The six headed spam monster

Several days ago I visited an on-line forum of one of the Internet Presence Providers (IPP) in my country and found a topic dealing with spam. One user of the IPP in this topic, posted that by accessing his web site he receives the standard 403 forbidden message. He thought that it was some kind of a problem on the server, but the reality is that his account was shut down (and all files deleted?). The reason is – spam. It looks like he massively spammed a large number of usenet groups about his web site, where he is offering the most visited and demanded content on the Internet – naked chicks with a focus on nude celebrities.

After a reply by on of IPP’s administrators where he says that the account is being locked because of spam, the user started to beg for his web space to return, that he is sorry for the spam, that he wouldn’t do it again, etc. Another user, apparently his friend, stood on his side, and posted that spamming isn’t such a big deal to lock someone’s account. Well guess what it is … Let us see a copy of the e-mail from a company where this IPP has their servers. Mail noted below is sent from a “Security & Abuse Team”. Just to note that company name is shadowed with XXX’s.

…………………………………………

——– Original Message ——–

From: XXX Network Support

Subject: Re: [xxx-A21484] (fwd) Pamela Anderson and others nude

http://www.XXX.net/babes

To: contacts@IPP.dom

CC: abuse@XXX.net

Dear XXX Reseller/Customer:

This letter is to inform you that we have received at least one complaint or notification which indicates that you are in violation of XXX’s acceptable use policy with regard to unsolicited commercial email and/or newsgroup postings. A report of the incident in question will proceed this message.

If you are a reseller and this complaint was received in regards to a violation by one of your customers or associates, we suggest that you terminate their service immediately.

To ensure that your service is not interrupted, please respond to this message within one business day from reciept, documenting what actions you plan to take to ensure that this activity comes to an end. Do not remove the [XXX-Axxxx] tracking number from the subject field of your reply.

If you believe that this message was sent to you in error, please provide us with a brief explaination of the situation at hand. One of our representatives will contact you via email to follow up.

If we have not heard from you by that time, network connectivity to your site may be terminated until this issue has been resolved.

Thank you for your prompt attention to this matter.

…………………………………………

The actual user in question has already received an alert from the IPP for his first spamming trip, and after the first alert, the next one the is fatal one – losing user privilages and web hosting. So if you read the mail that I noted, a part of it could be a vital one – “If we have not heard from you by that time, network connectivity to your site may be terminated until this issue has been resolved”. This provides you with the information about how spam could practically be dangerous to any Internet Presence Provider and its users. Why would a company lose a link to their servers, just because one of its users doesn’t know the Netiquette and some basic being-online-behaviour.

In this case, if someone spammed once, then got alerted about it by the IPP, then spammed again, why would he receive a new chance??? Why would you trust someone that let you down for two times again in the past? Why let your company’s name to be messed with it? Lot of why’s I don’t doubt… Lot of IPP’s have their own spam-policy, and my opinion is that it should be placed on the visible place on the IPP’s homepage or users section. The other thing is that the spam policy is usually placed in a long file with all policies you have to agree when you are start your subscription with a IPP/ISP… Technically if you would like to be a user of some company, you won’t spend 20 minutes or so to read the whole several-pages-long user-company agreement. Fighting spam and not using it as a marketing opportunity is one of the most vital and important sections of the agreement, so maybe it should stand by its own? Maybe every new user should receive a seperate e-mail where the company’s Spam policy is listed? But would it help the users that are definetely so Internet-rules-inexperienced or so arrogant to send spam at any cost? Their only enemies are the people who hate them, but not just passively hate them, but forward their emails to abuse service at the appropriate IPP/ISP. With the example I pasted, you could see that abuse services are effective.

Some of the scammers found a way (nothing new of course) so they started spamming with URL’s which doesn’t show on what domain their spam stuff is hosted, so it could be a little bit harder to regulate or for a relatively new Internet user to contact abuse on spammer servers, because they think “What the hell is http://3520040023″, aren’t IP addresses cunducted in the http://127.0.0.1 way?”. Well you can easily change x.y.z.w to the older way with the following formula – x*256^3 + y*256^2 + z*256 + w . So from this formula you could do it both ways… But usually spammers don’t have their own domains so by using a form of (for instance) http://3506561041/edete2000 shouldn’t fool you… Just point your browser to http://3506561041/ and you should see that he is hosted by Yahoo! GeoCities.

So you didn’t learn anything new from this rant of mine, but I really wanted to write something on that spam forum “fight”. This got longer, because if you rant on something that is of interest to you, new ideas and critics will always start to ride your brain, and then it would be a pitty now to type it down 🙂 Thanks to FireD and Deymos for the inspiration for this rant and to LiFe for getting this rant a name. Why “The six headed spam monster” you ask? Well he says “when you kill a spammer, 6 new will arise” 🙂