Note: this page is out of date. The general advice is still valid, but any names and addresses contained herein are likely no longer correct. No idea when it will be brought into the 21st century -- ef

12 Simple Things You Can Do to Save the Internet

If you are reading this page, chances are that you're already aware of the growing spam problem on the internet and are sick of it.

You are not helpless. Here are just some of the things you can do to help get rid of the spam in usenet and in your mailbox.

The most important thing to realize is that waiting for someone else to fix the problem for you won't help. It takes many people working together to stop spam.

If one person complains to a provider about spam, they're considered a crank, and ignored. If two people complain about spam, they're considered a couple of cranks, and ignored. If several people complain about spam, they're considered a cabal, and ignored.

But if a lot of people complain about spam, something may get done. We all need your support.

Here are a few simple things you can do to stop spam:

Sue Spammers
Contribute to SpanCon.
Ask your system administrators shun rogue sites.
Ask your system administrators to filter their feed.
Ask your system administrators to use the MAPS Real-Time Blacklist and the Dial-Up-List.
Discuss the subject on your local newsgroups.
Make sure your own site is not a spam-haven.
Complain, complain, complain.
Call the advertiser and complain.
Close your open gateways.
Install wpoison on your web pages.

For more ideas, visit Reporting Spammers - Step-By-Step, by Leah Roberts

Sue Spammers

If you are a resident of certain states, you can sue spammers who send you email spam without permission. See

In short, the Washington law forbids sending spam using forged headers to or from a system in Washington state. Under the law, you are entitled to sue for $500. Other state laws are not as effective but may be useful.

How to Sue (copied from netnews):

First, make sure the spam violates the law.

Check out: http://www.wa.gov/wwweb/AGO/junkemail/ a link to the entire law (as passed) is linked from this site (it's the AG site)

Make sure your e-mail address is registered in the Washington State database (this is NOT a requirement - nice to have for more ammunition in your case)

Go to the district court in your county and fill out a small claims action. If they question it because the business is out of state, say they are doing business in the state when they send you the e-mail. Filing cost is $25. or less -- depends on which county you are in and if they have arbitration service. They can and will help you -- the court clerk will answer your questions. They also have handouts on small claims court - you can also get information at: http://198.187.0.226/courts/scc/home.htm

You can look up specific laws (Revised Code of Washington) at: http://www.mrsc.org/rcw.htm

The RCW for serving papers is at: RCW 12.40.040

Success Stories

For examples of dealing with spammers who send mail to or from Washington state, see netnews articles

Getting Spammers to Pay Up. This web site includes excellent references as well as sample demand letters and legal complaints.
"Another spammer offered a chance to pay up or see me in court".
"KC District Court: Top Secrets spammer must pay me $2023.77 Judgement!"

File complaints with LinkExchange.com

LinkExchange.com has anti-spam rules. If you receive spam, and upon further investigation, find that the spammer has a Link Exchange banner, report the abuse to admin@linkexchange.com.

Ask Your System Administrators to Shun Rogue Sites

There are a number of rogue sites on the internet. These are sites from which the largest amount of spam comes from. Your system administrators could alias these sites out at the newsfeed level and make them disappear.

For an idea of which sites are prime candidates for shunning, visit the Spam Statistics page. For more information on how to alias a rogue site, visit Abuse.net's news blocking info page.

Radparker.com has an excellent list of sites that should be banned from Sendmail access. See The "LOSER" Filtering System.

See the How-To's list for more information.

Ask Your System Administrators to Filter Your Newsgroups

Some excellent filtering software is now available which blocks most of the incoming spam on your netnews feed. Ask your netnews admins to install one. For a list of such filters, see the how-to list.

Ask Your System Administrators to Use the Maps Real-Time Blacklist

The MAPS (Mail Abuse Protection System) project is a site that keeps an up-to-date list of known email spam domains and relays. Your site can subscribe to MAPS and block incoming email spam as it happens.

If you receive email spam from a persistant spammer, you can nominate that site for the RBL. See web pages http://maps.vix.com/rbl/reporting.html and http://maps.vix.com/rbl/candidacy.html

Ask Your System Administrators to Use the Dial-Up-List

Similar to the , the MAPS Dial-Up-List is a database of dial-up systems used by customers of large ISPs to connect to their providers. Systems on the Dial-Up-List are not necessarily rogue systems, or guilty of spam in any way whatsoever.

However, Dial-Up-Systems are frequently abused by spammers. To combat this, no system should ever allow a port 25 connection from any system on the Dial-Up-List. These systems all have their own email providers, and should be using them to relay mail.

Note that only email connections from these sites should be refused. Other connections are perfectly legitimate.

Discuss the subject on your local newsgroups

Many sites have internal newsgroups for discussion of various issues related to the net. Bring up these subjects, try to get a consensus among your fellow users. Try to get your fellow users to agitate for a relief from spam. The more voices that get involved, the better. Direct them to this web page.

Make sure your own site is not a spam-haven

Your own site may be a problem site and you don't even realize it. Visit the list of sites being monitored and look for your own site there. If you find it, look at its page and see if it's been a problem lately.

In particular, if your ISP is in this list (last updated, April 1998):

then your site is part of the problem.

If you find that your own site is a problem site, there are lots of things you can do. First, make sure that your fellow users realize that there's a problem. Many voices are more effective than just one. Agitate in your internal newsgroups and to your system administrators. Ask them to adopt and enforce anti-spam policies.

If your ISP won't change its policies, consider leaving. Remember that your ISP is quite likely shunned at other locations. Your email and netnews may not be getting through, and you won't even know it. Also, your ISP won't be allowed to join Usenet 2 unless it cleans up its act.

Also, your site might be providing a usenet feed to a problem site. If this is the case, ask your providers to cut that problem site off.

Remember: ISPs listen to their customers. If you're a customer of an ISP with a spam problem, you can do a lot to bring about change.

Complain, complain, complain

If spam annoys you, complain about it to the spammer's provider. Many providers won't stop a spammer until they receive a lot of complaints from a lot of people. Don't just assume that someone else will take care of the problem. Sometimes you have to be part of the solution.

Complaining properly is a bit of work. You need to find out where the spam came from in order to know where to complain. Don't complain by hitting "reply" or otherwise sending your complaint to the person named in the spam's "From:" line. This is almost always a forgery and will result in a bounce at best, or your complaint being sent to an innocent person at worst.

Here is a list of the worst offenders. Your spammer is probably in this list:

Netnews spam:

Tom Gartman:
Tom Gartman is the largest porn-spammer on the internet. He specializes in selling rape videos, including in the sexual abuse recovery newsgroups.

Look for: You can recognize Tom Gartman spams by the presence of "R*A*P*E" and similar in the Subject: lines. The message body contains references to web sites "38.154.247.*", "www.forbiddenvideos.com", "38.192.155.*", "38.157.244.36", "xcessive.holowww.com".
Where to complain:

Owner:
Tom Gartman, Tom7678@AOL.COM, 1210 Hardisty Drive, Arlington, TX 76001. phone: 817-784-9331, Fax: 214-350-0846
Service Provider:
MCI

Netzilla:
Netzilla was once the largest porn-spammer on the internet.

Look for: You can recognize Netzilla spams by the presence of "newsfeed.com", "jam.com", or "207.70.214" somewhere in the middle of the Path: line (everything to the right of "newsfeed.com" or "207.70.214" is bogus.) Also look for these bogus site names anywhere in the header: roo.fosta.au, rua.kanuck.ca, uokhsc.bonn.br, triumf.ua or omega.es.
Note: Netzilla mutates their headers at a high rate to avoid spam-detection software. Visit the Netzilla info page for up-to-date header information.
Where to complain:

Owner:
Jerry Reynolds, jerry@netzilla.net, zed@corpcomm.net, phone: 701-237-5131.
Service Providers:
UUNet: email: spam-complaint@uu.net, phone: see list.
MCI: email: spamcomplaint@mci.net
Note: UUNet ignores all email complaints unless you follow up by phone, using the ticket number automatically given by return email.

Escort Guide:
Escort Guide is a major porn spammer based in Florida.

Look for: "florida-isp.com", "xxxyes.com", "schoolgirlz.com", "babesofage.com", "metrosupport.com". "208.223.162" or "203.251.176" in the Path: line ("florida-isp" is Escort Guide's server. Look for "escortguide", "florida-isp" or "knotwork" anywhere in the header.
Where to complain:

Owner:
Andrew Chandler, 22783 South St. Rd. 7 Ste. 43, Boca Raton, FL, 33428.
Also: 6503 N. Military Trail, Boca Raton, FL 33496.
Phone: 800-659-0550, 561-347-8330.
Email: hostmaster@ESCORTGUIDE.COM, clas@ix.netcom.com
Service Provider:
UUNet: email: spam-complaint@uu.net, phone: see list.
Note: UUNet ignores all email complaints unless you follow up by phone, using the ticket number automatically given by return email.

Netcom:
Netcom is an internet service provider with many innocent users and a few dedicated spammers who seem to account for the bulk of Netcom's bandwidth. Netcom has a pro-spam policy for its high-bandwidth and web customers.

Look for: Netcom spams are identified by "netcom.com" near the end of the Path: line or in the NNTP-Posting-Host line. Also look for spam from other providers that contains ads for web sites at Netcom.
Where to complain: Netcom is stubborn and under-staffed, but with enough complaints may come around. Netcom has an anti-spam policy for its dialup customers, but a pro-spam policy for its larger customers. Your complaints may help to change this. Email complaints to abuse@netcom.com. You may phone the Netcom abuse department at 1-408-881-1810.

Worldnet:
Worldnet is an internet service provider with many innocent users and a few dedicated spammers who seem to account for a great deal of spam. Worldnet has a good anti-spam policy but are slow to enforce it and do nothing to proactively prevent spam.

Look for: "worldnet.att.net' near the end of the Path: line or in the NNTP-Posting-Host line.
Where to complain: Worldnet is slow and under-staffed, but with enough complaints may come around. Email complaints to abuse@worldnet.att.com. You will get a standardized ignorebot response which means nothing, but with enough complaints, Worldnet will act. You may also call 314-519-5708.

Prodigy:
Prodigy is another internet service provider with many innocent users and a few dedicated spammers. Prodigy has a good anti-spam policy but can be extremely slow and/or lazy about enforcing it.

Look for: "prodigy.com" near the end of the Path: line or in the NNTP-Posting-Host line.
Where to complain: abuse@prodigy.com.

Compuserve:
Compuserve is another internet service provider with many innocent users and a few dedicated spammers. A large amount of spam comes from Compuserve's subsidiaries SpryNet and Interserve.

Look for: "compuserve.com", "interserv.com" or "Sprynet.com" near the end of the Path: line or in the NNTP-Posting-Host line.
Where to complain: abuse@compuserve.com.

Earthlink:
Earthlink is a major service provider with an extremely lax attitude about spam. They will act if enough pressure is applied.

Look For: "earthlink" near the end of the Path: line.
Where to complain: Email: abuse@earthlink.net, Phone: 888-ELN-SPAM (888-356-7726)
Email Spam:
- UNIVERSITY DIPLOMAS:
  Persistant email spammer based at AOL.
  - Look For: Subject lines such as "Need a Diploma Like Right Now"
  - Where to complain: tosspam@aol.com
- UUNet:
  - Look For: "uu.net" in the Received: lines in the headers. Look inside the parentheses for comments added by some mailer along the way, other host names are likely to be forgeries. E.g: Received: from mail.sat.net (1Cust20.max63.los-angeles.ca.ms.uu.net [153.34.101.148]) came from UUNet, not sat.net.
    Exception: spam from Earthlink will often contain uu.net in parentheses in the Received: lines because Earthlink rents dial-ups from UUNet. Complain to both Earthlink and UUNet about such spams.
  - Where to complain:
    - UUNet: email: spam-complaint@uu.net, phone: see list. Note: UUNet ignores all email complaints unless you follow up by phone, using the ticket number automatically given by return email.
    - Cc: a copy to the service provider forged in the headers, they may wish to take follow-up actions. Stress that you know the message was forged and that the Cc: is only a courtesy call.
- Earthlink:
  Earthlink will now expell and fine email spammers.
  - Look For: "earthlink" in the headers.
  - Where to complain: Email: abuse@earthlink.net Phone: 888-ELN-SPAM (888-356-7726)
- WorldNet:
  WorldNet is a major service provider with a strong anti-spam policy but weak enforcement and no preventative measures at all.
  - Look For: "worldnet.att.net" in the headers.
  - Where to complain: abuse@worldnet.att.com
- Linkus:
  Linkus is a major email spammer. Netcom attempted to disconnect them and they obtained a restraining order. It took Netcom months to get Linkus disconnected.
  - Look For: "linkus" in any mail header or in the message body.
  - Where to complain: Unknown: Linkus is currently disconnected from the internet.
- Cyberpromo:
  Cyberpromo is the most notorious email spammer on the internet. See the Cyberpromo FAQ for more information.
  - Look For: any of the following in any mail headers: vip.com, vipro.com, nwrain.net, ispam.net, light-avenue, ynterpro.com, cyberpr?m?.com, answerme.com, youropportunity.com, telecom-plus.com, bu?kemai?.com, cyberout, cybermag, emai?2, fight4rights, freeconnect, internetfree, mailreport, promocyber, randomdomain, reedrules, savepaper, savetrees, yougotmail, pleasread.com. (Note that the '?' represent wildcharacters.)
  - Where to complain: Unknown: Cyberpromo is currently disconnected from the internet.
- Quantcom:
  - Look For: quantcom.com anywhere in the headers.
  - Where to complain: Unknown: Quantcom is currently disconnected from the internet.
- Nancy Net:
  - Look For: any of the following in the headers: nancynet, marynet.com, rammaps.com, llv.com, in2surfin.com, mandy.com, sallynet, ultrafraix.com, windansea1.com, xservicex.com
  - Where to complain: Unknown: Nancy Net is currently disconnected from the internet.

Remember: phone calls are more effective than email.

There are various tools and HOWTOs that can help you track the source of spam. For some basic information and tutorials (it's not as hard as it sounds), see the HOWTO list.

There are also some excellent online tools to help you. See the Get That Spammer! web page at Monash.edu and the Sam Spade, Spam Hunter web page at Blighty.com.

There are more links that may help you at the links page.

Call advertisers and complain

Advertisers often aren't aware that they're spamming. Often someone with something to sell will pay for advertising, not realizing that that the advertising agency uses email spam. Even Rutgers university fell into this trap in November 1997 when they advertised a seminar through Quantcom.

Somewhere in the body of every advertisement is a way to get in touch with the advertiser. Give them a call and explain to them why spam is unwelcome and alienating. Explain that the only ones who make money advertising by spam are the spammers -- the only thing the advertising client gets for their money is a lot of bad will. Be polite, but be firm.

Many advertisers include a toll-free number in their ad. A list of such phone numbers is archived on the net.

Close your open gateways

Spammers often exploit insecure news and email gateways in order to broadcast their spam. This serves to "launder" the headers to make tracking more difficult, and to evade software blocks.

Please close -- or ask your system administrators to close -- all open email and news gateways. More information is available in the HOWTO list.

Note that you will be doing yourself a big favor by closing your email gateways. Spammers have been known to knock a site completely off the net through excessive relaying. See this news article for more: "SPA can't resist sending spam"

Install Wpoison on Your Web Pages.

Wpoison is a cgi script designed by Ron Guilmette which generates a random page of random email addresses and links. Email address harvesters operated by spammers find the random web page and add the bogus email addresses to their address database, making it less useful. In addition, wpoison generates a number of links that just point back to itself, causing the harvester robot to become mired in the web page.

For more information about wpoison, see the wpoison home page and Wired magazine's coverage of it.

The opinions expressed on this page are solely those of Ed Falk and do not necessarily represent those of any other organization, (although I hope they do). I wish to thank Rahul.net for hosting this web page.