What can I do about 'porn spam'?

With the rise of the Internet, Morality in Media has received many complaints about pornographic e-mail messages. This request came in recently to our e-mail in-basket:

"Can you tell me how I can stop the receipt of unsolicited pornographic email messages. ... I have never accessed any of these type of sites and therefore do not know how I have been put on such a mailing list. Can you help?"

Here are some suggestions that may be able to help you:

"Unsolicited commercial e-mail" (UCE) is informally know as "spam," and if it's pornographic -- typically with links to pornographic Web sites -- it's called "porn spam."

(Why is UCE named after the famous luncheon meat? The name comes from a routine from the British comedy group Monty Python, in which the word "spam" is repeated over and over again. Some techie years ago connected the "spam, spam, spam, spam, spam, spam, spam, spam" with the blizzard of junk e-mail, and the name stuck.)

Since "spam" can be about anything, the suggestions here deal with all kinds of UCE, not just "porn spam."

First, some basic tips:

1. If you've been "spammed" by someone you don't know, do not reply to the sender or follow any "removal instructions" which might be included.

Why? Because if you "unsubscribe," you're telling the pornster that your e-mail address is working, and they then turn around and sell your address to other spamsters.

2. If you receive porn spam, use the ObscenityCrimes.org Web site you're on now to complain about the offending Web site your United States Attorney. Your letter will ask your U.S. Attorney's office to investigate the porn spam, or the site it promotes, as a possible violation of the Federal Obscenity Laws that prohibit the use of computers to transmit obscene material (18 USC 1462 and 1465).

3. Complain to your Internet Service Provider (ISP).

4. Complain to the sender's ISP. Most ISP administrators are responsible and don't want their machines used for spamming. Most ISPs have policies prohibiting spamming through their accounts. Once they are notified that a user has been abusing their account, many ISPs will shut down the offender.

So how do you find out whom to contact? In the body of the spam message, there are almost always instructions for how the sender wants you to respond to the message. Often they will want you to visit a web site or send mail to an email address. This address will almost always be bogus.

Look for the "domain name" in the bogus address. This is the part after the @ sign of an email address or the last part of the server name in a URL (Internet address, "Uniform Resource Locator"). For example, in the URL of http://www.bogus.com/somepage.html, the domain is simply "bogus.com."

If the links in the porn spam message are just a line of numbers, you can translate them into a "normal" IP address. The anti-spam people at Abuse.net have a translator for that. There's a direct link to the translator in our "Outside Resources" links below.

You then need to track down the adminstrator of that domain. How? If the domain is in the ".com," ".org," ".net," or ".edu" domains, you can find the administrative contact through InterNIC, which is the official registrant of names in those top-level domains (TLDs). You can go directly to the Web site for the InterNIC Directory and look up the administrative contact there.

Once you've tracked down the administrator through the InterNIC Directory, simply email the entire message to the person listed as the administrative contact. Explain that you've been "spammed." The administrator may have further requirements, but this is the person or group you want to be in contact with.

An "entire message" means one with complete "headers." How do you get the "headers?" They are typically hidden in e-mail messages, but your e-mail software can be switched to "view full headers." The procedure differs in different e-mail programs. In Microsoft Outlook, for example, you open or highlight a message, pull down the "File" menu, go down to "Properties," then click the tab that says "Internet."

The people at SpamCop.net have some instructions on how to find the "headers" on about 20 different e-mail programs, including Eudora, Hotmail, Yahoo! Mail, WebTV, and others.

The full "headers" will look something like this:

 

Received: from mta01.talk21.com (t21mta01-app.talk21.com) [62.172.192.171]

        by blahblah@blahblah.com with esmtp

        id 12cEfR-0000Qq-00; Mon, 3 Apr 2000 16:45:53 -0500

Received: from r0b8r5 ([213.1.45.168]) by t21mta01-app.talk21.com

          (InterMail vM.4.01.02.27 201-229-119-110) with SMTP

          id <20000403204708.SEXK25243.t21mta01-app.talk21.com@r0b8r5>

          for ; Mon, 3 Apr 2000 21:47:08 +0100

Message-ID: <001601bf9db1$638695c0$a82d01d5@r0b8r5>

From: "name"

To:

Subject: Unsolicited porn messages

Date: Mon, 3 Apr 2000 22:10:17 +0100

MIME-Version: 1.0

Content-Type: multipart/alternative;

        boundary="----=_NextPart_000_0013_01BF9DB9.64B72CE0"

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 5.00.2314.1300

X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300

X-UIDL: 32e01cfd4c3c1551ec25ea39229914e1

 

This is a multi-part message in MIME format.

 

------=_NextPart_000_0013_01BF9DB9.64B72CE0

Content-Type: text/plain;

        charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

 

------=_NextPart_000_0013_01BF9DB9.64B72CE0

Content-Type: text/html;

        charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

 

------=_NextPart_000_0013_01BF9DB9.64B72CE0--

If there's more than one domain name in the "headers," to find the original source of the message, you'll have to look back to see which was the first e-mail (SMTP -- Simple Mail Transfer Protocol) server to receive the message on its journey. There should be a time reference on it -- in the example here the third line from the top refers to Monday, April 3rd, 2000 at 16:45 hours (4:45 p.m. local time).

Send the headers, along with the main text of the spam message, to the adminstrators to whom you're complaining.

A frequently asked question: "How did they get my e-mail address?"

Newsweek reporter Jennifer Tanaka put it this way in her article Crammed with Spam, in the April 10, 2000 issue:

"A typical strategy is to write a program that harvests valid e-mail addresses from public forums like newsgroups and member directories of ISPs, such as America Online's massive one. These directories are open because, like the telephone white pages, they're intended to let you find e-mail addresses of long-lost friends and family.

"Another common tactic is what's known as a dictionary attack, in which a spammer creates possible addresses using every name in the book, in myriad permutations: JoeA@hotmail.com, JoeB and so forth.

"Spammers then mail out e-mail pitches—buy viagra online! get rich quick!— in huge batches; it costs no more to send thousands of messages than to send one. "

Some outside resources on spamming:

1. Anti-spam resources from the Federal Trade Commission:

·        You’ve Got Spam: How to "Can" Unwanted Email

·        Email Address Harvesting: How Spammers Reap What You Sow

·        What's in Your In-Box?

·        "Remove Me" Responses and Responsibilities: Email Marketers Must Honor "Unsubscribe" Claims

·        Federal Trade Commission Web site home page

2. Other anti-spam resources:

·        Spamcop.net, with a method of reporting spammers.

·        Another good explanation of how to complain about spam, from the people at Abuse.net. The Abuse.net home page has a good links to other anti-spam resources.

·        Another excellent Abuse.net resource: they can decode single-number network addresses. Frequently, the porn spam links are just a line of numbers. The Abuse.net converter will translate that group into a normal "dotted quad" (i.e., 11.22.33.44) IP address. You can use that IP address to track down the spammer.

·        America OnLine's anti-spam policy

·        Yahoo! links to anti-spam resources

·        Yahoo! links to news stories about spam

·        BrightMail, anti-spam software

·        Junkbusters, anti-spam software.

·        The Anti-Spam Resource Center of Earthlink, a leading ISP.

·        The E-mail Abuse FAQ (Frequently Asked Questions).

One suggestion: You may want to consider getting a filtered Internet Service Provider (ISP) or filtering software. Filtered ISPs block -- to the limits of their technical capabilities -- the porn Web sites that the porn spam messages link to. However, they don't block the porn spam itself. There are links to some filtered ISPs and filtering software products on our Help Parents page.

 

State Spam Law Review
By Robin S. Whitehead
Counsel, Morality in Media, Inc.

Note: The Federal CAN-SPAM Act of 2003 may, in whole or in part, supersede your state's spam law. The Federal law includes the following provision:

(b)STATE LAW.--

(1)IN GENERAL—This Act supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto.

In State v. Heckel, 24 P.3d 404 (2001), the Washington Supreme Court reversed the lower court and held constitutional the state’s commercial electronic mail act, Wash. Rev. Code 19.190. The Court found that the Act did not violate the dormant Commerce Clause of the United States Constitution since the local benefits of the Act outweigh any conceivable burdens that it places on those sending commercial e-mail messages.

Specifically the Act provides that anyone sending a commercial e-mail message from a computer located in the state or to an e-mail address held by a state resident may not use a third-party’s domain name without permission, misrepresent or disguise in any other way the message’s point of origin or transmission path, or use a misleading subject line.

The Court determined that the Act was sufficiently limited in scope because it does not impose liability for messages that are merely routed through the state or that are read by a resident who is not the actual addressee. The Act only reaches those deceptive unsolicited commercial e-mail (UCE) messages directed to a resident or initiated from a computer located in the state.

The Court held that the Act limits the harm that deceptive commercial e-mail causes Washington businesses and citizens. The Court stated, “The Act protects the interests of three groups - ISPs, actual owners of forged domain names, and e-mail users.” Weighed against the Act’s local benefits, the Court determined that the only burden the Act places on spammers is the requirement of truthfulness, “A requirement that does not burden commerce at all but actually facilitates it by eliminating fraud and deception.”

The Washington Court distinguished the instant case from American Libraries Association v. Pataki, 969 F. Supp. 160 (S.D.N.Y. 1997), a decision that first applied the dormant Commerce Clause to a state law on Internet use. At issue in American Libraries was a New York statute that made it a crime to use a computer to distribute harmful, sexually explicit content to minors. The New York statute differed from the Washington statute in that it applied not just to initiation of e-mail messages but to all Internet activity, including the creation of websites. Under the New York statute, a website creator in California could inadvertently violate the law simply because the site could be viewed in New York.

Other State Spam Laws:

 

Arkansas

Enacted in April of 2001, Arkansas Code, Section 5-41-205, makes it illegal to send unsolicited e-mail messages that use a third party’s domain name without permission, misrepresent the sender or point of origin, or contain falsified routing information. It is also illegal to distribute software designed to falsify routing information. This section does not apply to an Internet provider service who, in the course of providing service, transmits or causes to be transmitted an e-mail on behalf of another person, unless the Internet provider is the person who first generates the e-mail.

 

California

California Business and Professions Code, Section 17538.4, provides that UCE (unsolicited commercial e-mail) messages must include a toll-free telephone number or valid sender operated return e-mail address that the recipient of the unsolicited e-mail may use to notify the sender not to e-mail any further unsolicited messages. Opt-out requests must be honored. Certain messages must contain a label at the beginning of the subject line. A service provider may sue a sender of UCE for violating the provider’s policies if the sender has actual notice of such policies. The law applies to e-mail that is delivered to a California resident via a service provider’s facilities located in California.

 

Colorado

The 2000 “Colorado Junk Email Law,” Title 6, Article 2.5 of the Colorado Revised Statutes, prohibits the sending of UCE that uses a third party’s Internet address or domain name without permission, or contains false or missing routing information. UCE messages must contain a label at the beginning of the subject line, and must include the sender’s e-mail address and opt-out instructions. Opt-out requests must be honored. The law applies to e-mail that is sent to Colorado residents via an Internet service provider’s service or equipment located in Colorado.

 

Connecticut

The General Statutes of Connecticut, Section 53-451, makes it illegal to falsify or forge electronic mail transmission information or other routing information in any manner in connection with the transmission of unsolicited bulk electronic mail through or into the computer network of an electronic mail service provider or its subscribers. It also prohibits the distribution of software designed to falsify routing information. A court may exercise personal jurisdiction over a nonresident who uses a computer or computer network located in Connecticut.

 

Delaware

Enacted in 1999, Delaware Code, Title 11, Sections 937 and 938, prohibit the sending of UCE that contains falsified routing information, or the distribution of software designed to falsify routing information. The law applies to messages originating outside the state if the recipient is located in Delaware and the sender is aware of facts making the recipient’s presence in Delaware a reasonable possibility.

 

Idaho

Idaho Code, Section 48-603E, prohibits the sending of UCE to any recipient that the sender knows, or has reason to know, engages in any of the following: (a) Uses the name of a third party in the return address field without the permission; (b) Misrepresents any information in identifying the point of origin of the UCE; (c) Fails to contain information identifying the point of origin of the UCE; and (d) Sends at any time after five business days of a declination, any UCE to a recipient who provided the sender with a request declining the receipt of such e-mail.

 

Illinois

Illinois Compiled Statutes, 815 ILCS 511, approved in 1999, makes it illegal for an individual or entity to initiate or cause to be initiated a UCE if the e-mail uses a third party's Internet domain name without permission of the third party, or otherwise misrepresents any information in identifying the point of origin or the transmission path; or contains false or misleading information in the subject line. The law applies to e-mail that is delivered to an Illinois resident via an electronic mail service provider's service or equipment located in the state. It is also illegal to send or to distribute software designed to falsify routing information.

 

Iowa

Enacted in 1999, Iowa Code, Chapter 714E, prohibits the sending of unsolicited bulk e-mail that uses a third party’s name for the return address without permission, or contains false or missing routing information. UCE messages must include opt-out instructions and contact information. Opt-out requests must be honored. The law applies to e-mail sent to or through a computer network located in Iowa.

 

Kansas

Kansas Statute 50-6, 107, signed into law in May 2002, makes it unlawful to send or transmit UCE messages that contain falsified routing information, use a third party’s domain name without permission, or have a false or misleading subject line. Senders of commercial e-mail messages must include opt-out instructions and honor these requests. UCE messages to 500 or more recipients and advertisements for sexually explicit content must contain a label at the beginning of the subject line. The law applies if a message is sent from within Kansas, or if the sender knows that the recipient is a Kansas resident. The law also prohibits the distribution of software designed to falsify routing information.

 

Louisiana

Louisiana Revised Statutes, Title 14, Section 73.6, prohibits the sending of UCE to more than 1,000 recipients if the e-mail messages contain falsified routing information or if the sender uses a provider‘s facilities to transmit the messages in violation of the provider’s policies. The law also prohibits the distribution of software designed to falsify routing information.

 

Maryland

In 2002 the Maryland Commercial Law Code, Title 14, Subtitle 30, made it illegal to send a UCE message that uses a third party’s domain name without permission or one that contains false or missing routing information or one that has a false or misleading subject line. The law applies if a message is sent from within Maryland or if the sender knows that the recipient is a resident or if the registrant of the domain name contained in the recipient’s address will confirm upon request that the recipient is a Maryland resident. A person who violates this law is liable for reasonable attorney's fees and for damages to the recipient of commercial electronic mail in an amount equal to the greater of $500 or the recipient's actual damages; to the third party without whose permission the third party's internet domain name or e-mail address was used, in an amount equal to the greater of $500 or the third party's actual damages; and to a service provider, in an amount equal to the greater of $1,000 or the service provider's actual damages.

 

Minnesota

Minnesota Statutes, Chapter 325F.694, enacted in 2002, prohibits commercial e-mail that uses a third party’s domain name without permission, contains false routing information or has a false or misleading subject line. Such messages must contain opt-out instructions and contact information. UCE messages containing information of a sexual nature, that may only be viewed by an individual 18 years of age and older, must include a label. The law applies to messages sent to Minnesota residents through facilities located in Minnesota.

 

Missouri

Missouri Revised Statutes, Title XXVI, Section 407.1123, requires that UCE messages contain opt-out instructions and contact information.

 

Nevada

In 1997 Nevada became the first state to enact spam legislation. Pursuant to Nevada Revised Statutes, 205.492, a UCE must be labeled or otherwise readily identifiable as an advertisement and includes the sender’s name, street address, and e-mail address, along with opt-out instructions. The law prohibits all UCE containing falsified routing information or such e-mail that is sent with the intent to disrupt the normal operation or use of a computer, Internet site, or e-mail address, or such e-mail that is reasonably likely to cause such disruption. Also prohibited is the distribution of software designed to falsify routing information.

 

North Carolina

North Carolina General Statutes, Sections 14-453 and 458, make it unlawful to send a UCE containing falsified routing information, if the sender thereby violates a provider‘s policies. The law applies to e-mail sent into or within the state.

 

Ohio

In 2002, Ohio Revised Code, Article 1, Section 2307.64, was enacted and requires UCE messages to contain the sender’s name, address, and e-mail address, along with opt-out instructions, and requires senders to honor opt-out requests. These requirements do not apply to messages sent based upon a “direct referral” from another person. It is illegal to forge the sender’s address or other routing information in commercial e-mail messages. The law also allows an Internet service provider to sue a sender of commercial e-mail for violating the provider’s policies if the sender had actual notice of such policies, or if the policies were posted on the provider’s website and were communicated electronically to the sender’s computer.

 

Oklahoma

Oklahoma Statutes, Title 15, Section 776, makes it illegal to send an unsolicited e-mail message that contains false or missing routing information, or to distribute software designed to falsify routing information. A court may exercise personal jurisdiction over a nonresident who sends a message to or through the network of an Internet service provider located in Oklahoma.

 

Pennsylvania

Pennsylvania Consolidated Statutes, Title 18, Chapter 5903, requires UCE messages containing explicit sexual materials to contain a label at the beginning of the subject line. Violation of this subsection along with knowingly including false or misleading information in the return address portion of the e-mail such that the recipient would be unable to send a reply message to the original sender shall, in addition to any other penalty imposed, upon conviction, be sentenced to pay a fine of not less than $100 nor more than $500 per message or to imprisonment for not more than 90 days, or both, for a first offense and a fine of not less than $500 nor more than $1,000 or to imprisonment for not more than one year, or both, for a second or subsequent offense.

 

Rhode Island

In 1999 it became illegal, under Rhode Island General Laws, Title 11, Chapter 52 to send UCE with falsified routing information using a state Internet service provider in violation of the provider’s policies, or to distribute software designed to falsify routing information. Also required are opt-out instructions and contact information. Opt-out requests must be honored. This law applies to messages sent from a computer located in Rhode Island and to messages sent into the state, if the sender had reason to know that the recipient was a Rhode Island resident or the recipient had previously submitted an opt-out request to the sender.

 

South Dakota

South Dakota Statutes 37-24-37, signed into law in February 2002, prohibit the transmission of UCE messages from a computer located in the state or to an electronic mail address that the sender knows, or has reason to know, is held by a state resident. It is also illegal to use a third party's Internet domain name without permission, or otherwise misrepresent or obscure any information in identifying the point of origin or the transmission path of a UCE message.

 

Tennessee

Tennessee Code Annotated, 47-18-2501, provides that UCE messages must include opt-out instructions and contact information. Opt-out requests must be honored. These messages must contain a label at the beginning of the subject line. The law applies to e-mail that is delivered to a state resident via an Internet service provider‘s facilities located in the state. The distribution of software designed to falsify routing information is also prohibited.

 

Utah

Enacted in 2002, the Utah Code, Title 13, Chapter 36, prohibits UCE and unsolicited sexually explicit e-mail that is sent through an Internet service provider in Utah or to a resident of Utah. Such messages must disclose the sender’s name and physical address, and the point of origin of the message, and must include a label at the beginning of the subject line, along with opt-out instructions. The law also prohibits the falsification of routing information in such messages.

 

Virginia

Pursuant to Virginia Code, Title 18.2, Chapter 5, it is illegal to send UCE containing falsified routing information, to violate an Internet service provider‘s policies, or to distribute software designed to falsify routing information. A court may exercise personal jurisdiction over a nonresident who uses a computer or computer network located in Virginia.

 

Washington

Revised Code of Washington, Title 19, Chapter 19.190, makes it illegal to send a commercial e-mail message that uses a third party’s domain name without permission, that contains false or missing routing information, or a false or misleading subject line. The law applies if a message is sent from within the state, if the sender knows that the recipient is a resident, or if the registrant of the domain name contained in the recipient’s address will confirm upon request that the recipient is a Washington resident.

 

West Virginia

Enacted in 1999, West Virginia Code, Chapter 46A, Article 6G, prohibits UCE messages in violation of an Internet service provider’s policies that use a third party’s domain name without permission, misrepresent the point of origin or other routing information, have a false or misleading subject line, or contain sexually explicit materials. Each message must include the sender’s name and return e-mail address, along with the date and time it was sent. It is also illegal to distribute software designed to falsify routing information. The law applies if a message is sent from a computer located in West Virginia, or if the sender knows or has reason to know that the recipient is a resident of the state.

 

Wisconsin

It is unlawful under Wisconsin Statutes, Section 944.25, to send unsolicited e-mail to a person that contains obscene material or a depiction of sexually explicit conduct without including the words "ADULT ADVERTISEMENT" in the subject line of the e-mail.

 

Printed with permission from ObscenityCrimes.org.