computerwoche.de

Archiv

Spam: It's payback time!

31.10.2006
Recently, I have been receiving a number of what can best be described as "bounced" e-mails. Trouble is, these e-mails are not originating with me. As anyone can attest who has been bombarded with "delivery failure" notices for e-mails he never sent, identity theft on the Internet is not only about stealing credit card numbers and IDs. It's also about stealing an important commodity: your e-mail and/or domain address so it can be used as a "spoofed" return address for some spammer's large mailing of get-rich-quick stock tips, fake prescription medications or sexual enhancements. We have all been annoyed by this, but when it starts filling your in-box with e-mail rejections, no-such-address notifications and spam-filtered warnings, it's beyond annoying.

So why is this happening? Why can't Microsoft, Yahoo, Google, AOL and other providers of e-mail accounts simply help us put an end to this identity theft and other annoying e-mail practices? And why can't governments get together and stop this garbage? (Perhaps this is one thing the UN could actually agree on!)

Truth is, I don't see this problem being regulated out of existence. And it's unlikely that a technical solution can be brought to bear that any of us would care to live with, at least in the short term. So, I think it's time for us to use "vigilante justice" against the junk e-mail pond scum. Here is what I propose.

Since we can't directly get to the spammers, we need to start punishing the third parties who make all this spam possible through their inaction. Who? The Internet service providers that provide them with connections. How? Very simple. I am sure there are a large number of talented programmers out there reading this right now. Here's what you need to do to help your fellow Internet users, and perhaps all of mankind.

We need an easy-to-use, automated program that does some very simple things. First, it would parse the entire e-mail header information for the originating IP address indicating where the e-mail came from and any other relevant information that can help trace the originator (the domain name may be fictitious, but the IP header is not). Next, I'd like the program to look up (via WhoIs) the owner of the originating IP network. Then I'd like the program to find the e-mail address that can be used to report the spam or hijacked identity (usually something like abuse@domain.com). Finally, the program should send a copy of the message with all pertinent information to that address.

Anyone out there want to take on this challenge?