I'm not gonna take it!

I've learned the in's and out's of email headers, internet protocols, and how to follow the more convoluted slime trails that some of these spammers leave behind. I've figured out ways around their URL obfuscation methods, their site redirection techniques, their user tracking codes, and their overall sneaky tactics. I know how to dig up the information that they don't want me to know. Who they are, where their web sites are registered, who does their domain lookups, and the IP addresses of the email-servers that they've relay-raped. They may have my email address, they may think they've got the upper hand, they may think that their anonymous and invincible, but I'm not about to lay down and take it. I'm taking the battle right to their up-stream provider; providing evidence, advice, and motivation. Helping ISP's, security personnel, web site administrators, and other spam-fighters in this on-going war.

Spam elimination!?

Speaking of fighting Spam. Here's my idea/proposal. A way to 'eliminate' Spam. Yes, I said 'eliminate'. I know, there are those who would say, "That's not possible". I say it is. Not just detection, avoidance, and mitigation. I'm talking about elimination. Imagine it, not only would your inbox be free of Spam, you wouldn't be paying for all it's side-effects. You wouldn't need special filters, black-lists, spam-blocker software, etc. What a joy that would be! We could all concentrate on the more productive aspects of the Internet. We could all get back to work, and stop worrying about Spam!

How? I'm glad you asked. It all starts with DNS. The Domain Name System. There are thousands of DNS servers connected to the internet. DNS servers translate human readable domain names (like www.robsworld.org), into machine readable IP (Internet Protocol) addresses (like 12.254.13.152). My proposed idea adds a new role for these servers. The proposal doesn't require any new software on your home computer, there's no changes or additions to the current Internet Standards, and the entire process is hands-off and transparent for end-users.

First of all, we're already paying a large amount of time, money and man-power checking email to determine whether it's Spam or not. My proposal would eliminate all the costly per-email evaluation efforts. The amount of time and money spent on this aspect of Spam abatement would be reduced and redirected towards detection of two things. Two things which define Spam.

Nearly all Spam comes from one of two sources. Open Relays, or Open Proxies. An open relay is a mail server which does not authenticate users/use of its services. It relays any and all email received. Open proxies are servers configured not to log any transactions, thus they are abused by Spammers who know that they can Spam away without leaving a slimy trail back to the guilty party. If we eliminate email coming from these types of servers, we effectively eliminate Spam.

Here's how we do it. We insist that email servers only accept email after the submitting machine has been scanned. What is it scanned for? It gets checked to see whether or not it is an open relay, or open proxy. If it fails this check, the email is not accepted for delivery. What does the checking? DNS servers do the checking. They keep records of the results of these scans, and share them with other DNS Servers. Like Domain Name to IP conversion, the DNS servers would perform this scanning (and updating the results) throughout the day. The results would be logged and shared with email servers and other DNS servers .

How does that work? bigspammer@spamhouse.com sends a piece of spam your way. It eventually makes its way to your email server. The email server checks the DNS server. The DNS server reports that the email server requesting delivery is on its list of open relays. Your email server refuses to accept the email for delivery. You have just been spared from having to filter, and delete one more piece of Spam.

Won't this block legitimate email as well? It may, if your email services are run by an ISP operating an open proxy or open rely, then your email will be blocked by servers implementing this Scan and Block method. If your ISP is concerned about its customers and security, it will do its best to correct, avoid, and prevent listing on a DNS blocking list.

This method is already being used. There are blacklists/blocklists out there, but they're not implemented across the board, most are pay services, and most are based on Spam receipt/reports. My proposal does away with definitions of Spam. Email from any server which fails the scanning tests is blocked. The only way to get off the list is to implement logging on your machine, or require user authentication before you can send email.

This won't necessarily stop Spam. What it does is shine a light on the Spammer. Spammers don't like it when their true identity is revealed. This method eliminates two of the primary methods used by spammers to conceal their identity. Some ISPs play to Spammers by intentionally operating open proxies and/or open relays. Some Spammers set up their own open relays and/or open proxies. If these servers are blocked, Spammers will have to send email from servers which require authentication. Servers which log all transactions. The Spammer will leave a slimy trail back to his/her lair. If you get Spam from a legitimate source, the ISP can be notified, the guilty party identified, and 'dealt with'.

No more hiding behind open relays, no more safety in the arms of an open proxy. The Spammer will be forced to operate out in the open. Once he's out in the open, we can all see who the guilty party is. We can report them, paint them red, and eliminate them!

- Robert


	Why do I bother? Someone once wrote me regarding my spam fighting efforts. They asked a very good question. Why bother? They spoke in cautionary terms, trying to warn me that dire consequences might result if I were to piss off a spammer; "They might be a computer genius with a vengeance". They tried to dissuade me, assuring me that my efforts would have no measurable effect. They tried to tell me that it was a waste of time. Below is my response.

		Pat - Thanks for the advice. I've always operated under the 'never go after the spammer directly' method while fighting spammers, and I never use an antagonistic approach when dealing with system administrators. You never know whether one of the people you're conversing with is the enemy (spammers) or not.
		Sometimes I get discouraged in my spam fighting efforts, but then I think about the successes I've had. Some people tell me that I can't win this 'war', that the spammers have all the advantages, and that my efforts won't amount to a hill of beans. That's when I think about the people who've been swindled out of money, the thousands of netizens who've been bilked out of $50.00 here and there. The parents who've had to ban their children from using the internet for fear of porno spam. If I/we completely surrender, then all the spammers win. As long as I/we keep trying, I'm/we're bound to win some of the battles. That's what I'm after, just a little satisfaction.
		I've learned the in's and out's of email headers, internet protocols, and how to follow the more convoluted slime trails that some of these spammers leave behind. I've figured out ways around their URL obfuscation methods, their site redirection techniques, their user tracking codes, and their overall sneaky tactics. I know how to dig up the information that they don't want me to know. Who they are, where their web sites are registered, who does their domain lookups, and the IP addresses of the email-servers that they've relay-raped. They may have my email address, they may think they've got the upper hand, they may think that their anonymous and invincible, but I'm not about to lay down and take it. I'm taking the battle right to their up-stream provider; providing evidence, advice, and motivation. Helping ISP's, security personnel, web site administrators, and other spam-fighters in this on-going war.
		I feel confident that my efforts are helping to eliminate some of the more abusive spammers and scamsters. Recently, I helped shut down a couple of spammers operating some rather sophisticated scams. One of them was sending out false VeriSign account verification emails. The emails linked to a dummy VeriSign mirror, where the spammer was collecting valid logins and personal data. The other scam involved a spammer who was sending out forged University of Phoenix on-line solicitations. The email led to a dummy UOP web site, where the spammer had set up a PayPal account to collect 'registration fees'. These are just a couple of the schemes I've helped shut down this year. Never surrender, never say die, never give up the fight. Death to Spammers!
		(p.s. Your pacifist/cautionary attitude towards this subject (Oh yeah I'm heated up now) has inspired me. Inspired me to be more aggressive in my efforts (not my means). I plan on posting most of my response (message above) on yet another web page decrying the evils of spam. Thanks for the inspiration.) - Robert

	My response to all who would side with the "Your better off just deleting it" crowd is posted here. Hopefully, you're not one of those pacifists in the war on Spam. Hopefully, you care about your rights. Hopefully, you realize it's your money they're using to send you Spam. Hopefully, you'll join me in fighting spam. Spam elimination!? Speaking of fighting Spam. Here's my idea/proposal. A way to 'eliminate' Spam. Yes, I said 'eliminate'. I know, there are those who would say, "That's not possible". I say it is. Not just detection, avoidance, and mitigation. I'm talking about elimination. Imagine it, not only would your inbox be free of Spam, you wouldn't be paying for all it's side-effects. You wouldn't need special filters, black-lists, spam-blocker software, etc. What a joy that would be! We could all concentrate on the more productive aspects of the Internet. We could all get back to work, and stop worrying about Spam! How? I'm glad you asked. It all starts with DNS. The Domain Name System. There are thousands of DNS servers connected to the internet. DNS servers translate human readable domain names (like www.robsworld.org), into machine readable IP (Internet Protocol) addresses (like 12.254.13.152). My proposed idea adds a new role for these servers. The proposal doesn't require any new software on your home computer, there's no changes or additions to the current Internet Standards, and the entire process is hands-off and transparent for end-users. First of all, we're already paying a large amount of time, money and man-power checking email to determine whether it's Spam or not. My proposal would eliminate all the costly per-email evaluation efforts. The amount of time and money spent on this aspect of Spam abatement would be reduced and redirected towards detection of two things. Two things which define Spam. Nearly all Spam comes from one of two sources. Open Relays, or Open Proxies. An open relay is a mail server which does not authenticate users/use of its services. It relays any and all email received. Open proxies are servers configured not to log any transactions, thus they are abused by Spammers who know that they can Spam away without leaving a slimy trail back to the guilty party. If we eliminate email coming from these types of servers, we effectively eliminate Spam. Here's how we do it. We insist that email servers only accept email after the submitting machine has been scanned. What is it scanned for? It gets checked to see whether or not it is an open relay, or open proxy. If it fails this check, the email is not accepted for delivery. What does the checking? DNS servers do the checking. They keep records of the results of these scans, and share them with other DNS Servers. Like Domain Name to IP conversion, the DNS servers would perform this scanning (and updating the results) throughout the day. The results would be logged and shared with email servers and other DNS servers . How does that work? bigspammer@spamhouse.com sends a piece of spam your way. It eventually makes its way to your email server. The email server checks the DNS server. The DNS server reports that the email server requesting delivery is on its list of open relays. Your email server refuses to accept the email for delivery. You have just been spared from having to filter, and delete one more piece of Spam. Won't this block legitimate email as well? It may, if your email services are run by an ISP operating an open proxy or open rely, then your email will be blocked by servers implementing this Scan and Block method. If your ISP is concerned about its customers and security, it will do its best to correct, avoid, and prevent listing on a DNS blocking list. This method is already being used. There are blacklists/blocklists out there, but they're not implemented across the board, most are pay services, and most are based on Spam receipt/reports. My proposal does away with definitions of Spam. Email from any server which fails the scanning tests is blocked. The only way to get off the list is to implement logging on your machine, or require user authentication before you can send email. This won't necessarily stop Spam. What it does is shine a light on the Spammer. Spammers don't like it when their true identity is revealed. This method eliminates two of the primary methods used by spammers to conceal their identity. Some ISPs play to Spammers by intentionally operating open proxies and/or open relays. Some Spammers set up their own open relays and/or open proxies. If these servers are blocked, Spammers will have to send email from servers which require authentication. Servers which log all transactions. The Spammer will leave a slimy trail back to his/her lair. If you get Spam from a legitimate source, the ISP can be notified, the guilty party identified, and 'dealt with'. No more hiding behind open relays, no more safety in the arms of an open proxy. The Spammer will be forced to operate out in the open. Once he's out in the open, we can all see who the guilty party is. We can report them, paint them red, and eliminate them! - Robert
	Return to my Junk/Spam declaration page. Author: Robert L. Vaessen e-mail: Last Updated: