WordType Designs
Driven To Distractions©
The Sound of One Hand Clapping©

A rchive Date
[ 22-04-2001 ]
Category
[ Information Technologies ]
sub-Categoy
[ Networking ]
      [http://www.ftc.gov/bcp/privacy/wkshp97/comments2/junkbu~2.htm

      Consumer Privacy Comments Concerning The Junkbusters Corporation--P954807 (Part2)

      2.7 Anonymity
      For details on how your identity can be revealed while vou surf, see our page on privacy. Once vou start using the Internet Junkbuster you should find that much of the information previously indicated on that page will no longer be provided. We also recommend that you disable Java.

      2.7.1 If I use the Internet Junkbuster, will my anonymity be guaranteed? No. Your chances of remaining anonymous are improved, but unless you are an expert on Internet security it would be safest to assume that everything you do on the Web can be attributed to you personally.

      The Internet Junkbuster removes various information about you, but it's still possible that web sites can find out who you are. Here's one way this can happen.

      A few browsers disclose the user's email address in certain situations, such as when transferring a file by FTP. The Internet Junkbuster 1.4 does not filter the FTP stream. If you need this feature, or are concerned about the mail handler of your browser disclosing your email address, you might consider the products of Kevin McAleavey.

      Browsers downloaded as binaries could use nonstandard headers to give out any information they can have access to: see the manufacturer's license agreement. It's impossible to anticipate and prevent every breach of privacy that might occur. The professionally paranoid prefer browsers available as source code, because anticipating their behavior is easier.

      2.7.2 What private information from serverbound headers is removed? The Internet Junkbuster pounces on the following HTTP headers in requests to servers, unless instructed otherwise in the options.
      • The FROM header, which a few browsers use to tell your email address to servers. is dropped unless the -t option is set.
      • The USER_AGENT header is changed to indicate that the browser is Mozilla (Netscape) 3.0 with an unremarkable Macintosh configuration. (Different versions of the Internet Junkbuster indicated other configurations; our intent is to hinder anyone trying to infer whether our proxy is present.) If you don't like the idea of incorrectly identifying your computer as a Mac. set it accordingly.
      • The REFERER header (which indicates where the URL currently being requested was found) is dropped. A single static referer to replace all real referers may be specified using the -r option. Where no referer is provided by the browser, none is added; the -x option with arguments such as -x 'Referer:http://me.me.me' can be used to send a bogus referer with every request.
      In Version 1.4 and later you can use the -r @ option to selectively disclose REFERER and USER-AGENT to only those sites you nominate.

      Some browsers send Referer and User-Agent information under different non-standard headers. The Internet Junkbuster 1.4 stops UA headers, but others may get through. Some search engines encode the query you typed in the URL that goes to advertisers to target a banner ad at you, so you will need to block the ad as well as the referer header, unless you want them (and anyone they might buy data from) to know everything you ever search for.

      2.7.3 Might some things break because header information is changed? Possibly. If used with a browser less advanced than Netscape 3.0 or IE-3, indicating an advanced browser may encourage pages containing extensions that confuse your browser. If this becomes a problem upgrade your browser or use the -u option to indicate an older browser. In Version 1.4 and later you can selectively reveal your real browser to only those sites you nominate.

      Some page access counters work by looking at the referer; they may fail or break when deprived.

      Some sites depend on getting a referer header. Wired News relies on referer to decide whether to add a navigation column to the page, so blocking referer causes extraneous columns. In Version 1.4 and later you can use the -r @ option and place a line like >wired.com/news/ in your cookiefile.

      The weather maps of Intellicast have been blocked by their server when no referer or cookie is provided. You can use the same countermeasure with a line such as >208.194.150.32 (or simply get your weather information elsewhere).

      Some software vendors, including Intuit use USER_AGENT to decide which versions of their products to display to you. With the default you get Mac versions.

      2.7.4 Does the Internet Junkbuster conceal my IP address? Yes, assuming the proxy is running on a machine with a different IP address. Unless the -y option is used, the remote server gets only the IP address of the proxy, not its client. if this address is too close for comfort you can set up a chain of proxies, but this makes browsing slower of course.

      2.7.5 Does the Internet Junkbuster thwart identification by identd? We think so, provided you are not the user running the junkbuster. If your computer (or your isp's) is running the identd demon, servers can ask it for the identity of the user making the request at time you request a page from them. But if you're going through a proxy, they will identify the user name associated with the proxy, not you. A visit to http://ident.junkbusters.com lets you see what's happening. This test is (quite rightly) blocked by many firewalls; just interrupt the transfer if you get an abnormal wait after clicking. Running other applications may also expose you via identd; the proxy of course doesn't help then.

      2.7.6 Can web sites tell that I'm using the Internet Junkbuster? With the default options the proxy doesn't announce itself. Obvious indications such as Keep-Alive headers are deleted, but sites might notice that you can cancel cookies faster than any human could possibly click on a mouse. (If you want to provide a plausible explanation for this, change the User Agent header to a cookie-free or cookie-crunching browser).

      But when certain options are used they could figure out something's going on, even if they're not pushing cookies. If you use blocking they can tell from their logs that the graphics in their pages are not being requested selectively. The -y option explicitly announces to the server that a proxy is present, and sending them wafers is of course a dead giveaway.
      2.8 Security

      2.8.1 What happens with Secure Documents (SSL shttp:)? If you enter a "Secure Document Area," cookies and other header information such as User Agent and Referer are sent encrypted. so they cannot be filtered. We recommend getting your browser to alert you when this happens. (On Netscape: Options Security; General; Show an alert before entering a secure document space.)

      It may be possible to filter encrypted cookies by combining the blocking proxy with a cryptographic proxy along the lines of SafePassage, but we have not tried this.

      2.8.2 Will using this as my Security Proxy compromise security? We're not security experts, but we don't think so. The whole point of SSL is that the contents of messages are encrypted by the time they leave the browser and the server. Eavesdroppers (including proxies) can see where your messages are going whether you are running a proxy or not, but they only get to see them encrypted.
      2.8.3 Can I restrict use of the proxy to a set of nominated IP addresses? We don't provide a way of doing this. It would be easy to add, but before you do please consider why you want to do it. If the reason is security, it probably means you need a firewall.

      The -h option provides a way of binding the proxy to a single IP address/port. This can be used in some network configurations to give some selectivity on who can access your Internet Junkbuster, but it doesn't provide a general mechanism. The Internet Junkbuster is not a firewall proxy; it should not be expected to solve security problems.

      For background information on firewalls, see an FAQ or these well-known books: Firewalls and Internet Security: Repelling the Wily Hacker by William R. Cheswick and Steven M. Bellovin or Building Internet Firewalls by D. Brent Chapman Elizabeth D. Zwicky.

      There's free Linux software available, and a large number of commercial products and services. For an excellent security overview, primer, and compendium reference, see Practical Unix and Internet Security by Simson Garfinkel and Gene Spafford.

      2.8.4 Are there any security risks for ISPs or others who offer the proxy? Yes. As with any service offered over the Internet, hackers can try to misuse it. A well-run ISP will have professionals who are experienced at assessing and containing, these risks.

      It's possible to set up your machine so that other people can have access to your proxy, but if you lack expertise in computer security you probably shouldn't have your computer configured to offer this or any other service to the outside world.

      Hackers can attempt to gain access to the machine by various attacks, which we have tried to guard against but don't guarantee to thwart. They can also use the "anonymizing" quality of proxies to try to cover their tracks while hacking other computers. For this reason we recommend preventing it being used as an anonymous telnet by including the pattern : 23 in the blockfile. If you wish to block all ports except the default HTTP port 80, you can put the lines: ~:80 at the beginning of the blockfile, but be aware that some servers run on non-default ports (e.g. 8080). You might also want to add the line ~:433 to allow SSL.

      If you find any security holes in the code please tell us, along with any suggestions you may have for fixing it. However, we do not claim that we will be able to do so.

      We distribute this code in the hope that people will find it useful, but we provide no warranty for it, and we are not responsible for anyone's use or misuse of it.

      You may also want to check back periodically for updated versions of the code. We do not maintain a mailing list. To get quick updates, bookmark our Distribution Information page.

      3. About JUNKBUSTERS SPAMOFF

      3.1 If you don't want junk email, here's a way to say so strongly

      3.1.1 You can warn spammers in a reply or with a notice on the Web JUNKBUSTERS SPAMOFF (SM) will build you a personalized "No email solicitations" notice that you can publish on your Web space. This page explains the service, and also gives a strongly-worded reply that you can copy and send to junk emailers (spammers), even if you don't use our service to build and publish a notice.

      The reply basically says that the spammer must pay you $10 for each further email message he sends to you. Both the reply and the service to create notices are available free of charge to everyone. They don't cover telemarketing or junk mail. If you don't want those kinds of junk either, use Junkbusters Declare separately.

      This technique uses ideas similar to those pioneered by Private Citizen Inc. Since 1988 they have been helping people to collect "fees" from telemarketers who call them after being told they must pay if they do so. Private Citizen reports that in 1996 its members collected more than $54,000.

      Although some of the details below (such as the price of certified mail) are specific to the US only the general principles should be applicable in most countries.

      This page is intended for individuals. A page on what organizations can do to stop spam is under construction.

      3.1.2 Disclaimer and summary, of the options described below We are not lawyers, so don't take anything on our site as legal advice. We don't promise that what we describe will get spammers to leave you alone. It's up to you to get any advice you need to decide whether you should try these options: they come with no warranty.
        1. If you have the true email address of the spammer or the company that sent the spam, you can reply with the Notification and Offer given below, which basically says that you are unwilling to receive their spam for nothing, and that if they send you any they will have to pay.
        2. You can use JUNKBUSTERS SPAMOFF to create your personalized "No junk email" notice, which we call a Spam Offer, ready to publish on the Web.
        3. If a spammer annoys you so much that you're willing to spend $1.67 to get their attention, you can use certified mail to send them (or the company that delivers their spam) a Notification and Offer. If the spammer keeps sending you spam, you can show the evidence to a lawyer and ask what can be done to stop them.
        4. You might want to keep copies of the spam you get after you reply with a Notification and Offer, in case you or one of your friends decide to demand payment for it.
      We hope that lawsuits won't be needed. It would be much easier for spammers to collect the email addresses of people who have published these "No email solicitation" notices on the Web and not email them.

      3.1.3 Tracking down the spammer In order to address your Notification and Offer to spammers it is necessary to find an email address or preferably a postal address. Some spammers include phone number, postal address or email address in the body of the email, but these should be treated with suspicion. Junk emailers often use "spamouflage:" fake addresses in the "From," "Sender," and "Reply-to" fields. A somewhat more reliable indicator of the organization that delivered the spam can be found in the the domain name (the partial address after the "@" sign) given in the "Message-ID" field (which your email readers may not display unless you request it). Some spam factories have their own domain names, in which case you can try sending your reply to them, but it is more often an ISP, in which case you should complain to them. You can type the domain name into Internic's whois form to get the details on the organization. Most ISPs work hard to stop spam, but lately a small number have become tolerant or supportive of spammers. Our Links page lists several web sites where you can learn more how to track down the people who send spam.

      3.1.4 Option 1: Replying to each spam with a "Notification and Offer" If you do get a good return address, you can send a reply consisting of the following Notification and Offer and copyright notice. At the end you can also add a list of the names and email addresses of other people who permit you to include them.

      I do not want to receive uninvited solicitations by email ("Junk Email"). I am unwilling to receive Junk Email freely because it costs me time and money. If you send me any Junk Email other than on the terms of the offer set out in the following nine points, I will take this to mean that you plan to use what I offered you without paying for it. If you ever try to do this I reserve my right to take any action available to me without further reference to you. Actions available to me include taking proceedings against you for negligence or breach of contract, which may result in substantial damages being awarded against you by a court. The unauthorized use of my computing facilities mav even be a crime.
        1. I offer to receive all further email from you on the terms set out below. If you send me any solicitation by email without my express prior written consent this will be taken as your acceptance of this offer.
        2. For the purposes of points 3 and 4, you will be taken to have sent any email sent by any entity apparently associated with you for the purpose of sending email solicitations.
        3. You must pay me ten US dollars for each such item of email that you send me.
        4. You must pay me ten US dollars for each copy of each email solicitation that you send to anybody or any email address referred to below, even if you don't send a copy to me. You may also have to pay other persons as well if they have sent you a similar offer.
        5. I may join with any of those persons for the purpose of efficiently collecting your payments.
        6. You must mail payment by certified check to me within five working days of the transmission of the email. If you do not know where to send payment, you must state this in the email and give me an easy way to tell you.
        7. Each email item must be uniquely identified, and each payment must clearly identify the relevant item or items.
        8. You must tell me your name and full business and residential addresses in each email message.
        9. I may vary the terms of or terminate this offer at any time (even after you have accepted it). Any new terms will apply to all email you send after you have been notified of a variation.
      The copyright of the above text is held by Junkbusters Corporation and is used here in accordance with the GNU General Public License, copies of which are available at wwwjunkbusters.com or from the Free Software Foundation, 675 Massachusetts Avenue, Cambridge, MA 02139, USA.

      You don't have to use JUNKBUSTERS SPAMOFF before sending a spammer this reply: everyone has our permission under the GNU GPL to copy it and distribute it. What you do with it is your responsibility of course, and we don't guarantee it will silence the spammer.

      The Notification and Offer uses the common idea that you may have to pay if you do something that costs someone else money.

      Whenever you refuel your car or call a 900 number you are told how much you will have to pay, and you don't have to accept what is offered to you. Starting to fill your tank indicates your acceptance of the offer, which obliges you to pay, even though you didn't sign a contract saying you would. The Notification and Offer above tells the spammer that receiving junk email costs you money, and that you require certain payments if he sends you any.

      Don't plan on getting rich from spammers: most of them have shallow pockets. And please don't send huge numbers of these replies or include an enormous list of email addresses: this can make everybody suffer. Certified mail has two advantages over email: it doesn't slow the Internet, and it gives you a way of proving that the spammer received your offer.

      We don't recommend sending an email copy of the Notification and Offer to the webmaster of the ISPs given in the spammer's email address. Those administrators get huge numbers of these reports (and many follow them up and cut off the senders' accounts), so please keep any reports you send them brief: just the full email header information and the first few lines of the solicitation are usually all they need. Some people ask for the account to be terminated and include the sender on the carbon copy list. Many ISPs maintain an account called abuse for such reports, though some ask for such mail to be sent to support, postmaster, or other names.
      The Notification and Offer doesn't apply to responsible ISPs who have policies prohibiting junk ernailing, because under point 2 they are not associated with the sender "for the purpose of sending junk email." It's only in the rare case of a spam factory that this applies.

      3.1.5 Option 2: Publishing your "Spam Offer" on the Web Any group of friends could agree among themselves to team up against spam. They could include each others' names and email addresses in every Notification and Offer that they send to spammers. They could even arrange to divide the cost of suing a spammer and to share any money a court awards them.

      This idea of teamwork can be scaled up. People with web space can let all spammers know who they should not spam, by posting their addresses in notices on the Web. With the right permissions and software, anyone can gather these addresses together. You can help make this work by using your web space to publish the following Notice of Permission, which tells everyone that they can include your email address whenever they reply to spammers with the same Notification and Offer.

      I permit anyone who receives an uninvited solicitation by email ("You") to include my name and my email addresses) given below in Your reply to the sender or the sender's agent, on the following four conditions.
        1. Your reply must consist of the Notification and Offer quoted here (or any similar version published by Junkbusters) and the
        copyright notice. It may also include the names and email addresses of others who have also issued this same Notice of Permission.
        2. The reply must be made in a responsible and reasonable manner. It must not be sent in large or bulk email messages.
        3. You must not do anything that imposes any cost, liability or obligation on me.
        4. Your reply is Yours, not ours. You are not authorized to act on my behalf in any way.

      I permit my name and my email addresses) below to be included in lists published on the Web of people who have adopted the same Notification and Offer and Notice of Permission.

      To save You the trouble of editing an HTML page containing these paragraphs, JUNKBUSTERS SPAMOFF will build you a customized HTML Spam Offer that includes the italicized paragraphs above, plus some other useful text, such as a notice naming you as the copyright owner.

      The copyright notice won't stop spammers from using your email address; something as small as that can't be copyrighted. We give you the copyright because we are following our principle that each person should own the information about him or her. This is of more practical importance for people who publish their Declarations, on the Web, which contain a larger amount of information.
      You can also add anything else you want after the words "End of Spam Offer." Adding other people's names to the version you publish on the Web seems unlikely to help. This isn't a petition against spam, and no sane spammer is going to search out your Spam Offer and tell you he's accepting it. It's when you provably deliver a Notification and Offer to a spammer that extra addresses may add force, because they increase the amount of money he might have to pay you.

      If you would like to see some Spam Offers that have been published by our clients, ask Altavista for a sample.

      To use JUNKBUSTERS SPAMOFF, you enter your name, email address(es) and URL in our form, click on the button to indicate your acceptance of the agreement in it, and your customized Spam Offer should appear on your browser in seconds, ready to save to a file and publish on your web space. If you do this, we suggest that you call the file spamoff.htm, and that you ask Altavista to index it. An easy way to do this is to click on the word "ID#" at the bottom of the page, after it is in public view on your web space.

      If your home page includes your email address, you might want to add the words "No solicitations" after it, with a hypertext link to your Spam Offer. You can also add this to your email signature block and at the end of postings you make to Usenet. At some point in the future this might even become respected by companies that collect and sell email addresses.

      Some of our clients use other phrases to link to their spam offers, such as "Can that Spam." Some directly address spammers in their home page, occasionally with color and graphics to add a personal note to spanners. One ISP even thoughtfully provides a remittance information page. If you publish or find other particularly creative examples, please tell us.

      If you don't have web space, you might try asking one of your friends who does if she is willing to publish your Spam Offer for you. If she agrees, ask her to tell you the URL where she will put it. It's probably best if she creates a separate directory named after you and also calls the file in it spamoff.htm. You can then Use JUNKBUSTERS SPAMOFF to create your Spam Offer, and send her the HTML file. Or you might consider getting an ISP that does offer personal web space; many include it free.

      3.1.6 Option 3: Replying by certified mail Suppose the spammer sends you more spam after you reply by email with your Notification and Offer. You could ask him to pay, but he might not respond, or if pressed he might claim that your offer never arrived (email is so unreliable). The usual way that lawyers prove a message arrived is to send it by certified mail.

      The US Post Office charges an extra $1.35 to certify receipt of a letter, but a single reply can contain a large number of email addresses. As well as your own email address(es), you can also include those of friends who ask you, and those of people who publish Spam Offers on the Web. A long list might result in bigger damages being awarded against the spammer. On the other hand, it would probably be easier to convince a judge to award you $30 for three items of email sent to you than ten million dollars to each of a million people. The choice of whether to include others is up to you. It is probably worth including a copy of one of their email solicitations that you have already received.

      To send certified mail, get PS Form 3800, Receipt for certified mail, from the counter at any Post Office. You tear off the green and white stub, stick it to the front of your reply, and mail it as usual. You keep the other part, which is your numbered receipt. You don't have to lodge the letter at a Post Office, but if you do, the clerk will postmark the receipt, which might come in handy. The office that delivers the article will keep a record for you for two years, and you can ask for this by presenting your receipt at any office. If you really want to know as soon as your article is delivered, you can pay an additional $1.35 for a return receipt. You can also pay more for "Restricted Delivery" to a particular person, requiring a signature by him or his agent. Registered mail is a more expensive service, but we have had reports that it has advantages, so we are investigating it.

      Postal services around the world have similar options, but they sometimes go under different names. In the UK the service is called "Recorded."

      3.1.7 Option 4: Keeping copies of the spam you get, to claim payment If you think you ever might want to help nail a spammer, you may want to start saving the spam you receive. Even if you don't want to demand payment yourself, you could share your collection with any friend who included your email address in her Spam Offer, so that she can ask the spammer for money for spam he sent you.
      We do not recommend emailing people you don't know with news of your spam collection. This may annoy them as much as spam itself. To help our clients coordinate demands for payment, we may propose a way to automate the sharing of such information on Usenet, if a way of doing this can be found that doesn't overload it. Suggestions are welcome.

      We don't want to encourage litigation, but everyone (especially spammers) should know that it is not necessarily a long or horribly expensive process. Nolo Press publishes a do-it-yourself guide on small claims.

      The cost of filing suit in your County's Small Claims Court is most likely between $20 and $100. The Clerk should be able to tell you and give you the form to fill in. These judges are probably more accustomed to making decisions about whether a dry-cleaner ruined a leather jacket rather than anything to do with the Internet, but Small Claims cases are generally decided far more swiftly than criminal trials, where the stricter criterion of "beyond reasonable doubt" applies.

      We're interesting in feedback on experiences with such actions. Our clients might also want to share news of their experiences with this technique. They could post to Usenet or publish on their web pages their answers to questions such as these.
      • Did a particular spammer stop after receivinq a Notification and Offer by email?
      • Did he also stop spamming any of the other email addresses you included?
      • Did he stop after receiving it by certified mail?
      • Did he stop after being served a summons from a small claims court?
      • Did he settle (pay you some amount) after getting the summons?
      • Did he deny that his company sent the particular piece of email? If so, did the judge consider that the truth was more likely that the company did send it?
      • What judgment did the court reach, and what were the costs If everyone knows how spammers are reacting, they can act together to stop them.

      3.1.8 We hope that lawsuits won't be needed We are not lawyers, so we can't say whether individual small claims or larger class action suits against spammers are likely to succeed. (We would like to see lawyers publish their opinions on the Web, but they may be hindered from doing this by regulations that prevent them from practicing outside the jurisdiction where they are licensed.) There are many ways to try to stop spammers. Our mission includes making sure that they don't bother people who don't want their spam, but we hope that this can be done without making the Intemet a common subject for the courts.

      If spammers have to sign to receive more and more certified mail articles (how inconvenient), they may think about their actions and possible future, and decide to stop, or at least not to spam people who publish Spam Offers. We think they should be given a reasonable chance to decide this. Your small-time spammer may be struggling to make ends meet, and may not have realized just what he was getting into when he started spamming. Suing these people is unlikely to help anyone but lawyers.

      We do not plan to send email lists to spammers ourselves. We might publish a list Of URLS, but this probably won't be needed if most of our clients request Altavista to index their Spam Offers. As more and more people publish their "No solicitations by email" signs on the Web, the lists that can be gathered using free software will become longer, and anybody with two dollars and some time to spare will be able to download them, print them. and send them by certified mail to spammers.

      Some people might send these paper notiAcations because they oppose spam on principle; others might just be hoping for a bigger payback. Spammers can't avoid receiving these lists by making it hard for any single person to send them. Even if our service were shut down, everyone could easily continue publishing and sending Spam Offers.

      Spam factory bosses who think of themselves as "responsible bulk direct emailers" will also be able to gather Spam Offers from the Web. They can maintain their own "do-not-email lists," the same way that telemarketers are required by law to do.

      If you're interested in issues such as compliance, enforcement, and copyright, you might want to read the other pages on this site about Junkbusters Declare many of the details are similar or comparable. But we don't recommend making this kind of offer to telemarketers or junk mailers, because you already have other ways to force them to obey you. For example, if you fill out a, prohibitory order" against a sender of junk mail and they continue to send you their junk, they risk being prosecuted as criminals. And the Post Office won't charge you a penny to tell them this.

      4. Why Junk Entail Must be Stopped
      4.1 All cannot talk to all

      If everyone with something to sell used modern communications technologies to broadcast their pitches to the world, we would all be drowned in a flood of marketing messages. As a indication that this could happen, we present a few disturbing recent developments. To find out how we think that email solicitations can be stopped, read about JUNKBUSTERS SPAMOFF.
      4.1.1 Junk email in the courts Junk email is becoming such a widespread problem that it is now the subject of several legal disputes. For the latest updates see our What's New page.
      • On September 5 U.S. District Judge Charles R. Weiner ordered America Online to stop blocking millions of junk email messages sent by Philadelphia marketing firm Cyber Promotions.
      • Compuserve won a temporary restraining order October 24 preventing Cyber Promotions from using a Compuserve account as a return email address on its junk email.
      • On November 4 the Judge ruled that the First Amendment does not bar a private online company such as America Online from blocking junk email. Comment on the legal aspects of the case has been published by the non-profit organization VTW.
      • The judge gave Cyber Promotions the opportunity to present other reasons why it should be allowed to continue sending spam through AOL.
      • The Washington Post reported (3 Dec 1996, C3) that a federal court barred Cyber Promotions from falsifying their "From" addresses,
      • On December 5 Compuserve asked an Ohio federal judge to stop Cyber Promotions from sending junk email to its members. "Our legal argument is that we have told him not to do it, that his sending of those messages is unauthorized, and by continuing to do so, he is committing a trespass on our equipment," said a Compuserve attorney.
      • CNET reported December 6 that the state of South Dakota blocked all email coming from an ISP because one of its customers was spamming Government employees with petitions. The American Civil Liberties Union (ACLU) says it is considering taking action against the state.
      • In February 1997 America Online and Cyber Promotions reached a settlement out of court that allows Cyber Promotions to continue spamming AOL members.
      • The same month CNET reported 2/3 that U.S. District Judge James Graham of Ohio has issued a preliminary injunction prohibiting Cyber Promotions, prohibiting it from spamming any address maintained by Compuserve. The court later came to the opinion that the spam constituted unlawful trespass.

      4.1.2 The "R9ch " and "tiptoe001 " child porn spam On October 21 a highly offensive piece of spam was sent from two AOL accounts to perhaps hundreds of thousands of email addresses around the world. Reuters reports that the FBI has determined that it is a hoax. AOL says that the users at the two addresses were not involved in sending the messages. The sender appears to have been trying to victimize the person named in the letter.

      Here is an excerpt from the letter.

      Hi! I sent you this letter because your email address was on a list that fit this category. I am a fan of child pornography and for the past 4 years, I have been able to gather quite a collection of it. I have pictures, VHS tapes, posters, audio recordings, and games based on child pornography. I am now selling my products (or trading for other child pornography). I have a complete color catalog of all my products now available.

      If you were not supposed to receive this letter, please delete it immediately. I send out these advertisements to this mailing list once a week. If you want to get off this mailing list, please send a letter to my address below. Do not write to this email address because I will delete it after I mail these letters. The only way to get off this mailing list is to write to my address below.

      The person named in the letter appears to be the intended victim of the hoax. The email was sent from two America Online accounts (tiptoe001@aol.com and r9chC@aol.com), but AOL says it has determined that those people were not involved in sending it. We hope that the real sender of this mail is caught and prosecuted. ,and JUNKBUSTERS SPAMOFF is intended for genuine spammers who really do repeat their solicitations.

      The child porn spammer angered many people by beginning with the statement about email lists. It correctly points out that people have no effective way to control the use made of information about them gathered from the Internet. Real marketers don't rub consumers' noses in the details of how they do their targeting, but the truth is that the Internet is giving them far more information than they have ever had. If you think you remain anonymous when surfing the net, you might want to read our alert on Web Privacy.
      Although this particular case appears to be a fake, it shows how offensive email solicitations can be. If the whole practice of spamming isn't stopped in its track, messages like this could become a daily feature of using email, not just an occasional outrace. For an indication of the anguish this spam has caused, sample the discussion on Usenet.

      4.1.3 HUH? What's "direct email?" Anyone in doubt about what "direct targeted email" means can read all about it in an advertisement on netfree.com for junk emailing software, which praises AOL's member directory of email addresses for including detailed targeting information such hobbies, computer type, and physical location.

      Services that retrieve email addresses for a given name can be very useful for finding a lost friend, but also useful for companies who want to include your email address in what they already have about you in their databases, perhaps throwing in some psychographics derived from your Usenet postings over the years, plus anything you've put on the Web. Or they can pay someone to do it for them, along the lines of roverbot.com, which "harvests" (scavenges) email addresses "by exploring web pages that meet your criteria," or a similar "Agent" tool that also automatically emails a canned message. The day can't be far off when merely mentioning words such as "gardening," "yoga," or "golf" in a chat room, on Usenet, or a web page will get you a barrage of catalogs, club membership, and magazine subscription solicitations, by email, telemarketing and junk mail, and add the information about your interests to an unknown number of databases.

      4.1.4 "an additional medium for Psychological Operations campaigns" The Pentagon has also noticed the attractions of spamming, as shown by a 1995 report from the "Office of the Assistant Secretary of Defense for Special Operations and Low-Intensity Conflict" called Strategic Assessment: The Internet. Here's a quote mentioned in Wired (4.10).

      Increasingly, officials in national governments, foreign military officers, business persons, and journalists, are obtaining access to the Internet and establishing individual e-mail addresses. There is even a commercial service that will shortly offer access to an online database of the names, organizational titles, phone/fax numbers, and Internet e-mail addresses of virtually all government officials in all countries. Using this information, it would be possible to employ the Internet as an additional medium for Psychological Operations (Psyops) campaigns. E-mail conveying the U.S. perspective on issues and events could be efficiently and rapidly disseminated to a very wide audience.

      4.1.5 Spammer is phone-bombed Thomas Petzinger Jr's Front Lines column in the Wall Street Journal November 1 tells a morality tale about spammers. He reports that somebody set up phone software to continually dial a spammer's toll-free telephone number. The spammer is quoted as saying "People don't realize the ramifications of someone pushing a button."

      Using autodialers to call a toll free number is illegal in the US, as explained in our page on how consumers could use their PCs to enforce their permissions concerning direct marketing.

      4.1.6 Survey finds users want spamming stopped without legislation The GVU's 6th WWW User Survey found that "people are very clear" that they do not want to be spammed, and asked what they propose to do about it.

      "The majority of people responded in favor of an opt-out system, where a registry would contain the addresses of people who do not wish to receive mass emailings. Note that is is similar to the system already in place in the US that exists to remove people from junk mailing lists. Over 16% responded in favor of imposing an 'impact' fee on the agencies sending the mail. Exactly what this impact fee would be or how it would be implemented was not specified in the question. Somewhat surprisingly, only 5.89% voted in favor of government regulation making spamming illegal."

      About 4% of those surveyed say that they retaliate against spammers.

      4.1.7 So what should be done about spammers? We think that as a matter of public policy, the case against junk email is stronger than the one against junk faxes, which were outlawed by in 1991 in the US. However, many people oppose any legislation that restricts the Internet. and it wouldn't be effective anyway: spammers would rernail their junk through other jurisdictions to evade regulation.
      Until recently we have simply recommended replacing to spammers saying that junk ernail may be illegal, but the time has clearly come for stronger measures. Our new service, JUNKBUSTERS SPAMOFF, uses a tactic adapted front Private Citizen Inc.'s anti-telemarketing methods. A similar idea has even been published by at least one person on the Web. The basic idea is to tell them that their spam costs you money, and that they must pay you if they send you any.

      We hope that lawsuits won't be needed: we don't want the courts to be the place where the future of the Internet is decided. But we do want spammers to know what they are risking. Their basic economic principle is that they are willing to annoy a very large number of people for the sake of getting money from a small number of people. This is exactly the part of direct marketing that we are trying to change forever.

      5. How ISPs and Other Organizations Can Fight Spam
      5.1 Under construction
      5.11 This page is under construction Please bear in mind that this is a preliminary version subject to extensive revision. Comments are welcome, however.

      If you haven't already seen our page of headlines on junk email or our page about how individuals can discourage spam, it may be worth reading them first.

      People responsible for corporate security may also want to read our page on cookies, because the threats to individual privacy it describes also threaten the confidentiality of some commercial activities. One way to reduce the potentially damaging flow of information from web browsers is to install the Internet Junkbuster.

      5.1.2 Spam is bad for business ISPs and other companies and organizations suffer badly because of spam. If all the work hours lost by people processing junk email were added up, the bill would be substantial. However, large organizations are in an excellent position to put an end to it, because they have the resources for concerted action against it. This page describes some ways that this might be done. We are not offering legal advice in any capacity: each organization must decide for itself what to do

      5.1.3 Options for organizations to consider The word "affiliates" is used below to cover employees,volunteers, and customers with email accounts on your company's computers.
      • Set up procedures for affiliates who receive spam to report it, and publicize them. Typical steps include setting up an email address called "abuse" where reports and comments are sent. It may be helpful to have a separate address called "spambin" where affiliates can forward copies of spam without comment. Tell affiliates that the standard procedure when they receive spam is to forward it to the "spambin" and then archive or delete it without responding to it.
      • It might also be worth repeating the organization's policy stating that affiliates must not send spam or encourage it to be sent to any of the organization's computers. You may want to establish a web page or other place where affiliates can read about the action being taken to stop spam.
      • Appoint a person to be responsible for monitoring the reported spam and tracking down its major sources. Other duties might include liaison with legal staff. If you have been appointed to this role and would like to keep in touch with us on this topic, please tell us using our Feedback form, choosing "Nominate a SPOC (Single Point of Contact)" from the "Purpose" menu.
      • Adapt our Notification and Offer used by individuals, after appropriate consultation with stakeholders. A sample adaptation is given below. Provided that you include the copyright and license notices, you are free to modify and use it as permitted by the GNU GPL. We urge organizations to take care to address Spam Offers only to real spammers, and not disrupt legitimate commercial activity.

      5.1.4 A sample "Notification and Offer" adapted for organizational use The person issuing such an offer should be of sufficient rank to make it clear to both spammers and affiliates that the issuer has the authority to speak on behalf of the whole organization. The CEO or managing director might be appropriate. It might be worth signing all such messages using a cryptographic tool such as PGP, to discourage spammers from claiming they received a different message.

      Take notice that our organization is unwilling to receive or process bulk solicitations freely by email, and that if you send such email you may incur certain legal and financial burdens.

      I write as a fully authorized representative of [Insert Organization Name], to which I refer with the words "our organization", "us," "we" and "our" in this document. We do not want to receive bulk uninvited solicitations by email ("Junk Email") to any addresses ending in the domain [ourorganization.com]. By "bulk" I mean the practice of sending, more than three identical or similar messages to addressees of who one or more have email accounts affiliated with our organization. This practice costs us money due to telecommunications charges and the time spent by our affiliates processing this email. If you send us any Junk Email other than on the terms of the offer set out in the following seven points, we will take this to mean that you plan to use what was offered you without paying for it. If you ever try to do this we reserve our right to take any action available to us without further reference to you. Actions available to us include taking proceedings against you for negligence or breach of contract. which may result in substantial damages being awarded against you by a court. The unauthorized use of our computing

      facilities may even be a crime. If you send us any Junk Email without express prior written consent from me or an officer of our organization this will be taken as your acceptance of this offer. Each individual affiliate may give you permission in writing to send email to him or her.
        1. We offer to receive all further email from you on the terms set out below. If you send us any Junk Email without our express prior written consent this will be taken as your acceptance of this offer.
        2. For the purposes of points 3 and 4, you will be taken to have sent any email sent by any entity associated with you for the purpose of sending email solicitations.
        3. You must pay us ten US dollars for each copy of each such item of email that you send us.
        4. You must mail payment to [our organization's address] by certified check payable to our organization within five working days of the transmission of the email.
        5. Each email item must be uniquely identified, and each payment must clearly identify the relevant item or items.
        6. You must disclose your name and full business and residential addresses in each email message.
        7. We may vary the terms of or terminate this offer at any time (even after you have accepted it). Any new terms will apply to all email you send after you have been notified of a variation.
      The copyright of some or all of the above text is held by Junkbusters Corporation and is used here in accordance with the GNU General Public License, copies of which are available at www.junkbusters.com or from the Free Software Foundation, 675 Massachusetts Avenue, Cambridge, MA 02139, USA.

      5.1.5 Publishing a notice on the Web Before your organization sends a Notification and Offer, it would probably be a good idea to publish it on the Web. One easy way to do this is to use JUNKBUSTERS SPAMOFF, giving your company name as the name and "all addresses in the domain [ourdomain.com]" as the email address. Edit the body of the document returned as a appropriate to the variation that your company adopts.

      5.1.6 What about the right of the individual to receive spam? Although it may sound strange at first, organizations should consider that some of their affiliates may object to anyone telling others not to send them email. America Online has stated that some AOL members have told them they want to receive spam, so they made blocking an user-controlled option on their mail handler. Their recent litigation against a spam factory has shown that the legal issues may not be clear cut. We can't solve these issues, but we offer a few observations to consider. Employers are in a somewhat different position from ISPs.

      5.1.7 Employers have been trashing junk for years Many companies discard physical junk mail before it gets from their mail rooms to their employees, so they will probably do the same for spam. Some employees might have objections to this, probably based more on principle than law or any real desire to receive spam.

      5.1.8 ISPs must consider how to best serve their customers An ISP is in a different position: its customers are not its employees. and some might have a stronger argument about being "unwillingly deprived of the opportunity to receive materials," as the Supreme Court said of the U.S. Post Office. ISPs aren't common carriers, so they could make it is a condition of service that they have the right to block spam, leaving anyone who doesn't like it to switch to another ISP. An extreme solution would be to offer customers the option of an email address in a separate subdomain where spam is not discouraged. Our guess is that few people would choose it.
      An ISP or online company with a reputation as a popular target for spammers has a disadvantage in the marketplace, but one that can show its vigilance in protecting its customers from spam has an advantage.

      5.1.9 Our goal: make the Internet a junk-free zone Fighting spam is an expensive, timeconsuming chore. We don't think that suing spammers will ever be a profitable activity. But organizations should consider that if they are more effective in deterring spam, they will improve the quality of life of the people who use their computer systems. We hope that every company will demonstrate by its actions that spam is not an acceptable use of the Internet.

      Junkbusters:
      http://ident.junkbusters.com/]


Some pages may require Adobe Acrobat Reader


Copyright and Fair Use Information: The contents of this web site is protected by international copyright laws and may not be reproduced in any form or manner whatsoever, if for the purpose of resale or solicitation of a donation. The essays included here, may be reproduced only if: 1)They are not altered in any way; 2) reproductions must be accompanied by this copyright page ; and 3) it is given freely and without charge.
Fair use: The fair use of copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified in above sections, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright. In determining whether the use made of a work in any particular case is fair use the factors to be considered include : (1) the purpose and character of the use, including whether the use is of a commercial nature or is for nonprofit educational purposes; (2) the nature of the copyrighted work; (3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole, and; (4) the effect of the use upon the potential market value of the copyrighted work.
Home | About Narrative? |Contact
Copyright © 2025. All Rights Reserved
HAG122125 (1998 -2026)