© 2001 Elena Fawkner
"Automatic complaints are sent when a filter whose action
is set to Kill after complaining is triggered. For each
filter, you can configure who the complaint should be
sent to. ... The message body is also scanned for e-mail
and website addresses. If any addresses are found, they're
added to the lists mentioned above." Source: http://www.spamkiller.com/Features.html
SpamKiller is spam filtering software. Its purpose is
to scan incoming email for spam and take appropriate action
in response to those messages that are identified as spam,
such as automatic deletion. Another handy function is
that the software allows the user to generate automatic
and manual complaint emails which the user then sends
to the webmaster of the offending domain as well as any
number of other recipients such as spam-reporting "authorities"
and the webhost and/or ISP of the person sending the offending
Good idea, you say? Fair enough, you say? Well ... maybe.
Note the quote above: "... The message body is also scanned
for e-mail and website addresses ... [and] added to the
lists mentioned above", i.e. the list of recipients of
Now, imagine this. Let's say you're a paying advertiser
in my ezine. Your ad contains your URL and email address.
I spam mail my ezine or send it to someone who forgets
they subscribed and they think it's spam.
Imagine further that the recipient of my so-called spam
uses SpamKiller software (or some similar program). The
software scans the message header and extracts the relevant
information about the person who sent the email (me).
Fair enough. Assuming that it IS spam, of course.
But the capability of the software doesn't stop there.
As mentioned in the above quote, it also scans the message
BODY, which contains your ad, and adds your URL and email
address to the list of recipients of the complaint. The
ever-diligent big-spam-hunter also makes sure that one
or more spam-reporting "authorities" is copied on the
WeStopSpam.net*, diligent, professional organization that
it is, immediately and automatically forwards the complaint
to firstname.lastname@example.org and your webhost, an equally diligent,
professional organization shuts your site down for three
days for spamming.
You, of course, learn about all of this AFTER the event.
Think it can't happen to you? Think again. It happened
to me. This week. Except I wasn't a paying advertiser
in the offending ezine. The publisher of the ezine reprinted
one of my articles. The article contained my resource
box. The resource box contained my website URL. SpamKiller
added my URL to the list of recipients of the email complaining
of the "spam", copied WeStopSpam.net and WeStopSpam.net
forwarded the email to email@example.com with the result
that my webhost, DumbHost*, shut down my site for what
was to be three days.
The actual downtime was two hours. By that time I had
threatened to sue and they finally got around to actually
READING the offending email and realizing that I, in fact,
was just an innocent bystander.
There is so much that is wrong in this whole scenario
that it's hard to know where to begin.
THE PERSON WHO GENERATED THE COMPLAINT
Let's start with the individual who generated the complaint
in the first place. This is the person using the SpamKiller
software. His email to me (which was auto-generated by
SpamKiller) contained the following subject line:
"UCE Complaint (So-and-So Newsletter*)"
The body started out:
"I have received the attached unsolicited e-mail from
someone at your domain. [He had not.]
"I do not wish to receive such messages in the future,
so please take the appropriate measures to ensure that
this unsolicited e-mail is not repeated.
"--- This message was intercepted by SpamKiller (www.spamkiller.com)
The full text of the intercepted message followed.
The header of the offending email clearly showed that
the sender of the email was someone from so-and-so.com*.
Unfortunately, the newsletter concerned contained virtually
nothing but my article interrupted by what I assume were
I'm sure that the paid advertisers in this particular
ezine also received a complaint and that WeStopSpam.net
received a copy and automatically forwarded it to the
advertiser's ISP and/or webhost who may or may not have
shut them down, at least temporarily. (Hopefully not all
webhosts are of the calibre of DumbHost when it comes
to this sort of thing.)
So, this individual, in his zealousness to rid the Internet
of spam, blithely dragged the names and reputations of
at least half a dozen perfectly innocent bystanders through
The moral of the story? If you use spam-filtering software
and the complaint-generating function that comes with
it, have the common decency and responsibility to stop
and think about who you're adding to your hitlist. If
you don't, and you get it wrong, don't be surprised to
find a process- server on your doorstep.
SPAM FILTERING SOFTWARE
To give SpamKiller its due, it appears to be an excellent
product. There's a free 30 day download available at http://www.spamkiller.com
. I downloaded it myself to see what, if any, cautions
are given to users about the need to make sure that the
recipient of the complaint is, in fact, responsible for
the email concerned.
Well, there is such a caution but it took me a good 45
minutes to find it. The software comes with an excellent,
comprehensive built-in help facility. Tucked away at the
end of the page on "Sending manual complaints" is the
"Note: SpamKiller does not check that the loaded addresses
are appropriate for the selected message. Don't use a
... complaint unless you are certain that its recipients
are responsible for the spam that you are complaining
I would respectfully suggest that this warning be displayed
in a more prominent position, coupled with warnings about
what can happen to those who use the software in an irresponsible
manner so as to ensnare innocent parties.
Now, let's take a look at WeStopSpam.net's role in all
of this. In my case, "all" they did was forward a complaint
they had received from our friend in the previous section
to my webhost. Here's what they sent:
Subject: [WeStopSpam (http://www.ahbbo.com) id:17846286]
Date: Sun, 25 Feb 2001 23:14:50 -0700 (MST)
X-Mailer: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)
via http://westopspam.net/ v1.3.1
- WeStopSpam V1.3.1 -
This message is brief for your comfort. ...
Spamvertised website: http://www.ahbbo.com
> http://www.ahbbo.com is 22.214.171.124; Tue, 27 Feb
Offending message: ..."
So, my website was reported for spamming because it was
"spamvertised" - lovely butchering of the English language,
I must say. This appears to be a coined term for a website
that is advertised by means of spam. This means that any
paying advertiser in the ezine itself is treated as a
spammer, merely because spam was used to send the ezine.
I checked out the website of the ezine concerned. It proclaimed
that its 85,000 subscribers were all "opt-in" i.e. that
the subscribers each took some positive step to have their
email address added to the ezine's mailing list.
Any reputable advertiser is going to be concerned that
the recipients of the ezine are opt-in, so this would
have been of comfort to the advertisers concerned in this
Mind you, when I sent an email to the address displayed
at the publisher's site, it bounced. Maybe this person
IS a spammer. I don't know. And that's the point. How
are you supposed to know that if you're just the advertiser
or article author?
But, as far as WeStopSpam.net is concerned, that doesn't
matter. The mere fact that the advertiser's opportunity
was advertised in the allegedly spam email is sufficient
to make the advertiser a legitimate target. In my case,
I didn't even advertise! The publisher of the ezine ran
my article. How many of you out there make your articles
freely available for reprint?
WeStopSpam.net would presumably have you restrict the
reprint rights to your articles to only those publishers
who you know for a FACT are sending to a 100% guaranteed
opt-in list. How do you do that? Quite simply, you can't.
To expect any such thing is just unreal and smacks of
an appalling lack of understanding about how the online
A reasonable compromise would be if reprint rights were
granted to publishers who send their ezine to an opt-in
list. I would have no objection to that. Of course, that
wouldn't help you with WeStopSpam.org because their policy
is to shoot first and ask questions later ... but wait,
on second thought, they don't even ask questions later.
They just shoot.
You don't get a "please explain" or anything else. You're
convicted first and then it's up to you to prove that
you're innocent. Of course, by then, the damage is done.
But WeStopSpam.org doesn't care. I'm sure they see it
as just a casualty of war.
OK, now let's turn to the real bad guy in all of this.
The webhost who shuts down a website on the grounds of
nothing more than the say-so of an unverified spam complaint.
In my case, it's DumbHost but I know there are many other
webhosts and ISPs out there who are just as irresponsible.
Here's the email I received from
DumbHost informing me my site had been shut down:
"To whom it may concern,
"We recieved [sic] the following spam complaint regarding
ahbbo.com. Your domain will be temporarily disabled for
3 days. You can have your domain re-enabled at the end
of this 3 day period by requesting so at firstname.lastname@example.org.
If we continue to recieve [sic] complaints, action may
be taken to disable your domain.
Abuse Response Team"
The email that followed was the one from WeStopSpam.net.
Note that my site was shut down because "[w]e recieved
[sic] the following spam complaint regarding ahbbo.com".
Not because I had SPAMMED, mind you, but because DumbHost
had received a spam COMPLAINT. The notification that my
site had been disabled was the FIRST communication from
DumbHost on the matter.
An appropriate response would have been: "We've received
a complaint of spamming against you. We take all complaints
of spamming very seriously. Please let us have your response
to this complaint so we may take appropriate action".
But I guess that would have been too much like due process
for DumbHost to want to bother with.
Here's what followed:
>From me to DumbHost:
"If you even bothered to read the "offending email" you
will see that it came from so-and-so.com, NOT ahbbo.com.
The publisher of the email in question reprinted one of
my articles in his newsletter. That article contained
a resource box which contained a link to my domain.
"If my site is shut down for ANY length of time as a result
of this complaint, expect a lawsuit without further notice."
Their reply (from "Level
II Customer Care Representative" - ha!):
"Was this bulk mail authorized by you? This is considered
an offense of our terms of service no matter where it
originates as long as the email is sent or authorized
by you. The email advertises your website, that is why
your domain has been disabled for 3 days.
Abuse Response Team"
"No! I've never heard of these people before. It is common
practice for newsletter publishers to publish articles
written by other people. The author's resource box is
always included at the end of the article. If this person's
newsletter went to someone who wasn't subscribed, then
it's the newsletter publisher who should be reported for
spamming, not the innocent author who is unfortunate enough
to have their work reprinted.
"Did anyone even read the email concerned before shutting
my site down? It's obvious what happened. If my site is
not reinstated today, I will be issuing legal proceedings
"By the way, don't you think your question should have
been asked BEFORE shutting me down, not after?"
"Okay, I was asked to take a look at your account, I will
forward this information to abuse and they should get
back to you shortly...
Level II Customer Care"
(They apparently don't use full names at Level II Customer
Care. Can't imagine why.)
Finally, this one from the "Abuse Response Team" at DumbHost:
"In light of this new information, I have gone ahead and
re-enabled your domain. Be advised that any mass emails
such as this will be considered a violation of our terms
of service. You may want to take steps to ensure that
services such as this are not sending out this kind of
advertisement for your site.
Abuse Response Team"
"They did not send an advertisement for my site. My articles
are publicly available for reprint, as are thousands of
other authors'. It is usual practice for authors to give
permission for reprinting provided the newsletter publisher
publishes the author's resource box at the end of the
article. It's a way of generating traffic to the author's
"The author has no control over who uses the article in
this way. Is a paying advertiser in an ezine shut down
if the publisher of the ezine sends a spam email (assuming
that it was spam in the first place)? ... That policy
makes no sense whatsoever."
Nothing. Zip. Nada. No apology, no nothing.
Nice going DumbHost. You must be proud.
PLAN OF ACTION
My experience was pretty trivial in the scheme of things.
I was able to get my site restored in just a couple of
hours. Consider the damage that could be done to your
business if that didn't happen though. What would be the
impact on YOUR bottom line if your site was shut down
for 3 days? Or a week? Or for good?
So, what's the innocent party to do in a situation like
this? Here's one plan of action:
- SUE irresponsible complainer for defamation.
- SUE irresponsible spam police for defamation.
- FIRE webhost.
- SUE fired webhost for lost profits.
I for one am not generally in favor of government regulation
when it comes to the Internet. This is one area, however,
that I must say some form of governmental control should
be taken. Where else but online can you have a situation
where it's commonplace for someone to take punitive action
against an innocent bystander BEFORE giving them a fair
hearing? Where else but online can ignorant and/or malicious
individuals be allowed to cause such injury to someone
else's livelihood without being called to account? Try
that in the real world and you'll be answering a charge
of vandalism, defamation and trespass to goods just to
It's high time someone took a balanced approach to the
issue of spam and recognized that, although spam is an
undeniable problem, so too are anti-spam zealots and plain
malicious types who think it's sport to trash some innocent
person's business and reputation. They should be held
to account for the damage they cause.
In addition, in recognition of this unfortunate fact of
online life, a fact, I might add, of which webhosts are
only too well aware, webhosts should also be held accountable
for shutting down livelihoods based only on the prosecution's
case in chief.
The defense is entitled to be heard and any conviction
that results from a one-sided hearing is nothing short
of an abject denial of due process. The legal profession
can't get away with that. Why the hell should webhosts?
------ * Fictionalized names. ------
** Reprinting of this article is welcome! **
This article may be freely reproduced provided that: (1)
you use the autoresponder copy which contains a resource
box; (2) you leave the resource box intact; and (3) YOU
ONLY MAIL TO A 100% OPT-IN LIST! To receive a copy of
this article by autoresponder, just send a blank email
it's No UCE!
by Mike Banks Valentine
Ya Gotta love those scumbags! Those spammers who make a living
encouraging everyone else to spam by selling CD's full of e-mail
addresses they shouldn't have in the first place. I got an offer
this week for a CD with - I kid you not - 57 million e-mail addresses!
For only $149 I can make millions of people hate me and my business
by sending Unsolicited Commercial E-mail (UCE) to people who don't
want to hear from me!
To encourage me to become a lowlife scumbag, he offers me some
simple math. I quote:
"Imagine selling a product for only $5 and getting only a
1/10% response. That's $2,850,000 in your pocket !!! "
You bet it is! And it will never happen in this life or the next.
What will happen is that my Internet Service Provider will shut
down my account and ban me from their service and I'll be tracked
down by the law enforcement agencies in nearly every country I
e-mail my information! The cat is out of the bag by now folks
. . . it's no UCE spamming. That is the recommended course of
action for almost every get-rich-quick scheme on the internet.
IF IT INVOLVES SPAM, CAN IT! Delete and forget those silly messages!
My internet service provider offers a special address to forward
all spam that I receive so that they can filter out the offending
scumbags and I use it quite regularly. I've even been known to
seek out the ISP of the worst offenders and attempt to have them
banned from their own accounts. In doing this I've found several
ISP's that cater specifically to spammers by protecting their
identity and offering "secret" e-mail addresses which
are "cloaked" and re-routed through other servers to
hide the source!
You know that legitimate businesses would never resort to hiding.
Can SPAM it's no UCE!
Internetweek recently ran a survey asking companies if they ever
use Unsolicited Commercial Email to market their business. The
results were astounding assuming the respondents represent real,
legitimate businesses! (How many spammers read Internetweek?)
"In fact, one in 25 of our survey's respondents said their companies'
marketing efforts include the distribution of unsolicited e-mail."
And that is just those who ADMIT spamming! That is a very ugly
percentage and something needs to be done. I am in contact with
the Chief Privacy Officer of one of the largest email marketing
companies on the web asking to be removed from the marketing database
That seems to be difficult. Why? I want my subscriptions to remain
intact, I want my hosted applications to continue undisturbed,
I want to request information from online companies and I want
all of that while also wanting to stay out of marketing databases.
This seems like a relatively simple thing to do technologically.
Internetweek recently published an article titled "Privacy tools
What makes the process of privacy protection so hugely complex?
WebSite101 recently added a privacy protection tool to our domain
which protects our database from outside access and seems like
a perfect solution to keeping our subscribers and site members
information private on a shared server. We highly recommend it
for those who value the privacy of their web site members.
Take a look at the possibilities for both privacy protection and
website community building on your own domain:
The trust of your visitors is far more important than any other
feature you could offer. Immediately following the posting of
unprecedented since the inception of our site!
Isn't it clear we all want a solution?
There are raging anti-spamming fanatics getting legitimate companies
shut out of their ISP's by falsely accusing people of distributing
UCE (when their domain is mentioned in an article published by
*anyone*) by running entire newsletter through a service called
SpamCop. This tool is abusive and should be shut down or discredited
since it extracts every domain name mentioned in the newsletter
and sends email to the host of those domains and endangers the
owners of those domains with knee-jerk reactions by their ISP's.
It is not uncommon that victims of these complaints are shut down
by their web host without investigation!
"Guilty until proven innocent" is the attitude of many service
providers since they are under constant pressure from everyone
from their customers to their own providers to do something to
prevent further complaining and end email abuses. This has caused
a new backlash by innocents who have been threatened with the
closure of their online business stemming from those spurious
If this anti-spam article were published in an anti-spam newsletter
and the newsletter were submitted to SpamCop every domain mentioned
within this text would be turned in to their ISP for spamming.
How effective a tool is one that indiscriminately shoots at everyone?
That is essentially the effect of anti-spam software used badly.
It would shoot to kill all, including the anti-spam sites mentioned
Everybody is hot under the collar about spam but nobody is doing
anything real to stop it legitimately. The government is debating
the issue and threatening to pass stringent laws, but haven't
figured out how to legislate the issue. Reference laws:
Now there are fanatics on both sides of the issue and it is going
nowhere but occassionally to the Realtime Blackhole List. This
is one attempt to address the issue that creates more heat than
light. Marketing companies want the Black Hole List shut down.
Why? 24/7 media have recently won a court injunction to have their
domain removed from the Black Hole list.
For info about the Blackhole List at the Mail Abuse Prevention
System or MAPS visit:
Is Spam destined to join religion as one of those things we avoid
discussing in polite company out of fear of brawls breaking out?
I recently attended a marketing conference where the topic of
spam turned a roomful of reasonable folks into sharply divided
camps raging loudly at each other across the conference table.
I've just joined a spam discussion list where many of the same
emotions are raised in what seem to be otherwise reasonable folks.
Everyone seems to agree there is a problem, but each have very
distinct ideas about what should be done to address the problem.
Comparisons are constantly made to core issues of freedom of speech,
gun control, product liability, totalitarianism, and all the while,
nobody agrees on a solution.
Marketers should take the lead and help develop technological
solutions to unwanted email before they are hit with a massive
public backlash and the complete loss of this valuable marketing
medium due to public hysteria and government over-reaction.
I vote that DoubleClick, WhiteHat, 24/7 Media and their cohorts
commit a bit of their thinning profits to helping solve the problem
of spam before they get wiped out by the building tsunami of public
We've recently added a Spam Tutorial to WebSite 101:
You can read it or adopt the following SPAM guideline:
DON'T DO IT! End of lesson.