On Identifying and Dealing with Spam

This article was written because, a few days ago, I started receiving very many message undeliverable reports (bounces) concerning messages which have nothing to do with me, or anyone else who legitimately sends messages from addresses using the copsewood.net email domain. Basically, I didn't send these and there is nothing I can do to stop them from being sent. They don't originate from any computer or network over which I have any influence or responsibility. Why do I get these bounces ? Because the human parasites who send out this stuff have chosen to send some of it out with my domain address (copsewood.net) on the back of their messages.

Unfortunately those who should be passing laws making such messages illegal don't appear to have a clue how to deal with this problem. This article is intended to propose an appropriate legislated response to an issue which is likely to otherwise force us to delete so many messages unread that we are likely to misidentify a growing number and throw out the proverbial baby with the bathwater.

A careful examination of the full headers on a number of unsolicited spam email messages indicate that these always give false originating and reply addresses. With some fairly simple and generally available software it is in fact very easy to make a mail message appear to come from somewhere different from it's real origin. If you want to try this out, however, you should always tell a friend whose address you experiment sending such a message to, that receipt of a message from a made-up originating address, e.g. satan@hell.org, is to be expected. Not to obtain the consent of the recipient in advance, and not informing them in advance that you wish to carry out such an experiment, would make sending a message with forged headers into a morally indefensible act of deception.

Finding out where it really came from is possible, but this requires reading 4 numbers between 0 and 255 seperated by 3 dots (e.g. 128.2.254.11 ) in the Received from: mail header inserted by the last known and trusted mail relay which listens for your incoming mail arriving over the Internet. These 4 numbers comprise the IP (Internet Protocol) address of a spam sending or relaying computer (often a badly configured mailer, or a computer which the spammers have compromised for the purpose of replicating their messages). With the IP address, it becomes possible to trace the Internet Service Provider responsible for servicing the network originating packets of information bearing this address.

Spammers never bother to place their own reply addresses on their messages (because they can't be bothered to receive millions of complaints), but they have to put an address which well-configured mail relays will consider as valid. So in other words the spammers forge mail to make it appear as if it comes from a legitimate mail address.

It is my view that a large part of the spam problem would disappear overnight if legislators created a criminal offence of email forgery and deception using existing criminal law principles against these actions in other domains as a relevant precedent.

Further information about other possible legislative solutions is available.

Richard Kay, 14 March 2003