their wrongly configured software are causing.
that, and immediately telling the provider about a user's abuse are the only responsible responses to spam mail.

As a systems administrator, I have another way of helping to stop spammail and that is by making sure all mailers I'm administrating is using both the MAPS Realtime Blackhole List and ORBS, two registrars of servers involved in spamming, though because of their different philosophies they have different criteria for registering servers.
MAPS registers adresses that have been involved with willful spamming, and whose admin's haven't show any inclination to stop spamming from them.
ORBS on the other hand is entirely about open mail relays, having a machine that's open for relaying is enough to get in the registry, closing the relay is enough to get out. This is almost entirely about stopping third person relays and is essentially the big stick.

Unfortunately, the ORBS check stopped the mail from several people IAESTE does business with and management panic'ed, so instead of taking the time to put those on a positive-list, I ended up being told to remove the check altogether.

This is also a bit unfortunate for the spammers and the people having open relays, since that means I have to actively pursue getting them on the MAPS RBL list instead of simply makind do with entering them in ORBS as I could earlier.

Stories so far

I didn't start collecting this list until early 1999, so several success stories have been lost.
Due to the problems with the politics surrounding the filtering, I've had a one year break from putting things on this list, but a recent surge in the number of SPAM messages I receive has caused me to start this again.

date From: Subject: state
10 Dec 1998 14kRUSH@joinme.com 14k GOLD JEWELRY This one got me a automated confirmation message from AT&T
12 Jan 1999 prof1x@magic.fr Wow! A COLLEGE DEGREE ON THE INTERNET?!? This one got the relaying site to stop relaying of mail on that host, definitely a win.
6 Jan 1999 / 30 Jan 1999 postmaster@mediaconnect.ch didn't reply to my mail about their machine being open for relaying, so 30 Jan 1999 I registered all open relays in the domain they administer with orbs and sent an email to the postmaster account at all the affected domains telling what and why.
Three months later none of the relays have been closed yet.
Various <Faked>@iaeste.dtu.dk These links were FUN!
-Another Internet success story!
Learn the Internet with Fun Links!
This came with my new computer! Cool Sites on the Internet		 This one seems to have died out by now, it's a spammail sent to aol.com from several different machines with faked from addresses apparently coming from different users on iaeste.dtu.dk.
I'm involved in this one because as postmaster for IAESTE I get all the rejected mail from aol.
Thu, 11 Feb 1999 MobileCostCutter@Hotmail.com Notice to all Mobile Phone Users! The Hotmail account you reported has been closed.
Thu, 18 Feb 1999 RWebb46664@aol.com Get your Business on the Internet NOW!! Automated reply
Sat, 20 Feb 1999 Cbm_Replydept@job4u.com
(faked)		 I thought you might be interested Automated reply
Sat, 27 Mar 1999 OuTdO59231@aol.com wow...this is incredible! Automated reply
Tue, 30 Mar 1999 best44@apmail.com
(faked)		 Internet Domain Name Owner and ISP Address lists on CD-ROM justresults haven't replied to my first letter, I've sent them a second
Tue, 30 Mar 1999 bmarkson@premiumservice.com
(faked)		 Re: how is your business doing? Relay has been closed.
Sun, 4 Apr 1999 ozone2@crtive.com
(faked)		 ADV: your site No reply yet
Tue, 13 Apr 1999 "afriend" <afriend@a1eservice.net> Stock Offering IPO - Co Gives Free Computers Reported to SEC as a possible pump'n'dump scheme on Thu, 15 Apr 1999
Automated reply explaining why they can't give details of possible ongoing investigations.
Sun, 9 May 1999 stockprofits900pc@hypermart.net Possible +900% Stock Investment Return! Reported to SEC as a possible pump'n'dump scheme on Thu, 15 Apr 1999
No reply yet
Fri, 14 Apr 2000 howardloan@newmail.net Lets us save you money on computer software Complained to open relay Tue, 18 Apr 2000, no reply
Reported to RBL Thu, 27 Apr 2000. Is now listed in RBL.
Sat, 15 Apr 2000 7lcx@wpcd.com Reported to abuse@wpcd.com and postmaster@wpcd.com, no reply.
Reported to RBL Sun, 23 Apr 2000. Is now listed in RBL.
Tue, 18 Apr 2000 invest4u@china.com (forged) Gasoline prices are over 30% Reported to open relay. Host is no longer a mailserver.
Tue, 18 Apr 2000 New Century Houswhold De-Odorizer Complained to postmaster@ednet.ns.ca
After a second complaint 10 days later citing their apparent disregard of their own AUP, the machine is no longer serving mail.
Thu, 20 Apr 2000 pepey2gf@usa.net (forged) The Truth Is Out Reported to postmaster@hbv.de, relay no longer a mailserver
Sun, 16 Apr 2000 Take The Call Before April 28th, It's FREE!!! This is uu.net at their most spamfriendly :-(
Spam reported to abuse@uu.net Mon, 17 Apr 2000, got their autoreply.
Machine confirmed as still being an open relay, Thu, 27 Apr 2000
Machine nominated for RBL, Fri, 28 Apr 2000
I'm told MAPS can't get it to relay, Mon, 01 May 2000
I can confirm to MAPS as still being an open relay, Tue, 2 May 2000 and is told that the nomination is being recommended
Machine noted as removed from ORBS, but confirmed as open relay still, Thu, 04 May 2000
My current conclusion is that this machines admins are trying to block the RBL and ORBS tests instead of stopping the open relay, something I hope will get them in trouble in the long run.
Wed, 26 Apr 2000 moneymarket@loja.net (forged) Invest your money and watch it grow Complained to postmaster@campneymurphy.com, relay now closed
Thu, 27 Apr 2000 snoreless9@hotmail.com Do you or someone you know SNORE? Complained to abuse@singnet.com.sg, relay now closed
Last Update: Sat, 28 Feb 2004