San Diego We all get them and we all hate them: unwanted e-mails advertising cut-rate life insurance, low-interest mortgages, get-rich-quick schemes, debt-consolidation services, ink-jet cartridges, and cell-phone accessories. One might live with these annoyances, if they weren't accompanied by e-mail bearing live links to websites featuring images of naked Russian teenagers and worse.
"Spam," such e-mail has been dubbed. And when we get it, our first reaction is to blame our Internet-service provider for selling our addresses to the people sending it. Jeff Dickey, tech-support manager for American Digital Network, an Internet service provider in Kearny Mesa, handles these complaints every day. "So far this morning," he said on a recent Monday, "I've received 250 complaints about spam. I have customers who get 500 to 600 pieces of junk a week. People always blame us for selling our e-mail lists. We've never sold an e-mail list in our lives."
Then why, a chorus of e-mailers asks, are our inboxes full of this stuff? "It's probably because your e-mail address is out there," Dickey answered. "Maybe you're on a joke-of-the-day list, and whoever runs the list sells your name to everybody."
Say a friend forwards an article to you and 15 of his friends, and you forward it on to all of your friends. In each of those transmissions, your e-mail address is printed in the "header," the coding at the top that you usually ignore. By the time your friend's friends stop forwarding the article, hundreds, maybe thousands of people will have seen it. One of them may have been a "spammer." And now the spammer has your e-mail address. "People write programs that go through and remove all the addresses," Dickey explains, "and they've got 48 new addresses they can send to.
"Also," Dickey continues, "easy user names get a lot of spam, names like John. The spammer will try 'John' in every domain."
Your user name is whatever comes before the @ symbol in an e-mail address. The domain name is what comes after. So in [email protected], John is the user name, doe is the domain name. "There are people," Dickey explains, "who run programs which go through each domain, [email protected], [email protected], [email protected]. There are programs that go through every feasible combination of eight characters. I see the ones coming in that are trying the aaa, aab, aac because my machine looks for that type of pattern, and it will just block them. But it's not easy to block all of them, because a lot of the ISPs don't do that, especially smaller ISPs who can't afford to have people do what I do here."
What he's talking about is combating spam. "I'll spend four hours working on spam on Monday," he says. "But Mondays are my biggest days because I'll have spam from all weekend. Tuesday through Friday, I'll do maybe one to two hours a day."
Spamming originated when businesses and private citizens began owning fax machines in the mid-'80s. "You'd get the junk mail by fax," Dickey recalls. " 'Win a free vacation cruise!' People would just spend all day looking for fax numbers and then spamming them with faxes. I first started noticing spam on the computer in 1995. That's when it started showing up in earnest. There was a law passed against fax-machine spam because it wastes the recipients' fax paper and toner. The law that was passed stipulated a $25-per-instance fine if somebody complains about it. There are no Internet spam laws."
In the absence of a law, Dickey and others like him, who guard the electronic-mail gateways of the world, have to come up with their own ways of fighting spam. Their method is blocking; that is, disallowing mail from individuals or whole domains that are known to be sources or channels of unsolicited e-mail. "The first thing I do," Dickey explains, "is check out the headers of any mail that comes in." He brings up an e-mail ad for septic-tank retrofitting and begins to read the header, which tells where the mail came from and where it's going. "I start at the bottom and work my way up to the head. Here's my server...and here we see that this one came from a Japanese toy company. So obviously, somebody compromised their server and sent mail through it. So their server is available for anybody on the Internet to use to send mail."
That's called an anonymous relay, or open relay. "It's not the toy company itself that's sending spam," Dickey explains. "Their server was set up wrong. It allows spammers to send mail through it. See, individual computers don't deliver mail. They send it to an outbound mail server, and that server delivers the mail. It searches and finds the toy company in Japan."
This searching is done with computer programs that automatically send messages to mail servers around the world. "They ask each one to send back a piece of mail," Dickey explains. "Whatever one they get back, they know that one allows anonymous relays, and then they use that to send spam."
As long as the spammer doesn't flood the Japanese toy company's server with so much mail that their system buckles and their employees can't send mail, the toy company may never know that they are being used as a conduit for electronic junk mail. That is, until Dickey or a colleague receives a spam mail through their server and tells them about it. After he's sent that message, he blocks mail from the toy company's server to his customers. "I have over 3000 blocked addresses," Dickey says. "Those are addresses that I won't accept mail from because either they're known to accept spam or are an anonymous relay, like the Japanese toy company. Sometimes they call me and say, 'Hey, you're blocking me.' I tell them, 'You were an open relay.' I keep a record of everything I block so I can go back and say, 'Yeah, I blocked you because in 1999, December 7, I received 27 complaints regarding spam from your address.' Sometimes they say, 'Well, I fixed that problem.' Then I'll test it again, and if it doesn't allow anonymous relay, I'll open it up again."
Most American Internet-service providers block anonymous relays. But servers in other countries aren't as careful. "The biggest places to search for relays," Dickey says, "are Korea, Japan, Russia, and China. They're non-English-speaking places, but everything [in the computers] is English. They set up their machines, and they either can't read the directions that tell them how to block spam, or they don't care. As long as it works, they don't care. But the thing is, I've seen some servers buckle because of the amount of abuse they've taken. Because if you have a server for maybe 20 or 30 people, your little server works just fine for those 20 or 30 people. Then somebody tries to send 250,000 pieces of mail out of it, and the system can't handle it."
Dickey also blocks spam mail by identifying the original source, the spammer himself, though spammers exert great effort not to be identified. They use fake e-mail addresses, though Dickey says his system at American Digital Network can usually spot the phony names, and they sometimes use the e-mail addresses of an unknowing third party as a return path. That's not fun for the third party, Dickey explains. "Because now you're getting 200 complaints about being a spammer," Dickey says, "when you didn't do anything. But they've put your name in there to try to throw us off the track."
American Digital Network subscribes to several Internet groups that track and keep lists of known spammers. And Dickey keeps his own list. He blocks all of them from sending mail to his customers. He's also had personal e-mail contact with some of the spammers. "One guy," Dickey recalls, "who was local, actually, kept saying, 'I'm not a spammer. It says right on the mail, this is not spam.' I told him if it's unsolicited, it's spam. He just kept saying, 'It's not spam,' so finally I just reported him to his ISP."
Some spammers, upon being blocked or reported, have tried to "mailbomb" Dickey, which means sending "250,000 pieces of mail all saying, 'SCREW YOU!' The idea is to bring my system down. But I'm well-protected against that." Other disgruntled spammers attempt to hack into Dickey's system "to see if they can take it over." He's well-protected against that too.
Another spam-fighting method is to block any e-mail that comes in with a specific subject line. The problem with that is a spammer need only change one character in the subject line to get it through again. Dickey scrolls through a list of such subjects. It's thousands of entries long. The words teens, orgy, wet, and various euphemisms for female anatomy appear over and over. Dickey estimates that porn advertising makes up 30 to 40 percent of the half-million spam e-mails his system blocks every day. As a father of two young daughters, it's that 30 to 40 percent he's most concerned about. Asked what the most offensive spam he'd ever dealt with was, he answers, "We got one from San Francisco," he recalls, "that was somehow gay related. It was pictures of men pooping on meat. I'm not talking about a link here. I'm talking about my customers receiving a piece of mail with pictures right on it of men defecating on steaks."
Kiddie-porn ads also come over the wires. "Those I send to the Federal Trade Commission," Dickey says, "along with multi-level marketing schemes and anything else I think may be illegal."
San Diego We all get them and we all hate them: unwanted e-mails advertising cut-rate life insurance, low-interest mortgages, get-rich-quick schemes, debt-consolidation services, ink-jet cartridges, and cell-phone accessories. One might live with these annoyances, if they weren't accompanied by e-mail bearing live links to websites featuring images of naked Russian teenagers and worse.
"Spam," such e-mail has been dubbed. And when we get it, our first reaction is to blame our Internet-service provider for selling our addresses to the people sending it. Jeff Dickey, tech-support manager for American Digital Network, an Internet service provider in Kearny Mesa, handles these complaints every day. "So far this morning," he said on a recent Monday, "I've received 250 complaints about spam. I have customers who get 500 to 600 pieces of junk a week. People always blame us for selling our e-mail lists. We've never sold an e-mail list in our lives."
Then why, a chorus of e-mailers asks, are our inboxes full of this stuff? "It's probably because your e-mail address is out there," Dickey answered. "Maybe you're on a joke-of-the-day list, and whoever runs the list sells your name to everybody."
Say a friend forwards an article to you and 15 of his friends, and you forward it on to all of your friends. In each of those transmissions, your e-mail address is printed in the "header," the coding at the top that you usually ignore. By the time your friend's friends stop forwarding the article, hundreds, maybe thousands of people will have seen it. One of them may have been a "spammer." And now the spammer has your e-mail address. "People write programs that go through and remove all the addresses," Dickey explains, "and they've got 48 new addresses they can send to.
"Also," Dickey continues, "easy user names get a lot of spam, names like John. The spammer will try 'John' in every domain."
Your user name is whatever comes before the @ symbol in an e-mail address. The domain name is what comes after. So in [email protected], John is the user name, doe is the domain name. "There are people," Dickey explains, "who run programs which go through each domain, [email protected], [email protected], [email protected]. There are programs that go through every feasible combination of eight characters. I see the ones coming in that are trying the aaa, aab, aac because my machine looks for that type of pattern, and it will just block them. But it's not easy to block all of them, because a lot of the ISPs don't do that, especially smaller ISPs who can't afford to have people do what I do here."
What he's talking about is combating spam. "I'll spend four hours working on spam on Monday," he says. "But Mondays are my biggest days because I'll have spam from all weekend. Tuesday through Friday, I'll do maybe one to two hours a day."
Spamming originated when businesses and private citizens began owning fax machines in the mid-'80s. "You'd get the junk mail by fax," Dickey recalls. " 'Win a free vacation cruise!' People would just spend all day looking for fax numbers and then spamming them with faxes. I first started noticing spam on the computer in 1995. That's when it started showing up in earnest. There was a law passed against fax-machine spam because it wastes the recipients' fax paper and toner. The law that was passed stipulated a $25-per-instance fine if somebody complains about it. There are no Internet spam laws."
In the absence of a law, Dickey and others like him, who guard the electronic-mail gateways of the world, have to come up with their own ways of fighting spam. Their method is blocking; that is, disallowing mail from individuals or whole domains that are known to be sources or channels of unsolicited e-mail. "The first thing I do," Dickey explains, "is check out the headers of any mail that comes in." He brings up an e-mail ad for septic-tank retrofitting and begins to read the header, which tells where the mail came from and where it's going. "I start at the bottom and work my way up to the head. Here's my server...and here we see that this one came from a Japanese toy company. So obviously, somebody compromised their server and sent mail through it. So their server is available for anybody on the Internet to use to send mail."
That's called an anonymous relay, or open relay. "It's not the toy company itself that's sending spam," Dickey explains. "Their server was set up wrong. It allows spammers to send mail through it. See, individual computers don't deliver mail. They send it to an outbound mail server, and that server delivers the mail. It searches and finds the toy company in Japan."
This searching is done with computer programs that automatically send messages to mail servers around the world. "They ask each one to send back a piece of mail," Dickey explains. "Whatever one they get back, they know that one allows anonymous relays, and then they use that to send spam."
As long as the spammer doesn't flood the Japanese toy company's server with so much mail that their system buckles and their employees can't send mail, the toy company may never know that they are being used as a conduit for electronic junk mail. That is, until Dickey or a colleague receives a spam mail through their server and tells them about it. After he's sent that message, he blocks mail from the toy company's server to his customers. "I have over 3000 blocked addresses," Dickey says. "Those are addresses that I won't accept mail from because either they're known to accept spam or are an anonymous relay, like the Japanese toy company. Sometimes they call me and say, 'Hey, you're blocking me.' I tell them, 'You were an open relay.' I keep a record of everything I block so I can go back and say, 'Yeah, I blocked you because in 1999, December 7, I received 27 complaints regarding spam from your address.' Sometimes they say, 'Well, I fixed that problem.' Then I'll test it again, and if it doesn't allow anonymous relay, I'll open it up again."
Most American Internet-service providers block anonymous relays. But servers in other countries aren't as careful. "The biggest places to search for relays," Dickey says, "are Korea, Japan, Russia, and China. They're non-English-speaking places, but everything [in the computers] is English. They set up their machines, and they either can't read the directions that tell them how to block spam, or they don't care. As long as it works, they don't care. But the thing is, I've seen some servers buckle because of the amount of abuse they've taken. Because if you have a server for maybe 20 or 30 people, your little server works just fine for those 20 or 30 people. Then somebody tries to send 250,000 pieces of mail out of it, and the system can't handle it."
Dickey also blocks spam mail by identifying the original source, the spammer himself, though spammers exert great effort not to be identified. They use fake e-mail addresses, though Dickey says his system at American Digital Network can usually spot the phony names, and they sometimes use the e-mail addresses of an unknowing third party as a return path. That's not fun for the third party, Dickey explains. "Because now you're getting 200 complaints about being a spammer," Dickey says, "when you didn't do anything. But they've put your name in there to try to throw us off the track."
American Digital Network subscribes to several Internet groups that track and keep lists of known spammers. And Dickey keeps his own list. He blocks all of them from sending mail to his customers. He's also had personal e-mail contact with some of the spammers. "One guy," Dickey recalls, "who was local, actually, kept saying, 'I'm not a spammer. It says right on the mail, this is not spam.' I told him if it's unsolicited, it's spam. He just kept saying, 'It's not spam,' so finally I just reported him to his ISP."
Some spammers, upon being blocked or reported, have tried to "mailbomb" Dickey, which means sending "250,000 pieces of mail all saying, 'SCREW YOU!' The idea is to bring my system down. But I'm well-protected against that." Other disgruntled spammers attempt to hack into Dickey's system "to see if they can take it over." He's well-protected against that too.
Another spam-fighting method is to block any e-mail that comes in with a specific subject line. The problem with that is a spammer need only change one character in the subject line to get it through again. Dickey scrolls through a list of such subjects. It's thousands of entries long. The words teens, orgy, wet, and various euphemisms for female anatomy appear over and over. Dickey estimates that porn advertising makes up 30 to 40 percent of the half-million spam e-mails his system blocks every day. As a father of two young daughters, it's that 30 to 40 percent he's most concerned about. Asked what the most offensive spam he'd ever dealt with was, he answers, "We got one from San Francisco," he recalls, "that was somehow gay related. It was pictures of men pooping on meat. I'm not talking about a link here. I'm talking about my customers receiving a piece of mail with pictures right on it of men defecating on steaks."
Kiddie-porn ads also come over the wires. "Those I send to the Federal Trade Commission," Dickey says, "along with multi-level marketing schemes and anything else I think may be illegal."
Comments