Re: Who\'s Really To Blame For All The Spam
In my office, until recently we were receiving tons of spam. This is a problem in more ways than is obvious since many government branches (like ours) still use old Lotus CC:Mail that dates back to the early 90's. CC:mail can't read HTML or display graphics and spam is a real headache since the routers and rule agents have trouble reading them. Often they end up corrupting our mail database.
I began a program back in January of tracing and contacting spammers when it was possible and requesting our domains be removed from all lists. It was often very difficult to get valid address or phone number but with persistence it can be done. I trained a couple of staff members on how to do it, formulated a very nice letter, sent via snail mail on our formal letterhead and envelope explaining our situation and requesting removal. If we still received spam a second time, a more demanding letter went out. If that didn't work then we listed the domain(s) in the MAPS Real Time Black Hole list. As a government agency in the judiciary, we can list addresses and entire domains directly without formal approval.
This resulted in some really hairy situations. In one instance, a major ISP's primary domain and POP's were listed and their entire mail system ground to a stop. There were "some cross words" exchanged as I explained that one of their customers was a major spammer and it was their duty to exercise control. Their opinion differed and it took almost a week of "discussions" before we reached an agreement where they would place strict limits on email quantities and transmission rates and I would remove the Black Hole listing. They threatened legal action but backed away when faced with who we were and the facts of the situation.
Most spam originates from a few dozen mail pumps, some of the biggest are in Florida but some are from abroad. Those in Ft. Lauderdale and St. Pete, Florida were, to say the least, very, very annoyed with me, to the point of finally contacting me via telephone to threaten to sue over being black listed. I explained that they were welcome to pursue any legal recourse they felt appropriate, while mentioning that we have offices in every state and major city and that we had an office only a few blocks away from them. I also mentioned that there are approximately 3800 attorneys in our organization, many of whom have very little to do.
Many of these spammers have multiple addresses that they send from but usually only a few domains overall. Listing their domains kills their entire pump. Our spam has since dropped to just a few pieces a day.
Since we didn't contact every major mail pump out there, this leads me to believe that there is another list being passed around the spam houses and ISP's listing trouble making addresses and domains to avoid.
This may seem like overkill but somewhere, somehow you have to take a stand and do something. Anyone can do the same thing by tracing and reporting spammers whenever they find them. Go to
http://mail-abuse.org and see how it's done.
Because we are a government agency, I can't provide be very specific as to who or how without violating management policy. I have probably stretched things to the limit as it is and I've gotten away with it only because so far, no one has attempted a legal challenge. Any legal challenge would be difficult at best and necessarily place the spammer at a distinct disadvantage since they would have little to gain, their complaint would face prejudice and they would have to absorb substantial, non-recoverable costs (as a government agency, we're never liable for legal costs of the opposition).
On some of the foreign pumps there was little I could do, but in some cases I was able to get a valid mail address and took a page from their own book by writing a bash script on a Linux workstation that constructed a reply message with a somewhat randomized subject line, then sent the message, using send mail and looped with a counter set to expire at 25,000. Spamming the spammer, so to speak. Crude, but surprisingly effective.
Al