Mewlan Anti-SPAM resource center
 

This material is designed to help you avoid, filter, and fight against, UCE (Unsolicited Commercial Email). While Mewlan tries to block as much UCE as possible, it is impossible to block all of it. Here we explain why, and show you how to help us. We cannot insure that you will not receive unsolicited email. However, we do prohibit our customers from sending out UCE, and we do block mail servers that are known sources of UCE.

UCE, or SPAM is Commercial Email that you did not ask for. According to an EU study reported in February of 2002, SPAM costs the world over $9 billion dollars a year in lost revenue. The amount of SPAM doubles every few months. Anyone who is concerned about this problem should contribute to fighting it. That is what these resources are about.

Resources:

bulletAvoiding SPAM
bulletBlocking SPAM
bulletReporting SPAM
bulletSPAM Detectives
bulletFrequently Asked Questions

UCE may be the most difficult problem faced by Internet Service Providers and their customers. Many of our customers cannot understand how anyone got their email address and they are very offended at the type of email that is addressed to them by strangers. We are all in the same boat. Fortunately our boss knows that if he walks up behind our desk when we happen to be checking our email, a picture of a naked person in a compromising position does not mean that we are engaged in behavior that is not appropriate for work. Your boss, spouse or children, may not be so understanding, and this is one reason why we are concerned.

Now we are seeing cases of SPAM that appears to be addressed to you from someone here at Mewlan. This amounts to fraud and could lead to embarrassing consequences for the customer who's email address was forged into the message. We have not been able to design a solution for this that does not risk blocking your legitimate email. The only thing we can do is block the mail servers who are sending these messages out.

Another reason we must block SPAM may not have occurred to you. We have to pay the bill for all of this. Our mail servers, and our connections to the network can become swamped with this flood of unwanted email. This can mean severe delays in email delivery and even reduced network performance (spelled S L O W) unless we make sure that we have enough resources to deal with the deluge. This is not how we would prefer to invest the money you pay us for service, but we have no choice.

Many people expect these problems to be resolved by their service provider or their government. While service providers and laws may be able to contribute some solutions, they may never be able to fix this problem. Passing a law in the United States is not going to stop the flood of SPAM from outside the country, it would simply move many of the sources outside of the U.S. The Internet is world-wide. There are people all over the world who are interested in making money, and many of those people do not care whether they make it honestly or otherwise.

One of the arguments that SPAMmers make is that no one gets hurt. Not so! In fact, these people are attempting to make money by taking advantage of resources that they see as free. You and I pay for these resources and the SPAMmers do not.

The United States FTC (Federal Trade Commission) is interested in your reports of UCE. You may report UCE to uce@ftc.gov

Avoiding SPAM

Mewlan does not give out your email address or any information about you to anyone. See our Privacy policy. SPAMmers collect email addresses off the Internet in a variety of ways. If you use your Mewlan email address when you post a bid at an auction site, sign up for some free service, post messages to chat rooms, bulletin boards, resume listing services - anywhere that is a public forum, you can expect to see UCE as a result.

Many people are wise to this, and sign up for a free email address that they may use instead. When the mailbox starts to get flooded with junk, they switch to another address. They only give out their personal email address to friends and family. We take this for granted with our cell phone numbers; after all, you have to pay to take calls on that cell phone. You only use it for a good reason.

If you have a web page that appears in search engines, and you have used your real email address there, unfortunately SPAMmers will also harvest your email address from there.

Are you a promiscuous emailer? Do you know one? Promiscuous emailers send copies of cute or urgent messages to a list of "friends", often more than 100 people. Some of the people they email will also be promiscuous, and will send the message on to still more people. Almost right away your email address (listed on the CC line of the message) will end up in the inbox of a stranger. Eventually it may end up in the hands of a person who contributes these addresses to a SPAMmer.

Free Upgrade, absolutely Free!

Most of these SPAM messages have a link to click on to discover more about what they are selling. Some also have an "unsubscribe" link at the bottom. In some cases this link does not work, but sometimes it does. Many people who study SPAM have discovered that the unsubscribe link, should you use it, will actually tell the SPAMmer that the message reached a real human being. Congratulations! Your email address just quadrupled in value.

"Good" mailing lists and promotional lists send a confirmation message to the email address entered. They will not add your email address to the service unless you reply to the message. This assures that you were the person who submitted the request, and that you really do want to subscribe.

Subscribing a friend to such a service is not a nice thing to do. If you think that they may be interested, send them a link to the page where you read about the service.

The worst case we have seen included an 800 number to call to  unsubscribe from the list. Anyone who called that number not only verified their email address, they gave the perpetrators their phone number, via caller ID.

We suggest that you not use the unsubscribe link unless you can see that this is a valid mailing list or it is related to a company you recognize. Bear in mind that you may in fact have subscribed to some free service and agreed to receive information email or a newsletter of some kind. If you recognize the name of the company, you can assume that the unsubscribe link will work.

Blocking SPAM

There are a variety of services and programs that will help you block SPAM.

You must understand that while Mewlan will make a good faith effort to stop major flows of this stuff, we will never be able to block all of it. The SPAM Detectives section below explains why this is so.

If you decide to use a program to block SPAM yourself, you will begin to appreciate how difficult it can be to block only UCE, and nothing else.

The first step in understanding how these programs work is to understand how email works in general. Postal mail is a good analogy: When mail for you arrives at the post office, they place it in your mailbox. When you pick up the mail, it is in your hand, and no longer in your mailbox. If you are using an email client like Netscape Communicator, Microsoft Outlook Express, Eudora, or Incredimail, this is exactly what you are doing. You are picking the mail up and storing it on your own machine.

Roll-your-own filters

Most mail clients allow you to define custom Filters that will process your email in a certain way, based on rules that you program into the filter. Filters are based on looking for certain strings in the Headers, subject, or body, or the mail message.

This is the least expensive and safest solution, if implemented properly; but it is only as effective as the amount of effort you are willing to put into it.

Pick your email client and learn how to set up your own Filters: Outlook Express, Eudora, Netscape Communicator.

Service providers are supposed to be accountable for some moderate level of security. Criminal activity through an Internet connection is still criminal. When you log into the Mewlan network, you must use a username and password. This is called authentication. When you pick up your email you also use authentication.

Sending email, SMTP (Simple Mail Transport Protocol), does not use authentication. The ISP must use other means, such as assuring that you are sending email from an account that is currently Authenticated on the network, to assure security.

Server based solutions

Server based SPAM blocking services either provide a mailbox for you on another server, or check the mail on your existing server.

Some require that you use a special email address, hosted by the them, so that they can clean out the email for you. They then forward the email to your real email address, or store it for you to pick up with a regular email program. You could also have your ISP forward all of your email to that server, where you would pick it up, from a mailbox provided by them.

This is the easiest type of service to use, but in most cases you are not able to review the messages that were cleaned out.

advantages

bulletEase of use after setting it up.
bulletPaid services will keep an up to date list of what to block (more effective blocking).
bulletFiltering works even when you are not connected.

problems

bulletPossibly changing your email address.
bulletGiving up control over what to filter.
bulletYou may have privacy concerns.

Examples of this type of service are:

bulletDespammed.com
bulletSpamfree.net
bulletActivatormail.com

Client based solutions

There are email programs that can scan your email for SPAM and delete it from your mailbox before you pick up your email. They work a lot like an email client, except that they scan the address, subject line, and body of the message for something that matches one of a list of profiles for a SPAM message. They then send instructions to the mail server to either pick up or delete that message.

If the program picks up the message, it stores it so that you can review the massages and recover any that should have been delivered as legitimate email. This allows you to add "friends" filters that will always preserve the email that you want to receive.

When you check your email with your regular mail client (Outlook, Netscape, or Eudora, for example) your mailbox has been cleaned out.

advantages

bulletKeep your existing email address/
bulletNo change to the way you use email.
bulletPaid services will keep an up to date list of what to block (more effective blocking).

problems

bulletThe SPAM filter must be allowed time to check and clean your email before you check it with your normal email client.
bulletThe client still spends time and the bandwidth of your Internet connection to sample and filter your email.

This type of mail filter is ideal, because you have a lot of control over what you want to receive. It does require some minding though. For example, a friend may type "XXX" or "****" or "teen lust" into a mail message, or forward something that they found funny to you. Unless you have added them to your Friends list, the message will be cleaned out of your mail box. You must review your SPAM program list of bad messages regularly to assure that you are not missing legitimate messages.

Examples of this type of service are:

bulletSpamkiller
bulletMailwasher

There are several hundred other programs, some free, some for a modest fee, that you can evaluate at your favorite download site. Some come with a list of ready-made filters. Others require that you build your own.

WARNING: If you receive messages that appear to be related to child pornography, you must not forward the messages. Doing so is a violation of federal laws. Please contact the nearest FBI field office by telephone to report the incident. Do not delete the message from your system until you get instructions from the FBI. Kansas City Field offices are here.

Reporting SPAM

The secret to success in reporting SPAM is in reporting it to the right party. Mewlan does not allow our customers to engage in UCE activities, even if they use another mail server to do this. So, unless someone has slipped by our notice, we are not a source of SPAM. (On occasion someone will violate our acceptable use policy. They will not get too far into this before we identify the activity and lock down their ability to send email or even lock the account out entirely. We then contact them, explain the problem, and give them a single warning. If they repeat the activity, we cancel their service.)

While the best thing to do is to penalize the server that sent the message, it is not always possible to do so. Servers who do this for a living are obviously not going to pay any attention to your complaint. There are no laws that apply universally to SPAM, and any U.S. laws that might be applied, will not apply to servers outside the United States. Complaining to your service provider may help if they are able and willing to block abusive servers. Mewlan does this, but there are limits to what we can do. If the message really did come from an account on a major ISP or mail provider, we cannot block them.

Whoever you report the SPAM to, you must include the full headers of the offending message in the complaint. When you report SPAM, the most useful addresses are postmaster, and abuse. If you get UCE from a yahoo account, for example, forward the message with full headers to abuse@yahoo.com. Yahoo actually does have an active abuse prevention system, but some always slips through because it is a free, and essentially anonymous email service.

Mewlan examines mail messages sent to spam@Mewlan.com. We see patterns of hundreds of messages being sent from a given server, which we then block from sending any email to Mewlan.

There are also anti-spam organizations that you can join, most notably spamcop.net, which collect information about SPAMmers and attempt to fight back. Spamcop also provides filtering and tips on how to do it yourself.

Mewlan, like most ISPs, cannot block individual email addresses from sending email to you. We block servers, by IP address. This is sometimes like hitting an gnat with a sledgehammer, but with 3,000 to 5,000 messages to process each day there is only so much we can do.

SPAM Detectives

If you have any questions about the character or motives of people who send you all of this SPAM, you need only look at the methods they use to deceive your ISP, and you. SPAMmers take advantage of inexperienced mail server operators to blanket the world with UCE. We often trace SPAM to a mail server running at a school or some small company where the server administrator is a novice who has left the server open so that anyone can send email through it. There are also ISPs that explicitly allow UCE, or tolerate it.

Including the full headers of a mail message.

Outlook

Select the SPAM message so it is highlighted. Click on Forward. Click on the View menu and select All Headers. Type in the email address to send the complaint to and click on the Send button.
Netscape

Double click on the SPAM message. Click on the View menu, go to Headers, and select All. Then click on Forward, type in the email address to send the complaint to and click on the Send button.
Eudora

Double click on the SPAM message. In the new window, click on the Blah Blah Blah button. Then click the Forward button, enter the address to send the complaint to and click on the Send button

HELO is the standard command to post a message from a mail client to a mail server. Look for the HELO line to discover the point where the message was actually transferred.

Reading message headers can be confusing. A typical mail message transits many networks, and some are relayed through various servers along the way. This contributes to the difficulty of effective blocking. The sample message below illustrates some of the clues to discovering where the message really came from.

In this case the sending domain terra.com.ar matches the return address of the sender. The HELO statement helps you zero in on the transit point. The IP Address on the HELO line is 213.49.35.61, the actual address of the server. Click here to see the identity of the server from Samspade.org.

 
Return-Path: <Rosamaria1822w87@terra.com.ar> 
Delivered-To: User@Mewlan.com 
Received: (qmail 5860 invoked by alias); 6 Jul 2002 08:14:30 -0000 
Delivered-To: alias-filterme-request@mewlan.com 
Received: (qmail 5768 invoked by uid 0); 6 Jul 2002 08:14:29 -0000 
Received: from eudsloffice-213-49-35-61.antwerp.kpn.be (HELO terra.com.ar) (213.49.35.61) 
          by Mewlan.com with SMTP; 6 Jul 2002 08:14:29 -0000 
Reply-To: <Rosamaria1822w87@terra.com.ar> 
Message-ID: <005d32b22b7d$8452b2a0$3ab64ae0@xdyrdd> 
From: <Rosamaria1822w87@terra.com.ar> 
To: <Undisclosed Recipients>
Subject: Foreign currency 4026XBmE7-6-10 
Date: Sat, 06 Jul 0102 18:00:28 -1000 
MiME-Version: 1.0 
Content-Type: multipart/mixed; 
        boundary="----=_NextPart_000_00D1_30B07E7C.A8151B48" 
X-Priority: 3 (Normal) 
X-MSMail-Priority: Normal 
X-Mailer: eGroups Message Poster 
Importance: Normal

If you can identify the sending server, you will likely find an email address to complain to.

About half way down the page, you begin to see identifying information, and contact information for the network, if not the particular server that sent the message. In particular:

e-mail:       hostmaster@kpnqwest.net
trouble:      +-------------------------------------------+
trouble:      | Operational issues:  noc@kpnqwest.net     |
trouble:      | Peering issues:      peering@kpnqwest.net |
trouble:      | Abuse and SPAM:      abuse@kpnqwest.net   |
trouble:      +-------------------------------------------+

Here is an email address, abuse@kpnqwest.net, where you can send a complaint about the SPAM message.

The following example transited two servers on it's way to Mewlan.

 
Return-Path: <pfzlg@cs.ucl.ac.uk> 
Delivered-To: User@mewlan.com 
Received: (qmail 651 invoked by alias); 6 Jul 2002 01:16:32 -0000 
Delivered-To: alias-filterme-user@mewlan.com 
Received: (qmail 588 invoked by uid 0); 6 Jul 2002 01:16:31 -0000 
Received: from unknown (HELO mail.wangtong.net) (202.108.163.202) 
          by mewlan.com with SMTP; 6 Jul 2002 01:16:31 -0000 
Received: (qmail 28327 invoked by uid 0); 5 Jul 2002 21:42:21 -0000 
Received: from unknown (HELO cfmu.eurocontrol.be) (195.117.16.226) 
          by mail.wangtong.net with SMTP; 5 Jul 2002 21:42:21 -0000 
To: <Undisclosed Recipients> 
From: "Weedman" <pfzlg@cs.ucl.ac.uk> 
Subject: Call anytime, catch a buzz 
Date: Fri, 05 Jul 2002 14:47:57 -1900 
MIME-Version: 1.0 
Content-Type: text/plain; 
        charset="Windows-1252" 
Content-Transfer-Encoding: 7bit

The sender's address and return path match, and they do not appear to be related to the server domain. The message was actually posted to eurocontrol.be, transferred to wangtong.net, then delivered to Mewlan

Use Samspade.org to look up the IP addresses: 195.117.16.226 and 202.108.163.202 for identifying information.

Frequently Asked Questions

In case you do not wish to read all of this information, here are quick links to answers to the most commonly asked questions.

bulletHow did these people get my email address if Mewlan did not give it out to them?
bulletI want this SPAM to stop right now!
bulletIf you are not giving out email addresses, how come I see messages with lists of Mewlan addresses in the address line?
bulletI keep trying to unsubscribe from this, but it does not work.
bulletWhen I reply to this spam, the message bounces.
bulletThis message says it is from me!
bulletI am getting a bunch of bounced messages that I did not send.
bulletThere has got to be a way to block this pornographic email from my mailbox!
 

How did these people get my email address if Mewlan did not give it out to them?

Mewlan has a very strict policy regarding your privacy. We do not give out your email address or any personal information. See our Privacy Policy. SPAMmers use a variety of methods to collect email addresses. There are even software "robots" that gather addresses from web pages that appear in search engines and in public forums.

I want this SPAM to stop right now!

The simplest way to stop SPAM is to change your email address at Mewlan. You may do this by calling us. You should avoid using common names in your email address. The more obscure your address the better. Think of something like the first three letters of your first name and the first four letters of your last name. This will be easy enough for friends and family to understand, but hard for SPAM robot programs to test out. You should also be aware of the tips in the Avoiding SPAM section of this article. [BACK]

If you are not giving out email addresses, how come I see messages with lists of Mewlan addresses in the address line?

The simple answer to this is that computers are good at sorting things. The methods used to collect the addresses are described in Avoiding SPAM. It is very impolite to place these addresses in plain view, so that every recipient learns the email addresses of other people on the list, but who expects any courtesy from SPAMmers? [BACK]

I keep trying to unsubscribe from this, but it does not work.

Many if not most SPAMmers unsubscribe links do not work. Removal services for legitimate subscriptions services do work. It is sometimes difficult to tell the difference. Most experts advise that you should NOT use the unsubscribe function unless you recognize the name of the outfit that send you the message. Some SPAMmers actually use this to confirm that your email address is valid, and this bumps your address to the premium list of addresses for sale. [BACK]

When I reply to this spam, the message bounces.

SPAMmers commonly make up a bogus address and insert it into the From address of the message. We now see bogus From addresses selected from another email address at your ISP, or even your email address. There is little we can do about this without interfering with the delivery of legitimate email. [BACK]

This message says it is from me!

SPAMmers commonly make up a bogus address and insert it into the From address of the message. We now see bogus From addresses selected from another email address at your ISP, or even your email address. There is little we can do about this without interfering with the delivery of legitimate email. [BACK]

There has got to be a way to block this pornographic email from my mailbox!

There are methods you can use to block most unsolicited email from your mailbox. There is no way to block all of it, and any service that promises to block all of it is unrealistic. Computers are clever at sorting and math, but only a human being can understand exactly what you want to see. That human being is most likely you. The Blocking SPAM section of this article explains some of the options. Most people agree that you should neither want nor expect your service provider to assume the role of guardian, choosing for you what messages are appropriate or not. All you service provider can do is watch for servers on the Internet who abuse our system and customers by sending thousands of identical messages to our customers, who then complain to us; we block those servers. [BACK]