Arrow BOFHcam Menu
Arrow Camera I
Arrow Camera II
Arrow Copyleft
Current
Designs

Arrow
Assembling
Etherkillers
Black Operations in the
Corporate IT Theatre
BOFH
in a Nutshell
Distributing Clue
to Users
LART
Pocket Reference
Practical UNIX
Terrorism
Snooping Email
for Fun and Profit
Tracing Spammers
Windows NT's
Infernal Filesystem
Windows NT
User Obliteration
Why You Can't Find
Your UNIX System Administrator
Writing Word
Macro Viruses
Special
Interest

Arrow
Ask BOFH
This month's Journal
Other Writing
O'Really



O'Really T-shirts

Tracing Spammers

Full Description

Spammers are annoying. They can fill your inbox with useless mail which generally pisses you off more than it causes an inconvenience. There are a number of ways to counter the spammer. The first is manual and requires that you have at least a little Clue about you. Look at the headers of the email, see where the originating MTA was and try emailing the postmaster, abuse (or, more likely in many circumstances, give it's probably an open relay running on an Exhange server) [email protected] with something suitably helpful, like the nmap output from "nmap -sS -O the.guilty.machine", which always serves as a frightener.

The alternative is to go to one of the spam fighting sites such as SpamCop, dump the entire message (including headers) into it and watch it pick apart the message and tell you who the nasty people are who sent you abusive things.

There are people out there trying to stem the tide of spam. Some of them are good, some are... different. If you're interested try looking for ORBS (as was) and RBL references. It's not recommended that you spamtrap your email address as this just leads to further load being placed on MTA through which your mail and return mail passes. Don't do it kids.

We could go on all day on this subject, but we won't. Report all spam, it's for everyone's good. Instead, here's what Russ Allbery had to say on the subject way vack in 1998. There's an introduction and a followup to this at http://www.eyrie.org/~eagle/writing/rant.html, which you're encouraged to read to gauge the spirit in which the article was written, don't take this completely at face value (despite it's appositeness), but here's the actual article:

Newsgroups: news.admin.net-abuse.usenet
Subject: A Rant (was: Re: HeadHunter.NET flooding jobs newsgroups)
From: Russ Allbery <[email protected]>
Date: 31 Mar 1998 05:01:34 -0800

Hi. You are about to be subjected to a rant.

Please do not take any of the following personally. I am sure that you're a very responsible person who cares a great deal about Usenet and simply happens to disagree with me on this single issue. This is not aimed at you, even though I know from the beginning it sounds very much like it is. I don't know who this is aimed at. But I'm in a pissy mood right now and I started responding to your post and I started getting angrier and angrier about the state of the world while I was doing so, and this is what came out.

This started as being about jobs newsgroups. By the end of this, it had nothing to do with jobs newsgroups. Take it for what you will.

I could continue to respond to various points you've both made, but it seems like you're just a couple of admins griping about how tough your job has gotten. ... "It's using up too much disk space" ... "there are too many postings" ... and other related whining. So somehow you make the leap that because it's difficult for you to do your jobs, YOUR failure WON'T matter because your customers aren't reading or using these newsgroups anyway. WRONG.

Look. I run a NEWS server. I do not run a jobs database. Got it? My server resources do not exist for your convenience. They exist for the convenience of the Stanford community.

The Stanford community is not reading those groups because they're unreadable.

That's right. A population, one fourth of which at any given time is pretty much looking for jobs on a full-time basis IS NOT READING misc.jobs.* BECAUSE IT'S FSCKING UNREADABLE BY HUMANS!

Somewhere along the line, those newsgroups broke. I don't know what the hell it's going to take to fix them. Something massive, I'm sure. In the meantime, people like HeadHunter.NET are not helping matters any. I refuse to be a casualty in a war of escalation. I refuse to let my news server be a casualty in a war of escalation. Recruiters have gotten it into their head that if they just post faster than the other recruiters, they'll be the ones whose ads people see first.

That's doomed. That's flat-out doomed. The result is that the readers are all going to leave (they pretty much all have) and sooner or later stuff is going to start melting down.

The fact that you still manage to make useful use of those groups is impressive, but in the end irrelevant. If you want a jobs database of this sort, there are more efficient ways of going about it than by doing this. Right down to the simplest (if you really want to use a flood-fill algorithm for distribution of jobs database) of creating a jobs.* hierarchy explicitly for such use.

Apologies for my old-fashioned ways, but you know, I still have this deluded belief that Usenet proper is actually for the use of humans, and that groups which are not readable by normal humans don't belong in the standard hierarchies for human discussion and should be handled separately.

And yes, now that you mention it, I also have this problem with news.lists.filters, despite the fact that I proposed the damned thing. No one seems to listen to me when I talk about out-of-band distribution methods for NoCeMs, control messages, or something else along those lines. *sigh*

And yes, I still propagate local posts to misc.jobs.offered (a damn sight faster than I would if I were dealing with all of the HeadHunter.NET flood), so whatever service that provides to my local community is still being provided. Of course, I think that service is pretty small, since NO ONE HERE ACTUALLY POSTS TO THE DAMN GROUP because they see stuff like:

====== 100592 unread articles in misc.jobs.offered -- read now? [+ynq]

and think "you know what, the chances of me actually finding a job within a random selection of 100,000 jobs from random places in the world is worse than if I walk into a random company on the street and apply, and if I had a job to offer, I would do better by advertising in the newspaper than in competing with 100,000 other people who are posting 10,000 jobs a day." And you know what, they're right.

So do you have a way of fixing that? Hey, I'm all ears. Everyone who successfully reads that group claims that all they do is filter on the subject line. So why don't we just send out a few giant posts with just the subject lines and URLs, and you can go clicky clicky on the ones that sound interesting and I don't have to waste disk space storing a bunch of text you don't read and a bunch of headers listing in excruciating detail precisely every server that was abused to bring you this morning's rendition of the Idiot's Law of Duck Hunting. "If I fire enough bullets into the air, eventually I'll hit something!"

Or, alternatively, you can keep bitching at me about how I don't know how to do my job, or claim to me that the group is serving a purpose for the people I'm serving when you don't have the logs to back that up and I do, or somehow claim that by voodoo magic my storage of jobs postings sent by HeadHunter.NET helps them get to you better. Or, hell, you can claim that the existence of recruiter downloads in misc.jobs.offered will cure world hunger and is singlehandedly responsible for the end of the cold war. It'll make about as much sense.

Because I can explain to you right now why you and they and everyone else involved in this wants to use Usenet rather than coming up with a real solution to a problem that Usenet was not intended to solve. Laziness. That's right, you're lazy, they're lazy, news distribution is a solved problem, there's this nice, large network of mutually cooperating sites that for some deluded reason are doing all of this for free, if you buy a cheap connection to a fast pipe and dump a bunch of articles in everything happens magically and doesn't cost you a dime, and hey, even better, so many people have put so much time and energy into making the Usenet protocols easy to use that they can hire some cheap student programmer to write a one-off script to dump their database into a Usenet newsgroup, leave it running on some forgotten computer, and never touch it. Wow! This is just a dream come true!

Heaven forbid that you would have to actually clicky clicky on their web site and (*gasp*) wait for their web server to respond when the entire Internet exists to be exploited to move bytes around for you. Or that it would occur to you that, you know, there are these programs that do web mirroring and, you know, you could run one from your nice local fast server every night and download the web pages yourself, and then you would actually be taking responsibility for your own needs and not making other people pay money to give you the information you would pay money to have.

But hey, why would you do that? News is already there! And it's fast and easy and free and you don't have to do any extra work and the only people who actually believe that it's for anything as prosaic as actual discussion are all old, bitter news admins who just can't keep up with the times and don't know how to keep their servers running under perfectly reasonable loads.

Do you have any idea why I do what I do? Do you have any idea at all?

You think this is just a job I'm hired to do? Let me tell you something about jobs. I could walk out the door tomorrow and have a job by next Monday paying twice what Stanford can pay me. I know. I've been offered them. You know why I turned them down?

Because I wouldn't get to pick what I wanted to do. And I sure as hell wouldn't be running news servers.

You think ISPs actually consider news important? Wrong. News is not where the money comes from. News is not the sexy application. News is not the thing that gets written up in magazines and newspapers all the time and that is glitzy and pretty and provides lots of eye candy for the sales force to use.

Who the hell do you think is keeping Usenet running, anyway? You think we're doing this just because it's our job?

God.

I don't know what makes me more sick, the fact that people don't have any clue what actually goes into keeping this thing that they're using running, or that when they find out they don't care. And that's ironic. That's really fucking ironic, because Usenet is also the place where one can find a real community of people who actually understand what it means to do something for the love of it. To throw your time and resources and and energy into something that no one is ever going to pay you a dime for, for no other reason than, damn it all, it's cool and people use it and it actually helps people talk.

Yes. Present tense. You will never, never, EVER see me post those last two sentences in past tense, because if those sentences ever become past tense, I won't be posting.

There are people here who understand how it felt to be a teenaged kid who wandered into a newsgroup about comics because he collected comics at the time and it was something interesting to talk about. Who had the experience of walking into a culture and a community in the process, with its own legends and history and elder figures and mythology, where the Reverend Scowling Jim Cowling flaming Holbrook was a spectator sport, where one heard stories of the legends like Chuq von Rospach and Jayembee who had been posting there just before you got there but you weren't quite there soon enough to see them in all their glory, where no one really took any of this all that seriously except for the friendships formed in the process. Who, a year or two later when he'd long since given up comic collecting and lost interest in comics altogether found he was still hanging out with the same people in the same places, because the thing that Usenet did, the important thing that Usenet did that put everything else to shame, was that it provided a way for all of the cool people in the world to actually meet each other.

Sure, I've been involved in Usenet politics for years now, involved in newsgroup creation, and I enjoy that sort of thing. If I didn't, I wouldn't be doing it. But I've walked through the countryside of Maine in the snow and seen branches bent to the ground under the weight of it because of Usenet, I've been in a room with fifty people screaming the chorus of "March of Cambreadth" at a Heather Alexander concert in Seattle because of Usenet, I've written some of the best damn stuff I've ever written in my life because of Usenet, I started writing because of Usenet, I understand my life and my purpose and my center because of Usenet, and you know 80% of what Usenet has given me has fuck all to do with computers and everything to do with people. Because none of that was in a post. I didn't read any of that in a newsgroup. And yet it all came out of posts, and the people behind them, and the interaction with them, and the conversations that came later, and the plane trips across the country to meet people I otherwise never would have known existed.

That's what this is all about. That's why I do what I do.

People.

Do you know what it's like to see something that you've put your heart and soul into creating grow and flourish and become one of those communities? What it feels like to give back to someone, someone just discovering the Internet, those same feelings of wonder and awe and warmth and community and friendship that you found? To receive, not the welcome random bit of thanks here and there, but the far deeper and more wonderful knowledge that you've built and maintained something that people are using and using to do things and see things and think things that they otherwise would never be able to do or would have no outlet for?

Do you know what it's like to have a friend of yours randomly on a whim decide something in a newsgroup you created is interesting and engaging enough to post to Usenet for the first time? And then to experience the horrible, sinking knowledge that with that post he's likely to get his mailbox flooded with spam? Or the raw fear that he'll then never post again, scared away, when this place that has given you so much could give that to him as well, and that he could give the same to other people? And that, damn it all, he's one of the cool people in this world, and you don't know what these groups are all for, in the end, but if they're for anything at all, they should be for people like him?

Do you know what it feels like to know that your news server, despite the fact that it's some of the best hardware you can get with your available resources for an application that most people just don't care about, is running a backlog? That you're dropping incoming articles? That somewhere, somewhere there are things being posted which you are not receiving? They could be junk, they could be beautiful, well-expressed pieces of someone's soul, and you DON'T KNOW, you CAN'T KNOW, because legions of fucking vandals are throwing so much CRAP at your news server that it's running flat out trying to process it and delete it and just can't go any faster?

Let me tell you this: there's a rage in that. There is a cold rage that you feel at that because, God damn it, it is not acceptable, it is NOT FUCKING ACCEPTABLE for a single post that is from a person talking to other people to be deleted, to be dropped on the uncaring floor to make room for machine generated spew.

Period.

And you can talk to me about free speech and applications and the future of communication and the use to which people put such things until you're blue in the face, and when you ask me if there's really such a thing as good speech and bad speech, I'll still say yes. Because there are people talking to other people and there are machines talking to no one as loud as they can to try to make people listen, and damn it, there is a difference, and the first one does deserve to be here more than the second one. And I don't know how to tell the difference reliably either, but that has jack to do with the way I feel about it.

And to all of the spammers and database dumpers and multiposters out there, I say this: You want to read that stuff, fine. You want to create a network for such things, fine. You want to explore the theoretical boundaries of free speech, fine. But when it starts impacting people trying to communicate, then that is where I draw the line. This is not a negotiation and this is not a threat; this is simply a fact. I've been through pain and joy with this network, I've seen communities form and wither and reform, I've met friends and lost friends here, I've learned things and discovered things and created things. I've seen people make a home here when they didn't have any other, not on a newsgroup, not with a bunch of electrons, but with people that they've met and communities that they've found and support that they've received from people who had just the words they needed to hear and would never have known they existed, and by God I KNOW what this network is for, and you can't have it.



Return to Tracing Spammers

BOFHcam Home | O'Really T-shirts | How to Order | BOFHcam Contacts
O'Reilly Inc. | About BOFHcam | Approved sites

Not associated with O'Reilly & Associates, Inc. © 2000-2020