Section: Internet Security
Anti-Spam Letter
Here's a letter that's not too mean that you can email to all your friends, relatives and business associates if you find yourself deluged with spam, chain letters and hoax virus warnings. Feel free to copy and paste it into a new email message from you. All I ask is that you leave the whole message intact (everything between the horizontal rules), right from the phrase "Network_Provider" down to the date at the end of the message. Make sure you also follow the advice in the message about hiding the recipients of the message you send, otherwise you'll get flamed for being a hypocrite. If you don't want to email the whole message you can just send people the URL for this page ( http://www.iamcraig.com/spam_letter.php ) with a brief personal note from you.Craig Hartnett
craigh@niner.net
Monday, October 5th, 1998
Updated Thursday, August 23rd, 2007
You can read an article based on this letter on the FactsCanada.ca site at www.factscanada.ca/friday/friday-2001-18-12-07.shtml. It has been updated more recently than this one and is not so mean. :) There's also a much newer article entitled "How and Why to Blind Copy Multiple-Recipient Messages" that covers a very important subject.
Please also note that, while the general thrust of this information is still valid, some of the more specific technical points are now rather dated. Caveat emptor! Amazingly though, human nature doesn't change, and some of the same hoaxes circulating when this was written late in the 20th century are still circulating today!
Network_Provider: NinerNet Communications -- http://www.niner.net X-Sender: cdgh@pop.uniserve.com (Unverified) X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Mon, 05 Oct 1998 01:50:47 -0700 To: (Recipient list suppressed) From: Craig Hartnett <craigh@niner.net> Subject: Public Service Announcement Hi there, I'm sending this to just about everyone that I know who has email. If it applies to you, please take note. If it doesn't, read it and learn anyway, and maybe you'll think of someone who needs this message. This is not meant to be a personal attack on anyone -- you don't know what you don't know. INTRODUCTION: ~~~~~~~~~~~~~ Tired of receiving spam? Wonder how the heck a spammer got your private email address -- the one you only gave to family and friends? Sick of chain letters, hoaxes and bullshit virus warnings? What a coincidence -- so am I. Links to all of the websites and companies I mention are at the end of this message. If you don't know what spam or a virus is, there are definitions there too. I know this is longer than most email messages you receive, but read it all anyway. It will save you time and spare you the animosity of your friends in the long run. You can also read it at http://www.iamcraig.com/spam_letter.php on the Web later this week. VIRUS WARNINGS: ~~~~~~~~~~~~~~~ If you receive a virus warning via email, please take the time to check it out with the American Department of Energy's "Computer Incident Advisory Capability" website. They are the computer virus hoax and chain letter authority. If it doesn't check-out, please don't bother forwarding the warning. Just delete it and pass *this* message onto the person who, probably unwittingly, sent you the hoax. Some notes on computer viruses / virii; simply reading an email message, in most cases, *CANNOT* do any harm to you or your computer. You have to run an executable program that comes attached to an email message before any harm can be done to the data on your computer. The program cannot and will not run by itself. If you get an attachment from a source that you do not know or do not completely trust, check it with a virus checking program. If you don't have such a program, get one, install it, and keep it updated. Otherwise delete the attachment *WITHOUT* clicking on it or doing anything else to it. A computer virus cannot cause your computer to melt-down, explode or kill you, all of which have been claimed possible by various hoaxers. Please keep in mind too, that technology is constantly changing. Weaknesses have been discovered in some popular email programs that can be exploited. However, the usual result seems to be a little inconvenience rather than massive amounts of lost data. The lessons to be learned in most cases are two-fold: 1) Stick to plain text email -- HTML formatted email may look pretty but let's face it, email was never meant to look great, it was just meant to communicate in words something concise and to the point. Besides, hidden behind the HTML coding in more and more recent cases can be a threat to your computer and your valuable data. This means that you no longer have to open an attached executable program for a virus to infect your computer and, also in an increasing number of cases, the computers of others on your network and whose email addresses you have stored on your computer. 2) Consider changing your email program -- Many recent attacks on email programs have only attacked the most popular free email clients (i.e., Microsoft Outlook Express). I wouldn't want to expose my prejudices here, but here's a hint; get a decent email program, one that doesn't stick out like a sore thumb asking to be attacked by virus authors and hackers. I prefer Eudora, and I have yet to see (although I stand to be corrected) a virus, Trojan or any other kind of attack that affects it. Fixes for the various attacks have been made available by the program vendors. Get them, keep up-to-date, and back-up your data. Assume your friends and business associates do likewise -- only pass on alerts that are timely and which you have personally verified with a reliable source, usually a software vendor such as Microsoft, or a well known and respected virus lab (two of which are listed below). SPAM / REVEALING YOUR FRIENDS' E-MAIL ADDRESSES: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You'll notice that the distribution list for this message has been hidden. That's a favour I do for *you*. That way nobody can skim your email address and sell it to a spammer. Please do me and everyone else on your distribution list the same courtesy. If you don't know how to do it, check your email program's documentation. Here's a simple procedure that will hide all the recipients with most, if not all email programs and services (including programs like Eudora or Outlook, and services like Hotmail); put *ALL* recipients in the "Bcc" (blind carbon copy) field, not the "Cc" or "To" fields. If you have to put something in the "To" field, put your own email address, or a fake address that you know does not work. If you do forward an email message of some kind, many email programs and services include the original sender's email address and other useless header information in the body of the new forwarded message. Do your friends another favour and delete this information from the new message, as well as deleting their signature (defined below) if they use one. Leave just the meat of the message -- take out the fluff. Getting a message that has been forwarded a hundred times with all the header information intact is annoying to the recipients at best, and a gold mine for spammers at worst. For an example, see the end of this message. CHAIN LETTERS: ~~~~~~~~~~~~~~ I know some people just love to receive chain letters, especially "get-rich-quick" ones. I am *not* one of those people. If your life revolves around the possibility of Bill Gates giving you a free copy of Windows '98 and a thousand bucks, or avoiding bad luck by annoying your friends, then I feel very sorry for you. Please ask your friends if they want to receive chain letters, and then make a special distribution list for them. My guess is that it will be empty. MOTIVATION: ~~~~~~~~~~~ So why have I suddenly decided to waste my time writing this? Also located at the end of this message are the subject lines of the spam I have received in the last month. Some of this has even come to the email address I mentioned at the beginning -- the *private* email address I have given *ONLY* to family and friends. I have *never* posted that address anywhere on the Internet, or given it to any company for any reason. Even this message is not from that address. I use that address when corresponding with family and people I know personally in real life. I find it ironic that the email address I give out all the time for things like email subscriptions, warranty registrations, etc. has never once received a single piece of spam! Then there's the virus warning (actually another hoax) that came to me recently with 68 email addresses in the "To" field. That's not counting the sender's address and all the addresses in the body of the message that were there because the people who forwarded the message did not bother to delete the previous senders' information. There are links to information about some of the other hoaxes and chain letters I have recently received at the end of this message. CONCLUSION: ~~~~~~~~~~~ There are a whole bunch of links related to viruses, hoaxes, spam and chain letters at the end of this message. Other than visiting the CIAC website to verify hoaxes and downloading some anti-virus software from one of the vendors, your best defence is common sense. A computer virus is a serious matter, and hoaxes and chain letters that ask for money are no better. It seems to make sense to pass along warning messages, and some chain letters are just fun, aren't they? Passing on warnings that are hoaxes means that real warnings can go undetected or unheeded. (Ever hear the story of the boy who cried, "Wolf!") *You* may enjoy chain letters, but poll your friends and I think you'll find you're in the minority. Do you want your email address and other personal information floating around all over the Internet for anyone to pick-up? Please think before you act. DEFINITIONS: ~~~~~~~~~~~~ Virus -- A program that, *when executed*, will carry out (usually undesirable) actions on your computer. Commonly feared consequences are formatted hard drives and loss of stored data by other means. Spam -- Unsolicited Commercial Email (UCE). Junk email. The Internet equivalent of flyers and letters from Ed McMahon in your mail box. Believe it or not, spam actually costs you money. Ask your ISP or server administrator. Signature -- A block of text created by a user, automatically appended to the end of every email message sent by that user. This is usually identifying information such as name, company name, website address, email address, phone number, fax number, postal address, and / or any other information the sender deems pertinent. Some email programs allow you to select from a number of different, user created signatures before sending your message. Services like Hotmail also allow you to create a signature to be automatically appended to every email message you send. EXAMPLE OF A FORWARDED MESSAGE: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The unintelligible gibberish below is referred to as the "header" of an email message. It is of little or no interest to anyone except computer geeks and spammers looking for more email addresses. Most email programs and services will include some or all of this information in the body of a new message when you forward a message to someone. All you have to do is delete it. Imagine how big this message would be if it had been forwarded 100 times and all this junk was still in there! >Return-path: <craigh@niner.net> >Received: from mx04.netaddress.usa.net [204.68.24.141] > by pop.uniserve.com with smtp (Exim 1.82 #4) > id 0zGH7V-00068g-00; Mon, 7 Sep 1998 23:19:17 -0700 >Received: (qmail 1928 invoked by uid 0); 8 Sep 1998 06:19:18 -0000 >Received: from pop.uniserve.com [204.244.156.3] by mx04 via mtad (2.6) > with ESMTP id mx04-ciHgTR0143; Tue, 08 Sep 1998 06:19:17 GMT >Received: from van4d40.dial.uniserve.ca (rhodes) [204.244.163.103] > by pop.uniserve.com with smtp (Exim 1.82 #4) > id 0zGH7Q-00068S-00; Mon, 7 Sep 1998 23:19:12 -0700 >Message-Id: <3.0.5.32.19980907231856.009505c0@pop.uniserve.com> >Network_Provider: NinerNet Communications -- http://www.niner.net >X-Sender: cdgh@pop.uniserve.com (Unverified) >X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) >Date: Mon, 07 Sep 1998 23:18:56 -0700 >To: cdgh@usa.net >From: Craig Hartnett <craigh@niner.net> >Subject: Be Afraid... >Mime-Version: 1.0 >Content-Type: text/plain; charset="us-ascii" > ***** DELETE THE CRAP ABOVE THIS LINE ***** > >***** THE ACTUAL MEAT OF THE MESSAGE STAYS HERE, BUT DELETE ALL THE >FORWARDING SYMBOLS (USUALLY >) IF THE MESSAGE HAS BEEN FORWARDED >MORE THAN A FEW TIMES ***** > ***** DELETE THE PERSONAL INFORMATION IN THE SIGNATURE BELOW THIS LINE ***** > >NinerNet Communications Craig Hartnett >------------------------------------------------ >Providing business Internet solutions since 1996 >------------------------------------------------ >http://www.niner.net * Telephone: 1-206-374-2986 >mailto:zzz@niner.net * Facsimile: 1-206-374-2986 RECENTLY RECEIVED SPAM: ~~~~~~~~~~~~~~~~~~~~~~~ Spelling not corrected. Spammers aren't known for their highly evolved intellects. My comments are indented and bulleted. ARE YOU TIRED OF BEING LABLED A LOSER! - To my *private* email address! (No smart ass comments.) The Money You Want, The Way You want Fast! from Helen Astor/ forward to pres. please Internet Publishing Business AD: Complimentary Hotel Stay Sampler Would you like to have some extra money? FREE CREDIT CARD PROCESSING - New & Home Based Businesses ***How Serious Are You? AD: Stock-Pick Discovers Media Goldmine!! - Another to my *private* email address! LINKS: ~~~~~~ Hoax and Chain Letter Resources: United States Department of Energy, Computer Incident Advisory Capability: http://ciac.llnl.gov CIAC HoaxBusters: http://hoaxbusters.ciac.org Bill Gates Hoax: http://hoaxbusters.ciac.org/HBGiveAways.shtml#billgates Disney Hoax: http://hoaxbusters.ciac.org/HBGiveAways.shtml#disney AIDS Hoax: http://hoaxbusters.ciac.org/HBMalCode.shtml#aids Budweiser Frogs Screensaver Hoax: http://hoaxbusters.ciac.org/HBMalCode.shtml#budfrogs CIAC HoaxBusters Chain Letters Page: http://hoaxbusters.ciac.org/HBChainLetters.shtml Sophos Virus Information: http://www.sophos.com/virusinfo Links to more resources: http://home.ptd.net/~larrysch/virus.htm (dead) Anti-Virus Software Vendors: McAfee (Network Associates) -- VirusScan/VirusShield: http://www.mcafee.com Symantec -- Norton Anti-Virus: http://www.symantec.com Command Software -- F-Prot: http://www.commandcom.com Aladdin Knowledge Systems -- eSafe: http://www.esafe.com Sophos -- Sophos Anti-Virus: http://www.sophos.com Anti-Virus and Security Related Resources: Symantec AntiVirus Research Centre (SARC): http://www.symantec.com/avcenter Microsoft Security Advisor: http://www.microsoft.com/security Anti-Virus Emergency Response Team: http://www.avertlabs.com Anti-Spam Resources: Coalition Against Unsolicited Commercial Email: http://www.cauce.org Network Abuse Clearinghouse: http://abuse.net S.P.U.T.U.M.: http://www.sputum.com (dead) This has been a public service announcement. Any resemblance to a rant is purely coincidental. The information in this message is a copyright © 1996-2010 of NinerNet Communications. Other trade or service names mentioned herein are the copyrights of their respective owners. The mention of a product or service does not constitute endorsement of that product or service by NinerNet Communications or Craig Hartnett. This message may be reproduced by any means without the prior consent of the copyright holder, as long as the entire message is kept intact, including this notice, and not changed in any way. Craig Hartnett craigh@niner.net Monday, October 5th, 1998 Updated Thursday, August 23rd, 2007
