A tool for tracking down junk e-mailers, junk news posters and their
internet service providers.
Keywords: net abuse, junk email,
emp, excessive multi posting, velveeta,
ecp, excessive cross posting,
udp, usenet death penalty,
aup, acceptable use policy, tos, terms of service,
t&c, terms & conditions
Julian.Byrne@eng.monash.edu.au (NO JUNK EMAIL)
Other WHOIS servers
& DIG list hosts in domain
- warn users about unacceptable net behaviour?
- ban net abuse such as unsolicited junk email broadcasts &
- ban the use of your services as a mail drop or name server for
spams from throwaway accounts on other sites?
- allow you to immediately suspend an account on reasonable suspicion
whilst it is investigated and to terminate the account if proven?
- allow you to charge an offender for any costs incurred in dealing
A good AUP saves you time and aggravation.
For details see an informative
For examples see
terms & conditions,
terms of service,
acceptable use policies.
Other things an ISP can do
- Install an abuse@ email address which forwards to an account where
it is read promptly. Do this even if you have another account for
handling abuse as abuse@ has become a defacto standard and this avoids
unnecessary bounced email. Postmaster@ often gets overloaded with
accidently misaddressed mail and thus delays prompt resolution of net
abuse. It's in your own interest to resolve net abuse as quickly as
- Put your acceptable use policy on a public web page so that the
net at large knows your position. It's good advertising for you, helps
to make complaints clearer and makes your site less of a magnet for
- Put a `no unsolicited junk email' note into your unknown user email
- Log all TCP/IP connections, inbound and outbound email, and
outbound news so you can quickly and easily track down net
abusers. This can save much staff time.
- Not forward email on behalf of third parties. Many net abusers are
relaying email to avoid IP address based filters and could cause
your site to get a lot of unnecessary complaints and bad publicity.
Most email transport programs by default accept inbound email for a
destination not even in their own domain. Make sure yours doesn't.
Make sure it also doesn't accept the `percent hack' (a%b@c causes c
to send the email to a@b; common and useful for checking email routing
but unfortunately open to abuse).
- If you need to terminate a web or email account because of net abuse
replace it with an appropriately worded page or autoresponder explaining
why the account was terminated. This can be a strong deterrent to repeat
abuse and is good advertising for you.
- Warn other ISP's in your area when you need terminate an account
so they can block known net abusers before they get an account. Once
net abusers have an account they frequently take advantage of the `30
days notice to terminate account' provision common in many ISP
contracts. Make sure your AUP allows immediate termination
for premeditated abuse.
- Close your news server. Make sure only your own customers can
submit news items and that they are logged so forged items can be
- Make sure your default news posting software makes it hard for
users to crosspost to large numbers of newsgroups. Make sure it also
warns new users about the potential consequences of posting something
like `I know this great nude actress web site' to the world.
- Make sure your mailing list software doesn't give out subscriber
email address lists, that it allows only subscribers to submit items
to the list, that it verifies subscribe and unsubscribe requests and
that every email message has an "Errors-To:" header and
subscribe/unsubscribe instructions body signature. A common form of
abuse is to subscribe a net naive victim to multiple high volume
- Restrict access to or disable your finger server. Attach a `no
unsolicited junk email' message to it's output if appropriate. Finger
can be used by a remote site to determine a username's full name
and who is currently logged in.
- Run an ident server. This allows others to identify the user name
of any open TCP/IP connection from your machine to their machine, thus
making any complaints to you less cryptic, making complainants less
frustrated and make it harder for net abusers to remain
anonymous. Many email transport programs incorporate the user name
provided by ident into email "Received:" headers which makes it more
obvious when an email is forged. A downside is that some web servers
use ident to determine a junk emailable address for anybody surfing
their site. This may not be a problem if you're running a caching web
server. You could also configure your ident server to only give
answers for email and news connections.
- Verify inbound email connections. Query the ident server on the
connecting machine if it has one. Compare the hostname give in the
HELO/EHLO command with the IP address of the connection partner. Do a
domain name inverse lookup on the connecting machine's IP address and
if successful put it in the "Received:" header. Flag inconsistencies
between ident, HELO and DNS lookup. As all of these can be forged
leave the IP address in the "Received:" header. An IP address can
be forged too but it's a lot harder.
- Consider disabling the inbound email VRFY (verify) and EXPN
(expansion) commands as they can be used by other sites to determine
the existence of your usernames, names associated with your usernames,
whether email is being forwarded and where email is being
forwarded. These commands aren't needed or used in normal operation
but are occasionally used by mailing list maintainers to verify
addresses. They're not of much practical value because of the
widespread use of mail aliases and firewalling.
- Consider installing an email filter program such as procmail to
filter inbound email on behalf of your users, removing some of the
better known junk emailers such as as moneyworld.com.
- Consider filtering all inbound and outbound news items that are
crossposted to five or more groups. There are patches available to do
this for cnews and inn.
- Consider throttling outbound email so that by default
individual users can't send more than one email/minute. This needs
to be disableable for mailing lists though.
- Consider installing an IP filter that blocks connections from
known unsolicited junk email sites such as those in the Internet
- Under Unix consider installing
qmail instead of the
It has a much more secure design, uses inetd and is far easier to
understand and work with.
- Setup your email so that if one user is mail bombed their disk
space usage is quarantined from other users. Quarantine incoming
anonymous ftp files too and make sure system log files have plenty of
- Consider getting your system utilities to quickly warn you when an
unusually high volume of email or news cross posts is inbound or
outbound to a particular user so that it can be checked.
- Provide your users with the tools described in this web page
so that they can track down net abusers themselves if they have the
time and technical ability.
- Consider posting informational postings to
news.admin.net-abuse.misc when dealing with net abusers. It
demonstrates to the net at large that you're a good net citizen and it
helps to reduce the level of complaints.
- Make sure your list of user email addresses is private so that
junk emailers can't suck lists of email addresses off your site.
Provide a search page instead.
- Educate your users. Scatter informative web pages around your site
so that naivity is not an excuse for causing trouble. Warn your
new users about junk email and news spam tactics so that they are
immunized from some of the scams.
- Be wary of allowing unsolicited junk emailers on your site or
allowing your site to be used as a web/mail drop for unsolicited junk
email from throwaway accounts on other ISP's. Some net users feel this
is sufficient justification to broadcast email your entire customer base
(found with a web search) with a warning that you support net abuse and
the suggestion that they complain and/or move to another ISP.
- Email other suggestions.
Step one is to look at all the headers of the message.
News/email readers normally show only a subset of the available
headers to avoid screen clutter. Select the option that makes the
hidden headers visible. In Netscape select
Options/Show all headers, in Pegasus or
Pine press H and in VM
press t. Other news/email readers have similar
Important headers are:
All contain a network host name that may give you a clue as to who
the spammer is. However, any or all of them may be faked. It is common
for spammers to send email from a throwaway account at one site and
solicit replies at other sites, so you may need to track down two or
more network locations. Make a list of all host names mentioned in
the headers and in the body of the message. These are the parts to the
right of the @ sign in email addresses, between
// and / in web links, in the last
Received: header and at the right end of
the Path: between !'s.
Path: gives the list of hosts a news item passed
through, from the poster's site at the right end to get to your site at the
left end. One or more entries on the right end may be faked so you may
need to cooperate with others to track down which host in the
Path: list the message was injected at. Like the
Path: header Received: headers are a list of
sites the message passed through in reverse order but with only one
host name per header. Again, the bottom entries (earlier timewise) in
the Received: list may be faked. Even with normal,
non-faked operation not all hosts or network routers a message passes
through are recorded in the Path: or Received:
headers. Use TRACEROUTE
(described below) to get a more complete
Host names usually have machine name and domain name parts. For
example kryten.eng.monash.edu.au has a machine name of
kryten and domain name of eng.monash.edu.au
(engineering faculty, monash university,
education sector, australia) with larger
domains monash.edu.au, edu.au and
au. Look at your list of host names and see if you can
add some local domain names to the list by stripping machine names
from host names. This is a trial and error procedure and may not
always give a valid result.
A couple of traps: The domain
<something>.dynip.alter.net is really
<something>.ms.uu.net is really
Some of the host/domain names you've discovered may actually be
a numerical network IP address eg. kryten's
is 184.108.40.206. Use DIG
ipaddress->hostname to find a host name given an IP
address and use DIG hostname->ipaddress to find
an IP address given a host name. Add any new host/domain
names discovered to your list. IP addresses can have
zero, one or several host names. Host names can have zero, one
or several IP addresses.
Some hosts and domains designate one or more hosts to handle any
email directed to them. Use DIG
hostname->mailexchanger to find out if there are any such
DIG queries domain name servers for information
about the host/domain names you've found. It gives a mess of
information most of which you can ignore. You're not normally
interested in the NS and other records of the name
servers that supplied the information, just the info related to the
host/domain you queried. This is the A internet
IP address records, the MX mail exchanger
records and the PTR pointer to host name records.
Any email sent to the queried host/domain will initially go via one
of the hosts given by the MX records if they exist,
otherwise it will go to the host given by the A
record. If there are no MX and no A
records then email will normally bounce. The MX and
A host names may be in completely different domains. Add
any new domains to your list.
If an IP address has no corresponding hostname the
SOA `start of authority' record can be used to see which
hosts/domains are responsible for that part of the net.
Internic.net is responsible for unallocated addresses so
if you get this it usually means the queried IP address
is faked or in error. If there is no SOA record try doing
a DIG ipaddress->hostname on another IP address which is
in the same subnet as the one you're interested in ie. vary the last number
from 1 to 254. eg. For 220.127.116.11 you might try
18.104.22.168. Some machines are configured by accident or
by design to not reveal who is responsible for them.
Use WHOIS to find the administrative and
technical contacts for the hosts/domains you've discovered. This will
give more contact information including email addresses. If there is
more than one WHOIS entry for the domain you've entered you'll
get a list of abbreviated entries. To get full information use an
entry's key as a query string (eg. mci.net gives keys
MCI8-HST and MCI2-DOM). Add the host/domain names of the email
addresses to your list. You may need to strip off one more left
elements of each domain before you get a domain that WHOIS
knows about (eg. eng.monash.edu.au ->
monash.edu.au -> edu.au ->
au). This WHOIS covers US non-military
domains only. For other domains see other
Use TRACEROUTE to get a
list of sites handling messages between this web server host and each
of the host/domain's. This can take several minutes. Ideally it should
be from your mail host but this should do. The last entry in
the TRACEROUTE results list should be the host/domain
you're querying. The next-to-last should be the Internet Service
Provider (ISP) for your queried host/domain. The next-to-last for
that ISP is their ISP and so on. More than one host
at the end of the list may be owned by the spammer and so you need to
use some judgement as to whether, when you send email to one of the
hosts, you're talking to the spammer or their ISP. Add the hosts at
the end of the list together with their domains to your host/domain
list. This TRACEROUTE will have trouble if the test link
is heavily loaded (likely during Australian working hours). If so you
other web TRACEROUTE's.
Use a web search engine to look for
references to the domain names you've found. Look for
`domain' and `www.domain'
Virtually all ISP's have web sites like this and you can use the web
pages to get some idea of whether it's actually the spammer or the
ISP, together with the size, contact addresses and the
email/news policy of the ISP. You can also use a general web search engine to
find out other information about the spammer.
You should now have a list of hosts and domains with a fair
idea of the spammer's addresses and their ISP's addresses. Send an
email to the spammer's ISP (this may or may not have the same domain
name as the spammer themselves) using the abuse@
address and a copy to the spammer themselves. Be polite. You want
results don't you? In the message include a copy of the spam with
full headers, detail the reasons why you find the spam
unacceptable, tell them about the
FAQ and the Advertising
FAQ and request that they not do it again. A
sample is appended but use your own words if you
can so that they know this is you saying it and not some form letter.
If abuse@ bounces send the message to
admin@, root@ or
postmaster@ and additionally ask them to configure
an abuse@ address which forwards to their person
responsible for handling net abuse. If the email addresses aren't
working you could try a fax gateway
or check out the email
Large ISP's will generally not reply to you because they're too
busy but if they receive enough complaints (and with full on spammers
they usually do) it is likely the spammer will be dealt with. Most
ISP's are good net citizens because it's in their own interest to
maintain a good reputation. If you see the spam again send another
message but this time post a copy of the spam with full
headers to the news.admin.net-abuse.misc
newsgroup and let the experts have a go. You may also want to
email the ISP of the ISP. You should read the newsgroup for week or
two to get a feel for how spammers operate and are dealt
with. Be warned that the newsgroup includes plenty of argumentative
posts from spam supporters in addition to posts from people trying to
Thats it! Look at the links list for
further information on handling net abuse.
If the above procedure doesn't handle junk email to your satisfaction
you may want to set up a filter to delete email/news items at your
site before you see them. Not terribly effective generally unless
you're willing to bounce every unauthorised address but it works for
some persistent spammers. For reading news items look for a feature
called kill-files. Not all news readers have them though. For
reading email look at the filtering features your email program
possesses or get an
filtering program which deletes email items before the email
reader program sees them. Talk to your system administrator or ISP
too; they may have some ideas specific to your site.
A final warning: Any message on the internet which doesn't
use strong encryption/authentication techniques like
PGP can be completely
fake. Occasionally enemies on the net attack each other by tricking a
third party into doing their dirty work for them. Treat any address
you get with suspicion until proven otherwise.
- Check that your ISP has an `Acceptable Use Policy' that you're happy
with. If not make suggestions about how it could be improved. See ISP's for some ideas. Many smaller ISP's while
technically competent don't have much net experience and could do with a
net abuse `heads up'.
- If you see a cross or multi post to ten or more newsgroups post a
copy to the newsgroup news.admin.net-abuse.misc.
This is particularly important for `slow spams' (multi posts with
slightly varying subject and contents spread over several days) as the
automatic tools professional anti-spammers use have difficulty
spotting these. You can use a news
search service to see how many copies there are of an article. The
threshold at which the professional anti-spammers normally trigger is
an extremely conservative twenty cross posts within a forty five day
period but it varies depending on the newsgroup hierarchy.
- If you see a single copy of a make-money-fast (MMF) pyramid scam
or chain letter send a complaint to the user and their postmaster with
a reference to
the US Postal Service's views on pyramid selling and request that
the news item be cancelled and the proceeds, if any, be given to
charity. Most MMF's say they're legal or `different'. They're
lying. MMF's are illegal in almost all countries.
- Forged email and newsposts are sometimes grounds for instant
account termination. Many unsolicited junk email messages and spams
are forged to reduce the level of effective complaints. If you see one
and can work out what's going on let the relevant ISP's know.
- When posting news items use an email signature like one of these:
The first three are illegal email addresses (note the "!") but the
automated email address collectors that junk emailers use will
generally not recognise this while individuals hoping to contact you
should be able to correct it easily. The last two are legal email
addresses. Everything outside of the <>'s and in between the
()'s is a descriptive comment which email programs will ignore but
hopefully more responsible junk emailers won't.
- Julian.Byrne@eng!.monash.edu.au NO JUNK EMAIL
- NO JUNK EMAIL <Julian.Byrne@eng.monash.edu.au>
- Julian.Byrne@eng.monash.edu.au (NO JUNK EMAIL)
- When posting include one of these signatures:
At the time of writing nobody using these strategies had reported
collecting but it did drastically cut down on junk email messages
and you never know... The consensus is that it'll be difficult to
collect because the sender has not explicitly agreed to a contract
but you might succeed in a small claims court if the junk emailer
doesn't bother defending it.
- Unsolicited commercial e-mail will be proof-read with the
help of the mailer, his postmaster, and if necessary, his
- The sender of any unsolicited email sent to this address
agrees to pay $500/email for proofreading services.
- Any junk email sent to this address will be placed in
the junk email blacklist at ... Sender agrees to pay $75
for each such email archived.
- When posting don't include a valid email address. Instead have a
web link to a page which has a detailed description of your
unsolicited junk email policy together with your email address.
- If your site runs a finger server make sure the text put out
by the server on your behalf includes a no junk email message.
- When dealing with any organization on the net that might sell your
email address to others make sure that they have some simple mechanism
for blocking your email address from being sold. Use it. One mechanism
is to have a special email address which when emailed to causes the
return address to be put on to a stop list. Another is to have a tick
box on a form. Don't deal with that organization until they have such
a mechanism in place.
- Use slightly different names and email addresses with different
organizations to help track down the culprit if your address is
- Use special email addresses that are only valid for a limited time
period, that are only valid when used by a particular correspondent or
are only valid for a single return email message. These approaches
require sophisticated use of email filtering programs and probably
only make sense for somebody technically literate and with a high
volume of junk.
- Use an email filter program to bounce email messages from an
address not on an `ok' list with one of the following messages:
The problem with these approaches is that it wastes the time of the
person trying to contact you but if you're unusually popular or have a
major problem with junk it might make sense.
- Sorry for the inconvenience. To control unsolicited junk email
this email address automatically bounces email messages from an
unknown address. Simply reply to this notification within 24 hours and
your original message and any new messages from you will get through
as usual. I enjoy receiving messages from anybody except junk emailers
so please don't hesitate. My junk email policy is ...
- ... Enter your email address and/or message on the web form at
<URL:...> and any future messages from you will get
through. The form includes my junk email policy. ...
- You have reached ...'s email contact address. To send email to me
please use `pseudo_user@my_host' instead. This is a special; it'll
only work with from your address `user@your_host'. Sorry about the
inconvenience; I receive a lot of junk email.
- Set up traps on your web pages or news postings, email address
links that you never use but which might be picked up by a junk
emailer's automated address collection program. Trigger an automatic
complaint if any email is received at that address. If you are a US
user try setting up a clearly sign posted, advertised and witnessed
email address link that forwards to your printer or to your fax
machine (via a FAX gateway) and you
may be able to apply the US junk fax
law and make US$500. Untested at the time of
writing. Alternatively, set up the trap address to forward to your
local government representative, hopefully making them more aware of
the junk email problem.
- You can submit your email address to several
`no junk email' lists.
In theory junk email will no longer be sent to that address. In
practice most junk emailers ignore these lists and there is a risk
that net abusers will use the contents as targets. Keep in mind that
the presumably reduced level of junk email received at such addresses
make them more attractive targets for junk emailers willing to break
- Educate people about acceptable net behaviour. There are people of
all ages on the net. Never underestimate how naive people can be and
remember that there is a first time to learn for everyone. Many net
abusers simply don't realize how much trouble they're causing. The
critical test: Would you do this to somebody face-to-face? Newsgroup
spamming is like shouting in a movie theatre. Junk email is like using
a loud hailer at 3am outside somebody's home. Free speech advocates
should remember that an effective way to compromise free speech is to
bury it in noise and misinformation.
- Educate people about net economics. Paper junk mailers pay for
their postage. Junk emailers force their targets to pay for it. News
cross and multi posts occupy thousands of computers' disk space and can
add up to significant money and a waste of tens of thousands of
people's time. Entire countries (eg. New Zealand) and many ISP's push
international incoming and outgoing link volume costs onto individual
users. Also, unlike the US, many countries have timed local call
charges. Even users who don't pay volume charges get hit by reduced
- Sales people often truly believe their product is the best thing
since sliced bread and that they are doing everybody a favour by
advertising as widely as possible. It takes a lot to convince them that
the average person doesn't give a damn. Convince sales people to face
facts; that they are costing people more in time and money than
they are offering in a potentially useful product. Keep in mind that
sales people are good `people' people but are often numerically
illiterate and as a result are more emotive than objective when
estimating a balance of pro's and con's.
- Never give spammers the attention they are seeking. Don't post
followups unless you're sure it'll help. Do your best to bore them to
tears. If it's a premeditated commercial spammer waste as much of their
time as you can. If it's a certified net.kook trolling (trying to to
start an abusive argument) start other interesting news threads
(conversations) which have nothing to do with the troll ie. distract
others from the troll.
- Some abusive news posts are placed by practical joking `friends'
of students who accidently left their accounts logged in in shared
computer labs. If you suspect this is the case email them a copy of
the post and ask them to tell off their `friends' and to cancel the
post, requesting help from their system administrator if necessary.
- Keep in mind that many net users and abusers have multiple `net
identities' and that forgery of other user's identities is fairly
common. Forgeries might be abusive, trying to wreck some user's
reputation, or more subtle, like pretending to be a responsible ISP
but actually ignoring complaints. The lack of legal consequences means
that some net abusers engage in wholesale deception. Keep an eye on
your own `net identity' by using
web search services to
look for articles referring to you or purporting to be by you.
- Never mail bomb (send many large email messages). While tempting
it doesn't work very well. If you're lucky you might slow down your
target for a few hours but you will also cause trouble for many
innocent bystanders (all the intermediate sites between you and the
target) and the target is probably better equipped to handle it than
anyone else anyway. You also risk losing your own account for net
- Never flame (be abusive). While also tempting keep in mind that
with the current state of net [dis]organisation and the commonness of
forgeries it's easy to target the wrong person or misjudge the
situation. Do this and you'll end up wasting time apologising and you
also reduce your credibility. Also remember that a flame is more
likely to antagonise a person than to achieve results. The majority of
net abusers are not malicious, merely naive and/or self centered.
- `Adopt' a particularly persistent net abuser and become a
mini-expert on them. Use the information you've learned to help
others deal with them.
- Whenever you see an erroneous opinion in the general press
(eg. confusing spam with free speech, anti-commercial interests,
conventional advertising or content based censorship) write a letter
to the editor letting them know of the error. Better yet, write an
- Report significant illegal activity in the US to the
US National Fraud Information Center.
- Do a
web search for "bulk email"
and let these vendors and their ISP's know what you think of
unsolicited junk email.
- Mirror or point a link to this or other net abuse sites.
- Email other suggestions.
Nobody wants to open their email in the morning and find one
personal message, two bills and a thousand pieces of unsolicited
junk. Or to open their favourite news group and find ten relevant
items and a thousand spams.
When any of tens of thousands of small businesses and other special
interest groups can send tens of thousands of email messages or news
postings per day for peanuts, when they need to do it because their
competitor is already doing so and when they are allowed to do it
the above scenarios are only a matter of time.
There are already reports of individuals in the US receiving more
than one hundred unsolicited junk email messages per day.
Some useful alt.* newsgroups have become completely
unreadable because of hundreds of irrelevant crossposted news items
The drop in cost effectiveness with increased advertising is lower
on the net. The marginal cost of running an email address
grabbing and spamming program overnight while a net account would
otherwise be idle is almost nil. Posting a duplicate news item to
multiple newsgroups is trivial. A business can afford to waste
hundreds of thousands of people's time for only minor profit to
themselves and still come out ahead. Only if there are other
constraints (eg. an ISP volume charging or terminating their access)
will this one-sided tradeoff change.
If you post news items infrequently, your email address isn't on a
publicly accessible web page and you don't often web surf commercial
sites you may only have received a few junk email messages. Don't be
fooled. Hundred thousand email address lists are already in wide
circulation and when your email address gets on one as the result of
web surfing the wrong site, paying a bill or making a sales query you
will find it very hard to get off.
Incidently, if you want to do mass unsolicited junk email
think about this: Most junk emailers only do it once. Creating
thousands of angry instant enemies isn't a smart way to run a
If you want to do a broadcast do it using the broadcast protocol
provided: news. If you want to do a point to point message use the
point to point protocol provided: email. Anything else is abuse of
other people's net resources. If you want to do a broadcast address it
correctly with the facilities provided: newsgroups and subject
headings. Again, anything else is abuse of net resources. Unnecessary
repetition is also an abuse of net resources.
So, the appropriate place for a commercial message is a single on
topic post with a meaningful subject heading in one of the
biz.marketplace.*, comp.newprod (moderated)
or clari.biz.products newsgroups. For obvious reasons
people rarely read these. This is the balance between commercial
advertisers and other people's rights though.
So you're left with web pages and news signature advertising.
The former is okay because only those people interested in a
topic will go looking for them and other people's net resources
are not unnecessarily wasted. The later is okay because you will
have contributed something back to other newsgroup participants
with the posting itself, paying for the general reduction in utility
of the news caused by your small signature ad. If not then it is
also abuse of net resources.
Note: I'm using the term net resources in the
more general sense of not only bandwidth and disk space but also of
the general utility to the people participating. The general utility
of the net and it's facilities is reduced by every off topic post,
useless email message or deceptive web page. Incrementally each loss
is small but the total loss is massive and that is why so many people
are willing to spend time fighting this scourge.
The best way to advertise on the net is to give away value so that
people will want to visit you and also to pay for your use of other
people's net resources. You can create value in small ways by
competitions, games, prizes and freebies. The expected return on these
things to the participants is usually terrible though. It's better to
create value in a larger way by sponsoring `good works'. The
advertisers on the search engines, NetScape and Id software have all
done very well using this approach. On a smaller scale sponsoring a
useful FAQ, piece of software, moderated news group, community service
web site, entertainment web site or industry service web site are good
approaches. If this is done in an innovative way it can be a very
effective. Like everything else in life though remember that you don't
get something for nothing; make sure it really is a
useful/interesting resource and not just a deceptive advertising ploy
likely to turn off a very advertising aware population. Once you have
a useful resource you can legitimately announce it in the relevant
newsgroups and in non-net advertising and build up a client base via
sponsor advertising in the resource. Everybody wins.
This is the right way.
From: firstname.lastname@example.org (NO JUNK EMAIL)
To: email@example.com, firstname.lastname@example.org
Subject: COMPLAINT Re: GameSpot's $20,000 Games Contest
Date: Mon, 22 Jul 1996 15:55:37
The following junk email is being broadcast to our site, costing us time
and money. Such email is *NOT* ok. I *strongly* object to the
involuntary shifting of their business costs on to others. There are
appropriate forums for such messages in the news (the biz. newsgroups) and
on the web (easily found with web searches) and if a significant fraction
of companies on the net start using email for broadcasts (one off or
otherwise) it will become useless.
The email is from email@example.com and solicits replies for
www.gamespot.com who appear to have ISP isi.net.
Please give them a warning as it probably contravenes your acceptable use
policy. If it's premeditated or a repeat offender I request that you
cancel their account.
Does your acceptable use policy:
- warn users about unacceptable net behaviour?
- ban net abuse such as unsolicited junk email broadcasts & newsgroup spams?
- ban the use of your services as a mail drop or name server for spams
from throwaway accounts on other sites?
- allow you to immediately suspend an account on reasonable suspicion
whilst it is investigated and to terminate the account if proven?
- allow you to charge an offender for any costs incurred in dealing with it?
A good AUP saves you time and aggravation. For details see an informative
article by Chris Lewis: <http://kryten.eng.monash.edu.au/gspam.html#isp>
Julian Byrne <firstname.lastname@example.org> (NO JUNK EMAIL)
------- Forwarded Message Follows -------
Orignal maintained by Julian Byrne
Julian.Byrne@eng.monash.edu.au (NO JUNK EMAIL)>
This version maintained by Rainer Zocholl
email@example.com (NO JUNK EMAIL)>
Copyright © 1996.
Last modified: Sat Nov 9 11:24:49 AESuT