What's New!

Chat with

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 


Meet the 
Happy Hacksters 

Help for 



It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

More how to fight spam...

Just remember when forging Usenet posts that both faked email and Usenet posts can be easily detected -- if you know what to look for. And it is possible to tell where they were forged. Once you identify where spam really comes from, you can use the message ID to show the sysadmin who to kick out.

Normally you won’t be able to learn the identity of the culprit yourself. But you can get their ISPs to cancel their accounts!

Sure, these Spam King types often resurface with yet another gullible ISP. But they are always on the run. And, hey, when was the last time you got a Crazy Kevin “Amazing Free Offer?” If it weren’t for us Net vigilantes, your email boxes and news groups would be constantly spambombed to kingdom come.

And -- the spam attack I am about to teach you is perfectly legal! Do it and you are a certifiable Good Guy. Do it at a party and teach your friends to do it, too. We can’t get too many spam vigilantes out there!

The first thing we have to do is review how to read headers of Usenet posts and email.

The header is something that shows the route that email or Usenet post took to get into your computer. It gives the names of Internet host computers that have been used in the creation and transmission of a message. When something has been forged, however, the computer names may be fake. Alternatively, the skilled forger may use the names of real hosts. But the skilled hacker can tell whether a host listed in the header was really used.

First we’ll try an example of forged Usenet spam. A really good place to spot spam is in alt.personals. It is not nearly as well policed by anti-spam vigilantes as, say, rec.aviation.military. (People spam fighter pilots at their own risk!)

So here is a ripe example of scam spam, as shown with the Unix-based Usenet reader, “tin.”
Thu, 22 Aug 1996 23:01:56        alt.personals       Thread  134 of  450
ppgc@ozemail.com.au      glennys e clarke at OzEmail Pty Ltd - Australia
At Perfect Partners (Newcastle) International we are private and
confidential.  We introduce ladies and gentlemen for friendship
and marriage.  With over 15 years experience, Perfect Partners is one
of the Internet's largest, most successful relationship consultants.

Of course the first thing that jumps out is their return email address. Us net vigilantes used to always send a copy back to the spammer’s email address.

On a well-read group like alt.personals, if only one in a hundred readers throws the spam back into the poster’s face, that’s an avalanche of mail bombing. This avalanche immediately alerts the sysadmins of the ISP to the presence of a spammer, and good-bye spam account.

So in order to delay the inevitable vigilante response, today most spammers use fake email addresses.

But just to be sure the email address is phony, I exit tin and at the Unix prompt give the command:

 whois ozemail.com.au

We get the answer:

 No match for "OZEMAIL.COM.AU"

That doesn’t prove anything, however, because the “au” at the end of the email address means it is an Australian address. Unfortunately “whois” does not work in much of the Internet outside the US.

The next step is to email something annoying to this address. A copy of the offending spam is usually annoying enough. But of course it bounces back with a no such address message.

Next I go to the advertised Web page. Lo and behold, it has an email address for this outfit, perfect.partners@hunterlink.net.au. Why am I not surprised that it is different from the address in the alt.personals spam?

We could stop right here and spend an hour or two emailing stuff with 5 MB attachments to perfect.partners@hunterlink.net.au. Hmmm, maybe gifs of mating hippopotami?

You can go to jail note! Mailbombing is a way to get into big trouble. According to computer security expert Ira Winkler, “It is illegal to mail bomb a spam.  If it can be shown that you maliciously caused a financial loss, which would include causing hours of work to recover from a spamming, you are criminally liable.  If a system is not configured properly, and has the mail directory on the system drive, you can take out the whole system.  That makes it even more criminal.”

Sigh. Since intentional mailbombing is illegal, I can’t send that gif of mating hippopotami. So what I did was email one copy of that spam back to perfect.partners. Now this might seem like a wimpy retaliation. And we will shortly learn how to do much more. But even just sending one email message to these guys may become part of a tidal wave of protest that knocks them off the Internet. If only one in a thousand people who see their spam go to their Web site and email a protest, they still may get thousands of protests from every post. This high volume of email may be enough to alert their ISP’s sysadmin to spamming, and good-bye spam account.

More how to fight spam --->>

Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Visit this group


Return to the index of Guides to (mostly) Harmless Hacking!

 © 2013 Happy Hacker All rights reserved.