Home Search About Stone Design Stone's Throw Feedback Prices Download Software for Mac OS X


(c) 1998 Andrew C. Stone All Rights Reserved. November 16, 1998

Is there a word strong enough to encompass all the frustration, anger, rage, and outright disdain for the people and companies producing spam (unsolicited bulk email) and their libelous practice of forging return addresses of legitimate businesses? SPAMNATION, I say!

On November 16th, Stone Design was mail-bombed when some malicious entity forged our domain in the
Return-Path field of an unknown quantity of spam email. The content of the advertisement was for pornography; which is degrading to us and our domain's image. That damage aside, there is the mere fact that if some multi-million name mailing list is being spammed, tens of thousands of messages get returned with bad addresses, thus flooding our server and sysadministrator with endless mail.

To all those at AOL who got hit by
"txtrvlr51aostasies@aol.cotxtryit@stone.com", the mail did not originate from Stone Design, and I apologize on behalf of the perpetrator for any inconvenience.

Luckily, we caught the spammer in action with the help of UUNET security - the spammers were dialed in to UUNET. Whoops! And then, there's the company they were advertising in the spam. Which of these parties is culpable? The individual forging the email, or the company which hired him to do the dirty deed, or both? How can they be stopped in the future? Should there be legislation to stop spammers, especially ones who forge return addresses? And how could that possibly be enforced? I encourage your feedback, because it's starting to suck my time and I think we should do something about this before it goes to far.

Sites that offer accounts should consider these countermeasures that Yahoo describes to fight the onslaught of ever-increasing spam:

1. We limit the number of individual recipients allowed per each email message.
2. We do not allow numeric characters at the beginning of an email address. Any Yahoo! ID that begins with a numeric character is a forgery.
3. We include the Originating IP Address in the header of each email message that is delivered via our system. If an email message does not contain an Originating IP Address in its full headers, it did not come from Yahoo!.
4. We also have implemented procedures to prevent spammers from bypassing these countermeasures.

Moral of the story - whoever writes a killer spam filter is going to win the gratitude and pesetas of many, many people. And spammers, be careful who you mail bomb!