Subject:     Re: Any recourse on this kind of email??
Date:        11/22/98 10:15
To:          Joseph Thomas, jfthomas@mindspring.com

On 11/21/98 02:32, Joseph Thomas sent the following ASCII stream:

>Heya...
>
>You've been generous in the past in providing me with tips on tracking down
>spammers (and I've had fair success in retaliating) but I wonder if there
>is any recourse to this type of spam?
>
>Return-Path: <etgy6f@sprint.ca> 
>Received: from itg-inet-02.tv-asahi.co.jp (itg-inet-02.tv-asahi.co.jp
>[158.207.31.42]) 
>by camel23.mindspring.com (8.8.5/8.8.5) with ESMTP id TAA00804 
>for <jfthomas@mindspring.com>; Fri, 20 Nov 1998 19:10:12 -0500 (EST) 
>From: etgy6f@sprint.ca 
>Received: by itg-inet-02.tv-asahi.co.jp (8.8.6/3.5Wpl797062516) with SMTP
>id JAA21241; Sat, 21 Nov 1998 09:13:45 +0900 (JST) 

This is the INCOMPLETE line. This clearly shows that the server is BROKEN!!!

>Date: Sat, 21 Nov 1998 09:13:45 +0900 (JST) 
>Message-Id: <199811210013.JAA21241@itg-inet-02.tv-asahi.co.jp> 
>To: etr45@earthlink.net 
>Subject: req 
>
SNIP OF SPAM

>As you may have guessed, the spammer sent this mail through 158.207.31.42.
>Now, I can't remember the technical term for this (mail relay??), but this
>server allows email to be sent through them by anyone who wants to use it.
>As a test, I used a program I have called "Ghost Mail" that allows you to
>send anonymous messages through whatever server you choose. Most of them
>won't work because the owner of the server has set up the server to not
>allow "relaying" of email.  Using the above, however, I was able to send
>anonymous email to myself.  There doesn't seem to be any help in the
>headers (in this email or in the one I sent to myself).

Hmm, Ghost Mail? Based on your description, it sounds like Ghost Mail is a 
spammer's tool, when used IMPROPERLY. Sure beats having to do manual SMTP 
sessions or having to reconfigure a profile in my emailer. You do have the 
correct term of "mail relay", but in this case, the absolute correct terms 
are "relay rape" or "SMTP hijacking".

A properly configured mail server such as mine will NOT allow any relaying. 
I'm trying to get my server to accept stuff from inside my network for other 
accounts of mine. Anyhow, the latest trend for system administrators is to 
disable relaying for DNS entries not within their netblocks. How do the spammers 
get around this? They forge the HELO statement, making them appear to be part of 
the network they are hijacking. The scary part is that despite resolving the 
originating IP address, they still relay. One would think a checks and balances 
system would have been implemented.

I'm going to have to download Ghostmail.

>
>The only thing I was able to determine by the phone number that this guy
>put in the email is that he's in dayton, ohio (the area code & prefix).
>Since the mail server is in Japan, I don't really have a clue as to how to
>contact them and perhaps discourage them from allowing mail relays.  And I
>reckon if I were able to do that, the fellow would simply find another
>server that would allow him to send mail anonymously.

I'd ask the system administrators for that mail host. Experience has shown me 
that they will ignore it, but I have had a few respond. You'll have to ask for 
portions of their log files in regards to this. Log files aren't too hard to read. 
Even inexperienced users can read log files fairly easily. if you can resolve an 
IP address, you can track down the spammer. You did point out correctly that this 
spammer is just going to go elsewhere and do this again. In fact, this spammer has 
already moved on and is most likely seeking out the next server to hijack.

When all else fails, cheat. Since you want to contact these folks, an act I encourage, 
send it to:
postmaster and abuse @ tv-asahi.co.jp
NOTE:
Server is apparently down right now.

>Naturally, I can set a filter in Eudora to trash any mail coming from this
>server, but, again, naturally, what I REALLY want to do is cripple this
>guy's ability to spam people this way!

This spammer may have done research and found that this administration doesn't care. 
Regardless, they've already done their spamming run. Most likely the listed phone number 
will resolve to a street address and then a police report can be filed, or at least a 
BBB complaint if it's a business.

>
>Anyhow, I just wondered if you have a scheme that offers any recourse to
>mail that is sent in this fashion.
>

Not really. They seem to have figured out that if they spam me I'll nail them so I haven't 
gotten more from them recently. If the Japanese folks help, then you can start going after 
them. Perhaps the originating ISP will take HUGE action against them. Either way, word will 
get out and fairly soon this spammer will have to start dialing long distance to do their 
spam runs. Eventually, enough complaints will roll in to authorities that state action will 
be taken.

>Sorry to bother you again with questions; I hope you receive this email in
>the spirit (revenge?) in which it was sent!!

Without originating information, it's hard. I supposed I could find a place that will do a 
reverse lookup for phone number to address so postal fraud charges can be filed. A postal 
investigation is usually very intrusive and very inconvenient to the spammer.