What to Do if Your E-mail Account Gets Compromised

Symptoms:
People listed in your e-mail contacts report being flooded with spam messages sent from your account. Or, you start receiving a bevy of "bounced" e-mails from random addresses you don't know. You aren't able to log into your account or change its settings, or you've discovered the settings have been altered. You attempt to use e-mail, and find it has been blocked by your provider.

Diagnosis:
Start with the obvious: If your password no longer works for your e-mail account (and it's definitely the correct password), you can be almost certain that someone else has taken control of it. And if your e-mail provider has blocked you completely, it's probably because your account was spewing out spam by the millions, forcing your provider to shut it down until you regain control. This is a good thing, and you'll get it back. Likewise, learning from friends that your account has let loose a firehose of spam (which sometimes can be verified by checking the Sent messages folder in your account) pretty much confirms that some scumbag has figured out your password. Losing control of your mail and password combo can be especially calamitous if, like far too many people, you use the same ones for all the online sites and services you use, such as social networking, banking and PayPal. Even the dumbest hacker will do a quick e-mail search in your account to scrape for login info on other sites, and, in no time, will assemble a pretty good portfolio on you. Depending on the ambition and skill set of the hacker, on the time between when your account was compromised and when you discovered it, and on how secure your various online accounts are, your level of pain may fall anywhere between minor annoyance to personal and financial meltdown. Time is of the essence, and don't underestimate how deep this thing can go.

Bounced messages are the digital equivalent of "return to sender, address unknown." On their own, bounced e-mails from strangers usually mean that a professional spammer has been sending spam with your e-mail address in the reply-to field (a process called "spoofing"), and hasn't actually breached your e-mail account. It's a crucial difference; having your account password compromised means your entire collection of e-mail correspondence has been exposed, while a spammer spoofing your address doesn't actually control anything. Unfortunately, while it's often possible to take back control of an infiltrated e-mail account (see below), once a spammer begins spoofing, you have no real recourse.

Causes:
While there aren't any hard and fast figures on what the number one cause of e-mail infiltration is, the overarching theme usually points to one extremely weak link: user behavior. Despite the many ways an e-mail account can be hacked, the one common element is that you, the owner, essentially allow it.

Every few years, studies show that the one reason spam is still so prevalent is because it actually works -- a percentage of knuckleheads can always be expected to open a spam message, read it, and be tempted by whatever wares or schemes are offered. Of course, many of those e-mails (and sometimes pop-up windows from strangers on IM, Skype and similar apps) are actually phishing attacks that dupe recipients into believing they've been sent a legitimate message from a business or friend. Naive users will then reply with the requested login information.

A fair number of people also think nothing of checking their e-mail on a public computer -- in a library, electronics store or Internet cafe -- and simply neglect to log out. It's a momentary lapse of reason (particularly since we don't recommend checking e-mail on any public computer), and can be the equivalent of walking away from an ATM right after entering your password.

The other gargantuan user misstep is having weak, easily determined passwords, or using the same combination of login e-mail addresses and passwords across different sites. If a hacker breaks into one site, they can quickly try the same logins on all the popular sites -- to potentially devastating effect. But, before you beat yourself up, it's also possible that your login information has been stolen because your PC, or one you've used, has been infected with spyware or some other assorted malware. (See our related story for more info.)


Treatment:
Depending on the kind of hack you've been dealt, the treatment may be as simple as logging in, and changing your settings and password. Or it may entail agonizingly repeated attempts to lock out a persistent hacker, potentially killing off your account altogether. But you should never just give up and ditch the account without trying to deal with it first.

If you aren't able to log in, you're likely going to have to go through some frustrating hoop jumping. Conveniently, Twitter's help page has a handy list of links for all the major e-mail services' support pages.

Each service has its own method for determining that you are who you say you are, and are not the person who hacked -- or is planning to hack -- your account. Besides pre-set security questions, they may ask specific details about messages you've sent, and even the exact day you set up the account. If you don't have a copy of your initial registration e-mail, try contacting a close friend whom you would have e-mailed at the time, and ask them to dig into their archives for your early missives.

If you can log in:

Make sure your PC is current with OS updates and anti-virus/malware software. Otherwise, if it has been infected by malware that spies on you, it will continue to transmit your info to whichever hacker has infiltrated your accounts. If you aren't completely sure your PC is clean, then don't do any of the following. Any changes you attempt to make could be forwarded on by malware, too.
Depending on how your account has been abused, you may not need to contact everyone spammed by your hacked e-mail. (Your scam-savvy friends will recognize bogus messages as spam.) But, if there is a personal appeal for money -- saying you're stuck traveling and need cash, or are hurt and in a hospital -- or if malware was attached, you should send word to your contact list to delete those messages ASAP.
Set up at least two new e-mail addresses. Use your original e-mail address for personal or business communication as you'd normally do. The secondary e-mail address is insurance against future hacks; use it to communicate with your service provider, since many now ask for an alternative address as added protection. Then, use a third e-mail address only for registering for sites, newsletters, online shopping and other services. It may seem paranoid and excessive (hey, that's us!), but the idea is to compartmentalize your online life a bit. That way, each "world" has its own discrete e-mail account, and will minimize the damage that can be done by any future hacks. Most importantly, though: use a different and strong password for each account -- one that is at least six characters long, and is a combination of letters, numbers and capitals/lowercase. It sounds difficult, but it isn't. It'll help prevent any hacker from gaining access to all of your data simply by infiltrating one site.

On a secure PC, log into your e-mail and then check whether or not any of the settings have been changed by a hacker. Smart hackers may set your account to notify them of any changes, so that they can go back in and switch things again. Check whether or not a signature has been added, and whether your account has been set to forward e-mail to another address that isn't yours or to run a filter that automatically forwards e-mails or attaches a file. If any of those settings have been altered, delete the new settings.
Once you have changed the settings, create a new password, and add your secondary e-mail account as your alternative address.

Going forward, never list your main e-mail address publicly anywhere online -- in forums, in online ads, on blogs or any place where they can be harvested by spammers. Use only your "registration" address, and keep it separate from your main address book.

Don't use public computers to check e-mail; there's virtually no way to know if they are infected with malware accidentally, or have keylogging spyware installed intentionally. But if you absolutely must use e-mail on a public computer, set up an extra account before you leave and change the password regularly.

Antispam Policy

You can use our software for performing only legal activity on the Internet. You can not use it for spamming (SPAM) because spamming is an illegal activity. If we find out that you are using our program for spamming (as defined Mass Unsolicited email sending) your license will become null and void and will be revoked immediately.

The Definition of SPAM: The word SPAM as applied to Email means Unsolicited Bulk Email (UBE). Unsolicited means that the Recipient has not granted verifiable permission for the message to be sent. Bulk means that the message is sent as part of a larger collection of messages, all having substantively identical content. A message is SPAM only if it is both Unsolicited and Bulk. Unsolicited Email is normal email (examples include first contact enquiries, job enquiries, sales enquiries, etc.) Bulk Email is normal email (examples include subscriber newsletters, discussion lists, information lists, etc.).

Technical Definition of SPAM: An electronic message is SPAM IF: 

(1) the recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients; AND

(2) the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent; AND

(3) the transmission and reception of the message appears to the recipient to give a disproportionate benefit to the sender. 

Examples of legal usage of Internet related software:

	sending invoices, order status notifications to customers who purchased your services or products;
	sending information about your services, products, special offers or price lists to users as replies to their inquiries;
	sending newsletters to the users who wittingly subscribed to your mailing lists and wants to receive your regular newsletters;
	sending email notifications and announcements to customers who chose to receive them.

Please, be aware that we fight against people who use our software to send SPAM. We do not participate ourselves in any spam campaigns and explicitly prohibit spamvertizing of our software, whether separately or with any other software. We prohibit mentioning our software or inserting links to our web site in any spam messages.

What is not SPAM?

 Answer: Generally speaking there is no clear definition of black and white of what can be considered Spam and what is not. However, when you follow a few simple guidelines you will be able to devise a simple, concise non-Spamming policy that will help you develop a long term relationship with your clients.

As you must know, customer is always right. Gaining a customer is very hard, but loosing one is easy. This is especially true about loyal long-term relationships. When you send emails, always think how would you react after receiving this email. To make it easier for you, here are a few guidelines to follow:

• Allow Unsubscribe. When you send many emails to different people, some of them might want you to stop doing so, for various reasons. For example if you are sending a daily newsletter on some subject, they might be no longer interested in or promoting new products or services that are clearly not for them. In such cases, people should have an easy way to unsubscribe themselves from the list and stop getting the emails. You should always include a disclaimer in the very front of the message, telling the user how to unsubscribe from this mailing list. You might even consider an automatic unsubscribe processing, by setting up a web form or a certain return address for that purpose.
• Identify yourself. Spammers often use unidentifiable return addresses and never put their names in the message. To differentiate yourself from them, identify your message and remind people, that this mail is not sent unsolicited. When they know who is it coming from and they understand they chose to receive it, they will not be annoyed or offended by your messages.
• Don't send large messages. Remember that a vast majority of people do not have fast internet connection and are still using slow modems to log in to the internet. If they will spend considerable amount of time waiting for your messages, even if they subscribed to the list and consented to receive email from you, they will still be annoyed and will leave your subscriber list. Moreover, not only you are putting pressure on the end user, but also using ISP's precious CPU time and data storage, to process and hold your messages. Thus, the smaller the message, the easier it will be for the user to load it. As a guideline, anything bigger than 100Kb would be considered big for the email message. In case you want to send large messages, consider leaving a link to your web site, where the content may be downloaded instead of attaching it to the email. In the worst case, warn the users they will be receiving large emails from you periodically.
• Talk to the customer, not at the customer. Try to personalize your messages to the customer, collect his/her interests. At the very minimum, you should know the name of the person you are trying to address. Emails starting with something like: "Dear sir or Madam", or "Hi" are not very good. The more you know about people doing business with you, the more profitable business it will be. You will be able to target your letters more precisely and get more response.
• Don't send confidential information. Regular, unencrypted email message is still considered an unsecured medium of communication. Don't send your customers private information using an email. Things like credit card's number, postal address and so on, should not be mentioned in your email messages.

Following the above guidelines will make clear difference between your messages sent to subscribed users and blunt Spam circulating in thousands all over the internet. The main rule to follow is, if majority of your subscribers think you start Spamming them, you should urgently reconsider your policy, because you will start losing your customers very quickly.

Spam (electronic)

Spam is the use of electronic messaging systems (including most broadcast media, digital delivery systems) to send unsolicited bulk messages indiscriminately. While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social networking spam, television advertising and file sharing network spam.
Spamming remains economically viable because advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for their mass mailings. Because the barrier to entry is so low, spammers are numerous, and the volume of unsolicited mail has become very high. The costs, such as lost productivity and fraud, are borne by the public and by Internet service providers, which have been forced to add extra capacity to cope with the deluge. Spamming is universally reviled, and has been the subject of legislation in many jurisdictions.

People who create electronic spam are called spammers

source: http://en.wikipedia.org/wiki/Spam

4 Simple Steps to Reporting Spam

Over the years reporting spam has gotten ridiculously easy to the point where all tha tis needed is the original email so that it can be forwarded to a "reporting" organization. 
Due to its "Snake Oil" characteristics, the FTC (Federal Trade Commission) has a spam reporting center to investigate spam.  Some state attorney general's also investigate spammers so check with your local office.
Here are 4 simple steps to reporting spam: 
1. Get an account at SpamCop.net. To report the spam that does gets passed the filter.
2. Use the email generated from SpamCop.net and now automatically forward all messages with "Spam Alert" in the subject to the Spam Cop email.
3. Get the Government involved.  The FTC is also a place to report spam, so add uce@ftc.gov to the recipients list of the email.
4. (optional) To go the extra mile, you can Decipher the Email Header and send the spam email to the actual ISP who allowed the spam to go through their network.

How do spammers harvest email addresses ?

There are many ways in which spammers can get your email address. The ones I know of are :

1. From posts to UseNet with your email address.
   Spammers regularily scan UseNet for email address, using ready made programs designed to do so. Some programs just look at articles headers which contain email address (From:, Reply-To:, etc), while other programs check the articles' bodies, starting with programs that look at signatures, through programs that take everything that contain a '@' character and attempt to demunge munged email addresses.
   There have been reports of spammers demunging email addresses on occasions, ranging from demunging a single address for purposes of revenge spamming to automatic methods that try to unmunge email addresses that were munged in some common ways, e.g. remove such strings as 'nospam' from email addresses.
   As people who where spammed frequently report that spam frequency to their mailbox dropped sharply after a period in which they did not post to UseNet, as well as evidence to spammers' chase after 'fresh' and 'live' addresses, this technique seems to be the primary source of email addresses for spammers.
   
2. From mailing lists.
   Spammers regularily attempt to get the lists of subscribers to mailing lists [some mail servers will give those upon request],knowing that the email addresses are unmunged and that only a few of the addresses are invalid.
   When mail servers are configured to refuse such requests, another trick might be used - spammers might send an email to the mailing list with the headers Return-Receipt-To: or X-Confirm-Reading-To: . Those headers would cause some mail transfer agents and reading programs to send email back to the saying that the email was delivered to / read at a given email address, divulging it to spammers.
   A different technique used by spammers is to request a mailing lists server to give him the list of all mailing lists it carries (an option implemented by some mailing list servers for the convenience of legitimate users), and then send the spam to the mailing list's address, leaving the server to do the hard work of forwarding a copy to each subscribed email address.
   [I know spammers use this trick from bad experience - some spammer used this trick on the list server of the company for which I work, easily covering most of the employees, including employees working well under a month and whose email addresses would be hard to findin other ways.]
   
3. From web pages.
   Spammers have programs which spider through web pages, looking for email addresses, e.g. email addresses contained in mailto: HTML tags [those you can click on and get a mail window opened]
   Some spammers even target their mail based on web pages. I've discovered a web page of mine appeared in Yahoo as some spammer harvested email addresses from each new page appearing in Yahoo and sent me a spam regarding that web page.
   A widely used technique to fight this technique is the 'poison' CGI script. The script creates a page with several bogus email addresses and a link to itself. Spammers' software visiting the page would harvest the bogus email addresses and follow up the link, entering an infinite loop polluting their lists with bogus email addresses.
   For more information about the poision script, see http://www.monkeys.com/wpoison/
   
4. From various web and paper forms.
   Some sites request various details via forms, e.g. guest books & registrations forms. Spammers can get email addresses from those either because the form becomes available on the world wide web, or because the site sells / gives the emails list to others.
   Some companies would sell / give email lists filled in on paper forms, e.g. organizers of conventions would make a list of participants' email addresses, and sell it when it's no longer needed.
   Some spammers would actually type E-mail addresses from printed material, e.g. professional directories & conference proceedings.
   Domain name registration forms are a favourite as well - addresses are most usually correct and updated, and people read the emails sent to them expecting important messages.
   
5. Via an Ident daemon.
   Many unix computers run a daemon (a program which runs in the background, initiated by the system administrator), intended to allow other computers to identify people who connect to them.
   When a person surfs from such a computer connects to a web site or news server, the site or server can connect the person's computer back and ask that daemon's for the person's email address.
   Some chat clients on PCs behave similarily, so using IRC can cause an email address to be given out to spammers.
   
6. From a web browser.
   Some sites use various tricks to extract a surfer's email address from the web browser, sometimes without the surfer noticing it. Those techniques include :
   
   1. Making the browser fetch one of the page's images through an anonymous FTP connection to the site.
      Some browsers would give the email address the user has configured into the browser as the password for the anonymous FTP account. A surfer not aware of this technique will not notice that the email address has leaked.
      
   2. Using JavaScript to make the browser send an email to a chosen email address with the email address configured into the browser.
      Some browsers would allow email to be sent when the mouse passes over some part of a page. Unless the browser is properly configured, no warning will be issued.
      
   3. Using the HTTP_FROM header that browsers send to the server.
      Some browsers pass a header with your email address to every web server you visit. To check if your browser simply gives your email address to everybody this way, visit http://www.cs.rochester.edu/u/ferguson/BrowserCheck.cgi
      
   It's worth noting here that when one reads E-mail with a browser (or any mail reader that understands HTML), the reader should be aware of active content (Java applets, Javascript, VB, etc) as well as web bugs.
   An E-mail containing HTML may contain a script that upon being read (or even the subject being highlighted) automatically sends E-mail to any E-mail addresses. A good example of this case is the Melissa virus. Such a script could send the spammer not only the reader's E-mail address but all the addresses on the reader's address book.
   http://www.cert.org/advisories/CA-99-04-Melissa-Macro-Virus.html
   A web bugs FAQ by Richard M. Smith can be read at http://www.tiac.net/users/smiths/privacy/wbfaq.htm
   
7. From IRC and chat rooms.
   Some IRC clients will give a user's email address to anyone who cares to ask it. Many spammers harvest email addresses from IRC, knowing that those are 'live' addresses and send spam to those email addresses.
   This method is used beside the annoying IRCbots that send messages interactively to IRC and chat rooms without attempting to recognize who is participating in the first place.
   This is another major source of email addresses for spammers, especially as this is one of the first public activities newbies join, making it easy for spammers to harvest 'fresh' addresses of people who might have very little experience dealing with spam.
   AOL chat rooms are the most popular of those - according to reports there's a utility that can get the screen names of participants in AOL chat rooms. The utility is reported to be specialized for AOL due to two main reasons - AOL makes the list of the actively participating users' screen names available and AOL users are considered prime targets by spammers due to the reputation of AOL as being the ISP of choice by newbies.
   
8. From finger daemons.
   Some finger daemons are set to be very friendly - a finger query asking for john@host will produce list info including login names for all people named John on that host. A query for @host will produce a list of all currently logged-on users.
   Spammers use this information to get extensive users list from hosts, and of active accounts - ones which are 'live' and will read their mail soon enough to be really attractive spam targets.
   
9. AOL profiles.
   Spammers harvest AOL names from user profiles lists, as it allows them to 'target' their mailing lists. Also, AOL has a name being the choice ISP of newbies, who might not know how to recognize scams or know how to handle spam.
   
10. From domain contact points.
    Every domain has one to three contact points - administration, technical, and billing. The contact point includes the email address of the contact person.
    As the contact points are freely available, e.g. using the 'whois' command, spammers harvest the email addresses from the contact points for lists of domains (the list of domain is usually made available to the public by the domain registries). This is a tempting methods for spammers, as those email addresses are most usually valid and mail sent to it is being read regularily.
    
11. By guessing & cleaning.
    Some spammers guess email addresses, send a test message (or a real spam) to a list which includes the guessed addresses. Then they wait for either an error message to return by email, indicating that the email address is correct, or for a confirmation. A confirmation could be solicited by inserting non-standard but commonly used mail headers requesting that the delivery system and/or mail client send a confirmation of delivery or reading. No news are, of coures, good news for the spammer.
    Specifically, the headers are -
     Return-Receipt-To: which causes a delivery confirmation to be sent, and
     X-Confirm-Reading-To: which causes a reading confirmation to be sent.
    Another method of confirming valid email addresses is sending HTML in the email's body (that is sending a web page as the email's content), and embedding in the HTML an image. Mail clients that decode HTML, e.g. as Outlook and Eudora do in the preview pane, will attempt fetching the image - and some spammers put the recipient's email address in the image's URL, and check the web server's log for the email addresses of recipients who viewed the spam.
    So it's good advice to set the mail client to *not* preview rich media emails, which would protect the recipient from both accidently confirming their email addresses to spammers and viruses.
    Guessing could be done based on the fact that email addresses are based on people's names, usually in commonly used ways (first.last@domain or an initial of one name followed / preceded by the other @domain)
    Also, some email addresses are standard - postmaster is mandated by the RFCs for internet mail. Other common email addresses are postmaster, hostmaster, root [for unix hosts], etc.
    
12. From white & yellow pages.
    There are various sites that serve as white pages, sometimes named people finders web sites. Yellow pages now have an email directory on the web.
    Those white/yellow pages contain addresses from various sources, e.g. from UseNet, but sometimes your E-mail address will be registered for you. Example - HotMail will add E-mail addresses to BigFoot by default, making new addresses available to the public.
    Spammers go through those directories in order to get email addresses. Most directories prohibit email address harvesting by spammers, but as those databases have a large databases of email addresses + names, it's a tempting target for spammers.
    
13. By having access to the same computer.
    If a spammer has an access to a computer, he can usually get a list of valid usernames (and therefore email addresses) on that computer.
    On unix computers the users file (/etc/passwd) is commonly world readable, and the list of currently logged-in users is listed via the 'who' command.
    
14. From a previous owner of the email address.
    An email address might have been owned by someone else, who disposed of it. This might happen with dialup usernames at ISPs - somebody signs up for an ISP, has his/her email address harvested by spammers, and cancel the account. When somebody else signs up with the same ISP with the same username, spammers already know of it.
    Similar things can happen with AOL screen names - somebody uses a screen name, gets tired of it, releases it. Later on somebody else might take the same screen name.
    
15. Using social engineering.
    This method means the spammer uses a hoax to convince peopleinto giving him valid E-mail addresses.
    
16. A good example is Richard Douche's "Free CD's" chain letter. The letter promises a free CD for every person to whom the letter is forwarded to as long as it is CC'ed to Richard.
    Richard claimed to be associated with Amazon and Music blvd, among other companies, who authorized him to make this offer. Yet hesupplied no references to web pages and used a free E-mail address.
    All Richard wanted was to get people to send him valid E-mail addresses in order to build a list of addresses to spam and/or sell.
    
17. From the address book and emails on other people's computers.
    Some viruses & worms spread by emailing themselves to all the email addresses they can find in the email address book. As some people forward jokes and other material by email to their friends, putting their friends' email addresses on either the To: or Cc: fields, rather than the BCc: field, some viruses and warms scan the mail folders for email addresses that are not in the address book, in hope to hit addresses the computer owner's friends' friends, friends' friends' friends, etc.
    If it wasn't already done, it's just a matter of time before such malware will not only spam copies of itself, but also send the extracted list of email addresses to it's creator.
    As invisible email addresses can't be harvested, it's good advice to have the email addresesses of recipients of jokes & the like on BCc:, and if forwarded from somebody else remove from the email's body all the email addresses inserted by the previous sender.
    
18. Buying lists from others.
    This one covers two types of trades. The first type consists of buying a list of email addresses (often on CD) that were harvested via other methods, e.g. someone harvesting email addresses from UseNet and sells the list either to a company that wishes to advertise via email (sometimes passing off the list as that of people who opted-in for emailed advertisements) or to others who resell the list.
    The second type consists of a company who got the email addresses legitimately (e.g. a magazine that asks subscribers for their email in order to keep in touch over the Internet) and sells the list for the extra income. This extends to selling of email addresses acompany got via other means, e.g. people who just emailed the companywith inquiries in any context.
    The third type consist of technical staff selling the email address for money to spammers. There was a news story about an AOL employee who sold AOL email addresses to a spammer.
    
19. By hacking into sites.
    I've heard rumours that sites that supply free email addresses were hacked in order to get the list of email addresses, somewhatlike e-commerce sites being hacked to get a list of credit cards.
    

spammer list

ROKSO collates information and evidence on known hard-line spam operations that have been terminated by a minimum of 3 consecutive Internet Service Providers for serious spam offenses.

200 Known Spam Operations responsible for 90% of your spam.

90% of spam received by Internet users in North America and Europe can be traced via redirects, hosting locations, domains and aliases, to a hard-core group of just 200 known spam outfits, almost all of whom are listed here in the ROKSO database and are operating illegally. These professional spammers are loosely grouped into gangs ("spam gangs") and move from network to network seeking out Internet Service Providers ("ISPs") known for lax enforcing of anti-spam policies.

These are the spammers you definitely do NOT want on your network.

Many of these spam operations pretend to operate 'offshore' using servers in Asia and South America to disguise the origin. Those who don't pretend to be 'offshore' pretend to be small ISPs themselves, claiming to their providers the spam is being sent not by them but by their non-existent 'customers'. Some set up as fake networks, pirate or fraudulently obtain large IP allocations from ARIN/RIPE and use routing tricks to simulate a network, fooling real ISPs into supplying them connectivity. When caught, almost all use the age old tactic of lying to each ISP long enough to buy a few weeks more of spamming and when terminated simply move on to the next ISP already set up and waiting.

ROKSO is a "3 Strikes" register. To be listed in ROKSO a spammer must first be terminated by a minimum of 3 consecutive ISPs for AUP violations. IP addresses under the control of ROKSO-listed spammers are automatically and preemptively listed in the Spamhaus Block List (SBL).

For Law Enforcement Agencies there is a special version of this ROKSO database which gives access to records with information, logs and evidence too sensitive to publish here.

The ROKSO List Known Spam Operation Country Alan Ralsky United States Albert Ahdoot and Alyx Sachs - Net Global Marketing United States Alejandro Otero Argentina Alexey Panov - ckync.com Germany Amadeo Belmonte / Data One Marketing / I Net Values Inc. United States America Find Inc. United States Andrew Amend / US Health Laboratories United States Angelo Tirico United States Anthony ''Tony'' M. Banks United States Australian Porn Mafia Australia Bernard Balan "Merlin" Canada Bill Stanley / telekomeurope.com United States Bill Waggoner United States Bluego Italy Bonnie Dukarossa - Bullet9 Communications United States Brendan Battles / IMG Online / World-Services United States Brian David Westby / Married But Lonely United States Brian Farrow / Yeshost / Hivelocity Ventures United States Brian Haberstroh / Atriks United States Brian Kos / BK Ventures / Internet Promos Canada Brian Kramer / Expedite Media Group United States Briceco, Inc. / Dubeau / Brice United States Bubba Catts United States Calvin Ho / Optin Global Inc. United States Carl Henderson / Ultimate Health United States Charles F. Childs / Ultra Trim / MegaTrim / Grant Gold United States Chris Brown United States Chris Smith / rizler.com United States CPU Guys United States Current Mail / Merchant Central United States Cyrunner / Ernesto Haberli aka Eduardo Warren United States Damon DeCrescenzo - Docdrugs United States Dan Padgham / Chuck DeVoe United States Dana Jones - The Ballman United States Daniel Ivans / isolate.net United States Daniel Khoshnood United States Dave Patton / lightspeedmarketing United States David Lambert - Aztec Internet United States Davis Wolfgang Hawke United States Dean Westbury / Phil Basten Australia DM GROUP / Robert Hicks United States Drew Auman / thebulkclub.com United States ebusinessroad.com / netmail spammers United States Eddie Davidson United Kingdom Eddy Marin - Oneroute United States Eduardo de Souza / hostsolutions.us / hostingsmart.biz United States Elegance Network United States Elmar Brunenieks Latvia Elmed / Nikola Anastasov United States Email Experts / Email Solutions United States Erb Avore / IC Marketing United States Erhard Englhofer Australia Eric Reinertsen United States EvoClix / Larry Tasman / Greg Numark United States Franpro / gtwinc.com / azmalink.net United States FutureVision Communication / sncsi.net United States G-Force Marketing / MegaHits Promoter United States Gaven Stubberfield United States George Rand - Randbad United States Giantweb United States Glen & Stacey McCausland United States Global Internic / NewTLDRegistration.com Canada Gordon Lantz & Gretchen Aitken / emailoffer.net United States Greg Dodson United States Greg Nowakowski United States High Ground Cariló Argentina hispeedmedia.com / adprosolutions.com United States Howard Minsky / TheAdStop.com / ad360.com United States Husein Gandhi India iBiz Success / searchengine-ranking.com United States Ibragimov Ruslan / send-safe.com Russia idatanet.com / cyberispworld.com Canada IMG Direct / Steve Hardigree / Frank Bernal United States Ion Entertainment United States Jace Groves / Kevin Gaston United States Jack Ford / nitronet.net United States James Borzilleri - Torpedomail United States Jason Vale - Apricot Seeds United States Jeffrey Peters - JTel / CPU Solutions United States Jody Smith - Power Web Enterprises United States John Cota / Great Impressions / Best Software Products United States John Grandinetti / 321send.com United States John Hites - ''Steve Sorenson'' / Advertising International United States John Molino / Atlas Data Systems United States Jon Atherton / Supabill Canada Jon Thau / Cyberworks United States Jonathan Beyer / Glamour Media / glamourservers.com United States Jonathan Cosie / MH Partners United States Joshua Baer United States Juan Garavaglia aka Super-Zonda Argentina Kazz Asher / yz3.com / ashernet.net United States Kelly Joe Ellis / WebMark inc / Marketforce inc United States Laura A. Betterly United States Lin Hsien Ming / himailer.com, callin.net, yuya.com.tw Taiwan lmihosting.com United States Louis Kreuzhaler / Cyberspace Reality Argentina Magnum Enterprises / mediatrec.com United States MailTrain United States mailutilities/massmail / Alexander Gorlach Russia Max Sutter / Petadoptions.com United States Melle Brothers United States Michael Krause / eKray United States Michael Lindsay / iMedia Networks United States Michael Tiezzi / Elite Data Direct / elitedatadirect.net United States Mike Cunningham / Andrew Amend / US Health Laboratories United States Mike Van Essen / Global Web Promotions Australia Mike/Mark Hofmann - Search Engine Registration spammer United States Minh Nuyen / One Source Computer Services / bestcheapstuff United States Monsterhut / Beaverhome United States Mortgage spammers United States Mostafa Mansour Canada Neil Goodson aka 'Robert Zimmerman' / DotComChoice United States Neomill / Nick Ceriello United States NetFree, Inc. United States netleads.ws United States NetSetGo/Everblur/Netrica United States online-marketing.ph Philippines Patrick Brady / Jack Vaughn aka Inetdevco United States Patrick English / Electronic List Company United States Paul Boes / boesconsulting.net United States Paul Mentes / Palmnet.com / RxMedical United States Pavka / Artofit Russia Penn Media / Shagmail United States Peter Decaro - bulkingpro.com United States Peter Francis-Macrae United Kingdom Peter Schroebel - SMS/Fullport United States Phil Doroff / Five Elements, Inc United States Philip Adelberg / Interweb Hosting United States Phillip Von Haak / All American United States Quang Dangtran - Whoa Medical United States radisp.net / IQ Enterprises United States ResponseBase United States Ricardo Rodriguez, Milt Rodriguez, Rich Cruz / Cybernet Enterprise United States Richard Burke / DHS Club United States Richard Colbert - y2kisp.com United States Richard Shockley United States Robert Soloway - Newport Internet Marketing United States Robert Todino / RT Marketing United States Roberto Gonzalez Costa Rica Ron Millette / Rons Marketing / ronsonline.com United States Ronnie Scelson United States Rossman & Cole / Next Holdings Group United States Rusty Campbell - DesktopServer United States Rusty Ferguson / Input Output Marketing United States Ryan Champion / AMR Ventures United States Sajemarketing.com / project-x.com.ua / Edward Shcherbakov United States Sam & Adam Meltzer / Stock & Mortgage Spammers United States Sam Al - Bulk ISP Corp United States Sam Roland / Innovasion / FT International United States SAMCO - Bob Galena United States Samson Distributing Inc. (SDI) Daniel Amato United States Scott Hirsch - edirect / naviant United States Scott Phillips / GSD Pinkbits Pbits Australia Scott Richter - OptInRealBig United States Scott Richter - Wholesalebandwidth United States Simon Chan / paid4survey.net United States Simon Wong - thedotnetwork.com Canada Stargate2000 / RW Management / Robert Wagner / Hector Sectzer United States Steven Worrell / Cybernerd Costa Rica Thomas Cowles - Empire Towers United States Thomas Gallman - telysis.net / invisimail.net United States Tim Goyetche / Bulkers.net / Bulkbarn.com Canada Todd Pree United States Tom Tsilionis / Perfect Telecom United States trafficfiend.com United States Trafficmagnet China Tristram Snyder / Yasmin Fortuny / Print Doctor, Inc. United States Tubul / Marcin Dworak Poland Vincent Chan / yoric.net Hong Kong Vincent Kwiatkowski / unixgroup.com / Edrugsource.com United States VP-RX / herbal viagra / penis patch United States Wayne Mansfield Australia Webfinity/Dynamic Pipe Canada Whitcon / uswives Canada World Reach / Randy Jacobs / EMF / Scott Abadjian United States