Jewish World Review June 19, 2003 / 19 Sivan, 5763


Spam-free no longer — make the b---tards pay!

By Phillip Robinson

http://www.NewsAndOpinion.com | (KRT) A can of worms.

I really opened one when I wrote about my year without spam. About how the best protection is not to be known, not to give your email address away except to direct personal and business contacts. For all other work - placing an address on your website, using an address in chat rooms, entering an address for purchases online, entering an address for registrations online - you should always, always use a disposable address such as one of the freebies at Yahoo.com.

I used my real email address in the story about spam, and many newspapers printed it and ran it with their online publications too, so now the spammers have found me and the load of dreck grows each day. I can press Delete and watch them disappear, and I generally do.

I could dump the spam by switching email addresses, and I may have to do that at some point.

I could wait for the Congress to pass a "stiff" anti-spam law that demands each junk email come with an unsubscribe option and a real address.

First of all I doubt they'll pass such a law without adding all sorts of loopholes.

Secondly, even without loopholes, unsubscribe-and-address is a joke. That's not stiff. The spams I get now have both and I don't trust either. The unsubscribes are often just the spammers way of being reassured that you're really right there and receptive to spam. The addresses are often just temporary disposables if they even work at all. I could beat all of the spams I've received by shelling out a few bucks for a "source authentication" or "challenge-response" service that blocks all spam until a human verifies the message sender.

Until I make that move - or skip out to a new email address - I realized that some spam made me angry enough that I wanted to fight back. I don't want to just hide or to just ignore. I want the spammers to have to pay some cost. I want to be part of the solution.

So I started chasing spammers.

Not to file lawsuits against them. That's more bother than I want to take right now, and only available in some states (though more states are adding such laws).

No, I'm not chasing in court. I'm chasing in business.

Spammers sell things. That means they're using business services. And I can alert those services to the spammer's actions. For example, a particularly obnoxious spam I received three times today is trying to sell both prescription medicines and the opportunity to send out your own spams to sell prescription medicines. I can go after the companies that send their emails, run their websites, register their domains, handle their payments, ship their pills, and any government agencies that regulate or administer any of the above.

This particular spam is basically one online drug store (if there's actually a store there at all, which I never really trust with such shady operations, so I'd never give them my credit card info) that then offers to let anyone operate a cloned online drugstore. The original and all the clones send out spam email ads and then the clones earn a percentage from all the orders - which are actually filled (again, if they really are) from the original organization.

The spam message - which is often used intact by each clone - starts with a claim that it isn't spam because "YOU and YOU ALONE Opted-In and Subscribed Directly with Us to receive the TWICE PER WEEK SPAM E-mail Money Making Newsletter". Then, in one of the only values in spam - free humor from the stupidity and irony - the message continues "WE TEACH YOU HOW TO SPAM_SEND MILLIONS OF E-MAILS PER DAY!" So it isn't spam, but they will teach you how to use messages just like this that are spam. Right. Anyway, there follows a description of how easy it is to make millions selling prescriptions to the online "sheep" who will buy anything if enough spam shows up in their inboxes.

And it's all protected from the law and anti-spammers, so it says, because much of the work is now "offshore" in Brazil and China.

Well, you can still grab some handles on a spam such as this and give them a twist.

Here's what I'm doing for these prescription spams:

First, I called the 800-number listed for "unsubscribe". Now I tried not to be obnoxious. The poor schmoes on the other end are just sitting in tiny cubicles somewhere answering phones to put food on the table. They aren't the spammers. They only work for someone who has contracted with someone who works for the spammer. (More hilarity: when I called I was told the customer service rep would write down my request to unsubscribe on a scrap of paper and pass it to his supervisor. "Please wait 30 days for it to take effect." Sure. They can send millions of emails but can't use a computer to track one unsubscribe.) I refused to give them my "birth date," which they needed to be sure the right "phillip robinson" was unsubscribing. And I asked to talk to the supervisor. I'll probably call several more times because each call costs them money and that's part of my plan: make spamming uneconomical.

Second, I looked at reply-to email address. These are sometimes spoofed, faked, so that the message doesn't give away its real origin. And that means you shouldn't automatically send flaming mails to the sender. They may be entirely innocent. So I wrote a firm-but-polite note saying I hadn't opted in to anything and wanted out. (This can sometimes lead to more spam as they now know I'm a live address, but since they're already sending me 3 a day, and I'm going to hop email addresses sometime soon, that's an acceptable risk.)

Third I checked the domain for that email address (using my web browser to go to the www.wherever.com). There I found a phone number and a street address. I can call that number and complain (I'm cheap, so I only do this if I have a phone with free long-distance at hand, such as my cell phone). If you have the time and a stamp, send a letter complaining. Try to get the phone service center to cut off the spammer. Then use Google to look up the local government near the center, and the local newspaper, and email complaints to both.

Fourth I looked that domain up at register.com, and clicked the whois button, to see who owned the domain. Then I emailed complaints to the owner about the spam being sent - again, polite but firm. If the registrar was listed, I emailed complaints to them too.

Fifth, I noted what forms of payment were accepted by the spammer. One time it was WorldPay, which seems to be a Paypal-like service. So I emailed a complaint to them, saying they shouldn't accept payments for a spammer such as this. Other spams of the same sort used Visa, MasterCard, Discover, and American Express. So I looked up the websites for each of those (using good-old Google again), found their "contact" and "complaint" pages and emailed more notes: please stop accepting payments for an online spam scam such as this. MasterCard, to their credit (pardon me), emailed back within minutes. However, they claimed to have no connection or control, so I replied saying I found that unlikely: they're handling money for these guys, which gives them some control.

Sixth, because the pills from this thing are shipped Fedex, I went to Fedex.com and emailed a complaint to them, saying they shouldn't be doing business with a spam scam.

Yes, it took me 15 minutes to do all of that, but it was fun, and it felt good because I wasn't just at the mercy of a spammer. I know I cost this organization some immediate dollars through use of their toll-free line. And I'm hoping I cost them some more through the need to deal with and maybe have to change their registrar, phone-center, payment system, and shipping service. I'm especially hopeful on the last two because there are a very limited number of accepted billers and shippers, and they're mainly big companies that care a lot about their reputations. Even when spammers move to Brazil or China or wherever, most will still need to use payment and shipping services that are within US control.

I'd do one more thing if any spammer address I dug up turned out to be anywhere near my home. (Most seem to be in Florida.) I'd try to visit. Not to confront, not to show my anger, but just to see the place in person, and to then report their existence and activities to local government regulators and newspapers. Spam is a hot topic and both bureaucrats and editors know they can please their public by cracking down on spam. Give them the opportunity and show them the targets. (Hey, Florida, shine some sunlight on these cockroaches!)

The in-person visit might be dangerous, who knows, and the unsubscribing is definitely playing with "send me more spam" fire. But complaining to the services spammers need is safe for you and costly for the spammer. Go ahead. Make them pay.

Appreciate this type of reporting? Why not sign-up for the daily JWR update. It's free. Just click here.

Phillip Robinson is founder of the $7.95 OpenMinds.us Internet service. Comment by clicking here.

Up

© 2003, Distributed by Knight Ridder/Tribune Information Services