The funniest thing, I go about an entire year without any good flames, and then all of the sudden all the crazies come out of the woodwork to descend upon my mailbox. Anyway, Bill Webb's personal Fire Department advises caution in handling combustible mailfiles and highlights these exchanges...
Three contestants, 3 mailservers. Which one will surpass the others to become Flamer of the Week?
Regular black text = original messages
Italic and indented = replies
Our first contestant hails from America Online, the notorious "You've Got Spam!" ISP. She's an AOL Hometown sysadmin AND an experienced lawyer, with an advanced degree an Passthebuckology.
Hello.
Thank you for reading this. Someone using your site has been spamming me hardcore porn and i want it TO STOP NOW. I am an experienced lawyer and if you do not remove the spammers page RIGHT NOW I will file an injuction against your site. Many websites that have ignored my words have paid the price, I hope you will be wise and remove the porn page right now.
The offending page is <A HREF="http://29849839823@207.46.188.117/ads/adredir.asp?url=http://10938274@home.earthlink.net/~dynatang/Sex/sex.html">here</A>. I will check this page soon, if it still is up you will recieve an injunction request.
Thank you.
***** ***
AOL Hometown Administrator
I received 4 identical copies of this message one afternoon, priority=highest. I fired off the reply below, which bounced (quite unfortunate, the dig on AOL popup-spam falls upon deaf ears).Hi,
I've gotten four identical messages to the one below, addressed to
"Undisclosed.Recipients@fidget.dreamhost.com". I'm the webmaster of an
Internet security site (http://cexx.org) and do not host user accounts;
therefore I'm reasonably certain that this spam isn't passing through
any of my machines.I was able to trace 207.46.188.117 (the ad-tracker) back as far as
earthlink.net, and the address it points to (Sex! sex! etc. and several
spam-like AOL popups) is also an Earthlink site. I was only able to
trace the numeric IP that far before hitting a wall of timeouts. Try
typing:tracert 207.46.188.117
at a command prompt, you may have better luck. (This command may be
named something else, depending on your operating system--if you're a
system administrator as you assert, you should already be familiar with
the traceroute utility for your particular system :)I'd like to help you track down your spammer, just be advised he is
probably not around my end.Sincerely,
Bill Webb
Webmaster, CounterExploitation
http://cexx.org
I would have assumed even an AOL sysadmin to be familiar with Traceroute and similar utilities...an assumption unfortunately shot down by the fact that both 'spammers' mentioned are hosted by earthlink.net. This "queen of flame" gets 10 bonus points for having a misconfigured mail server (bouncey bouncey), 5 more for multiple copies, 5 for porno-peddling accusations, 3 for legal threats, and another 5 for priority=highest. I didn't give a bonus for grammatics, but this bears mentioning for our "professionals" in the field: i before e except after c, how the heck hard can it be?
Next up, from New Orleans, Louisiana, is an over-achieving spammer who
won't take 'no' for an answer. Put your hands in the air for the terse
messages and thick cranium of...Contestant #2!
Subject: Pardon the intrusion . . .
Date: Wed, 7 Feb 2001 16:15:12 -0600 (CST)
This message is sent in compliance of the new email bill section 301. Per Section 301, Paragraph (a)(2)(C) of S. 1618, further transmissions to you by the sender of this email may be stopped at no cost to you by replying to this e-mail. Please type "Remove" in the subject line. Your request to be remove will be processed within 24 hours.
[...spamvertising garbage snipped...]
We look forward to serving your Internet needs!
Proudly,
The SymLink Team!
This spammer received a copy of the Zero Tolerance Spam Policy. They didn't take it very well...Subject: Re: www.sym-link.net
All you had to do was reply to the original message and you would have
been removed. Please do that now, or we will accept that you are
willing to continue to receive emails.
To whom it may concern, OK, I loathe these kinds of constructs (To Whom It May Concern / It Has Come To My Attention), but hey, these are spammers we're dealing with here.Subject: Re: www.sym-link.netOur policy is not to honor "Unsubscribe" requests. These are primarily
used by spammers to verify valid e-mail addresses, and our goal is to
minimise spam intake to keep system costs down.The Zero Tolerance Spam Policy still applies, as using contact
information from our Web site constitutes acceptance of these terms. If
you do not agree to the terms, do not send data to or request data from
our server.Rgds,
TR (Who's TR? Don't ask me, but he looks important :)
CEXX.ORG
Obviously that is not our intentions. (Obvious? You guys are spammers, no?) We are actually trying to respect peoples privacy, and the information we have is for US, not to be sold. however I do not have contorl of the automated systems, and have no way to remove you without you having replied. So again, it applies, you have not done that so that by our defenitions is acceptace to continue to receive emails.
Holy rock salt, Batman! These guys sure are thick-headed!Subject: Re: www.sym-link.netHello,
Unfortunately, our next course of action will be to contact your
upstream provider(s) to assist in dealing with the situation. We may
also, at our option, bill you for the time expended in dealing with this
incident, as described in the ZTSP you agreed to when harvesting our
addresses.You seemed to have had no trouble *adding* our information to your spam
list, therefore, you should have no trouble removing it. Hand-edit your
spamlists, if necessary. This will be our last message.Rgds,
TR
CEXX.ORG--
ADVISORY: This address will become invalid on 21-Feb-2001.
And be redirected to abuse@ upstream provider, but I figured that went without saying.
Talk about your, erm, professional Internet Service Providers! Shame when they take it personal, but hey, what're ya gonna do. (Oh yeah, redirect them to an abuse@). I've grown a tad bored with this one anyway :)
From: "*****" <*****@tpg.com.au>
Subject: hello, where are you from?
Date: Wed, 14 Feb 2001 02:06:23 +1100
Your obviously are a young loser who has no life experiance. I am only 26 but I have I have travelled all over the world with the Royal Australian Navy both in war and in peace. Unlike your Navy I recieve medals etc when it is trualy deserved. I have worked in placies overseas and received shit from it, Americans (Goobers) have received gongs and recognition for sitting in a foreign port wanking themselves silly bugger all, I am Naval Police in the Royal Australian Navy, we deserve everything but we get nothing, would nayone like to converse with me, I am standing by.
Hi,
Why am I a young loser with no experience? And what does the Navy have to do with computer security?I narrowly resisted the urge to comment about "slightly less-young losers who have no spellcheckers" at this point, as I was much more confused than annoyed :)