Get that spammer!

A tool for tracking down junk e-mailers, junk news posters and their internet service providers.

Keywords: net abuse, junk email, spam, emp, excessive multi posting, velveeta, ecp, excessive cross posting, udp, usenet death penalty, aup, acceptable use policy, tos, terms of service, t&c, terms & conditions

Original: http://kryten.eng.monash.edu.au/gspam.html

Feedback: Julian.Byrne@eng.monash.edu.au (NO JUNK EMAIL)

Goto: Tools, ISP's, Links, Instructions, Suggestions, Why?, How to advertise, Complaint

Tools

Other web TRACEROUTE's, Other WHOIS servers & DIG list hosts in domain

<Home>

Internet Service Providers - Does Your Acceptable Use Policy:

• warn users about unacceptable net behaviour?
• ban net abuse such as unsolicited junk email broadcasts & newsgroup spams?
• ban the use of your services as a mail drop or name server for spams from throwaway accounts on other sites?
• allow you to immediately suspend an account on reasonable suspicion whilst it is investigated and to terminate the account if proven?
• allow you to charge an offender for any costs incurred in dealing with it?

A good AUP saves you time and aggravation. For details see an informative article by Chris Lewis.
For examples see MCI's T&C & other terms & conditions, terms of service, & acceptable use policies.

Other things an ISP can do

• Install an abuse@ email address which forwards to an account where it is read promptly. Do this even if you have another account for handling abuse as abuse@ has become a defacto standard and this avoids unnecessary bounced email. Postmaster@ often gets overloaded with accidently misaddressed mail and thus delays prompt resolution of net abuse. It's in your own interest to resolve net abuse as quickly as possible.
• Put your acceptable use policy on a public web page so that the net at large knows your position. It's good advertising for you, helps to make complaints clearer and makes your site less of a magnet for net abusers.
• Put a `no unsolicited junk email' note into your unknown user email bounce message.
• Log all TCP/IP connections, inbound and outbound email, and outbound news so you can quickly and easily track down net abusers. This can save much staff time.
• Not forward email on behalf of third parties. Many net abusers are relaying email to avoid IP address based filters and could cause your site to get a lot of unnecessary complaints and bad publicity. Most email transport programs by default accept inbound email for a destination not even in their own domain. Make sure yours doesn't. Make sure it also doesn't accept the `percent hack' (a%b@c causes c to send the email to a@b; common and useful for checking email routing but unfortunately open to abuse).
• If you need to terminate a web or email account because of net abuse replace it with an appropriately worded page or autoresponder explaining why the account was terminated. This can be a strong deterrent to repeat abuse and is good advertising for you.
• Warn other ISP's in your area when you need terminate an account so they can block known net abusers before they get an account. Once net abusers have an account they frequently take advantage of the `30 days notice to terminate account' provision common in many ISP contracts. Make sure your AUP allows immediate termination for premeditated abuse.
• Close your news server. Make sure only your own customers can submit news items and that they are logged so forged items can be determined.
• Make sure your default news posting software makes it hard for users to crosspost to large numbers of newsgroups. Make sure it also warns new users about the potential consequences of posting something like `I know this great nude actress web site' to the world.
• Make sure your mailing list software doesn't give out subscriber email address lists, that it allows only subscribers to submit items to the list, that it verifies subscribe and unsubscribe requests and that every email message has an "Errors-To:" header and subscribe/unsubscribe instructions body signature. A common form of abuse is to subscribe a net naive victim to multiple high volume mailing lists.
• Restrict access to or disable your finger server. Attach a `no unsolicited junk email' message to it's output if appropriate. Finger can be used by a remote site to determine a username's full name and who is currently logged in.
• Run an ident server. This allows others to identify the user name of any open TCP/IP connection from your machine to their machine, thus making any complaints to you less cryptic, making complainants less frustrated and make it harder for net abusers to remain anonymous. Many email transport programs incorporate the user name provided by ident into email "Received:" headers which makes it more obvious when an email is forged. A downside is that some web servers use ident to determine a junk emailable address for anybody surfing their site. This may not be a problem if you're running a caching web server. You could also configure your ident server to only give answers for email and news connections.
• Verify inbound email connections. Query the ident server on the connecting machine if it has one. Compare the hostname give in the HELO/EHLO command with the IP address of the connection partner. Do a domain name inverse lookup on the connecting machine's IP address and if successful put it in the "Received:" header. Flag inconsistencies between ident, HELO and DNS lookup. As all of these can be forged leave the IP address in the "Received:" header. An IP address can be forged too but it's a lot harder.
• Consider disabling the inbound email VRFY (verify) and EXPN (expansion) commands as they can be used by other sites to determine the existence of your usernames, names associated with your usernames, whether email is being forwarded and where email is being forwarded. These commands aren't needed or used in normal operation but are occasionally used by mailing list maintainers to verify addresses. They're not of much practical value because of the widespread use of mail aliases and firewalling.
• Consider installing an email filter program such as procmail to filter inbound email on behalf of your users, removing some of the better known junk emailers such as as moneyworld.com.
• Consider filtering all inbound and outbound news items that are crossposted to five or more groups. There are patches available to do this for cnews and inn.
• Consider throttling outbound email so that by default individual users can't send more than one email/minute. This needs to be disableable for mailing lists though.
• Consider installing an IP filter that blocks connections from known unsolicited junk email sites such as those in the Internet Blacklist.
• Under Unix consider installing qmail instead of the default sendmail. It has a much more secure design, uses inetd and is far easier to understand and work with.
• Setup your email so that if one user is mail bombed their disk space usage is quarantined from other users. Quarantine incoming anonymous ftp files too and make sure system log files have plenty of space.
• Consider getting your system utilities to quickly warn you when an unusually high volume of email or news cross posts is inbound or outbound to a particular user so that it can be checked.
• Provide your users with the tools described in this web page so that they can track down net abusers themselves if they have the time and technical ability.
• Consider posting informational postings to news.admin.net-abuse.misc when dealing with net abusers. It demonstrates to the net at large that you're a good net citizen and it helps to reduce the level of complaints.
• Make sure your list of user email addresses is private so that junk emailers can't suck lists of email addresses off your site. Provide a search page instead.
• Educate your users. Scatter informative web pages around your site so that naivity is not an excuse for causing trouble. Warn your new users about junk email and news spam tactics so that they are immunized from some of the scams.
• Be wary of allowing unsolicited junk emailers on your site or allowing your site to be used as a web/mail drop for unsolicited junk email from throwaway accounts on other ISP's. Some net users feel this is sufficient justification to broadcast email your entire customer base (found with a web search) with a warning that you support net abuse and the suggestion that they complain and/or move to another ISP.
• Email other suggestions.

<Home>

Links

• The Tragedy of The Electronic Commons by Howard Rheingold.
• Advertising on Usenet: How To Do It, How Not To Do It by Joel K. Furr.
• Net Abuse FAQ General information on net abuse.
• Spam FAQ Gandalf's more advanced alternative to this page.
• Outlaw Junk Email Now! David Topping is trying to get junk email outlawed in the US.
• SEC Division of Enforcement Where to complain about US financial scams.
• Blacklist of Internet Advertisers Plus other useful links and information.
• Not the Hormel product Nate Waddoups' thoughts on spam.
• The Anti-UMail FAQ Mark Neely's readable answers to junk email justifications.
• Boycott Internet spam! Scott Hazen Mueller's petition and anti-spam resources.
• gspam.zip This page's CGI scripts for mirrors.
• DIG A utility for examining the Domain Name System.
• TRACEROUTE A utility for tracking where net messages go.
• WHOIS A utility for querying the distributed network administrative database.
• Echo What this web server knows about you without even trying.
• Snoop A more aggressive attempt to find out about you.

<Home>

Instructions

1. Step one is to look at all the headers of the message. News/email readers normally show only a subset of the available headers to avoid screen clutter. Select the option that makes the hidden headers visible. In Netscape select Options/Show all headers, in Pegasus or Pine press H and in VM press t. Other news/email readers have similar options.

2. Important headers are:

   • From:
   • To:
   • Sender:
   • X-Sender:
   • Reply-To:
   • Errors-To:
   • Return-path:
   • Message-id:
   • Path:
   • Received:

   All contain a network host name that may give you a clue as to who the spammer is. However, any or all of them may be faked. It is common for spammers to send email from a throwaway account at one site and solicit replies at other sites, so you may need to track down two or more network locations. Make a list of all host names mentioned in the headers and in the body of the message. These are the parts to the right of the @ sign in email addresses, between // and / in web links, in the last Received: header and at the right end of the Path: between !'s.

   Path: gives the list of hosts a news item passed through, from the poster's site at the right end to get to your site at the left end. One or more entries on the right end may be faked so you may need to cooperate with others to track down which host in the Path: list the message was injected at. Like the Path: header Received: headers are a list of sites the message passed through in reverse order but with only one host name per header. Again, the bottom entries (earlier timewise) in the Received: list may be faked. Even with normal, non-faked operation not all hosts or network routers a message passes through are recorded in the Path: or Received: headers. Use TRACEROUTE (described below) to get a more complete list.

3. Host names usually have machine name and domain name parts. For example kryten.eng.monash.edu.au has a machine name of kryten and domain name of eng.monash.edu.au (engineering faculty, monash university, education sector, australia) with larger domains monash.edu.au, edu.au and au. Look at your list of host names and see if you can add some local domain names to the list by stripping machine names from host names. This is a trial and error procedure and may not always give a valid result.

   A couple of traps: The domain <something>.dynip.alter.net is really earthlink.net and <something>.ms.uu.net is really microsoft.com.

4. Some of the host/domain names you've discovered may actually be a numerical network IP address eg. kryten's is 130.194.140.2. Use DIG ipaddress->hostname to find a host name given an IP address and use DIG hostname->ipaddress to find an IP address given a host name. Add any new host/domain names discovered to your list. IP addresses can have zero, one or several host names. Host names can have zero, one or several IP addresses.

   Some hosts and domains designate one or more hosts to handle any email directed to them. Use DIG hostname->mailexchanger to find out if there are any such hosts.

5. DIG queries domain name servers for information about the host/domain names you've found. It gives a mess of information most of which you can ignore. You're not normally interested in the NS and other records of the name servers that supplied the information, just the info related to the host/domain you queried. This is the A internet IP address records, the MX mail exchanger records and the PTR pointer to host name records.

   Any email sent to the queried host/domain will initially go via one of the hosts given by the MX records if they exist, otherwise it will go to the host given by the A record. If there are no MX and no A records then email will normally bounce. The MX and A host names may be in completely different domains. Add any new domains to your list.

   If an IP address has no corresponding hostname the SOA `start of authority' record can be used to see which hosts/domains are responsible for that part of the net. Internic.net is responsible for unallocated addresses so if you get this it usually means the queried IP address is faked or in error. If there is no SOA record try doing a DIG ipaddress->hostname on another IP address which is in the same subnet as the one you're interested in ie. vary the last number from 1 to 254. eg. For 130.194.140.37 you might try 130.194.140.66. Some machines are configured by accident or by design to not reveal who is responsible for them.

6. Use WHOIS to find the administrative and technical contacts for the hosts/domains you've discovered. This will give more contact information including email addresses. If there is more than one WHOIS entry for the domain you've entered you'll get a list of abbreviated entries. To get full information use an entry's key as a query string (eg. mci.net gives keys MCI8-HST and MCI2-DOM). Add the host/domain names of the email addresses to your list. You may need to strip off one more left elements of each domain before you get a domain that WHOIS knows about (eg. eng.monash.edu.au -> monash.edu.au -> edu.au -> au). This WHOIS covers US non-military domains only. For other domains see other WHOIS servers.

7. Use TRACEROUTE to get a list of sites handling messages between this web server host and each of the host/domain's. This can take several minutes. Ideally it should be from your mail host but this should do. The last entry in the TRACEROUTE results list should be the host/domain you're querying. The next-to-last should be the Internet Service Provider (ISP) for your queried host/domain. The next-to-last for that ISP is their ISP and so on. More than one host at the end of the list may be owned by the spammer and so you need to use some judgement as to whether, when you send email to one of the hosts, you're talking to the spammer or their ISP. Add the hosts at the end of the list together with their domains to your host/domain list. This TRACEROUTE will have trouble if the test link is heavily loaded (likely during Australian working hours). If so you could try other web TRACEROUTE's.

8. Use a web search engine to look for references to the domain names you've found. Look for `domain' and `www.domain' Virtually all ISP's have web sites like this and you can use the web pages to get some idea of whether it's actually the spammer or the ISP, together with the size, contact addresses and the email/news policy of the ISP. You can also use a general web search engine to find out other information about the spammer.

9. You should now have a list of hosts and domains with a fair idea of the spammer's addresses and their ISP's addresses. Send an email to the spammer's ISP (this may or may not have the same domain name as the spammer themselves) using the abuse@ address and a copy to the spammer themselves. Be polite. You want results don't you? In the message include a copy of the spam with full headers, detail the reasons why you find the spam unacceptable, tell them about the Net Abuse FAQ and the Advertising FAQ and request that they not do it again. A sample is appended but use your own words if you can so that they know this is you saying it and not some form letter. If abuse@ bounces send the message to admin@, root@ or postmaster@ and additionally ask them to configure an abuse@ address which forwards to their person responsible for handling net abuse. If the email addresses aren't working you could try a fax gateway or check out the email search FAQ.

10. Large ISP's will generally not reply to you because they're too busy but if they receive enough complaints (and with full on spammers they usually do) it is likely the spammer will be dealt with. Most ISP's are good net citizens because it's in their own interest to maintain a good reputation. If you see the spam again send another message but this time post a copy of the spam with full headers to the news.admin.net-abuse.misc newsgroup and let the experts have a go. You may also want to email the ISP of the ISP. You should read the newsgroup for week or two to get a feel for how spammers operate and are dealt with. Be warned that the newsgroup includes plenty of argumentative posts from spam supporters in addition to posts from people trying to reduce spam.

Thats it! Look at the links list for further information on handling net abuse.

If the above procedure doesn't handle junk email to your satisfaction you may want to set up a filter to delete email/news items at your site before you see them. Not terribly effective generally unless you're willing to bounce every unauthorised address but it works for some persistent spammers. For reading news items look for a feature called kill-files. Not all news readers have them though. For reading email look at the filtering features your email program possesses or get an email filtering program which deletes email items before the email reader program sees them. Talk to your system administrator or ISP too; they may have some ideas specific to your site.

A final warning: Any message on the internet which doesn't use strong encryption/authentication techniques like PGP can be completely fake. Occasionally enemies on the net attack each other by tricking a third party into doing their dirty work for them. Treat any address you get with suspicion until proven otherwise.

<Home>

Suggestions

• Check that your ISP has an `Acceptable Use Policy' that you're happy with. If not make suggestions about how it could be improved. See ISP's for some ideas. Many smaller ISP's while technically competent don't have much net experience and could do with a net abuse `heads up'.
• If you see a cross or multi post to ten or more newsgroups post a copy to the newsgroup news.admin.net-abuse.misc. This is particularly important for `slow spams' (multi posts with slightly varying subject and contents spread over several days) as the automatic tools professional anti-spammers use have difficulty spotting these. You can use a news search service to see how many copies there are of an article. The threshold at which the professional anti-spammers normally trigger is an extremely conservative twenty cross posts within a forty five day period but it varies depending on the newsgroup hierarchy.
• If you see a single copy of a make-money-fast (MMF) pyramid scam or chain letter send a complaint to the user and their postmaster with a reference to the US Postal Service's views on pyramid selling and request that the news item be cancelled and the proceeds, if any, be given to charity. Most MMF's say they're legal or `different'. They're lying. MMF's are illegal in almost all countries.
• Forged email and newsposts are sometimes grounds for instant account termination. Many unsolicited junk email messages and spams are forged to reduce the level of effective complaints. If you see one and can work out what's going on let the relevant ISP's know.
• When posting news items use an email signature like one of these:
  • NO_JUNK_EMAIL@NOWHERE
  • Julian.Byrne@eng!.monash.edu.au NO JUNK EMAIL
  • Julian.Byrne@eng.monash.edu.au@removethistoemailme
  • NO JUNK EMAIL <Julian.Byrne@eng.monash.edu.au>
  • Julian.Byrne@eng.monash.edu.au (NO JUNK EMAIL)
  The first three are illegal email addresses (note the "!") but the automated email address collectors that junk emailers use will generally not recognise this while individuals hoping to contact you should be able to correct it easily. The last two are legal email addresses. Everything outside of the <>'s and in between the ()'s is a descriptive comment which email programs will ignore but hopefully more responsible junk emailers won't.
• When posting include one of these signatures:
  • Unsolicited commercial e-mail will be proof-read with the help of the mailer, his postmaster, and if necessary, his upstream provider(s).
  • The sender of any unsolicited email sent to this address agrees to pay $500/email for proofreading services.
  • Any junk email sent to this address will be placed in the junk email blacklist at ... Sender agrees to pay $75 for each such email archived.
  At the time of writing nobody using these strategies had reported collecting but it did drastically cut down on junk email messages and you never know... The consensus is that it'll be difficult to collect because the sender has not explicitly agreed to a contract but you might succeed in a small claims court if the junk emailer doesn't bother defending it.
• When posting don't include a valid email address. Instead have a web link to a page which has a detailed description of your unsolicited junk email policy together with your email address.
• If your site runs a finger server make sure the text put out by the server on your behalf includes a no junk email message.
• When dealing with any organization on the net that might sell your email address to others make sure that they have some simple mechanism for blocking your email address from being sold. Use it. One mechanism is to have a special email address which when emailed to causes the return address to be put on to a stop list. Another is to have a tick box on a form. Don't deal with that organization until they have such a mechanism in place.
• Use slightly different names and email addresses with different organizations to help track down the culprit if your address is sold.
• Use special email addresses that are only valid for a limited time period, that are only valid when used by a particular correspondent or are only valid for a single return email message. These approaches require sophisticated use of email filtering programs and probably only make sense for somebody technically literate and with a high volume of junk.
• Use an email filter program to bounce email messages from an address not on an `ok' list with one of the following messages:
  • Sorry for the inconvenience. To control unsolicited junk email this email address automatically bounces email messages from an unknown address. Simply reply to this notification within 24 hours and your original message and any new messages from you will get through as usual. I enjoy receiving messages from anybody except junk emailers so please don't hesitate. My junk email policy is ...
  • ... Enter your email address and/or message on the web form at <URL:...> and any future messages from you will get through. The form includes my junk email policy. ...
  • You have reached ...'s email contact address. To send email to me please use `pseudo_user@my_host' instead. This is a special; it'll only work with from your address `user@your_host'. Sorry about the inconvenience; I receive a lot of junk email.
  The problem with these approaches is that it wastes the time of the person trying to contact you but if you're unusually popular or have a major problem with junk it might make sense.
• Set up traps on your web pages or news postings, email address links that you never use but which might be picked up by a junk emailer's automated address collection program. Trigger an automatic complaint if any email is received at that address. If you are a US user try setting up a clearly sign posted, advertised and witnessed email address link that forwards to your printer or to your fax machine (via a FAX gateway) and you may be able to apply the US junk fax law and make US$500. Untested at the time of writing. Alternatively, set up the trap address to forward to your local government representative, hopefully making them more aware of the junk email problem.
• You can submit your email address to several `no junk email' lists. In theory junk email will no longer be sent to that address. In practice most junk emailers ignore these lists and there is a risk that net abusers will use the contents as targets. Keep in mind that the presumably reduced level of junk email received at such addresses make them more attractive targets for junk emailers willing to break the rules.
• Educate people about acceptable net behaviour. There are people of all ages on the net. Never underestimate how naive people can be and remember that there is a first time to learn for everyone. Many net abusers simply don't realize how much trouble they're causing. The critical test: Would you do this to somebody face-to-face? Newsgroup spamming is like shouting in a movie theatre. Junk email is like using a loud hailer at 3am outside somebody's home. Free speech advocates should remember that an effective way to compromise free speech is to bury it in noise and misinformation.
• Educate people about net economics. Paper junk mailers pay for their postage. Junk emailers force their targets to pay for it. News cross and multi posts occupy thousands of computers' disk space and can add up to significant money and a waste of tens of thousands of people's time. Entire countries (eg. New Zealand) and many ISP's push international incoming and outgoing link volume costs onto individual users. Also, unlike the US, many countries have timed local call charges. Even users who don't pay volume charges get hit by reduced bandwidth.
• Sales people often truly believe their product is the best thing since sliced bread and that they are doing everybody a favour by advertising as widely as possible. It takes a lot to convince them that the average person doesn't give a damn. Convince sales people to face facts; that they are costing people more in time and money than they are offering in a potentially useful product. Keep in mind that sales people are good `people' people but are often numerically illiterate and as a result are more emotive than objective when estimating a balance of pro's and con's.
• Never give spammers the attention they are seeking. Don't post followups unless you're sure it'll help. Do your best to bore them to tears. If it's a premeditated commercial spammer waste as much of their time as you can. If it's a certified net.kook trolling (trying to to start an abusive argument) start other interesting news threads (conversations) which have nothing to do with the troll ie. distract others from the troll.
• Some abusive news posts are placed by practical joking `friends' of students who accidently left their accounts logged in in shared computer labs. If you suspect this is the case email them a copy of the post and ask them to tell off their `friends' and to cancel the post, requesting help from their system administrator if necessary.
• Keep in mind that many net users and abusers have multiple `net identities' and that forgery of other user's identities is fairly common. Forgeries might be abusive, trying to wreck some user's reputation, or more subtle, like pretending to be a responsible ISP but actually ignoring complaints. The lack of legal consequences means that some net abusers engage in wholesale deception. Keep an eye on your own `net identity' by using news and web search services to look for articles referring to you or purporting to be by you.
• Never mail bomb (send many large email messages). While tempting it doesn't work very well. If you're lucky you might slow down your target for a few hours but you will also cause trouble for many innocent bystanders (all the intermediate sites between you and the target) and the target is probably better equipped to handle it than anyone else anyway. You also risk losing your own account for net abuse.
• Never flame (be abusive). While also tempting keep in mind that with the current state of net [dis]organisation and the commonness of forgeries it's easy to target the wrong person or misjudge the situation. Do this and you'll end up wasting time apologising and you also reduce your credibility. Also remember that a flame is more likely to antagonise a person than to achieve results. The majority of net abusers are not malicious, merely naive and/or self centered.
• `Adopt' a particularly persistent net abuser and become a mini-expert on them. Use the information you've learned to help others deal with them.
• Whenever you see an erroneous opinion in the general press (eg. confusing spam with free speech, anti-commercial interests, conventional advertising or content based censorship) write a letter to the editor letting them know of the error. Better yet, write an article.
• Report significant illegal activity in the US to the US National Fraud Information Center.
• Do a web search for "bulk email" and let these vendors and their ISP's know what you think of unsolicited junk email.
• Mirror or point a link to this or other net abuse sites.
• Email other suggestions.

<Home>

Why the fuss?

Nobody wants to open their email in the morning and find one personal message, two bills and a thousand pieces of unsolicited junk. Or to open their favourite news group and find ten relevant items and a thousand spams.

When any of tens of thousands of small businesses and other special interest groups can send tens of thousands of email messages or news postings per day for peanuts, when they need to do it because their competitor is already doing so and when they are allowed to do it the above scenarios are only a matter of time.

There are already reports of individuals in the US receiving more than one hundred unsolicited junk email messages per day. Some useful alt.* newsgroups have become completely unreadable because of hundreds of irrelevant crossposted news items per day.

The drop in cost effectiveness with increased advertising is lower on the net. The marginal cost of running an email address grabbing and spamming program overnight while a net account would otherwise be idle is almost nil. Posting a duplicate news item to multiple newsgroups is trivial. A business can afford to waste hundreds of thousands of people's time for only minor profit to themselves and still come out ahead. Only if there are other constraints (eg. an ISP volume charging or terminating their access) will this one-sided tradeoff change.

If you post news items infrequently, your email address isn't on a publicly accessible web page and you don't often web surf commercial sites you may only have received a few junk email messages. Don't be fooled. Hundred thousand email address lists are already in wide circulation and when your email address gets on one as the result of web surfing the wrong site, paying a bill or making a sales query you will find it very hard to get off.

Incidently, if you want to do mass unsolicited junk email think about this: Most junk emailers only do it once. Creating thousands of angry instant enemies isn't a smart way to run a business.

<Home>

How to advertise

If you want to do a broadcast do it using the broadcast protocol provided: news. If you want to do a point to point message use the point to point protocol provided: email. Anything else is abuse of other people's net resources. If you want to do a broadcast address it correctly with the facilities provided: newsgroups and subject headings. Again, anything else is abuse of net resources. Unnecessary repetition is also an abuse of net resources.

So, the appropriate place for a commercial message is a single on topic post with a meaningful subject heading in one of the biz.marketplace.*, comp.newprod (moderated) or clari.biz.products newsgroups. For obvious reasons people rarely read these. This is the balance between commercial advertisers and other people's rights though.

So you're left with web pages and news signature advertising. The former is okay because only those people interested in a topic will go looking for them and other people's net resources are not unnecessarily wasted. The later is okay because you will have contributed something back to other newsgroup participants with the posting itself, paying for the general reduction in utility of the news caused by your small signature ad. If not then it is also abuse of net resources.

Note: I'm using the term net resources in the more general sense of not only bandwidth and disk space but also of the general utility to the people participating. The general utility of the net and it's facilities is reduced by every off topic post, useless email message or deceptive web page. Incrementally each loss is small but the total loss is massive and that is why so many people are willing to spend time fighting this scourge.

The best way to advertise on the net is to give away value so that people will want to visit you and also to pay for your use of other people's net resources. You can create value in small ways by competitions, games, prizes and freebies. The expected return on these things to the participants is usually terrible though. It's better to create value in a larger way by sponsoring `good works'. The advertisers on the search engines, NetScape and Id software have all done very well using this approach. On a smaller scale sponsoring a useful FAQ, piece of software, moderated news group, community service web site, entertainment web site or industry service web site are good approaches. If this is done in an innovative way it can be a very effective. Like everything else in life though remember that you don't get something for nothing; make sure it really is a useful/interesting resource and not just a deceptive advertising ploy likely to turn off a very advertising aware population. Once you have a useful resource you can legitimately announce it in the relevant newsgroups and in non-net advertising and build up a client base via sponsor advertising in the resource. Everybody wins.

This is the right way.

<Home>

Complaint example

From:     postmaster@halls1.cc.monash.edu.au (NO JUNK EMAIL)
To:       abuse@isi.net, samantha@gamespot.com
Subject:  COMPLAINT Re: GameSpot's $20,000 Games Contest
Date:     Mon, 22 Jul 1996 15:55:37

Hi administrator,

The following junk email is being broadcast to our site, costing us time
and money. Such email is *NOT* ok. I *strongly* object to the
involuntary shifting of their business costs on to others. There are
appropriate forums for such messages in the news (the biz. newsgroups) and
on the web (easily found with web searches) and if a significant fraction
of companies on the net start using email for broadcasts (one off or
otherwise) it will become useless.

The email is from samantha@gamespot.com and solicits replies for
www.gamespot.com who appear to have ISP isi.net.

Please give them a warning as it probably contravenes your acceptable use
policy. If it's premeditated or a repeat offender I request that you
cancel their account.

Does your acceptable use policy:

- warn users about unacceptable net behaviour?
- ban net abuse such as unsolicited junk email broadcasts & newsgroup spams?
- ban the use of your services as a mail drop or name server for spams
  from throwaway accounts on other sites?
- allow you to immediately suspend an account on reasonable suspicion
  whilst it is investigated and to terminate the account if proven?
- allow you to charge an offender for any costs incurred in dealing with it?

A good AUP saves you time and aggravation. For details see an informative
article by Chris Lewis: <http://kryten.eng.monash.edu.au/gspam.html#isp>

Regards,

Julian Byrne <postmaster@halls1.cc.monash.edu.au> (NO JUNK EMAIL)

------- Forwarded Message Follows -------

Return-path: <samantha@gamespot.com>
...

<Home>