Spamming in VN

Dear All

Attached is an interesting article related to Spamming.

Our really painful experience related to spamming in VN is still going on
daily.
Everyday we received at least 40-50 unsolicited emails introducing new
products,
sales brochures, specials, etc... from many irresponsible Vietnamese IT
companies (mainly hardware). Many of these emails included nasty attachments
which are prone to viruses (Doc, HTML, Excel, ... None of them uses PDF), and
huge graphic files. It takes us no less than 20 minutes to down load these
emails, 10 minutes to sort out and delete those useless ones, and then save 3-4
of our business related emails. Recently, one big name hardware vendor sent
us 3
emails in 3 days which took us 15 minutes to down load each of their email (4-5
MB with graphic brochures). I did use harsh language in my replies to them. At
last I contacted the MD for this group and it was stopped. What if I did not
know anyone there ???

We have informed our ISP, VDC, but there is no way spamming can be stopped at
the delivery end of the VDC email server. So, we continue receiving and paying
wasteful telephone, internet costs and our extra time in sorting spam out
of our
real emails. Imagine after a long holiday, you end up with a few hundred (450
emails) to down load and sort out. It was quite an effort. Sometimes the down
loading was broken in the middle and we had to start from scratch again. This
is a real revenue generation device for ISP and VNPT !!!
I guess, this is a common problem for most companies. Anyone else has
complained
about this ? Let's form an anti-spamming list ?

Are these spamming activities supported by ISP ? This probably generates a lot
more traffic than the normal non-spamming emails. Furthermore it is based on
coercive users-pay principle ! i.e. the target had to pay for the seller's
advertising campaign. There is no way for tartget users to stop it, no way of
getting out of this hassel and wasteful costs.
My question is:
1. Is there any VN law related to online advertisement control that can be
used to sue these spammers ? Believe me I will sue them !
2. Can ISP do anything about this, considered this is an essential
service to
their customers ? I will switch to the one who can stop this spamming at source
or at their servers end.
3. Any software that can be used effectively to solve this problem with and
without ISP involvement ?

Regards
Viet Tran

Today's focus: Your thoughts on spam

By M.E. Kabay

The story of how I was blackballed by a system administrator
because a spammer sent a nastygram falsely accusing _me_ of
spamming generated quite a flurry of e-mail comments, all of
them very encouraging and supportive. Several contributed
additional information that readers may find interesting.

* * *

Jeff Anderson, president of ACI International
(http://www.aciconnect.com), wrote:

"You hit a subject that we have recently encountered.

"We maintain a mailing list of customers and potential
customers who might be interested in our PC-based digital-video
surveillance and control systems. Most of the addresses in the
list have been collected from responses to advertisements, or
from e-mails sent to us. We try very hard to qualify every
address prior to including it, since it would be plain stupid
to bother sending news and information to people who have zero
interest in security. We send a newsletter about once a week or
so, and honor all 'remove' requests. There is a note in every
e-mail offering to remove anyone who writes back and requests
removal.

"Last week we sent an e-mail newsletter and received five
remove requests. Two of them were very interesting indeed. They
both were similar in tone, beginning with the words:

"'<Expletive> YOU, SPAMMER <expletive>, take my name off of
your list NOW you scum.'

"Here's the interesting part... BOTH of those e-mails came from
suppliers with whom we had intended to place orders. One of
them had just quoted a substantial order to us and we had
received approval from the customer to go ahead and place the
order.

"The other supplier had contacted us and was courting us,
hoping that we would do business with them. We were considering
it until we discovered how they really behave.

"One other thing we have encountered: It seems that a large
number of people set up e-mail aliases and have mail redirected
from other accounts, then they forget that they have set this
arrangement up. As a result, they write to us from
ABC@somecompany.com and we discover that we have no addresses
for them under the domain somecompany.com. As a result, we
find it impossible to remove them.

"Interesting how people behave in e-mail in a different manner
than they would in person."

* * *

Reader Kirk Talbot noted:

"Years ago I had a friend in telephone direct marketing and
they had to have a system in place to recognize people and
numbers that had requested not to be contacted. I'd be afraid
of such a system on the Internet because I believe it would
only be used as a source for e-mail addresses. I managed to go
from about 10 junk letters a week to 30-plus a day by sending
complaints to providers from which I had received spam.
Nonetheless, I have to disagree with you: With spam I think you
have to shoot first and then correct the few mistakes you might
make... Why don't I see options on preventing mass mailings or
lists in sendmail? If junk e-mailers were only able to send 10
to 100 e-mails out from an account at a time, there would be a
lot less spam."

* * *

I'd like to thank these readers for sending their comments. The
edited, quoted letters used above remain the property of their
respective authors and are used by permission of the authors.

CompuServe limits every message to a maximum of 50 recipients,
thus requiring manual intervention to reach more people with a
message. It's a bit of a nuisance when I need to reach several
hundred people, but I have never complained about the few extra
minutes required because this limitation severely limits the
usability of CompuServe for outgoing spam.

On another tack, if ISPs were able or willing to check e-mail
headers for forgery, most spam would disappear. In my
experience, almost all junk e-mail uses falsified headers. Now
mind you, checking every single e-mail header by verifying the
correspondence between numerical IP addresses recorded by SMTP
and the written-out domain names would likely put an enormous
load on the WHOIS services of domain registrars - but how
satisfying it would be to count the numbers of junk messages
disappearing into bit-buckets worldwide! Perhaps the usefulness
of filtering out forged e-mail would justify mirroring the
registration databases locally with updates sent as required
instead of having to perform network-mediated lookups.

ISP and domain registrar network managers - any comments on
these ideas for making spamming more difficult?

______________________________________________________________

To contact M. E. Kabay:

M. E. Kabay, PhD, CISSP is Associate Professor in the
Department of Computer Information Systems at Norwich
University in Northfield, Vt. Mich can be reached by e-mail at
mailto:mkabay@compuserve.com He invites inquiries about his
information security and operations management courses and
consulting services. For papers and course materials on
information technology, security and management, visit his Web
site at http://www2.norwich.edu/mkabay/index.htm