For more information, see the FAQ: Current Usenet spam thresholds and guidelines, by Chris Lewis & Tim Skirvin.
See also Jargon.txt, the official dictionary of the computer world, Andrew Nellis' jargon file, The Canonical Abbreviation/Acronym List, Acronyms, he insider's language of Usenet, Spammer quick-reference list
Any massive flood of drivel which serves to flood a communications channel, reduce the signal-to-noise ratio and annoy the hell out of a large number of people.
The word comes from an old Monty Python skit where some folks in a diner are unable to have a conversation because a group of Vikings at a nearby table keep singing the "Spam" song. (This is a gross oversimplification of the skit, but covers the important point.)
The term became connected with computers in 1985 when somebody harassed one of the original Pern MUSHes by echoing:
SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAMon all their terminals every few seconds until they booted him.
Today, "Spamming" is flooding netnews or email with tons of useless garbage, thus reducing the signal-to-noise ratio and driving people nuts. This typically means flooding the net with one single message (often an advertisement) posted to hundreds or even thousands of newsgroups. It can also mean posting over and over again to a single newsgroup in the hopes of drowning someone out.
The first major netnews spam was executed circa January of 1994 when a junior admin at an Adventist college in Michigan named Clarence Thomas IV spammed approximately 5000 newsgroups to warn everybody that Jesus was coming. He was fired and the offending posts were cancelled. (See sample post & amusing reply.) Shortly afterwards, Laurence Canter & Martha Seigal spammed ~7000 newsgroups with the famous "Green Card" spam and the Second Age of Usenet began. Canter & Seigal have since divorced, and Canter has been disbarred (again), but their legacy lives on.
Perhaps the first recorded usenet spam of all was the "JJ incident" which happened May, 1988. See netnews article first case of spam??. An earlier example is known as "the dinette set heard 'round the World" http://groups.google.com/groups?selm=3375%40drutx.UUCP -- only two posts, but they were posted to net.general, which is seen everywhere.
The first known email spam was sent by DEC salesman Gary Thuerk on May 3, 1978 when he sent a sales pitch to 400 email addresses which were hand-typed into the computer.
Some people have coined phrases for the various flavors of spam, such as "velveeta" or "EMP". The definitions revolve around whether or not a message was cross-posted or multi-posted (which is worse) and other details, but it's all just spam to me.
When referring to the Hormel product SPAM®, the word should be capitalized. When referring to the internet nuisance, spam should be written in lowercase.
The Hormel corporation has been pretty good-natured about the use of their trademark in discussions of on-line spam, even giving Spamhaus permission to register Spamhaus® as a trademark in Europe.
The FAQ states that EMP means, essentially, "too many
separate copies of a substantively identical article".
Articles should be crossposted to the newsgroups to which they are
relevant and no more. Crossposting is not, in itself, considered
net abuse unless done to excess (see ECP), or to
many non-relavent newsgroups (see troll.)
See also multi-post
Multi-posting is especially annoying, as it forces readers to encounter
the same post over and over again as they peruse the net.
Some people multi-post because they are using broken news software which
does not allow crossposting. Others do it under the mistaken belief
that crossposting is considered anti-social (it's not.)
Spammers will multi-post in order to force potential customers
to see the same ad over and over again. This is the same logic
that causes people to plaster hundreds of copies of an advertisement
on a wall right next to each other.
Some floods are done purposely to drown out discussion in a group. Most
common are the floods in
alt.religion.scientology
intended to drown out criticism of Scientology. These classify as
vertical spam.
See also Despew.
For more information, see web page
The Attack Against ALT.RELIGION.SCIENTOLOGY
Spam which has been reflected back to innocent third parties by a
mis-configured system as it rejects spam. A typical scenario is for
spam to be sent with a forged "From:" line. The recipient system
rejects the spam and sends a rejection notice to the puported
sender. If the forged "From:" line refers to a spam trap,
the system responsible for the backscatter can find itself listed as a
spam source. Backscatter can be caused by other ways, such as
challenge-response.
Another example: fax of a pink contract
between AT&T and Nevadahosting.com
See also
AT&T Spam Contract Discovered and CNet article
Giving spam the network boot.
See also several mentions of pink contracts by
Ronnie Scelson
in his
testimony
before the U.S. Senate Committee on Comerce, Science &
Transportation
One final note: many spammers will claim to have a
pink contract with their provider. This is done to discourage
complaints. Always remember rule 1. Genuine
pink contracts are probably relatively rare, and only two have been
definitively proven
(AT&T and
PSI).
An email account which has never signed up for any mailing list or
done anything else which would cause someone to legitimately send
email to it. Unsolicited email to a spam trap is invariably spam and
will cause a near-instantaneous listing of the sending server as a
spam source.
A typical scenario works like this: Aol users receive email telling
them that there's a problem with their bill, or informing them of
some great givaway. The email refers to a web page that looks
like an AOL signon page but isn't. The hapless user enters
their signon information. A week later, the user doesn't understand
why their account has been shut down for spamming.
For a real education, execute the command "whois aol." (note the
trailing dot) and look at all the privately-owned domains with
names like "aol-bills.com", "aol-billing.com", "aol-billinginfo.com"
and so on.
This way, they get to keep their pet spammer, and some spam victims will
believe that malarky.
The original "Hacker X" was the alleged hacker that broken into
Cyberpromo's system and
posted their password file to the internet. See
Cyberpromo FAQ,
item #17.
Sometimes hackers really do break into systems to send spam (although
this is more commonly done to launch attacks on yet another system.
See zombie.)
Here's an amusing example of "hacker X" in action: At
MommyJobs.com, a site which promotes various
get-rich-quick schemes,
readers
are enticed
to spend $40 on trial offers at
porn sites, with a promise of receiving $500 worth of rebates and
valuable prizes. In the end, after everybody has kicked in their
money, they're informed that
a
hacker has broken in and ruined everything
and now they won't get their $500. Another example of Hacker X is the Ameritrade
press release
which claims that a recent leak of
Ameritrade
customer information to
stock spammers was caused by "unauthorized code" (i.e. spyware) in
their system.
Revenge spam is another reason why you should not blindly reply to
spams you receive.
Named after Joes.com, a web-hosting service which was vicitimized in
this way. (See sample spam.)
According to Follower of the Clawed Albino, this is what happened:
Joes.com's admin did not like this. Joes.com had an AUP which said, in
part, "Thou shalt not spamvertise sites hosted here, lest the wrath of the
Administrator be just and verily smite thine account". Said website was
smited.
Yuri, as most sociopathic serial-spammers [yes, I know that's a double
adjective, but...) tend to do, got pissy. He proceeded to forge a spam
from Yet Another Account, with the admin of joes.com's address, basically
going "We'll let folks do what we want here and we like spam so neener
neener neener".
Literally a cast of thousands got downright rabid at this point. Many
folks, who did not carefully check the headers, proceeded to send tons of
angry mail at best and pingfloods and mailbombs at worst towards joes.com.
The proceeding shitstorm that was raised not only knocked joes.com off the
net, but also knocked its UPSTREAM off the net too. Joes.com ended up
being taken down as a result, a guy lost a business, and the term
"joe-job" (meaning a forged spam meant to cause a denial-of-service-by-
proxy attack) came into the Internet spamfighting lexicon.
<set voice=Paul_Harvey.voice>
And now you know...the REST of the story. Good day...
<set voice=normal.voice>
Other references:
The story of how one mis-entered email address on a web page resulted
in a flood of undeliverable spam to honet.com. The story serves to
illustrate why "just hit delete" and "just unsubscribe" don't
work. See http://www.honet.com/Nadine/
for the full story. Today, "Nadine" is sometimes used as a generic term to describe a
non-existant or spamtrap address which should never receive any kind
of commercial email.
In reality, pyramid schemes only work for the people who start them
or happen to be near the top of the pyramid.
Everyone else in the list is out five bucks. You are in effect
gambling that you'll be at the top of the pyramid. This scam has been
floating around the net for so long that your chances of being near the
top are nil.
Pyramid schemes are a major annoyance on the internet and are considerd
cancel-on-sight. They are grounds for losing your account at many sites.
Pyramid schemes are serious business. The post office considers them to
be mail fraud and will prosecute. In 1996, pyramid schemes caught on
in the country of Albania where the populace is new to the idea of
capitalism and naive when it comes to fraud. The resulting economic
collapse resulted in the fall of the government and social anarchy.
(CNN Article.)
Some pyramid schemes come with window dressing to make them look
legitimate. There may be text in the letter assuring you that the
sender's lawyer has verified that it's legal, or some sort of worthless
commodity such as recipes or mailing lists may change hands. Don't
be fooled -- if success depends on being at the top of the pyramid
then it's a pyramid scheme and illegal in most places.
For more information, visit
Dave Rhode's web site
(believed not actually written by Rhodes),
Wikipedia entry,
the
Make Money Fast
Myth Page at Stopspam.org and
the U.S. Postal Service's
Chain
Letters page.
See also the MMF Hall of Humiliation, and
Google's archive of the
very first
MMF.
If you are annoyed enough to take action, here's what you do:
Print a hardcopy of the MMF and send it to the postmaster(s) where the
snail-mail addresses are located
The U.S. Postal Service maintains a
web page
to help you locate the nearest inspector.
So-called because it violates section 419 of the Nigerian criminal
code. This scam usually, but not always, originates in Nigeria. In
the 419 scam, you receive a letter from an official in Nigeria or
other african country, and are told that someone needs to move a great
deal of money out of the country and that you've been selected to
help them do it. In return for your help, you'll be given a cut of
the action. All you need to do is pay some sort of "Advance Fee" or
"Transfer Tax" or give them your bank account information
so they can wire the money to you. It's hard to believe anyone in the world is stupid enough to fall for
this scam, but people do. Supposedly, this scam has evolved into a
major industry in Nigeria.
The scam is a variant of the centuries-old "Spanish Prisoner" scam, in
which a Spanish nobleman needs front money to bribe his way out of
prison, after which, he will shower you with riches. The scam has been on-going in its present form for decades and
is propagated by other means than the internet. I received one via
international snail-mail once.
Here is an example which was recently forwarded to me by a reader:
For more information, see the
The 419 Coalition Website,
or type "419 scam" into the search engine of your choice.
See the
MMF Hall of Humiliation for more info.
See also:
(2) The literal use of viruses or other cracker tricks for advertising
purposes. Recent example is the GoHip.com web site. The web site
contained active-x code which would modify the victim's system, adding
an advertisment for GoHip to the victim's email signature, and making
changes to the victim's browser default page. See WiReD article
What is Hip? Not GoHip.com for more information.
See also C|Net article
Browser hijackings upset security pundits
For an excellent description of how spyware is installed on computers,
see the text of the
LL Bean v Kraft lawsuit (pdf).
The Breidbart Index is computed as follows: For each article in a spam,
take the square-root of the number of newsgroups to which the article
is posted. The Breidbart Index is the sum of the square roots of all
of the posts in the spam. For example, one article posted to nine
newsgroups and again to sixteen would have BI = sqrt(9) + sqrt(16) = 7.
It is generally agreed that a spam is cancelable if the Breidbart
Index exceeds 20.
Breidbart Index accumulates over a 45-day window. Ten articles
yesterday and ten articles today and ten articles tomorrow add up to a
30-article spam. Spam fighters will often reset the count if you
can convince them that the spam was accidental and/or you have seen
the error of your ways and won't repeat it.
Breidbart Index can accumulate over multiple authors. For example,
the "Make Money Fast" pyramid scheme exceeded a BI of
20 a long time ago, and is now considered "cancel on sight".
BI2 is experimental, and as of this writing is not used as a spam-cancelling
criterion.
Cancels are also used to remove spam and other
inappropriate posts, or for censorship (this latter use is usually
considered to be net abuse).
Spam cancellers usually issue cancels based strictly on volumes of
spam (as measured by the Breidbart Index) and not by
content, in order to avoid charges of censorship.
Retro-moderation cancels should always include the "retromod"
pseudo site in the Path: header line, so that
sites which wish to ignore retromod cancels may do so.
Short for robot. 1) A program that posts to usenet news or takes other
actions when called to do so. Examples include
robocancellers which seek out and cancel
usenet posts that match certain criteria, robots which post
periodic FAQ's to certain newsgroups, "Dave the Resurrector" which
detects unauthorized cancels and reposts the cancelled article, and
the "Kiboizer" which was written by James (Kibo) Perry to search all
of usenet news for references to himself so he could respond. 2) Aka zombie. A computer which is under the remote
control of another party, usually without the legitimate owner's knowledge.
Usually used to transmit spam or participate in ddos
attacks. A network of bots, often numbering in the hundreds of
thousands. Botnets are controlled by individuals or organizations who then
rent out access to the network to spammers or other on-line criminals.
NoCeM reports are advisory only. Each individual user and/or
site administrator determines whether or not to honor NoCeM reports;
based primarily on the reputation of the person issuing the report.
Anybody may issue a NoCeM report.
For more information, see the
Cancel Moose Homepage.
DNS Blocklist. A list of IP addresses which are listed
for spam or spam support. This list may be queried in real time via
the DNS (Domain Name Service). This allows blocklists to be updated
continuously as new sources of spam are discovered, permitting clients
to have up-to-the-minute information. Another advantage to DNS-based blocking lists parties is that
network addresses can be removed as easily as they're added.
Without DNSbl services, system administrators are forced to manually
add each new source of spam to their deny lists as they are discovered.
Even after the responsible ISP discovers the spam and shuts it down,
these manually-added entries remain, often permanently. ISPs which
are slow to react to spam complaints can thus find large swaths of IP
address space permanently damaged. On the other hand, if administrators
use a DNS blocklist, IP addresses become usable again once they've
been cleaned up. There are disadvantages to using DNS blocklists, though. To start with, it
means ceding some of the control of your network to a third party. In
addition, the "one size fits all" approach provided by a DNSbl may not
always be appropriate. For instance, a DNSbl maintainer may see
nothing but spam coming from a certain net block and list it, but you
might personally be friends with the single legitimate user in that
net block and not want to block it. Finally, a DNSbl may go haywire
and the problem not quickly discovered. In August of 2006,
SPEWS
quietly stopped updating their list and it was months before the word
got out. DNSbls should not be used by large ISPs as a sole method of guaging
spam. Instead, best practice would be to query one or more DNSbl and
using the response as a weighting term in the ISPs own spam-filtering
system. One well-known example of a DNSbl is the RBL.
For more information, see the
Mail Abuse Protection System home page
and this
Yahoo article about the RBL.
For more information, see the
Mail Abuse Protection System Dial-Up List
Aliasing can also be used to block news from unwanted sources. For instance,
if you don't want to receive news from Earthlink, you would add earthlink
to your news software's aliases file (even though Earthlink is not really
an alias for your site). This would cause your news software to discard
all news with "earthlink" in the Path: header line.
Pseudo Sites may also be aliased to allow news
software to reject news or control messages with certain keywords in
the Path: line. See cyberspam for more info.
In a more derivative sense, Aliasing is often used to refer
to setting up software blocks to reject various kinds of traffic from
certain sites.
Note that articles from a third party will also be rejected if they
pass through the aliased site, but may later be accepted if they
arrive via an alternate route. For example, suppose UUNet has been
aliased by foo.com. A message leaves bar.com, passes through UUNet,
and arrives at foo.com where it is rejected. However, if bar.com is
multiply-connected, then that same message may eventually reach
foo.com by a route that did not involve UUNet. At that point it would
be accepted.
The name is somewhat of a misnomer; death is permanent while a full-fledged
UDP typically only lasts a few days.
There are three forms of UDP:
For a partial history of UDP's, see
Udp History
For articles in the press about UDPs, see
UDPs in the News
See the Jargon.txt file.
An email address that is unique in some way so that the owner can keep
track of who has it. For instance, if you were to use
yourname.ameritrade@example.com as your email address
when signing up for an account at Ameritrade, and later received
pump-n-dump spam
to that address, you would know that the spammers had
obtained your email address from Ameritrade.
Hash busting can be simple:
Spam techniques that spread the spam load as thinly as possible, in order
to avoid detection. The analogy is to snow shoes, which spread the wearer's
weight thinly across the snow. See
Spamhaus glossary
for more. Technique of hiding a small amount of spam in among larger amounts of
legitimate email to hide it. "Sometimes posts to moderated groups take forever to get posted ...
and so one might be motivated to "approve" one's own posts by adding
the relevant header. This is sometimes known as waving a dead chicken
over one's post. One might even refer to said dead chicken in one's
X-Approved: header. "However, moderators tend to frown on this and cancel said posts, which
they have every right to do. --Kelly Thompson
The term comes from Frank Murkowski (R-AK), the senator who
wrote S.1618 which would have made spam legal provided
it followed certain rules. In particular, to be legal under
S.1618, the spam must contain full contact info at the start
and make no attempt at hiding its origin.
There are three problems however: First, S.1618 was never passed.
Second, S.1618 would not actually have made spam legal, it would have
made certain kinds of spam illegal. Finally, most spam in
fact, actually violates the provisions of S.1618.
Thus, a Murk disclaimer serves as a sure sign that the message is spam,
and that the sender knew they were doing something wrong.
Sometimes morphing is inadvertant, such as when an ISP upgrades their
news software.
See the HayWyre Nullifyer
to decode these.
If the spam asks you to hit "reply" for more info then in this
case the address "pinkboy@example.com" is the payload so you want
to make sure to complain to "abuse@example.com"
If the spam asks you to go to www.cybercrock.com for more info
then www.cybercrock.com is the payload so you complain to whoever
hosts that website. In this case what's in the "from" is
irrelevant.
If the spam invites you to call 1-800-555-spam then that phone
number is the payload.
If the spam invites you to write to postal address then that
postal address is the payload.
--- Ron Ritzman <rritzman@mindspring.com>
Any content or technique used to artifically improve a web page's
ranking with search engines. Examples include the inclusion of
non-sequiter keywords or hidden text on a web page, or the seeding of
other web pages with links to the page being spammed. See also Wikipedia entry
Spamdexing. Search Engine Optimization. The practice of optimizing a web page to
make it easier for search engines to index, and to improve the web
page's ranking. Some search engine optimizing services artificially
boost web page rankings via spam. See
Spamhuntress wiki for
more. Form of search engine spam. The practice of presenting one web page to search engine crawlers and
another to ordinary users. The fake page shown to the search engine
crawlers contains content and keywords designed to increase the web
page's score or otherwise mislead the search engine, in order to bring
traffic to the real page which would otherwise not have merited
it. Form of search engine spam. Network of web pages whose only true purpose is to contain links to
other web pages in order to increase the Page Ranks of the target pages.
Link farms are frequently used by "search engine optimization"
services who offer to increase a web page's Page Rank for a fee. Form of search engine spam. The practice of filling the comment section of popular blogs with
meaningless posts containing links back to a web site. The intent is
to artificially boost the page rank of the linked web site, taking
advantage of the high page rank of the spammed blog. The more popular
a blog is, the more comment spam it gets. Form of search engine spam. Also known as a splog, a spam blog is one created only to
contain links. The text is often irrelevant, repetitive, or
nonsensical. For a fuller description, see
About Spam Blogs at Blogger. Form of search engine spam. Whenever you click on a link that takes you to a new web page, the
server for that web page is given the URL of the page that contained
the link. This is done so that servers can keep track of where their
traffic is coming from, and optionally serve different content
depending on where the link came from. These "referrer links" are kept
the the server logs. Sometimes these referrer links are made public, either through
misconfigured statistics-collecting software, by bloggers who like to
display where their traffic is coming from, or any number of other
ways. Search engine spammers will exploit this weakness by flooding
sites with thousands of page requests that contain forged referrer
links, in order to boost the Page rank of those 'referred' sites, or
simply in the hopes that people will click on those links. See ihelpyou.com
discussion forum
for more information. The act of clicking on an on-line advertisement for the purpose of
generating revenue or costing someone else money. In the first case,
someone using e.g. Google's
AdSense
program would use a program or hire cheap labor to continuously
click on the ads on their own web page, thus generating unearned
revenue at the cost of the advertiser.
In the second case, someone using e.g. Google's
AdWords
program would similarly generate clicks on a competitor's ads at
Google, thus costing the competitor money.
The purpose is two-fold: The seemingly innocent content of
the copied page lures readers into thinking that it's safe to
click on the links, and secondly, web search engines will
index the copied page under a variety of unrelated catagories.
Thus, someone searching for "Oaklahoma Tornadoes" might find
themselves at a porn site.
For a good article on this practice, see Wired article
New Web Hazard: Page-Jacking.
A concerted campaign to censor a web site, page, or author. Commonly
executed by a large corporation to remove bad publicity or reviews
from the internet, although it can also be conducted by politicians,
religious zealots, or anybody else who wants to silence debate. Page waxing typically consists of legal threats both to the author of a
web page and to the ISP where the web page is hosted. For more information, see
Counterexploitation.
For a good article on this practice, see Wired article
New Web Hazard: Page-Jacking.
You can usually escape a lock-in by bringing up the history menus
available in most browsers. With Netscape, bring up the "Go" menu,
the "Netsite:" menu (far right edge of URL), or hold the mouse button
down over the Back button.
Remember: Always disable Active-X and Javascript except when visiting
trusted sites, and always disable them afterwards.
Other pseudo sites may include the name of the canceller or keywords
such as SitenameUdp.
The robot had a bug in it however: it issued cancels which contained
the keywords which Depew was using to identify inappropriate posts.
The robot went berserk, cancelling its own cancels. Much panic and
hilarity ensued as admins everywhere tried to determine the source of
the cancels, and then to track down Depew -- who had gone home for the
weekend -- to get him to shut it off.
(This is a classic example of why you never deploy new software on a
Friday afternoon.)
The word "Despew" was coined to refer to spew caused
in this fashion.
As networking evolved, more and more Usenet sites found themselves
also connected to the higher-speed networks. It became natural to
"gateway" the networks -- that is to use Arpanet, etc. instead of
phone lines to transmit Usenet traffic.
When the Arpanet and the other networks coalesced into what is now known
as the internet, Usenet
ceased to exist as a separate entity. Also, with the advent of
internet protocols over phone lines (Slip,
PPP), the UUCP protocol is less widely used. The only
real remainder of Usenet today is the format of the Path: header line,
which is the format originally used by Usenet to specify a user mail
address.
Today, the term Usenet is more often used to refer to
the "network within a network" of machines carrying netnews.
For more information, see the FAQ's
What is Usenet,
by Salzenberg, Spafford and Moraes, and
What
is Usenet? A second opinion,
by Vielmetti.
Usenet II consists of a new top-level hierarchy, net.*,
which would have a global anti-spam charter.
Sites wishing to join Usenet II would be required to
adopt and enforce anti-spam policies, and to peer only
with other Usenet II sites.
The Usenet II proposal includes more formal authentication, "hierarchy
czars" and secured control messages.
Alternative:
There is a simpler version of the Usenet II proposal (also known as
Usenet 3 or Usenet 1.5 due to conflict with the original proposal.)
In this version, news would flow between Usenet and Usenet II
only through selected gateway machines which would implement anti-spam
filters on incoming news and hold articles long enough for cancels
to arrive -- sort of a gated community in the virtual global village.
In effect, the anti-spam half of Usenet would be shunning
the pro-spam half, except that legitimate traffic would still get through.
One of the advantages of the newer proposal is that it does not require
any changes to the underlying infrastructure, nor the creation of any
new newsgroups, with the attendant transition problems.
For more information, visit
news.software.nntp
and follow the discussions entitled
"NNTP Protocol RFC redux" and "USENET2 proposals".
Rogue sites are dealt with by appealing to their upstream providers, or
via Usenet Death Penalty
The "hat color" is usually one of the following:
Often, when a spammer's ISP goes off the net, it is not known if the
upstream service provider discontinued service, or a backhoe did it.
See
User Friendly comic (last panel).
A web page is referred to as "404 compliant" when it has been deleted
for net-abuse.
Often, someone will post something to the net like "I complained to
a spammer about X, and they told me it wasn't their fault because
of ...". This is often followed by a two-word response: "Rule #1".
Teergrube is German for "tar pit". In internet terms, a teergrube is
a system that acts as a tar pit for spammers -- causing their internet
connection to become stuck or to slow down dramatically. A typical teergrube is a very slow SMTP server. The server will
send periodic SMTP response continuation lines to prevent the
client from timing out. There are other kinds of teergrubes as well, such as a network connection
that sends small packets for reassembly just fast enough to keep the
other end of the connection from timing out, a DNS server that takes a
long time to resolve a name, or an iptables module that sets the
window size to zero, making it impossible for the other end to
disconnect. For more information, see the
Teergrubing FAQ
[deutsche], and
Wikipedia
In practice, it's iffy sorting out the relay tests from the actual
spam. Brad will tell you its easy to do, but he's had to head back to
work a few times after hours when the spammers didn't do what he
expected them to do.
I think the concept is sweet, but I don't think its very effective.
Other's think the concept sucks because there's no way to guarantee
that an apparent open relay won't leak any spam, and leaking spam is
BAD, PERIOD, even if the thrown away spam outnumbers the leaked spam
by a factor of 10,000.
See also:
Three Stages of the Chickenboner and
Re: Three Stages of the Chickenboner.
Beware, however, of hardcore spammers pretending to be clewbies in order
to forestall being TOSsed. See the first stage in
Three Stages of the Chickenboner.
See also: Clue-By-Four.
In the modern packet-switched internet, email is normally sent directly
from origin to destination.
Spammers will often relay spam through third-party systems in order to
hide the point of origin (effectively laundering the headers.) This is
done to trick users into reading messages they would otherwise delete,
to evade automated spam-filtering software, and to make it difficult to
complain about spam.
Hijacking can be harmful to the third-party system in several ways. First,
it is theft of service. Second, it is a drain on resources -- a large
flood of spam can crash a small server, creating a denial of service
attack. Third, it can cause bounces and complaints to be directed to
the innocent third party. Fourth, it damages the third party's good
name when spam recipients think that the spam came from them.
In October 1997, the medical imaging company Octree was completely
knocked off the net for two weeks when the Software
Publishing Association
relayed
a 300,000-message spam through Octree's server, bringing it
down.
In 2002, Califonia politician Bill Jones' campaign
hijacked
the computers of a korean elementary school in order to send
political spam.
Strong Funds is currently
suing
Over The Air Equipment for relaying
spam through their site.
An open Socks proxy is a security hole used by spammers to hide their
originating IP address. Spam can made to appear to come from the Socks
proxy instead of the actual origin.
A technique used to connect two masqueraded networks together. For
more details, see osdl.org article
Tunneling -
LinuxNet. Mentioned here because its use is insecure on the internet, and has
been known as a vector for spammers. Denial Of Service attack. Any computer attack intended to render
another system unusable. Distributed Denial Of Service attack. A form of DOS attack in
which hundreds or thousands of computers -- usually Zombies -- are
used to execute an attack against the target system. Often used by
spammers to cripple spam-fighting web sites, or to blackmail
businesses into paying protection money.
See Security Focus article
FBI busts
alleged DDoS Mafia.
A computer which has been cracked into and is being used by the
hackers to launch an attack or spam at other computers --
usually without the knowledge of the computer's owner. Usually, the zombie's owner is unaware of what is happening.
Zombies were used in the February, 2000 attack that brought
down several popular web sites. See news article
FBI looks at NZ student in DoS attack investigation Zombies are very useful for retransmitting spam. To begin with,
the IP address of the zombie computer is likely to be unknown by spam
filters prior to the transmission of the spam. In addition, each
individual zombie machine may only send a few spams at a time, allowing
them to fall "below the radar" and not get noticed as a source of spam. Zombies are generally members of a much larger "botnet", so while each
individual zombie may not be sending much spam, the total volume of spam
can be enormous. Probably between 70% and 95% of all spam is transmitted
by zombies. Internet Service Provider. A company which sells internet access to the
unwashed masses. Network Service Provider. A company which sells network access,
typically to large companies and ISPs. Email Service Provider. A company which sells email management
solutions to others. ESPs may also handle legitimate (or not) mass
mailings for others.
Smarthosting in the context of SMTP servers is when an SMTP server
isn't configured to know about resolving MX hosts via DNS for
e-mail destinations (an MX record in DNS indicates what host is
responsible for mail routing for a given destination mail domain
or subdomain) and it simply passes all e-mail that it accepts for
delivery to an SMTP server that does know about MX resolving.
The "dumb" SMTP server's admin basically says, "I don't know about or
care about properly finding the destination MX host, I'll just pass
all mail to the smarthost which does know about MX hosts and will
deliver the e-mail to the proper remote hosts".
Also, smarthosting is commonly used with networked UNIX workstations
where the workstation users send e-mail directly from their
workstation, but for reasons of policy or firewall configuration
aren't allowed to deliver directly to the remote MX hosts outside
the local domain so the network admins designate an SMTP gateway
machine that is allowed to deliver e-mail outside the local domain.
The problem with smarthosting on cable modems and ADSL lines and
other forms of dedicated connectivity (particularly inexpensive
dedicated connectivity that invites the clueless masses) is when
the machine's owner decides, "Gee, it'll be really cool to run
my own mailserver, but I don't want to learn anything about
proper server administration", gets mailserver software that's
open relay by default and only reads far enough into the server
docs to find the part that says, "Do this if you don't know
about or don't care about resolving MX hosts". The clubie thinks
for a second, "What's MX? I don't care about it." and then
follows the instructions that follow.
Smarthosting, in and of itself isn't necessarily a bad thing
since it is possible to do smarthosting without running an open
relay. Someone with a clue just has to know enough to configure
their server to be more selective about what messages it'll
accept for delivery (i.e. close the smarthosted server to
relay attacks).
Opt-in is considered the only legitimate way to market via email.
Opt-out lists do not work for the following reasons:
The practice of removing complainers from an address list rather than
deleting the list entirely. This allows spammers to continue to
spam with a minimum of complaints. Listwashing often requires the
complicity of the spammer's service provider, who will forward email
addresses of complainers on to the spammer. Secondary spam created by poorly-implemented email software which reports
bounces back to the address in the "From:" line of spam. Since the
"From:" line is invariably forged, this can cause a second wave of spam
in which an innocent third party to receive thousands of bounces. Also known as SPF. Previously known as Sender Permitted
From. Sender Policy Framework is an attempt to solve the problem of sender
address forgery. Most spam and other abusive email contains a forged
sender address. The victims whose addresses are being used are then
harmed because their reputation is diminished and they have to spend
their time sorting through misdirected bounce messages. SPF version 1 allows the owner of a domain to publishes an SPF record
in the domain's DNS zone. The SPF record specifies which mail servers
are authorized to send email from that domain. A receiving server can
then check the domain's SPF record to see if the incoming email came
from a valid server or not. See openspf.org for more information. A spam-prevention system in which the first email contact from an
unknown sender is bounced back with a "prove this is really you"
message. Once the sender jumps through whatever hoop the
challenge-response system requires, they are allowed to send mail to
the recipient. Better C-R systems will queue the original message,
and send it through once the sender has validated themself; thus
saving the sender the trouble of retransmitting the message. On the surface, challenge-response systems look like an effective
anti-spam system, but have drawbacks that many anti-spam activists
consider unacceptable.
In particular, since most spam has forged "From:"
lines, the challenges from C-R systems will be sent to innocent third
parties, in effect creating a second wave of spam originating from the
C-R system itself. (More, courtesy of Steve Linford:) On top of all of this, is the fact that challenge response breaks
automated email delivery which is vital to e-commerce: Your challenge response software rejects them all, telling every
robot mailer to prove it's a human. How many new people do you email in a given week? 50? OK, you only
have to click 50 'challenges'. I probably email 150 new addresses
every week, do I want to be looking out for 150 challenges to open and
click each week? How about Microsoft Customer Support or indeed any
ISP technical or support operation who spend their whole day emailing
customers (or those anti-spammers who always complain ;) only to find
their efforts bouncing off challenges with the result that the person
asking the question does not get an answer and gets angry at the
company's poor support. Every time someone writes in the Spamhaus asking a question, and I
spend time writing them an answer only to find a challenge comes back
when I send it, I press delete. A spam-prevention system in which the identity of the sender of
incoming email is verified before the email is accepted. The standard
method is for the receiving system to connect to the mail server
specified in the "From:" header and verify the sender's identity. Although commonly used as an anti-spam system, and available with a
number of mail transfer agents, sender verification callout has many
of the same problems as challenge-response.
In particular, since most spam has forged "From:" lines, the
verification step will result in an unwanted connection to the
puported sender's system, further tying up bandwidth of an innocent
third party. If a large spam run uses the same domain in the forged
"From:" lines, the innocent server will be barraged with verification
requests. In addition, some domains will accept email to any user id
either because the domain has a "catch-all" address or as part of its
own anti-spam measures. This will cause all forged From: addresses to
be accepted by the system trying to use sender verification
callout. And finally, many systems disable address verification completely to
prevent spammers from harvesting email addresses. This would cause
verification to fail for legitimate From: addresses, causing
legitimate email to be labeled as spam. The problem is severe enough that at least some
DNS Blacklist providers consider the use of
sender verification callout to be net-abuse and will list servers that
use it.
Some ISPs rent access to POPs to other ISPs. This can make the
equation even more complex.
Free internet services such as Deja-news, or internet services with free
trial periods such as AOL, are favorites of spammers, as it costs nothing
to acquire and then lose the account.
The practice of registering a domain name for only five days and then
returning it for a full refund. ICANN allows domain owners a five-day
grace period to drop a registration in case of misspellings or typos.
However, spammers and other bad actors use this policy as a loophole
in order to create "throw-away" domain names for spamming, or to
register tens of thousands of temporary domains for such purposes as
link-farming or
typo-squatting. See Spam
Diaries article for more information on the subject.
Some ignorebots send a message indicating that the spammer is not
abusing the ISP's rules, or that the ISP has no rules against spam, or
in some other way indicates that no action will be taken. These are
known as "fuck-you-bots".
The Cabal does not actually exist as such, except in the mind of various
net.kooks
for whom the Cabal serves the purpose of providing a relatively harmless
way of venting their excess paranoid energy. As secret organizations
go, the "Cabal" doesn't do a very good job as they're not very secret
(you can find them any time by reading
news.admin.net-abuse.misc)
and they're not very organized (they have to read n.a.n-a.m just to
find each other.)
The actual term "Cabal" comes from the
Great Usenet Renaming of the
late 1980's, when a group of administrators of Usenet backbone systems
decided that the Usenet news naming conventions were too disorganized
and went ahead and reorganized things. (At this time, many popular
newsgroups changed names, e.g. "net.women" became "soc.women" and so
on.)
Further, the backbone administrators were refusing to carry newsgroups
with controversial titles such as "rec.sex" and "rec.drugs". This had
the effect of banning these newsgroups.
This group of administrators was nicknamed "The Backbone Cabal". The
"Alt" news hierarchy was created to route around this censorship.
Although the great renaming was many years ago, and the Usenet backbone
itself no longer exists as such, the term "Cabal" has remained firmly
entrenched in the minds of those who need someone or something to
blame for their inability to re-make Usenet the way they would wish.
For more information on how you can join the Cabal, read
Jeffrey Smith's article How to see if you qualify
to join the Cabal
The
Net Scum webpage was hosted by
Cyberpromo, but lost their
connectivity when Cyberpromo was disconnected.
For more information on the Lusenet Cabal, visit the following web
sites:
Perhaps the most famous issue poster of all was
Serdar Argic
who not only posted relentlessly on the Turk genocide against Armenia,
but even went so far as to write a
'bot
which searched out all references to "Turkey" on the internet and
auto-posted a followup tirade. This proved to be a great nuisance in
the recipes newsgroups every Thanksgiving. (Note: it is believed by
many that Serdar Argic never actually existed except as the 'bot, which
was presumably written by Ahmed Cosar.)
Also see the Lumber Cartel home
page.
The opinions expressed on this page are solely those of Ed Falk and do
not necessarily represent those of any other organization, (although I
hope they do). I wish to thank Rahul.net for hosting this web page.
Velveeta
Another name for ECP.
Alphabetic Spam
(AKA Alpha Spam.)
Spam which is transmitted to newsgroups in alphabetic
order. Alphabetic spam generally indicates that the spammer plans to
hit every newsgroup on the net and is completely unconcerned with
whether or not the message is appropriate to the newsgroups spammed.
The newsgroup alt.3d invariably gets hit first
and hardest by alphabetic spam.
Horizontal Spam
Spam
which consists of a large number of messages sent to a large number
of newsgroups. Horizontal spam typically represents someone trying
to get a message across to the greatest number of people, regardless
of whether or not the message is is relevant to those newsgroups or
of interest to the people who receive it.
See also spam and vertical spam
Vertical Spam
Spam
which consists of a large number of messages sent to a single
newsgroup. Vertical spam may represent a clueless newbie who has
screwed up a posting command, or a malicious spammer who is trying
to drown out a newsgroup. See also spam and
horizontal spam
Crosspost
(v.) To cross-post is to send a single message to multiple newsgroups.
This is preferable to sending single copies of a message to each
newsgroup for three reasons: First, by only sending a single copy, you
reduce network resource consumption. Second, most newsreaders allow
users to view and discard a crossposted message with just one reading,
even if they subsequently visit other newsgroups to which the message
was posted. Third, a followup reponse to the original article will be
seen in all the relavent newsgroups, instead of just the one.
Multi-Post
(v.) To multi-post is to send a single message over and over again
to multiple newsgroups; as opposed to crossposting
which is to send a message just once with multiple newsgroups specified
in the headers.
Flood
Large quantities of material posted to the net at once, typically in
a binaries group. For example, someone might decide to post all of
his nude pictures of Pamela Anderson, which could take days. Although
floods can be annoying, they are not considered spam if each post
contains unique and relavent material.
Spew
Large quantities of garbage sent to the net by a malfunctioning news
program or robot. A typical cause of spew can be a netnews-to-BBS
gateway which strips out or reassigns message id's before forwarding
articles to the BBS. Fidonet used to be notorious for this problem,
although there haven't been any major Fidonet spews in recent years.
Sporgery
Combination of Spam or Spew and Forgery. Massive
floods of forged
articles, typically intended to disrupt a newsgroup. A favorite
tactic in newsgroup
alt.religion.scientology,
in which gibberish articles containing reasonable-looking headers are
spammed to the group, making the legitimate articles too difficult to
find.
Backscatter
Pink
The actual spreadable meat product Spam® is
pink in color. Thus, the adjective "pink" is often used to
refer to things associated with spam.
Pink Contract
A contract written by an ISP expressly permitting a spammer
to commit net-abuse. For example, see netnews article
AT&T writes pink contracts, confirmed!
UCE
Unsolicited Commercial Email.
Haven Spam
Spam from a "safe haven" -- a site which permits spammers to maintain
web sites. For example, a spammer might set up a web site at
Netcom and then spam ads for it from
throw-away accounts on other providers. As long as
Netcom provides safe haven for the spammer, the spam will continue.
Address Harvester
A robot that searches netnews, web pages or other sources for anything
that looks like a valid email address. The addresses thus acquired
are used for email spam, or sold to email spammers. See also
munge.
Spam Trap
Flame Bait
Stupid and/or offensive posts deliberately made to attract flames.
Often done by posting questions on controversial issues to disparate
newsgroups. See the various articles in Netiquette in
resources.
Troll
(v.)The act of dragging flame bait through the
murky waters of usenet to see who bites.
(n.)One who trolls.
Meow
Used in flame wars. Too complicated to explain here. See
web page
The History of the Empire of Meow.
Sock Puppet
Sock Puppets are multiple screen names all controlled by
one individual, they talk to each other even though they are one
person. This gives the impression of discussion between different
people, while one person controls the debate.
--anon,
Anatomy of a Pump & Dump
Phish
Refers to a false web page or other trojan horse intended to trick
users into giving up their credit card, account password or other
valuable information.
Hacker X
Hacker X is a mythical computer hacker who hacks into unsuspecting ISP's
user's accounts, and spams the world using an innocent person's ISP account.
This way, the abuse center can shine on spam victims simply by spewing out
something like; "Our user wasn't spamming, he/she was the victim of a
hacker, who used a trojan to access their account and this hacker spammed
you, so it is not our user's fault."
[RR]
Revenge Spam
Spam which has had some poor innocent person's identification planted
in the headers or message body. The intent is to make life miserable
for the victim.
Joe
(v.) The act of destroying a domain's good name via
revenge spam or other attack.
Joes.com had a web-hosting service. A rather notorious and evil spammer
known as Yuri Rutman happened to get a web page at joes.com (if memory
serves, it was for some bogus quack remedy or other) and proceeded to
spamvertise it via another account.
Nadine
MMF
MMF stands for Make Money Fast, the title of a popular
pyramid scheme that has been floating around the internet like a
virus. Pyramid schemes are a form of gambling. You receive a list
(via mail or internet) with five names on it. You send money to the
top name on the list, cross it off, add your own name to the bottom
and send it on to five soon-to-be-ex friends. After the list has
propagated five generations, you should receive a whole lot of money.
Include a note to the effect that you think it's an illegal chain
letter. Finally, if the address is a post box, point out that the
box holder is using the box for commercial purposes and you would
like the name, address and phone number from the box rental card.
POSTMASTER -- OFFICIAL BUSINESS
Anytown, USA
12345
Nigerian 419 Scam
Dear xxxx,
I am Mrs LISA MONIGBA Ivorien widow with an only son ISMEAL
ADAMS MONIGBA.My husband was the chief security officer to the
ousted President Henry BEDIE of Cote d'voire.During the over throw
of 24th December 1999, my husband was among the people that were
killed by the military.
Immediately after my husband's death, I ran away with my only
son to Togo,
I do hereby wish to ask for your assistance in urgent business
transaction that requires absolute honesty and secret. Although I
have not in any way disclose to anybody about this business because
I want to be very careful about it and have being undergruond since
I left my country immediately the death of my husband.Please the
details of this my proposal to you is very confidential and I want
you to treat it as such because I don't want to be traced by the
former President concerning this transaction which I want to
involve you by seeking your assistance. By virtue of my husband's
position.
The former President(BEDIE)gave him US 20.000.000.00
Dollars(Twenty million US dollars) cash in US100.00 dollars bill
stacked in a box to transfer into his foreign account overseas
through Ghana which is one of the neigbouring countries with my
country Cote d'voire. My husband was about to go on one of his usual
journies with only some days left before the 24th December
overthrow took place and he was killed by the military .Immediately
my husband was confirmed dead, I made away with this box with my
only son and ran away so that we cannot be reached by Mr BEDIE. I
have really been waiting for a more suitable time and a trustworthy
person to assist me provide his or her foreign bank account to
transfer this money as I don't have any foreign bank account
overseas and also I cannot bank this money here in Togo where I am
presently staying with my son because I don't have any business
here to cover up such a big amount of money. Right now, the money
is in a safe place, I deposited it with a security company for safe
keeping. I am using this opportunity to seek for your assistance
to move this money on trust to your country, to be invested on
behalf of my only son ISMEAL. I got your contact through the
internent and I therefore decided to contact you so that you can
assist me transfer this fund to your country. For this transaction
to be concluded immediately, all you need to do is to arrange to
meet with me and my son here in LOME- TOGO where this box is been
lodged, open an account in your name, pay in the whole money after
clearing it from the security company,pay it into your account and
transfer it to your chosen bank account in your country.
I am ready to offer you 30% of the total sum and give you the
full power to manage the remaining 70% on behalf of my son.Contact
me with this e-mail address.Now we are curently staying in
LOME-TOGO.This money I deposited it with the best security company
in LOME-TOGO. Upon conclusion of arrangement, I shall forward to
you the certificate of deposit,contract agreement form and the
phone and fax number of the security company for confirmation
immediately you develop interest to assist me in this transaction.
Please be informed that you'll also assist us get travelling
documents that will enable us meet you in your country immediately
this fund is transfered into your account so that we can invest the
remaining fund.
Please I want us to finish this transaction as quikly as possible
and I want to hear from you immediately you receive this
mail.Thanks and may God bless you for assisting me.
Yours faithfuly
MRS LISA MONIGBA
Pump-n-Dump
The practice of promoting a cheap stock ("pumping" it) in order to
inflate its price. At which point, the persons pumping the stock
dump their own shares at a profit.
Spamhandling
Using spam to solicit donations without offering a product.
Pun on "panhandling".
[RC]
Mainsleaze
A mainstream (i.e. well-known) company that takes the lamentable
step of spamming. They tend to come around more often than not,
especially when they discover that nobody trusts them with their
email addresses any more. (Or that a lot of their other mail
suddenly starts bouncing too. B) [RC]
EBay
(n.) On-line auction house. Alleged to periodically "lose" user
preference settings -- in particular the "do not send me email"
preference.
(v.) The practice of "losing" a database of customer opt-out
requests so that you can send your users spam even after they've
requested that you not do so.
Viral Marketing
(1) Quasi-spam marketing style. Web pages or other online advertisements
exhort you to "tell a friend" by entering their email address into a
form and clicking "send". See MSNBC article
E-mail marketing: Return to sender? for more information.
Spyware
Software containing a trojan horse which monitors your system
or your net browsing activity and sends the results to the
author of the spyware. Once used only by crackers, spyware is
now used by mainstream companies to collect marketing information.
Examples include:
See web page The Anatomy of File
Download Spyware for more information.
Breidbart Index
A measurement of the severity of spam, invented by Seth Breidbart.
The Breidbart Index takes into account the fact that
multi-posting is worse than
cross-posting.
BI
Abbreviation for Breidbart Index.
BI2
A more aggressive version of the Breidbart Index.
BI2 is computed as (n + BI)/2, where n is the total
number of groups hit.
Cancel
A cancel is a netnews control message which instructs
receiving sites to delete a specific article from their news spools.
Cancels are typically used by an author who wishes to retract a previous
post (typically because they just discovered an embarrassing spelling
error or they just remembered that their mother reads the group.)
Retromoderation
The practice of retroactively moderating a newsgroup by cancelling
inappropriate articles. This is generally considered censorship and
net-abuse unless the group's charter explicitly permits it or the
retromoderator otherwise has a consensus that it is permissible.
'Bot
Botnet
Robocanceller
(Aka Cancel 'Bot.)
A program which automatically detects and cancels spam or other
unwanted articles. Robocancellers are very dangerous and should only
be attempted by trained professionals. See despew
Bincancel
The term for a cancel issued to remove a binary file posted to a
non-binaries newsgroup. The "bincancel" pseudo site
is added to the Path: header to enable sites to selectively ignore
bincancels. See also cyberspam
Cyberspam Convention
The practice of adding the pseudo site "cyberspam"
to a cancel's Path: line when cancelling spam. This permits sites
which wish to ignore spam cancels to do so.
NoCeM
Short for "No-See-'Em". A NoCeM report is a report posted to
alt.nocem.misc that contains a list of articles the author thinks you
should ignore or even delete from your news server. Similar to
cancels, but in a more compact format. NoCeM reports may be processed
by individual news readers or by entire sites.
DNSbl
RBL
Mail Abuse Protection System Realtime Black List. An online
database of email spam sites that may be used for email spam filtering,
either on a personal basis or used by an entire site. Problem sites are
added to the RBL almost instantly when spam becomes a problem, and are
removed again quickly once the problem is dealt with.
DUL
Companion database to the RBL. The DUL is a list
of known dial-up IP addresses. These sites are not necessarily
spam sites, but the list is provided so that you may choose not
to accept email directly from them. Email transmitted directly
from a dial-up system -- as opposed through the dial-up system's
own provider -- is very likely to be spam.
Alias
In general terms, Alias means to refer to one entity by
an alternative name. In Usenet terms, Alias means that a site has
an alternative name for itself. News handling software keeps a list
of aliases so that it may detect and ignore incoming news which it
knows originated locally.
UDP
Usenet Death Penalty. A situation where a site is
considered to be rogue and beyond reasoning with.
At this point, all traffic from or passing through the offending site
is blocked.
IDP
Internet Death Penalty. A situation where all traffic
from a site is blocked at the packet level, essentially shutting that
site off from the rest of the internet. Also known as
shunning.
Vampire
A service which execute a denial-of-service attack against spammers by
somehow consuming all of a spammer's bandwidth. Typically by
repeatedly downloading the images from the spammer's site. See
Spam Vampire and
Lad Vampire for examples.
Headers
Headers are the block of information lines which appear at
the top of a mail or news message. Headers identify the sender and
recipient of a message, the route the message took from one site to
another and so on. Headers are used to determine the source of a post.
For more information, see Tracking Spam.
Munge
To modify your email address in such a way that
address harvesters
won't get a usable address, but humans can still figure it out.
Tagged Address
Hash Buster
"Hash busting" - Random content, often confiqured in a word-like
pattern, in either the Subject line, the From line, or beneath the
legitimate text. Used to evade spam-detecting software which looks for
identical messages because each wave of posts appear unique and
individual. Each new post has different hashed text.
Snowshoe Spamming
Spamouflage
Dead Chicken
Murk
(n.) A disclaimer at the end of an email spam assuring you that
the spam complies with Bill S.1618 which makes the spam legal. Also
known as a "Murkogram".
(v.) The act of sending spam containing a Murkogram.
Morph
To modify headers in such a way as to evade detection by automated
software. The most common kind of morphing is to modify the
From: line.
The most notable morpher is Woodside who
constantly modified the headers and bodies of their spam to evade
detection. Netzilla is also well known for morphing
their headers.
HayWyre
A javascript tool used by spammers to encode their pages to make
them less human-readable, and thus harder to track back to their
source.
Brand
(n.) Information, typically a spammer's URL, placed into an image
which is then spammed to the internet. It is very difficult for
spam-detecting software to detect and recognize a brand. Similar to a
watermark, but not intended to be hard to see.
Click-Through
A web page which exists merely to redirect
users to another site. Click-throughs are used so that a web
site being spamvertised need not be mentioned in the actual
advertisement. Spammers will typically create click-through pages
on throw-away accounts and spamvertise the
click-through page.
Payload
That part of a spam which the spammer is really advertising:
Let's say you have a spam and that spam has a "from" address of
"pinkboy@example.com".
Search Engine Spam
SEO
Web Spam
Link Farm
Comment Spam
Spam Blog
Referrer Spam
Click Fraud
Page-Jacking
Practice in which an innocent third party's web page is copied
to the page-jacker's web site almost verbatim, but
modified so that it links or redirects to the page-jacker's other web sites.
Page Waxing
Typo Squatting
The act of registering domain names which are likely typos of
well-known domain names (as an excercise, try the url "aoll.com"). The
typo-squatters fill the web pages with advertisement. Enough people
click on these ads to make the practice profitable.
For more details, see
Wikipedia article.
Mousetrap
Use of javascript which prevents a reader from leaving a web site.
When the user tries to leave, a new window pops up back at the web
site. Typically used by contract spammers who get paid per person who
clicks on the advertiser's web site.
Lock-In
Similar to a mousetrap; lock-in code disables your browser's
Back button and prevents you from leaving the web site. Originally
developed by porn sites, some mainstream sites also employ this
trick. See Ziff-Davis article
Coop's Corner: World's most annoying Web sites. See top9.com's
list of sites that use this
trick.
EDT
Eastern Daylight Savings Time. -0400 from GMT (Universal) time. This is
useful to know, as some spam software gets this wrong in forged headers.
EST
Eastern Standard Time. -0500 from GMT (Universal) time. This is
useful to know, as some spam software gets this wrong in forged headers.
Pseudo Site
A pseudo site is a keyword entered into the Path: line of a cancel as
if it were the name of a site. Sites which wish to ignore specific kinds
of cancellations may then alias that pseudo site out
and thus ignore the cancels. Sample pseudo sites are
bincancel, mmfcancel,
spewcancel, retromod,
cyberspam, and nocemed.
$alz Convention
The convention of generating message id's for cancels by prepending
the string "cancel." to the id of the message being cancelled. This is
done in order to reduce network bandwidth. If multiple spam cancellers
issue cancels for the same article, they will all use the same message
id. This prevents multiple cancels for a single article from being
transmitted all over the net.
Despew
A few years ago, Dick Depew wrote a robocanceller
which was designed to detect and cancel what he considered inappropriate posts
to certain newsgroups (see retromoderation.)
Spewcancel
A cancel issued to stop spew. Spew cancels should
have the pseudo site "spewcancel" added to
the Path: header line.
Usenet
AKA UUCPNet.
The term "Usenet" is not as rigidly defined as it used to be. "Usenet"
once referred to the ad-hoc network of computers connected to each
other via the "Unix-to-Unix Copy Program" (UUCP).
Usenet was a "store-and-forward" network operated over telephone lines
instead of expensive high-speed networks such as Arpanet or Bitnet.
Usenet was invented in 1979 at Duke University. For more information, see
Usenet
Software: History and Sources.
Usenet II
Usenet II is a proposal to create a spam-free subset of Usenet.
Full details can be found at the web site
www.usenet2.org.
Sound
From the Usenet II rules:
A sound site only accepts articles from other sound sites, and takes
responsibilility for the generation and transmission of sound articles.
If it can't do that, it's not sound, and will not be allowed to
transmit articles into U2.
Internet
The global network which was formed when all of the smaller networks --
Arpanet, Decnet, Bitnet, UUCPNet, and so on -- merged together and
adopted standardized addresssing schemes.
Internet 2
A new network being formed for educational purposes. Internet 2 has
the same purpose as the original Internet, but will be for non-commercial
use only, and hopefully spam-free. For more information, visit the
Internet 2 Home Page.
ISP
ISP stands for Internet Service Provider.
Rogue
A site which refuses to enforce anti-spam rules on its users, to the
extent that it is no longer of any use reasoning with them. Rogue sites
are typically owned by the spammers themselves, or are run by greedy,
lazy or incompetent owners.
Hat Color
Refers to the pro-spam or anti-spam stance of an organization. The
term comes from old American cowboy movies in which you could recognize
the good guys and the bad guys by their hat color.
Bullet-Proof
Spammer's term for a service provider guaranteed not to disconnect
spammers. Term usually used when advertising spam services.
Spamhaus
A rogue site which exists for the purpose of sending
out spam.
Also: spamhaus.org, a web site dedicated
to tracking spammers.
Spambone
An internet backbone dedicated to, or tolerant of spam. For most of
1997, Agis was considered a spambone.
Later, it refered to the new spam-dedicated backbone that
Sanford Wallace and
GTMI plan to create.
AUP
AUP stands for Acceptable Use Policy. ISP's should always
have an acceptable use policy that says what a customer can and cannot
do. These should always prohibit spamming. Better AUPs provide for
penalties for repeat spammers. See Abuse.net's
Sample Acceptable
Use Policies
for more information.
TOS
(n.) Terms Of Service
(v.) The act of cancelling a user's account for violating the terms of
service. Also: "TOSs" or "TOSsed".
LART
(n.) Luser Attitude Readjustment Tool, e.g. a 2x4. See
lart(1M) man page
(v.) To adjust the attitude of a luser. Often by TOSsing
that luser.
Clue-By-Four
To clue someone in. Derived from old Missouri saying that to get
Mule's attention you have to hit them with a 2 x 4. [RC]
Backhoe
A piece of
construction
equipment
typically used to dig holes in the
ground. Backhoes occasionally tear up underground cables, causing
networks to go down.
There are rumours that new wilderness survival kits will now include
a piece of optical fibre and a small shovel. If you get lost in the
woods, the instructions in the survival kit will tell you to dig a trench,
bury the optical fibre, and wait for a backhoe to come along and dig it
up. -- Norman L. DeForest
404
(n.) The HTTP error code indicating that a web page does not exist, or has
been deleted.
(v.) To delete a web page. Esp. for violating an AUP such
as one forbidding haven spam.
FUSSP
Final Ultimate Solution to the Spam Problem. Derisive term used to
describe any pie-in-the-sky suggestion on how to defeat spam. See
You
Might Be An Anti-Spam Kook If....
Coffee & Cats
(Also C&C, etc.) "A term originating from an incident where something I
said made someone laugh enough to spill their coffee on their cat and
cause all hell to break loose; prefix is considered a courtesy warning
so people can put their drinks and cats away before reading the post"
-- tahosa@usa.TAKETHISOUT.net (Phoenix)
Rule #1
Rule #1: Spammers lie.
Rule #2
Rule #2: If a spammer appears to be telling the truth,
see Rule 1
Rule #3
Rule #3: Spammers are stoopid.
BOFH
Bastard Operator From Hell. Typically a system operator who aggressively
enforces policies. See lart,
clue-by-four,
First known reference, BOFH Web Site.
Bandwidth Hugger
Nickname for spam-fighter.
Teergrube
DK/DKIM
Domain Key/Domain Key Identified Mail. System for positiviely identifying
sites transmitting email. See Mipassoc.org
info page.
Honeypot
In general, a system designed to look attractive to crackers and other
undesirables. The crackers or whomever attack the honeypot while being
carefully watched by the honeypot's admins.
In spam terms:
It's a mailserver set up to appear to be an open relay, but it really
isn't. Ideally, a honeypot will relay the spammer relay tests, but it
won't relay any actual spam that the spammers send, the actual spam
just gets thrown away.
Steve Baker
Wpoison
A CGI script which produces an unlimited number of dummy web pages with
seemingly different URLs, each of which contains a large number of
randomly generated email addresses. The purpose of wpoison is partly
to act as a teergrube for search engines looking
for email addresses, and primarily as a source of bogus email addresses
to poison the spammer's lists.
See the wpoison home page
for more information.
Cartooney
Rhyming slang for Attorney. Refers to imaginary or clueless lawyers that
spammers refer to when threatening lawsuits.
(Sample usage.)
Chicken Boner
The idea is that spammers would love
to give you the impression that they're high-powered corporate movers and
shakers on the bleeding edge of internet commerce, sipping gin and tonics in
their gleaming steel-and-glass slab towers, overseeing a vast empire of wealth;
in reality, the image is more that of a lonely, balding guy in a sweaty tank
undershirt sitting in a mobile home, scratching himself listessly in the glare
of a computer monitor that's surrounded by the detritus of fried-chicken bones
and empty 40-oz. malt liquor bottles. It just gives a little perspective.
-- That Damned EFGrif
My memories are a bit hazy, but I recall, some time back, that someone
in this newsgroup conjured up an image of the place where a spammer
would live and work. The writer vividly described, set in a seedy
trailer park, a rickety old mobile home littered with beer cans and
chicken bones. The image stuck, and "beer cans and chicken bones" have
come to be associated with spammer. From there, the term "chickenboner"
evolved as a reference to spammers.
Full story in netnews article
Things we don't know about spammers
-- Bob Blaylock
Clewbie
Short for "clueless newbie". Many spammers are actually well-meaning
but clueless newbies to the on-line world. General consensus is
that clewbies should be given a second chance.
Peer
(n.) A site which exchanges netnews with another site.
(v.) The act of exchanging netnews with another site.
Relaying
The act of passing an internet message (such as email or netnews)
from machine to machine. In the days when the primary transport mechanism
for usenet was UUCP, relaying was the normal way
for a message to reach its destination. Netnews is still distributed
this way.
Hijacking
The act of relaying spam through a third-party system
without permission.
Socks
From
http://www.socks.nec.com/socksfaq.html:
Socks is a networking proxy protocol that enables hosts on one side of
a SOCKS server to gain full access to hosts on the other side of the
SOCKS server without requiring direct IP-reachability.
In other words, Socks is a protcol for getting through firewalls in
an MS-DOS environment.
GRE and IPIP Tunneling
DOS
DDOS
Zombie
ISP
NSP
ESP
Smart Hosting
Explanation provided by Doug Lim:
Opt-In
Opt-In refers to email advertising lists which users
must deliberately sign on to. Examples include
Powell's Books,
American Airlines,
Cathay Pacific, and so on,
all of which allow users to sign up to receive notices of special offers.
Opt-Out
Opt-out refers to email advertising lists in which recipients
are signed up without their knowledge or permission, but may request to
be removed from the list.
Quote:
What you should do is stop mentioning the opt-out list,
period. It's a little like mentioning condoms to rape
victims
-- Dan Zerkle to Symantec after
Symantec's
major email spam.
Listwashing
Blowback
Sender Policy Framework
Challenge-Response
Sender Verification Callout
SLIP
Serial Line Internet Protocol. A method that allows a small computer
to connect to the internet over an ordinary serial line and modem.
PPP
Point to Point Protocol. A method that allows a small computer
to connect to the internet over an ordinary serial line and modem.
POP
Point Of Presense. A network router that allows a user in one place
to connect to their ISP in another. Many POPs have very poor logging
capabilities, making it difficult to track down the exact individual
responsible for spam.
Mail Drop
An email address at a second ISP, to be used to receive email after a
spam. Used because the spammer knows that the account from which the
spam was sent will be quickly cancelled.
Throw-Away Account
A cheap account acquired for the purpose of spamming,
with the knowledge that the account will be quickly cancelled, but not
in time to stop the spam.
Domain Kiting
Ignorebot
(From
blighty.com:)
A program that handles email sent to an abuse@ address by sending a
soothing reply, and deleting the original complaint
Whack-A-Weasel
Term coined by
Both scenarios resemble the "Whack-A-Mole" arcade game, hence the name.
Golden Mallet
Virtual award given to the system administrator who shows the greatest
achievement in whacking spammers quickly.
Night Of The Long Knives
Sept 19, 1997. The date that
AGIS
pulled the plug on
Cyberpromo,
Quantcom, and
Nancynet.
Nanae
Newsgroup news.admin.net-abuse.email.
A usenet newsgroup dedicated to fighting email spam.
See also
news.admin.net-abuse.usenet,
news.admin.net-abuse.policy,
etc.
Usenet Cabal
The term used to describe the secret underground organization of
spam-fighters, censors, plug-pullers, communist tentacles and criminal
pedophiles who wish to take over Usenet, corrupt our youth, rot
our teeth and win the war for the axis. See also
Trilateral Commission,
The Illuminati, and
Department of Conspiracy Investigation
& Propagation.
[TINC]
"There Is No Cabal". Comment often added to posts about or from
spam-fighters.
Net Scum
Term used by various net.kooks to refer to those
with whom they disagree. For more information, see the
Net Scum
homepage where they maintain
an extensive enemies list. It is considered by many to be a badge of
honor to be included on the Net Scum list. However, like the famous
Nixon "enemies list" before it, the Net.scum list has grown to the
point where this is no longer a particularly exclusive club. Lusenet Cabal
Word play on "Usenet Cabal". Reference to those with
a screw loose who believe in the secret organization to take over Usenet.
Kook Kabal
Another term for Lusenet Cabal
Issue Poster
Similar to a net.kook, an issue poster is someone who posts
relentlessly on a single issue. Post "have a nice day" to
a newsgroup inhabited by an issue poster, and the issue poster
will respond "Oh sure, that's easy for you to say, but
Slobovian political prisoners *never* have a nice day."
Lumber Cartel
[TINLC]
"There Is No Lumber Cartel".
Humerous reference to allegations by Duane Patterson Patterson Research
& Recovery. See
http://www.geocities.com/SiliconValley/Lakes/5362/cartel.html
for more.
SPUTUM
SubGenius Police, Usenet Tactical Units, Mobile
See Sputum webpage.
[ER] Contributed by c.c.ckn@57.usenet.us.com (Errol)
[JD] Contributed by Doug Jacobs
[RC] Contributed by JOWazzoo@WhiteICE.com (Roswell Coverup)
[RR] Contributed by Ron Reddon
[CT] Contributed by Christ Tucker
[SL] Contributed by Steve Linford
This page maintained by
Ed Falk
