What to Do if Your E-mail Account Gets Compromised

Symptoms:
People listed in your e-mail contacts report being flooded with spam messages sent from your account. Or, you start receiving a bevy of "bounced" e-mails from random addresses you don't know. You aren't able to log into your account or change its settings, or you've discovered the settings have been altered. You attempt to use e-mail, and find it has been blocked by your provider.

Diagnosis:
Start with the obvious: If your password no longer works for your e-mail account (and it's definitely the correct password), you can be almost certain that someone else has taken control of it. And if your e-mail provider has blocked you completely, it's probably because your account was spewing out spam by the millions, forcing your provider to shut it down until you regain control. This is a good thing, and you'll get it back. Likewise, learning from friends that your account has let loose a firehose of spam (which sometimes can be verified by checking the Sent messages folder in your account) pretty much confirms that some scumbag has figured out your password. Losing control of your mail and password combo can be especially calamitous if, like far too many people, you use the same ones for all the online sites and services you use, such as social networking, banking and PayPal. Even the dumbest hacker will do a quick e-mail search in your account to scrape for login info on other sites, and, in no time, will assemble a pretty good portfolio on you. Depending on the ambition and skill set of the hacker, on the time between when your account was compromised and when you discovered it, and on how secure your various online accounts are, your level of pain may fall anywhere between minor annoyance to personal and financial meltdown. Time is of the essence, and don't underestimate how deep this thing can go.

Bounced messages are the digital equivalent of "return to sender, address unknown." On their own, bounced e-mails from strangers usually mean that a professional spammer has been sending spam with your e-mail address in the reply-to field (a process called "spoofing"), and hasn't actually breached your e-mail account. It's a crucial difference; having your account password compromised means your entire collection of e-mail correspondence has been exposed, while a spammer spoofing your address doesn't actually control anything. Unfortunately, while it's often possible to take back control of an infiltrated e-mail account (see below), once a spammer begins spoofing, you have no real recourse.

Causes:
While there aren't any hard and fast figures on what the number one cause of e-mail infiltration is, the overarching theme usually points to one extremely weak link: user behavior. Despite the many ways an e-mail account can be hacked, the one common element is that you, the owner, essentially allow it.

Every few years, studies show that the one reason spam is still so prevalent is because it actually works -- a percentage of knuckleheads can always be expected to open a spam message, read it, and be tempted by whatever wares or schemes are offered. Of course, many of those e-mails (and sometimes pop-up windows from strangers on IM, Skype and similar apps) are actually phishing attacks that dupe recipients into believing they've been sent a legitimate message from a business or friend. Naive users will then reply with the requested login information.

A fair number of people also think nothing of checking their e-mail on a public computer -- in a library, electronics store or Internet cafe -- and simply neglect to log out. It's a momentary lapse of reason (particularly since we don't recommend checking e-mail on any public computer), and can be the equivalent of walking away from an ATM right after entering your password.

The other gargantuan user misstep is having weak, easily determined passwords, or using the same combination of login e-mail addresses and passwords across different sites. If a hacker breaks into one site, they can quickly try the same logins on all the popular sites -- to potentially devastating effect. But, before you beat yourself up, it's also possible that your login information has been stolen because your PC, or one you've used, has been infected with spyware or some other assorted malware. (See our related story for more info.)


Treatment:
Depending on the kind of hack you've been dealt, the treatment may be as simple as logging in, and changing your settings and password. Or it may entail agonizingly repeated attempts to lock out a persistent hacker, potentially killing off your account altogether. But you should never just give up and ditch the account without trying to deal with it first.

If you aren't able to log in, you're likely going to have to go through some frustrating hoop jumping. Conveniently, Twitter's help page has a handy list of links for all the major e-mail services' support pages.

Each service has its own method for determining that you are who you say you are, and are not the person who hacked -- or is planning to hack -- your account. Besides pre-set security questions, they may ask specific details about messages you've sent, and even the exact day you set up the account. If you don't have a copy of your initial registration e-mail, try contacting a close friend whom you would have e-mailed at the time, and ask them to dig into their archives for your early missives.

If you can log in:

Make sure your PC is current with OS updates and anti-virus/malware software. Otherwise, if it has been infected by malware that spies on you, it will continue to transmit your info to whichever hacker has infiltrated your accounts. If you aren't completely sure your PC is clean, then don't do any of the following. Any changes you attempt to make could be forwarded on by malware, too.
Depending on how your account has been abused, you may not need to contact everyone spammed by your hacked e-mail. (Your scam-savvy friends will recognize bogus messages as spam.) But, if there is a personal appeal for money -- saying you're stuck traveling and need cash, or are hurt and in a hospital -- or if malware was attached, you should send word to your contact list to delete those messages ASAP.
Set up at least two new e-mail addresses. Use your original e-mail address for personal or business communication as you'd normally do. The secondary e-mail address is insurance against future hacks; use it to communicate with your service provider, since many now ask for an alternative address as added protection. Then, use a third e-mail address only for registering for sites, newsletters, online shopping and other services. It may seem paranoid and excessive (hey, that's us!), but the idea is to compartmentalize your online life a bit. That way, each "world" has its own discrete e-mail account, and will minimize the damage that can be done by any future hacks. Most importantly, though: use a different and strong password for each account -- one that is at least six characters long, and is a combination of letters, numbers and capitals/lowercase. It sounds difficult, but it isn't. It'll help prevent any hacker from gaining access to all of your data simply by infiltrating one site.

On a secure PC, log into your e-mail and then check whether or not any of the settings have been changed by a hacker. Smart hackers may set your account to notify them of any changes, so that they can go back in and switch things again. Check whether or not a signature has been added, and whether your account has been set to forward e-mail to another address that isn't yours or to run a filter that automatically forwards e-mails or attaches a file. If any of those settings have been altered, delete the new settings.
Once you have changed the settings, create a new password, and add your secondary e-mail account as your alternative address.

Going forward, never list your main e-mail address publicly anywhere online -- in forums, in online ads, on blogs or any place where they can be harvested by spammers. Use only your "registration" address, and keep it separate from your main address book.

Don't use public computers to check e-mail; there's virtually no way to know if they are infected with malware accidentally, or have keylogging spyware installed intentionally. But if you absolutely must use e-mail on a public computer, set up an extra account before you leave and change the password regularly.

Antispam Policy

You can use our software for performing only legal activity on the Internet. You can not use it for spamming (SPAM) because spamming is an illegal activity. If we find out that you are using our program for spamming (as defined Mass Unsolicited email sending) your license will become null and void and will be revoked immediately.

The Definition of SPAM: The word SPAM as applied to Email means Unsolicited Bulk Email (UBE). Unsolicited means that the Recipient has not granted verifiable permission for the message to be sent. Bulk means that the message is sent as part of a larger collection of messages, all having substantively identical content. A message is SPAM only if it is both Unsolicited and Bulk. Unsolicited Email is normal email (examples include first contact enquiries, job enquiries, sales enquiries, etc.) Bulk Email is normal email (examples include subscriber newsletters, discussion lists, information lists, etc.).

Technical Definition of SPAM: An electronic message is SPAM IF: 

(1) the recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients; AND

(2) the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent; AND

(3) the transmission and reception of the message appears to the recipient to give a disproportionate benefit to the sender. 

Examples of legal usage of Internet related software:

	sending invoices, order status notifications to customers who purchased your services or products;
	sending information about your services, products, special offers or price lists to users as replies to their inquiries;
	sending newsletters to the users who wittingly subscribed to your mailing lists and wants to receive your regular newsletters;
	sending email notifications and announcements to customers who chose to receive them.

Please, be aware that we fight against people who use our software to send SPAM. We do not participate ourselves in any spam campaigns and explicitly prohibit spamvertizing of our software, whether separately or with any other software. We prohibit mentioning our software or inserting links to our web site in any spam messages.

What is not SPAM?

 Answer: Generally speaking there is no clear definition of black and white of what can be considered Spam and what is not. However, when you follow a few simple guidelines you will be able to devise a simple, concise non-Spamming policy that will help you develop a long term relationship with your clients.

As you must know, customer is always right. Gaining a customer is very hard, but loosing one is easy. This is especially true about loyal long-term relationships. When you send emails, always think how would you react after receiving this email. To make it easier for you, here are a few guidelines to follow:

• Allow Unsubscribe. When you send many emails to different people, some of them might want you to stop doing so, for various reasons. For example if you are sending a daily newsletter on some subject, they might be no longer interested in or promoting new products or services that are clearly not for them. In such cases, people should have an easy way to unsubscribe themselves from the list and stop getting the emails. You should always include a disclaimer in the very front of the message, telling the user how to unsubscribe from this mailing list. You might even consider an automatic unsubscribe processing, by setting up a web form or a certain return address for that purpose.
• Identify yourself. Spammers often use unidentifiable return addresses and never put their names in the message. To differentiate yourself from them, identify your message and remind people, that this mail is not sent unsolicited. When they know who is it coming from and they understand they chose to receive it, they will not be annoyed or offended by your messages.
• Don't send large messages. Remember that a vast majority of people do not have fast internet connection and are still using slow modems to log in to the internet. If they will spend considerable amount of time waiting for your messages, even if they subscribed to the list and consented to receive email from you, they will still be annoyed and will leave your subscriber list. Moreover, not only you are putting pressure on the end user, but also using ISP's precious CPU time and data storage, to process and hold your messages. Thus, the smaller the message, the easier it will be for the user to load it. As a guideline, anything bigger than 100Kb would be considered big for the email message. In case you want to send large messages, consider leaving a link to your web site, where the content may be downloaded instead of attaching it to the email. In the worst case, warn the users they will be receiving large emails from you periodically.
• Talk to the customer, not at the customer. Try to personalize your messages to the customer, collect his/her interests. At the very minimum, you should know the name of the person you are trying to address. Emails starting with something like: "Dear sir or Madam", or "Hi" are not very good. The more you know about people doing business with you, the more profitable business it will be. You will be able to target your letters more precisely and get more response.
• Don't send confidential information. Regular, unencrypted email message is still considered an unsecured medium of communication. Don't send your customers private information using an email. Things like credit card's number, postal address and so on, should not be mentioned in your email messages.

Following the above guidelines will make clear difference between your messages sent to subscribed users and blunt Spam circulating in thousands all over the internet. The main rule to follow is, if majority of your subscribers think you start Spamming them, you should urgently reconsider your policy, because you will start losing your customers very quickly.

Bonuses to swell your Bank

Bonuses to swell your Bank Balance at Winner Palace
Sunday, June 26, 2011 5:16 AM
From:
"Marc"

The 1,000 USD signup bonus lets you start with an advantage; plan your gaming, wager more; learn about the games. All without spending your own money.

www.supergamezland.ru

Software promoted by spammers - don't ...

Software promoted by spammers - don't buy it! don't use it!As you can imagine, we get a lot of forum spam from people looking to promote software packages and/or their own website where you can download and purchase it. Many of these spammers pose as normal people, looking for help or trying to help others with tutorials. In reality though, they're just trying to boost their Google ranking or the awareness of their software.

I've found that there really isn't much you can do about these spammers. Most are located in China or India and blocking their IP's doesn't slow them down. Instead, I'm going to make a list of software

that these spammers promote. Hopefully, this way companies will stop using spammers to promote their software and/or website.



 To make a long story short, do not buy this software: Top 10 from a spammer:

• Ultimate DVD Converter
•  Avex Video & DVD Converter Pack
• MPEG/AVI to DVD/VCD/SVCD Converter Pro
• Super DVD VOB Converter
• Aimersoft Mac DVD Converter Suite
• Avex DVD Ripper Platinum
• 1CLICK DVD Converter
• Easy DVD Converter
• Any DVD Converter Pro
• Pavtube Video DVD Converter Suite

Don't Let Spammers Find You!

So, your inbox is full of spam - and you want to receive less of it in the future. There are many things you can do that will decrease the amount of spam in your inbox, including using a spam filter or a spam blocker. But there are also common sense ways to prevent spam in your inbox and increase your email address's security. Here are just a few:

• Never reply to or click on any links in a spam message - Don't buy any products or services advertised in spam, don't reply to the email, don't click any links provided, and don't click the "Unsubscribe" link unless it includes mention of the CAN-SPAM Act. These actions only serve to confirm to spammers that you exist and you are receiving their emails. This may even increase the amount of email these spammers are sending you.
• Read your messages as text - Turn off the ability to view pictures, HTML, movies, and formatted text for emails you don't know. This prevents you from accidentally clicking a link or downloading adware, spyware, or viruses without knowing it. Some email providers like Google and Hotmail automatically block these things from appearing in emails from senders not familiar to you. Don't change these settings.
• Preview your messages - If you use Outlook you can preview messages in the preview screen before actually opening them. Like reading your messages as text, this prevents you from downloading spyware, adware, and viruses without knowing it.
• View message headers - You can usually do this by clicking a button or link called something along the lines of "View full header." When analyzing header information, pay special attention to the "From" and "Reply To" addresses. Are they the same? Is the "Reply To" address the same as the organization the email claims to be from? If not, this is a warning sign of spam.
• Don't participate in forwards and ask your friends not to send you them - Forwarded emails tend to list the email addresses of everyone who has forwarded the message, along with the email addresses of everyone they forwarded the message to. This is an easy target for spammers to find long lists of email addresses to target. Be especially wary of signing any sort of petition too, since these can be created by spammers for the list of names and email addresses.
• Use a complicated email address - The more complicated your email address is, the less likely it is to be generated for targeting by a spammer's software. Spammers' software normally looks for easy and obvious addresses first.
• Create alias email addresses - Certain services (like those of Sneakemail.com) allow you to generate multiple, anonymous email addresses that forward to your real email account. You can even reply to forwarded messages through your email account and have it appear as though you are replying through the generated one. This puts a level of anonymity between you and potential spammers. A good idea is to create a new email address for every website that you disclose your address to. If you start to get spam through that address, you know where the spam is coming from and you can delete the address and eliminate the spam.
• Read privacy policies before disclosing your email address - Don't register your email address on a website unless you know for sure that you can later opt-out from any emails they send you. Read their privacy policy to find this out and also to find out if they may sell or show your email address to a third party, who could very well be a spammer.
• Keep your home or business address confidential - Don’t give out your home or business address on registration webpages. Instead, use a service like Sneakemail.com or create an address you use specifically for registration purposes. You should also do this when joining a listserv, message board, internet group, or when posting your email address on an online contact page, resume, etc.
• Don't give your real address for registration - If you can get away with it when registering on a website, newsgroup etc., use a fake email address. This will not work if you need to reply to a confirmation address though. In this case, use a service like Sneakemail.com or an email address you create specifically for those purposes.
• Don't use your email address as your screen name - If you participate in chat/message boards or anything similar where you register a username, don't use the section of your email address before the @ sign as your screen name. This confirms a questionable email address to spammers, and they will often try to add "@hotmail.com," "@yahoo.com," etc. to create an email address (yours) to target.
• Disguise your email address - If you need to publish your email address on a website, even if it's an address that you have for that specific purpose (which you should always use when publishing your email address), disguise it so that spammer's software can't find it. You can do this by leaving out periods and @ signs, and instead making it look something like this: "yourname AT yourdomain DOTcom." You can also make the "@" an image or use JavaScript to make your address a clickable link.
• Don't use a major national free email provider as your primary address - Spammers will often target common usernames on widely-used email domains like Hotmail, Yahoo, AOL, MSN, etc.
• Use a spam filer or blocker - Read more about spam blockers and spam filers on our site.
• Adjust your privacy settings - Make sure the spam filters included in your email service are on their highest setting.

And when you do find spam in your inbox, don't forget to report it. This ensures that appropriate steps are taken to persecute the spammers and stop spam at its source. source: http://www.spamlaws.com/prevent-spam.html

How To Complain To The Spammer's Provider

The first step is finding out who to complain to. This can be a little bit complicated. There is often little point in complaining to the guilty party themself in most cases; complain to whoever is providing them with internet access. However, if you aren't sure, and think there is a significant chance that the sender is really ignorant, rather than disobedient, of email norms, you might try complaining to the sender.

Finding out who to complain to can be broken down into several steps. The first one is determining the domain name the spammers are using. One good place is if the body of the message includes an email address to reply to or a web page to look at. This will often be via a different provider than the one used to send the spam, but many providers forbid either use of their services by spammers.

To find out where the spam originates, tell your mail reader to display all the headers and look at the "Received" lines. Then read the Received lines from top to bottom. For example:
To: kingdon@legit.com
Received: from relay.yoyolink.net (ns2.yoyo.com [127.10.58.3]) by legit.com with SMTP id WAA12684 for ; Thu, 21 Nov 1996 22:28:08 -0800
Received: from forged.example.com (slime.spammer.com [10.71.84.44]) by relay.yoyolink.net (8.8.3/8.8.3) with SMTP id GAA02044 for ; Fri, 22 Nov 1996 01:23:46 -0500

Your own site (legit.com) got this message from ns2.yoyo.com, which in turn got it from slime.spammer.com. Intermediate sites, such as yoyo.com in this example, may simply be sites which allow anyone to forward mail using their mailer. Don't assume they are connected with the spammer or the spammer's provider, but you might want to let them know their system is being used for this purpose. You can ignore all the stuff about with and id and so on.


With experience, and/or by consulting various sources, you will learn more about Received lines, and the ways that they can vary. But the basic principle is still to read them from top to bottom, and to understand that each computer which handled the message added one or more Receieved lines. Thus each Received line may originate from your site, the spammer's site, or somewhere in between.

Once you have a suspect domain name, try to find out what kind of organization has that name. One way is to look on the various anti-spam web sites, newsgroups, and other resources. If the site has a reputation as a site which does a good job of fighting spam, you complain to them. If it is a site which is known to not respond to complaints, despite persistent and repeated attempts, you complain to their upstream provider (see section on traceroute below).

You can see if an entity has a web page by taking the domain name and add "www." to the start (use of "www." is just a convention, but it is a widely followed one). If you see a page with content similar to the email spam you received, you've probably identified the bad guys (however most, but not all, spammers are too lazy to write a web page). If you see a page telling you about internet access services and other types of legitimate business, you've probably identified the proper party to complain to.

If you have identified the offending site and you want to find who their upstream provider is, use the "traceroute" tool. You need to give it the machine name to trace to, for example slime.spammer.com in the above example. If traceroute is accessible to you on your local system, simply invoke "traceroute slime.spammer.com". If not, there are many web->traceroute gateways; searching for "traceroute" in one of the internet search engines should find one. Either way, the output from traceroute will look something like this:

This means that to get from your site (or the site hosting the web->traceroute gateway) to slime.spammer.com, data first passes through legit.com, then major.net, then retrolink.net, and finally to spammer.com. So if spammer.com is the guilty party then normally you would complain to retrolink.net. If you have reason to believe that retrolink.net is uncooperative then you could escalate by complaining to major.net.

This should be done only after repeated attempts to persuade retrolink have been unsuccessful. Even sites with good spam control policies will occasionally get a spammer, so the mere fact that you have received one spam, or a handful of unrelated spams, is not by itself sufficient reason to escalate. If you are unsure about whether you are complaining to the right party, it is good to say this in your complaint, and ask the complainee to forward the message to the appropriate party if need be. In general, especially if you are unsure, you should err on the side of complaining to only one site, and not involving sites with a distant relationship to the spammer. Help give spam-fighting a good name among providers.

You can find the email address to complain to by first seeing if the organization in question has a web page with a contact address. Generally you want the network abuse address if there is one, or if not try to figure out what the closest choice is. An alternative is the complaint forwarding service at abuse.net. If none of these seem feasible, you can always try postmaster@. According to the internet standard RFC822 (STD 11), all sites are supposed to have such a mailbox.

Be polite. This is very important--you catch more flies with honey than vinegar. A good generic wording is "This is unsolicited, undesired email. Please take appropriate actions to stop it, or see http://spam.abuse.net/ for how/why you should" or take a look at a sample complaint letter. You might want to tailor your message if you have more knowledge of the provider's position on spam. Keep in mind that the people who read the abuse alias are not there to be abused, they're there to stop the abuse.

Include the full headers of the message you are complaining about, if possible. In most mail readers there is a special command to display all the headers. Make especially sure you include the Received headers - the provider can take no action without them.

After you send your complaint you probably won't get any response. But this doesn't necessarily mean that the provider has taken no action; often when there is a spammer at their site they are overwhelmed with complaints and find it difficult to acknowledge each one.

If you do get a response (such as "this would appear to violate our terms of service and we're looking into it" or "we have terminated the account of the spammer"), either send back a thank you or not, at your option. There is something to be said for letting the providers know that we appreciate their actions, but on the other hand these people get a lot of e-mail about spam complaints and it might be preferable not to increase the volume.

source: http://spam.abuse.net/userhelp/howtocomplain.shtml

Spam (electronic)

Spam is the use of electronic messaging systems (including most broadcast media, digital delivery systems) to send unsolicited bulk messages indiscriminately. While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social networking spam, television advertising and file sharing network spam.
Spamming remains economically viable because advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for their mass mailings. Because the barrier to entry is so low, spammers are numerous, and the volume of unsolicited mail has become very high. The costs, such as lost productivity and fraud, are borne by the public and by Internet service providers, which have been forced to add extra capacity to cope with the deluge. Spamming is universally reviled, and has been the subject of legislation in many jurisdictions.

People who create electronic spam are called spammers

source: http://en.wikipedia.org/wiki/Spam

4 Simple Steps to Reporting Spam

Over the years reporting spam has gotten ridiculously easy to the point where all tha tis needed is the original email so that it can be forwarded to a "reporting" organization. 
Due to its "Snake Oil" characteristics, the FTC (Federal Trade Commission) has a spam reporting center to investigate spam.  Some state attorney general's also investigate spammers so check with your local office.
Here are 4 simple steps to reporting spam: 
1. Get an account at SpamCop.net. To report the spam that does gets passed the filter.
2. Use the email generated from SpamCop.net and now automatically forward all messages with "Spam Alert" in the subject to the Spam Cop email.
3. Get the Government involved.  The FTC is also a place to report spam, so add uce@ftc.gov to the recipients list of the email.
4. (optional) To go the extra mile, you can Decipher the Email Header and send the spam email to the actual ISP who allowed the spam to go through their network.

How do spammers harvest email addresses ?

There are many ways in which spammers can get your email address. The ones I know of are :

1. From posts to UseNet with your email address.
   Spammers regularily scan UseNet for email address, using ready made programs designed to do so. Some programs just look at articles headers which contain email address (From:, Reply-To:, etc), while other programs check the articles' bodies, starting with programs that look at signatures, through programs that take everything that contain a '@' character and attempt to demunge munged email addresses.
   There have been reports of spammers demunging email addresses on occasions, ranging from demunging a single address for purposes of revenge spamming to automatic methods that try to unmunge email addresses that were munged in some common ways, e.g. remove such strings as 'nospam' from email addresses.
   As people who where spammed frequently report that spam frequency to their mailbox dropped sharply after a period in which they did not post to UseNet, as well as evidence to spammers' chase after 'fresh' and 'live' addresses, this technique seems to be the primary source of email addresses for spammers.
   
2. From mailing lists.
   Spammers regularily attempt to get the lists of subscribers to mailing lists [some mail servers will give those upon request],knowing that the email addresses are unmunged and that only a few of the addresses are invalid.
   When mail servers are configured to refuse such requests, another trick might be used - spammers might send an email to the mailing list with the headers Return-Receipt-To: or X-Confirm-Reading-To: . Those headers would cause some mail transfer agents and reading programs to send email back to the saying that the email was delivered to / read at a given email address, divulging it to spammers.
   A different technique used by spammers is to request a mailing lists server to give him the list of all mailing lists it carries (an option implemented by some mailing list servers for the convenience of legitimate users), and then send the spam to the mailing list's address, leaving the server to do the hard work of forwarding a copy to each subscribed email address.
   [I know spammers use this trick from bad experience - some spammer used this trick on the list server of the company for which I work, easily covering most of the employees, including employees working well under a month and whose email addresses would be hard to findin other ways.]
   
3. From web pages.
   Spammers have programs which spider through web pages, looking for email addresses, e.g. email addresses contained in mailto: HTML tags [those you can click on and get a mail window opened]
   Some spammers even target their mail based on web pages. I've discovered a web page of mine appeared in Yahoo as some spammer harvested email addresses from each new page appearing in Yahoo and sent me a spam regarding that web page.
   A widely used technique to fight this technique is the 'poison' CGI script. The script creates a page with several bogus email addresses and a link to itself. Spammers' software visiting the page would harvest the bogus email addresses and follow up the link, entering an infinite loop polluting their lists with bogus email addresses.
   For more information about the poision script, see http://www.monkeys.com/wpoison/
   
4. From various web and paper forms.
   Some sites request various details via forms, e.g. guest books & registrations forms. Spammers can get email addresses from those either because the form becomes available on the world wide web, or because the site sells / gives the emails list to others.
   Some companies would sell / give email lists filled in on paper forms, e.g. organizers of conventions would make a list of participants' email addresses, and sell it when it's no longer needed.
   Some spammers would actually type E-mail addresses from printed material, e.g. professional directories & conference proceedings.
   Domain name registration forms are a favourite as well - addresses are most usually correct and updated, and people read the emails sent to them expecting important messages.
   
5. Via an Ident daemon.
   Many unix computers run a daemon (a program which runs in the background, initiated by the system administrator), intended to allow other computers to identify people who connect to them.
   When a person surfs from such a computer connects to a web site or news server, the site or server can connect the person's computer back and ask that daemon's for the person's email address.
   Some chat clients on PCs behave similarily, so using IRC can cause an email address to be given out to spammers.
   
6. From a web browser.
   Some sites use various tricks to extract a surfer's email address from the web browser, sometimes without the surfer noticing it. Those techniques include :
   
   1. Making the browser fetch one of the page's images through an anonymous FTP connection to the site.
      Some browsers would give the email address the user has configured into the browser as the password for the anonymous FTP account. A surfer not aware of this technique will not notice that the email address has leaked.
      
   2. Using JavaScript to make the browser send an email to a chosen email address with the email address configured into the browser.
      Some browsers would allow email to be sent when the mouse passes over some part of a page. Unless the browser is properly configured, no warning will be issued.
      
   3. Using the HTTP_FROM header that browsers send to the server.
      Some browsers pass a header with your email address to every web server you visit. To check if your browser simply gives your email address to everybody this way, visit http://www.cs.rochester.edu/u/ferguson/BrowserCheck.cgi
      
   It's worth noting here that when one reads E-mail with a browser (or any mail reader that understands HTML), the reader should be aware of active content (Java applets, Javascript, VB, etc) as well as web bugs.
   An E-mail containing HTML may contain a script that upon being read (or even the subject being highlighted) automatically sends E-mail to any E-mail addresses. A good example of this case is the Melissa virus. Such a script could send the spammer not only the reader's E-mail address but all the addresses on the reader's address book.
   http://www.cert.org/advisories/CA-99-04-Melissa-Macro-Virus.html
   A web bugs FAQ by Richard M. Smith can be read at http://www.tiac.net/users/smiths/privacy/wbfaq.htm
   
7. From IRC and chat rooms.
   Some IRC clients will give a user's email address to anyone who cares to ask it. Many spammers harvest email addresses from IRC, knowing that those are 'live' addresses and send spam to those email addresses.
   This method is used beside the annoying IRCbots that send messages interactively to IRC and chat rooms without attempting to recognize who is participating in the first place.
   This is another major source of email addresses for spammers, especially as this is one of the first public activities newbies join, making it easy for spammers to harvest 'fresh' addresses of people who might have very little experience dealing with spam.
   AOL chat rooms are the most popular of those - according to reports there's a utility that can get the screen names of participants in AOL chat rooms. The utility is reported to be specialized for AOL due to two main reasons - AOL makes the list of the actively participating users' screen names available and AOL users are considered prime targets by spammers due to the reputation of AOL as being the ISP of choice by newbies.
   
8. From finger daemons.
   Some finger daemons are set to be very friendly - a finger query asking for john@host will produce list info including login names for all people named John on that host. A query for @host will produce a list of all currently logged-on users.
   Spammers use this information to get extensive users list from hosts, and of active accounts - ones which are 'live' and will read their mail soon enough to be really attractive spam targets.
   
9. AOL profiles.
   Spammers harvest AOL names from user profiles lists, as it allows them to 'target' their mailing lists. Also, AOL has a name being the choice ISP of newbies, who might not know how to recognize scams or know how to handle spam.
   
10. From domain contact points.
    Every domain has one to three contact points - administration, technical, and billing. The contact point includes the email address of the contact person.
    As the contact points are freely available, e.g. using the 'whois' command, spammers harvest the email addresses from the contact points for lists of domains (the list of domain is usually made available to the public by the domain registries). This is a tempting methods for spammers, as those email addresses are most usually valid and mail sent to it is being read regularily.
    
11. By guessing & cleaning.
    Some spammers guess email addresses, send a test message (or a real spam) to a list which includes the guessed addresses. Then they wait for either an error message to return by email, indicating that the email address is correct, or for a confirmation. A confirmation could be solicited by inserting non-standard but commonly used mail headers requesting that the delivery system and/or mail client send a confirmation of delivery or reading. No news are, of coures, good news for the spammer.
    Specifically, the headers are -
     Return-Receipt-To: which causes a delivery confirmation to be sent, and
     X-Confirm-Reading-To: which causes a reading confirmation to be sent.
    Another method of confirming valid email addresses is sending HTML in the email's body (that is sending a web page as the email's content), and embedding in the HTML an image. Mail clients that decode HTML, e.g. as Outlook and Eudora do in the preview pane, will attempt fetching the image - and some spammers put the recipient's email address in the image's URL, and check the web server's log for the email addresses of recipients who viewed the spam.
    So it's good advice to set the mail client to *not* preview rich media emails, which would protect the recipient from both accidently confirming their email addresses to spammers and viruses.
    Guessing could be done based on the fact that email addresses are based on people's names, usually in commonly used ways (first.last@domain or an initial of one name followed / preceded by the other @domain)
    Also, some email addresses are standard - postmaster is mandated by the RFCs for internet mail. Other common email addresses are postmaster, hostmaster, root [for unix hosts], etc.
    
12. From white & yellow pages.
    There are various sites that serve as white pages, sometimes named people finders web sites. Yellow pages now have an email directory on the web.
    Those white/yellow pages contain addresses from various sources, e.g. from UseNet, but sometimes your E-mail address will be registered for you. Example - HotMail will add E-mail addresses to BigFoot by default, making new addresses available to the public.
    Spammers go through those directories in order to get email addresses. Most directories prohibit email address harvesting by spammers, but as those databases have a large databases of email addresses + names, it's a tempting target for spammers.
    
13. By having access to the same computer.
    If a spammer has an access to a computer, he can usually get a list of valid usernames (and therefore email addresses) on that computer.
    On unix computers the users file (/etc/passwd) is commonly world readable, and the list of currently logged-in users is listed via the 'who' command.
    
14. From a previous owner of the email address.
    An email address might have been owned by someone else, who disposed of it. This might happen with dialup usernames at ISPs - somebody signs up for an ISP, has his/her email address harvested by spammers, and cancel the account. When somebody else signs up with the same ISP with the same username, spammers already know of it.
    Similar things can happen with AOL screen names - somebody uses a screen name, gets tired of it, releases it. Later on somebody else might take the same screen name.
    
15. Using social engineering.
    This method means the spammer uses a hoax to convince peopleinto giving him valid E-mail addresses.
    
16. A good example is Richard Douche's "Free CD's" chain letter. The letter promises a free CD for every person to whom the letter is forwarded to as long as it is CC'ed to Richard.
    Richard claimed to be associated with Amazon and Music blvd, among other companies, who authorized him to make this offer. Yet hesupplied no references to web pages and used a free E-mail address.
    All Richard wanted was to get people to send him valid E-mail addresses in order to build a list of addresses to spam and/or sell.
    
17. From the address book and emails on other people's computers.
    Some viruses & worms spread by emailing themselves to all the email addresses they can find in the email address book. As some people forward jokes and other material by email to their friends, putting their friends' email addresses on either the To: or Cc: fields, rather than the BCc: field, some viruses and warms scan the mail folders for email addresses that are not in the address book, in hope to hit addresses the computer owner's friends' friends, friends' friends' friends, etc.
    If it wasn't already done, it's just a matter of time before such malware will not only spam copies of itself, but also send the extracted list of email addresses to it's creator.
    As invisible email addresses can't be harvested, it's good advice to have the email addresesses of recipients of jokes & the like on BCc:, and if forwarded from somebody else remove from the email's body all the email addresses inserted by the previous sender.
    
18. Buying lists from others.
    This one covers two types of trades. The first type consists of buying a list of email addresses (often on CD) that were harvested via other methods, e.g. someone harvesting email addresses from UseNet and sells the list either to a company that wishes to advertise via email (sometimes passing off the list as that of people who opted-in for emailed advertisements) or to others who resell the list.
    The second type consists of a company who got the email addresses legitimately (e.g. a magazine that asks subscribers for their email in order to keep in touch over the Internet) and sells the list for the extra income. This extends to selling of email addresses acompany got via other means, e.g. people who just emailed the companywith inquiries in any context.
    The third type consist of technical staff selling the email address for money to spammers. There was a news story about an AOL employee who sold AOL email addresses to a spammer.
    
19. By hacking into sites.
    I've heard rumours that sites that supply free email addresses were hacked in order to get the list of email addresses, somewhatlike e-commerce sites being hacked to get a list of credit cards.
    

spammer list

ROKSO collates information and evidence on known hard-line spam operations that have been terminated by a minimum of 3 consecutive Internet Service Providers for serious spam offenses.

200 Known Spam Operations responsible for 90% of your spam.

90% of spam received by Internet users in North America and Europe can be traced via redirects, hosting locations, domains and aliases, to a hard-core group of just 200 known spam outfits, almost all of whom are listed here in the ROKSO database and are operating illegally. These professional spammers are loosely grouped into gangs ("spam gangs") and move from network to network seeking out Internet Service Providers ("ISPs") known for lax enforcing of anti-spam policies.

These are the spammers you definitely do NOT want on your network.

Many of these spam operations pretend to operate 'offshore' using servers in Asia and South America to disguise the origin. Those who don't pretend to be 'offshore' pretend to be small ISPs themselves, claiming to their providers the spam is being sent not by them but by their non-existent 'customers'. Some set up as fake networks, pirate or fraudulently obtain large IP allocations from ARIN/RIPE and use routing tricks to simulate a network, fooling real ISPs into supplying them connectivity. When caught, almost all use the age old tactic of lying to each ISP long enough to buy a few weeks more of spamming and when terminated simply move on to the next ISP already set up and waiting.

ROKSO is a "3 Strikes" register. To be listed in ROKSO a spammer must first be terminated by a minimum of 3 consecutive ISPs for AUP violations. IP addresses under the control of ROKSO-listed spammers are automatically and preemptively listed in the Spamhaus Block List (SBL).

For Law Enforcement Agencies there is a special version of this ROKSO database which gives access to records with information, logs and evidence too sensitive to publish here.

The ROKSO List Known Spam Operation Country Alan Ralsky United States Albert Ahdoot and Alyx Sachs - Net Global Marketing United States Alejandro Otero Argentina Alexey Panov - ckync.com Germany Amadeo Belmonte / Data One Marketing / I Net Values Inc. United States America Find Inc. United States Andrew Amend / US Health Laboratories United States Angelo Tirico United States Anthony ''Tony'' M. Banks United States Australian Porn Mafia Australia Bernard Balan "Merlin" Canada Bill Stanley / telekomeurope.com United States Bill Waggoner United States Bluego Italy Bonnie Dukarossa - Bullet9 Communications United States Brendan Battles / IMG Online / World-Services United States Brian David Westby / Married But Lonely United States Brian Farrow / Yeshost / Hivelocity Ventures United States Brian Haberstroh / Atriks United States Brian Kos / BK Ventures / Internet Promos Canada Brian Kramer / Expedite Media Group United States Briceco, Inc. / Dubeau / Brice United States Bubba Catts United States Calvin Ho / Optin Global Inc. United States Carl Henderson / Ultimate Health United States Charles F. Childs / Ultra Trim / MegaTrim / Grant Gold United States Chris Brown United States Chris Smith / rizler.com United States CPU Guys United States Current Mail / Merchant Central United States Cyrunner / Ernesto Haberli aka Eduardo Warren United States Damon DeCrescenzo - Docdrugs United States Dan Padgham / Chuck DeVoe United States Dana Jones - The Ballman United States Daniel Ivans / isolate.net United States Daniel Khoshnood United States Dave Patton / lightspeedmarketing United States David Lambert - Aztec Internet United States Davis Wolfgang Hawke United States Dean Westbury / Phil Basten Australia DM GROUP / Robert Hicks United States Drew Auman / thebulkclub.com United States ebusinessroad.com / netmail spammers United States Eddie Davidson United Kingdom Eddy Marin - Oneroute United States Eduardo de Souza / hostsolutions.us / hostingsmart.biz United States Elegance Network United States Elmar Brunenieks Latvia Elmed / Nikola Anastasov United States Email Experts / Email Solutions United States Erb Avore / IC Marketing United States Erhard Englhofer Australia Eric Reinertsen United States EvoClix / Larry Tasman / Greg Numark United States Franpro / gtwinc.com / azmalink.net United States FutureVision Communication / sncsi.net United States G-Force Marketing / MegaHits Promoter United States Gaven Stubberfield United States George Rand - Randbad United States Giantweb United States Glen & Stacey McCausland United States Global Internic / NewTLDRegistration.com Canada Gordon Lantz & Gretchen Aitken / emailoffer.net United States Greg Dodson United States Greg Nowakowski United States High Ground Cariló Argentina hispeedmedia.com / adprosolutions.com United States Howard Minsky / TheAdStop.com / ad360.com United States Husein Gandhi India iBiz Success / searchengine-ranking.com United States Ibragimov Ruslan / send-safe.com Russia idatanet.com / cyberispworld.com Canada IMG Direct / Steve Hardigree / Frank Bernal United States Ion Entertainment United States Jace Groves / Kevin Gaston United States Jack Ford / nitronet.net United States James Borzilleri - Torpedomail United States Jason Vale - Apricot Seeds United States Jeffrey Peters - JTel / CPU Solutions United States Jody Smith - Power Web Enterprises United States John Cota / Great Impressions / Best Software Products United States John Grandinetti / 321send.com United States John Hites - ''Steve Sorenson'' / Advertising International United States John Molino / Atlas Data Systems United States Jon Atherton / Supabill Canada Jon Thau / Cyberworks United States Jonathan Beyer / Glamour Media / glamourservers.com United States Jonathan Cosie / MH Partners United States Joshua Baer United States Juan Garavaglia aka Super-Zonda Argentina Kazz Asher / yz3.com / ashernet.net United States Kelly Joe Ellis / WebMark inc / Marketforce inc United States Laura A. Betterly United States Lin Hsien Ming / himailer.com, callin.net, yuya.com.tw Taiwan lmihosting.com United States Louis Kreuzhaler / Cyberspace Reality Argentina Magnum Enterprises / mediatrec.com United States MailTrain United States mailutilities/massmail / Alexander Gorlach Russia Max Sutter / Petadoptions.com United States Melle Brothers United States Michael Krause / eKray United States Michael Lindsay / iMedia Networks United States Michael Tiezzi / Elite Data Direct / elitedatadirect.net United States Mike Cunningham / Andrew Amend / US Health Laboratories United States Mike Van Essen / Global Web Promotions Australia Mike/Mark Hofmann - Search Engine Registration spammer United States Minh Nuyen / One Source Computer Services / bestcheapstuff United States Monsterhut / Beaverhome United States Mortgage spammers United States Mostafa Mansour Canada Neil Goodson aka 'Robert Zimmerman' / DotComChoice United States Neomill / Nick Ceriello United States NetFree, Inc. United States netleads.ws United States NetSetGo/Everblur/Netrica United States online-marketing.ph Philippines Patrick Brady / Jack Vaughn aka Inetdevco United States Patrick English / Electronic List Company United States Paul Boes / boesconsulting.net United States Paul Mentes / Palmnet.com / RxMedical United States Pavka / Artofit Russia Penn Media / Shagmail United States Peter Decaro - bulkingpro.com United States Peter Francis-Macrae United Kingdom Peter Schroebel - SMS/Fullport United States Phil Doroff / Five Elements, Inc United States Philip Adelberg / Interweb Hosting United States Phillip Von Haak / All American United States Quang Dangtran - Whoa Medical United States radisp.net / IQ Enterprises United States ResponseBase United States Ricardo Rodriguez, Milt Rodriguez, Rich Cruz / Cybernet Enterprise United States Richard Burke / DHS Club United States Richard Colbert - y2kisp.com United States Richard Shockley United States Robert Soloway - Newport Internet Marketing United States Robert Todino / RT Marketing United States Roberto Gonzalez Costa Rica Ron Millette / Rons Marketing / ronsonline.com United States Ronnie Scelson United States Rossman & Cole / Next Holdings Group United States Rusty Campbell - DesktopServer United States Rusty Ferguson / Input Output Marketing United States Ryan Champion / AMR Ventures United States Sajemarketing.com / project-x.com.ua / Edward Shcherbakov United States Sam & Adam Meltzer / Stock & Mortgage Spammers United States Sam Al - Bulk ISP Corp United States Sam Roland / Innovasion / FT International United States SAMCO - Bob Galena United States Samson Distributing Inc. (SDI) Daniel Amato United States Scott Hirsch - edirect / naviant United States Scott Phillips / GSD Pinkbits Pbits Australia Scott Richter - OptInRealBig United States Scott Richter - Wholesalebandwidth United States Simon Chan / paid4survey.net United States Simon Wong - thedotnetwork.com Canada Stargate2000 / RW Management / Robert Wagner / Hector Sectzer United States Steven Worrell / Cybernerd Costa Rica Thomas Cowles - Empire Towers United States Thomas Gallman - telysis.net / invisimail.net United States Tim Goyetche / Bulkers.net / Bulkbarn.com Canada Todd Pree United States Tom Tsilionis / Perfect Telecom United States trafficfiend.com United States Trafficmagnet China Tristram Snyder / Yasmin Fortuny / Print Doctor, Inc. United States Tubul / Marcin Dworak Poland Vincent Chan / yoric.net Hong Kong Vincent Kwiatkowski / unixgroup.com / Edrugsource.com United States VP-RX / herbal viagra / penis patch United States Wayne Mansfield Australia Webfinity/Dynamic Pipe Canada Whitcon / uswives Canada World Reach / Randy Jacobs / EMF / Scott Abadjian United States