Home/red-rock-eater/spam wars

spam warswriting

rreauto-importedrre-post
1997-05-17 · 5 min read · Edit on Pyrite

Source

Automatically imported from: http://commons.somewhere.com:80/rre/1997/spam.wars.html

Content

This web service brought to you by Somewhere.Com, LLC.

spam wars

``` [A new form of extortion: shut up your mouth, and/or contribute to our benevolent fund, or we'll forge your address on our next giant spam. Spam is theft. For more anti-spam action, see http://www.cauce.org/ ]

---

This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, send an empty message to rre-help@weber.ucsd.edu

---

Date: Sat, 17 May 1997 12:53:10 -0700 (PDT) From: risks@csl.sri.com Subject: RISKS DIGEST 19.16

---

Date: Thu, 15 May 1997 20:01:52 -0400 From: Jim Youll Subject: newmediagroup.com headers were forged in junk e-mailing; retaliation against my public anti-SPAM activities

We are a very small company. We are being attacked electronically, because of my public anti-spam stance:

(A) Our server was subjected to an inbound bombing from the hijacked servers into our mailserver last night (14 May 1997).

(B) Thousands of messages were sent OUT today (15 May) from the same hijacked servers, resulting in a torrent of complaining, hostile, violent mail to our mailboxes. Some people began to mailbomb us with large documents.

I have 99.9% confidence that the hostile messages were injected into the net from a computer dialed into enterprise.net, a UK ISP, and have the corroborating records to prove it, at least everything I can get without cooperation from enterprise.net. I am unable to reach anyone at enterprise.net who will assist in this investigation.

The messages were relayed off nevwest.com and freenet.carleton.ca SMTP servers.

The administrators at these sites have not been terribly supportive, though they claim to be working on it. They have also received quite a bit of inbound mail, but appear somewhat unsure about what to do or ``how that happened''. They've asked me if I sent the messages.

Complete details of the attack and my anti-junkmail posting which started all this appear here: http://www.agentzero.com/junkmail

The message I have sent out follows. I need support from the UK. I am prepared to do whatever it takes to get a prosecution.

-- quoted message follows --

My domain newmediagroup.com is under attack by someone who doesn't like my MILITANT, PUBLIC ANTI-SPAM stance. To date, their actions have included sending apparently several thousand e-mail messages, forged showing my name as the sender. In addition, this same party or someone working with them conducted a denial-of-service attack on our system last night, 14 May. See http://www.agentzero.com/junkmail, including system logs clearly showing the terrorists' use of third-party unsecured SMTP servers as relays (which you will also see by looking at the headers of the messages that were sent).

Their attack has also included threats of harm against me.

PLEASE let people know this did not originate at newmediagroup.com. It is a complete forgery. We are TRYING to investigate and at the moment have a number of backbone carriers and MCI security, involved. I am doing all I can. PLEASE tell people to stop writing to complain. This did not come from us. We don't spam. I am FIGHTING spam and that is why I was targeted in this manner. When you see their mail-bomb messages to me, you will understand.

I am seeking cooperation from the sites that were used as relays. Sheila, apparently an administrator at freenet.carleton.ca. (office@ is their e-mail address; if you have received junk that bounced off their mailer, I STRONGLY suggest you contact them and demand the holes be closed.) Carleton Freenet has notified me (15 May 1997, 1600 EDT by e-mail) that they will not release their SMTP logs, which would show the origin of the message injected into their mailer. A man reached at nevwest.com said he had ``one technician working on it'' but really didn't understand the specifics, and was not very excited about helping. This is all very exciting for electronic terrorists, I am sure.

New Media Group (and I in particular!) do not send or generate commercial e-mail. Ever. We are a small Internet presence provider working closely and on-site with clients in the Midwestern US. Only. We do not seek, service, or advertise to anyone outside that area, and we do not use e-mail for advertising.

Copies of all logs and the threatening messages which came here have been forwarded to security officers at all ISPs we could identify, and at the security offices of backbone providers involved in this. We're trying, but it will be difficult to identify who did this. We're trying. I fully intend to press criminal and civil charges at the very moment an indictment becomes feasible.

The reason we have been targeted is that I (personally, not this company) have been leading a campaign AGAINST junk e-mail. Please help me find out who did this.

If you look at the headers, you will see that the messages did not come from here. The incoming messages threatened more attacks unless I stop my campaign to free people from unwanted junk e-mail. This is terrorism, plain and simple and I call on the entire Internet community to help track down the responsible parties. I will appreciate any assistance you can provide.

I am offering a reward of $1,000 for information leading to the arrest and conviction of the perpetrators of this crime.

NOTE ADDED 16 May 1997:

We were hit again overnight 15 to 16 May. This time messages were sent to many addresses in the U.S. Primarily the incoming has been bouncing due to bogus or no-longer-in-use names at these locations. The nature of the addressing suggests that the names were culled from newsgroups and other public sources, and that the system doing the gathering went back some distance in time to get them, as many were expired.

.... It's been a busy couple of days. We have received approximately 2,500 undeliverable messages in the last few hours. (Normal is 20-50 per day.) The incoming complaints and attacks are slowing, because I think people are learning that jim@newmediagroup.com is ANTI-junk. Word is getting out, and hopefully that will help in the future.

---

End of RISKS-FORUM Digest 19.16

---

generic Risks reuse disclaimer:

Reused without explicit authorization under blanket permission granted for all Risks-Forum Digest materials. The author(s), the RISKS moderator, and the ACM have no connection with this reuse. ```

This web service brought to you by Somewhere.Com, LLC.