Return-Path: Received: by massis.lcs.mit.edu (8.7.4/NSCS-1.0S) id AAA19047; Mon, 24 Mar 1997 00:43:07 -0500 (EST) Date: Mon, 24 Mar 1997 00:43:07 -0500 (EST) From: ptownson@massis.lcs.mit.edu (TELECOM Digest Editor) Message-Id: <199703240543.AAA19047@massis.lcs.mit.edu> To: ptownson@massis.lcs.mit.edu Subject: TELECOM Digest V17 #74 TELECOM Digest Mon, 24 Mar 97 00:43:00 EST Volume 17 : Issue 74 Inside This Issue: Editor: Patrick A. Townson Dealing With Spam (North Coast Communications) Cyberpromo Got Hacked (Darren Kruger) Most Effective Response to Spam (Jay R. Ashworth) Re: Does This Warning Really Make a Difference? (David Clayton) Re: Does This Warning Really Make a Difference? (Andrew C. Green) Re: Does This Warning Really Make a Difference? (Eric Dittman) Re: Does This Warning Really Make a Difference? (Keith Jacobs) Administration to Confirm Domestic Crypto (David Sternlight) Cellular List -> Now Wire (Listserv) TELECOM Digest is an electronic journal devoted mostly but not exclusively to telecommunications topics. It is circulated anywhere there is email, in addition to various telecom forums on a variety of public service systems and networks including Compuserve and America On Line. It is also gatewayed to Usenet where it appears as the moderated newsgroup 'comp.dcom.telecom'. Subscriptions are available to qualified organizations and individual readers. Write and tell us how you qualify: * ptownson@massis.lcs.mit.edu * The Digest is edited, published and compilation-copyrighted by Patrick Townson of Skokie, Illinois USA. You can reach us by postal mail, fax or phone at: Post Office Box 4621 Skokie, IL USA 60076 Phone: 847-329-0571 Fax: 847-329-0572 ** Article submission address: ptownson@massis.lcs.mit.edu Our archives are located at hyperarchive.lcs.mit.edu. The URL is: http://hyperarchive.lcs.mit.edu/telecom-archives They can also be accessed using anonymous ftp: ftp hyperarchive.lcs.mit.edu/telecom-archives/archives (or use our mirror site: ftp ftp.epix.net/pub/telecom-archives) A third method is the Telecom Email Information Service: Send a note to tel-archives@massis.lcs.mit.edu to receive a help file for using this method or write me and ask for a copy of the help file for the Telecom Archives. ************************************************************************* * TELECOM Digest is partially funded by a grant from the * * International Telecommunication Union (ITU) in Geneva, Switzerland * * under the aegis of its Telecom Information Exchange Services (TIES) * * project. Views expressed herein should not be construed as represent-* * ing views of the ITU. * ************************************************************************* Finally, the Digest is funded by gifts from generous readers such as yourself who provide funding in amounts deemed appropriate. Your help is important and appreciated. A suggested donation of twenty dollars per year per reader is considered appropriate. See our address above. All opinions expressed herein are deemed to be those of the author. Any organizations listed are for identification purposes only and messages should not be considered any official expression by the organization. ---------------------------------------------------------------------- Date: Sat, 22 Mar 97 14:19:00 EST From: North Coast Communications <0005082894@mcimail.com> Subject: Dealing With Spam PAT recently asked whether the various "anti-spam" tactics were working. I was fortunately free of this plague (for the most part) the last few years, in spite of posting to USE(LESS)NET. However, since Christmas there has been a virtual flood of junk mail. I wrote the following two letters, which I send to the offender with copies to the ISP involved. I also attach a copy of the original message. This seems to be working for me at least. I have not had to go beyond the second letter. Michael Fumich ***Text of first letter*** PLEASE READ THE FOLLOWING CAREFULLY & AVOID LITIGATION OR PROSECUTION! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Please ->IMMEDIATELY<- remove the following addresses from your records, and send no further unsolicited commercial E-Mail: [List of company addresses deleted] We have started a file on you concerning this matter. Further Internet "SPAM" sent by you to our personel or company will result in, and will not be limited to, the following: 1.) Complaints being filed with your Internet Service Provider. 2.) Complaints being filed with the Federal Trade Commission. 3.) Complaints being filed with your states Attorney General, Consumer Fraud Division, or any other Law Enforcement agency with an interest or jurisdiction. 4.) A Civil suit (including Small Claims) filed agaist you to recoup our expense in this matter, including punitive damages where permitted by law. The type of activity you are engaging in (unsolicited E-Mail), has DIRECT costs to the RECEIVER of the message including download time, storage time on the host, phone expense, administrative time sorting etc. This is not like unsolicited postal mail, which can be simply opened and thrown away. It is not necessary for you to reply to this letter. I am sure an astute businessperson such as yourself can see the logic of the above. Michael Fumich, President North Coast Communications ***End of text of first letter*** ***Text of second letter*** Hello! I recently wrote you regarding Internet "SPAM" being sent from your site, and provided you with a list of addresses for deletion from your mailing list(s). Since that time additional "SPAM" has arrived from you. As I explained in that letter, unsolicited, commercial E-Mail is NOT WELCOME at the following address's and will be dealt with severely. [List of company addresses deleted] There ARE options available to the victims of your abuse. Company policy here is to report these matters to the senders ISP, State Attorney General Consumer Fraud Division, The Federal Trade Commission, as well as to file Civil Suit. I have also heard of (but do not endorse) the following options sometimes used when the Internet community has become upset with individual spammers. OTHER OPTIONS THAT HAVE BEEN USED TO DEAL WITH INTERNET "SPAMMERS" ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 1.) Operating from a Post Office Box? Postal regulations dictate that the Post Office release the -> ACTUAL STREET ADDRESS <- of any business using a Post Office Box for the purpose of "soliciting business with the public". This applies to private "mail drop" services as well. (ie: Mailbox Etc.) 2.) Toll-Free Number Huh? Sometimes these get posted to "hacker" newsgroups. The 14 year olds on alt.2600 & alt.phrack really do a number on these! (And they DO know about ANI, so don't expect to get the home telephone numbers of many of your tormentors!). Ask Jeff "Spam King" Slaton of Albuquerque NM about his experience with this. Reports were his LDI "800" number bill reached over $100,000, after hackers made a "project" out of him! Not that the spammers REGULAR telephone number is safe from flames or abuse. Ask a hacker sometime about the meaning of the term "social engineering". You would be amazed at what some of these young genius can accomplish! I ask you once again, NICELY, please remove our address(s) from your records. We are NOT interested in your products or "services". I really prefer the "you leave me alone, I'll leave you alone" approach. However I am fully prepared for war if that is your wish! Michael Fumich, President, North Coast Communications ***End of text of second letter*** Michael Fumich :+) [TELECOM Digest Editor's Note: Add to the list of somewhat unethical (but none the less, fun) tactics against spammers the information which follows in the next message. It appears cyberpromo got hacked pretty bad. Come to think of it, I wonder why no one has pulled that dirty trick on cyberpromo which involves sending them all those packets of inquiry causing their system to get overloaded trying to respond and thus be unable to send out email, etc. You know, the thing that happened to a couple of legit ISPs. I'll bet an attack like that was directed at Spamford would go on for weeks and months at a time. I wonder why no one has done it yet? PAT] ------------------------------ Date: Sat, 22 Mar 1997 11:39:24 PST From: Darren Kruger Subject: Cyberpromo Got Hacked I found this on alt.2600 and thought you might be interested. I have removed some of the contents for brevity. Also, I've heard that Cyperpromo's web page also got hacked, but I can not confirm this. ------- start of forwarded message ------- From: bjlamber@unity.ncsu.edu (Bradford Justin Lambert) Newsgroups: alt.2600,alt.news,news.misc Subject: Fight Spam: Cyberpromos PW File Date: 19 Mar 1997 07:16:20 GMT Organization: North Carolina State University Lines: 1580 Message-ID: <5go3s4$7ot@uni00nw.unity.ncsu.edu> NNTP-Posting-Host: cc04du.unity.ncsu.edu X-Newsreader: TIN [UNIX 1.3 950824BETA PL0] This is a hacked account. Don't bother sending email. The owner of this account has nothing to do with any of this, other than the use of his account. Those of you who have had to put up with Sanford Wallace, Nancynet/Sallynet, Softcell and Jeff Slayton should appreciate this. For how long have we been forced to tolerate their flood of unsolicited email? How often has "take me off the list" been ignored? Or only was good for that customers list? It has indeed been annoying. Nobody else was fighting back, much. So I decided to kick them, and their clients in the balls. The following is a copy of Cyberpromos password file. After that is an extended dossier of who REALLY owns nancynet/sallynet (not gladys crocker, thats for sure). I hope they are useful. Please note that in the cyberpromo password file, there are a whooole bunch of phone numbers in their gecos field. Feel free to call up the scumbags at their offices and homes and give them an extended peice of your mind. Cyberpromos root password is 8130pe He's sure to change it, so if you ever wanted a reason to go get crack from ftp.cert.org:/pub/tools, now is a good time. This won't end. Ever. Myself and others will continue to expose spam operations weaknesses, vulnerabilities and expose them to the public until they realize that this is more annoying than junk faxes, which is what that fat festering pile of shit Sanford Wallace used to do before this. To those who think that spam is a good idea: think again. That is, unless you enjoy getting abusive calls from people at 3 am. So without further ranting, I present to you: Scumbags Exposed. [long passwd file removed for brevity] aaaaaaaaaaaaaaaaaaaaand... Nancynet.com Dossier/Client list Nancynet is a Spam site owned by a man named Zack Everett. Zack is apparently the head honcho, then Steve A. Ralph Huntington is another employee. Paula is his girlfriend and/or sales lackey. Zack and Paula own of 2 or more cats. What's more, Zack isn't really that good with voicemail passwords. Here's a fun way to keep an eye on Mr. Everett for at least however long this lasts. 1: Call 415-440-2987. 2: When the message begins playing, hit 0. 3: At the password prompt, hit 1234. 4: Hit 1 for read new messages, 2 to save a message, 3 to delete. Stay on the line for more options. Yes. 1234. That's his voicemail password. As Rick Moranis pointed out in "Spaceballs", Morons use that combination on their luggage. How appropriate. ---------------------------- The following is misc. information on his clients. [more information deleted. Included some usernames, whois information, and telephone numbers] ------- end of forwarded message ------- [TELECOM Digest Editor's Note: My, my, my ... I wish I had thought of it first . I do hope none of my readers get any ugly thoughts after reading messages like this one. PAT] ------------------------------ From: Jay R. Ashworth Subject: Most Effective Method of Dealing Wtih Spam Date: Sat, 22 Mar 1997 10:05:14 EST You wrote: > Our research indicates that you may be interested in this information. > If this assumption is incorrect, please send a reply with "remove" > in the subject line. You will get no further mailings from us. > We apologize for inconveniencing you. The unsolicited addition of this address to electronic mailing lists is categorically unacceptable. > ******************************************************************** > > Our mission is to provide the highest level of quality and finest > service imaginable to meet the needs and exceed the expectations of > our customers. > Travel Cards $0.175/min. > Debit Cards $0.16/min. > US Interstate rates $0.099/min., Switched Access > $0.0575/min., Dedicated Access > FREE Pagers > Pre-Paid Cellular > Bulletproof Voice Mail > Lowest Intl. rates in the industry > Incredible International CallBack rates too! > E-mail to FAX - FREE trial offer > Affinity programs for Non-profit organizations > > Income opportunies with FREE web pages to help you market the service! > > For complete details check out our web site at: > > http://www.nnsinc.com > > Warmest regards, > > Roger L. Jones, president > NNS, Inc. > 510-933-7700 > 510-933-7727 - FAX > e-mail: rlj@nnsinc.com > http://www.nnsinc.com United States Code, Title 47, Chapter 5, Subchapter II, says that "it shall be unlawful for any person within the United States to use any telephone facsimile machine, computer, or other device to send an unsolicited advertisement to a telephone facsimile machine." A telephone facsimile machine is defined in Section 227(a)(2)(B) as "equipment which has the capacity to transcribe text or images (or both) from an electronic signal received over a regular telephone line onto paper." By US Code Title 47, Sec.227(a)(2)(B), a computer/modem/printer meets the definition of a telephone fax machine. By Sec.227(b)(1)(C), it is unlawful to send any unsolicited advertisement to such equipment, punishable by action to recover actual monetary loss, or $500, whichever is greater, for each violation. Please stop this. You have been put on notice. I have recorded your site name; further UNSOLICITED and UNWANTED junk mail from your site will force me to follow up under federal law. Please note further that if you got this address from postings in comp.dcom.telecom, Pat Townson, the moderator of that newsgroup, will very likely undertake his own action against you. Postmasters: your systems were used to send this message. If this is contrary to your AUP's, please act accordingly. If it is not, you may wish to take advice on whether not adding such a provision leaves you open to legal exposure. Please note that you may have gotten this message even if it's obvious to me that your machine was used solely as a transit system for the email in question; I mean to cause you to decide that a bit more care in the choice of whose mail to forward would be A Good Thing. Jay R. Ashworth High Technology Systems Consulting Ashworth Designer Linux: Where Do You Want To Fly Today? & Associates ka1fjx/4 "...short of hiring the Unabomber, how can I +1 813 790 7592 jra@scfn.thpl.lib.fl.us get back at them?" --Andy Cramer NIC: jra3 ------------------------------ From: dcstar@acslink.aone.net.au (David Clayton) Subject: Re: Does This Warning Really Make a Difference? Date: Sun, 23 Mar 1997 05:41:48 GMT Organization: Customer of Access One Pty Ltd, Melbourne, Australia Reply-To: dcstar@@acslink.aone.net.au Steven V. Christensen contributed the following: > In article in comp.dcom.telecom, > Steven H. Lichter wrote: > [thread deleted] >> *****LEGAL NOTICE TO ALL BULK E-MAILERS***** >> >> NOTICE TO BULK EMAILERS: Pursuant to US Code, Title 47, Chapter 5, >> Subchapter II, 227, any and all nonsolicited commercial E-mail sent >> to this address is subject to a download and archival fee in the >> amount of $500 US. E-mailing denotes acceptance of these terms. > This is off-topic, but have you (or anyone) been able to apply the > above-mentioned penalty to spammers? As well, what is the best way to trip these mugs up and stop them "trawling" your e-mail address, a modified "reply to" address, or other methods? Regards, David **Remove the second "@" from the 'Reply To' (spam stopper!)** David Clayton, e-mail: dcstar@acslink.aone.net.au Melbourne, Victoria, Australia. ------------------------------ Date: Sun, 23 Mar 1997 15:33:08 -0600 From: Andrew C. Green Organization: Datalogics, Inc. Subject: Re: Does This Warning Really Make a Difference? Our Moderator notes: > [I]t got to be so bad with spammers writing to so many of > the readers here that many folks complained to me and I > started leaving in the obstacles designed to make automated > spamming a bit more difficult. [...] > So how has it been going with you people who put those things > in your messages? Has the spam and junk mail subsided at all? > Are those idiots with their business opportunities and other > worthless mail getting the hint at all? Let's find out, shall we? I've planted a bogus return address in the header of this message, to be used precisely once, right now. I expect that when this TELECOM Digest article is fed to Usenet, its header will be immediately skimmed and compiled for spam lists by a thousand different cretins under a hundred different rocks. (I may be off by a factor of ten or more.) It usually does not take very long for the feedback to begin. Incoming email sent to this "blackhole" address will bounce to our long-suffering postmaster/SysAdmin, who has graciously agreed to keep an eye peeled for anything addressed there. I'll post a summary in a week or two, whenever it looks like the tide has subsided, and let you know what sort of detritus has washed up. Andrew C. Green (312) 853-8331 (my genuine ID is "acg" at the same domain name above) Datalogics, Inc. 101 N. Wacker Drive, Ste. 1800 Chicago, IL 60606-7301 FAX: (312) 853-8282 ------------------------------ From: dittman@hibernia.dseg.ti.com (Eric Dittman) Subject: Re: Does This Warning Really Make a Difference? Date: 23 Mar 1997 18:30:49 GMT Steven V. Christensen (chrissv@pobox.com) wrote: > In article in comp.dcom.telecom, > Steven H. Lichter wrote: >> *****LEGAL NOTICE TO ALL BULK E-MAILERS***** >> NOTICE TO BULK EMAILERS: Pursuant to US Code, Title 47, Chapter 5, >> Subchapter II, 227, any and all nonsolicited commercial E-mail sent >> to this address is subject to a download and archival fee in the >> amount of $500 US. E-mailing denotes acceptance of these terms. > This is off-topic, but have you (or anyone) been able to apply the > above-mentioned penalty to spammers? I'd like to know if anyone has been able to apply the above-mentioned penalty to junk faxers? There are a couple of junk fax companies here (we were getting quite a few junk faxes at work) and now they've found my two fax lines at home (from the caller-ID log and the empty test faxes). One of the companies has sent a junk fax to one of the lines (the other was busy). There is no name on the fax and the only phone number is the fax number for requesting a quote on a car lease. I sent a reply fax asking them to call me, but I didn't but any of the other information they ask for (like car model). They haven't called me back and I haven't been able to find out who they are yet. Eric Dittman Texas Instruments - Component Test Facility dittman@hibernia.dseg.ti.com (972) 462-4292 Disclaimer: Not even my opinions. I found them by the side of the road. Any unsolicited junk email will be treated as a request for random binaries of not less than 20MB in size. ------------------------------ From: Keith Jacobs Subject: Re: Does This Warning Really Make a Difference? Date: Sun, 23 Mar 1997 12:44:25 -0500 Organization: Concentric Internet Services Reply-To: Keith Jacobs On 18 Mar 1997, Steven V. Christensen wrote: [legal notice to spammers deleted] > This is off-topic, but have you (or anyone) been able to apply the > above-mentioned penalty to spammers? And on 18 Mar 1997, Our Fearless Editor (TM) wrote: > So how has it been going with you people who put those things in your > messages? Has the spam and junk mail subsided at all? Are those idiots > with their business opportunities and other worthless mail getting the > hint at all? If the junk has continued, have you successfully been > able to enforce your various 'contracts'? Although I don't use legal notices or contracts, I do try to take a few minutes to hunt down the sender of any unsolicited e-mail which arrives in my mailbox. If you already have a working method to fight spammers, you can probably just skip over this message. But if you're wondering how to effectively deal with these "bulk e-mailers," read on. With most of the spam I get, the sender's e-mail address is falsified; either a few letters have been changed (i.e. asdf@spam.com is their real address, but they have sent as adsf@spam.com) or the whole address is bogus. So replying to the spam e-mail usually results in one's reply being bounced back. If the reply address is valid, the address is usually either an auto-reply 'bot (which means even more unsolicited mail in your box if you reply) or a mailbox which is ignored and cleaned out every few days. This is one reason why more and more junk e-mail prevention web sites, like www.junkbusters.com, are suggesting not to reply to spammers via e-mail--it just doesn't help. (Note: I have no affiliation with JunkBusters, besides a common goal to stop junk e-mail.) So, what can you do? Well, I've had success with this method. First I use my e-mail program to view the full headers of the unsolicited e-mail. From that information I find the domain name from where the e-mail originated and I use the UNIX command 'whois' to look up information about that domain. InterNic keeps detailed contact information about the people who run each domain on the Internet, and it is made public through the 'whois' command. If the headers don't reveal the information you need to get in touch with the spammer, try briefly scanning through the mail for a real reply address or a web page which might have contact information. If you don't want to satisfy the spammer by reading his junk mail, just do a search for "@" or "http" and see what turns up. Usually this is as far as I have to go. The last unsolicited e-mail I received, I found contact information about the creator's domain through the 'whois' command and I called him. It turned out he worked from home and his daughter answered the phone. I asked to speak to the spammer and when I requested to be removed from his mailing list, he was fairly surprised. He immediately wanted to know how I was able to get his phone number. I was angry!, of course, at having been spammed. But instead of chewing him out I calmly explained that bulk e-mailing was illegal, that more importantly it was wrong, and that any half-determined one of his thousands of recipients could "retaliate" against him. I pointed out that within ten minutes of receiving his unsolicited e-mail I was talking to his daughter on his home phone line. He was, as you can imagine, shocked. He told me that CyberPromotions had sold him the mailing list and Internet access to bulk e-mail potential customers, and that they had never informed him of the potential risks. He was pretty shaken up at the time, but a few days later he sent me an e-mail thanking me for the information and the warning. JunkBusters, the junk-email prevention web site I mentioned above, also suggests getting the spammer's snail mail address (again from the 'whois' command) and sending them certified mail with either a legal notice (like the one we saw in Steven Lichter's .signature) or a letter informing the sender of why spamming is illegal, ineffective, and just plain wrong. Although I've never tried this method before, I can imagine how effective it would be. As JunkBusters suggests, if even 1% of a spammer's mailing list were to send him certified mail, he could be signing for 1,000 or more pieces of mail per day. Now -that- would prevent junk e-mailing. Keith Jacobs Ernst & Young LLP Management Consulting Practice http://www.ey.com [TELECOM Digest Editor's Note: The trouble with sending it to him as certified or registered mail is that it costs you, the sender, a nice bit of change to mail it out. Only the post office would get rich on that sort of retaliation. Far better to have a short chat with the spammer as you did, and let him know that Spamford Wallace is no friend of the net; if anything he is public enemy number two, preceeded only by that old fool Jeff Slaton. Or number three perhaps, if you include whats-his-name, the magazine sales guy operating on Staten Island, NY who does female impersonations. Remember him? It was always a message from a female university student in some foreign country who just had to write and let you know about the wonderful bargains you could get on magazine subs- criptions if you would respond to a fax number in New York. And in case you got any smart ideas about jamming up his fax machine, he supposedly had it set to only accept one sheet of paper and then disconnect. I've not seen much from him lately; perhaps he decided to go out and get a legitmate job somewhere -- but then I should talk, eh? I had to go get one myself back in December and call it quits on 'doing the Digest' full time. So much for Making Money Fast on the Internet. So much for this topic. Let's change the subject in the space remaining in this issue. PAT] ------------------------------ From: David Sternlight Subject: Administration to Confirm Domestic Crypto Date: Sun, 23 Mar 1997 20:37:35 -0800 Organization: DSI/USCRPAC Reply-To: david@sternlight.com In connection with a news item today about the cracking of digital cellular phone keypad encoding, ClariNews reports that a senior Commerce Department official said Wednesday the Clinton administration plans to introduce a bill soon that would clearly affirm that encryption users in the US can use any type or strength of encryption technology. (Thanks to ClariNews for the above item -- the article is copyright and the info above represents a fair use abstract). Comment: It is reported that the reason digital cellular encryption was breakable was that the industry deliberately weakened the key length at NSA request. If so, this is a scandal, and the assertion (we'll see what happens) that the administration will introduce such a bill seems to me to be a clear attempt at damage control. Despite the industry's attempt at damage control ("we're already working on a fix" says the trade association), a Qualcomm spokesman says that the fix will be extraordinarily difficult and expensive, and require modifying both everyone's digital cellular phone and the cell site or head end equipment. Qualcomm is the inventor of CDMA and ought to know what they are talking about. I must say that if the assertion is correct about the reasons for the weak keys, I can no longer support any government policy that would make law enforcement's job easier at the expense of the entire population. This is not a police state, and it is high time the FBI, NSA, and CIA faced up to the fact that when the rights of the rest of us are concerned, they must do their job the old fashioned way, and not by seeking shortcuts at the expense of the public's security. David ------------------------------ From: listserv@phx-az.com (Listserv) Subject: Cellular List -> Now Wire Date: Mon, 24 Mar 1997 03:48:00 GMT Organization: ArizonaONE Data Services ******IMPORTANT ANNOUNCEMENT!******* The CELLULAR-LIST has changed its name to WIRELESS! This list is designed more to meet the needs of the wireless telephone user and the industries involved. Therefore to better indicate our mission, the listname was changed to Wireless! If you would like to subscribe to Wireless!, please send an e-mail to: LISTSERV@PHX-AZ.COM SUBSCRIBE Wireless Firstname Lastname Please join our current discussion about AMPS vs. Digital PCS and Digital AMPS Networks ... Our Web Site is under construction, but is located at: http://www.stat.com/catch22/tcom ------------------------------ End of TELECOM Digest V17 #74 *****************************