BLACKLIST OF INTERNET ADVERTISERS
=========================================================================
Canter and Siegel acknowledge Blacklist's importance in recent interview:
"On the day
the anti-advertising vandals can convince customers
not to buy from Usenet advertisements,
that is the day advertising will stop."
Read all at http://www.futurenet.co.uk/netmag/Features/CnS/CnS.html
=========================================================================
* 1. What is this?
* 2. Who gets on the list, and for how long?
* 3. What is the philosophy behind it?
* 4. Spam, Velveeta, ... what are you talking about?
* 5. What can I do with the blacklist?
* 6. What if I wanted to punish YOU?
* 7. How about other ways of dealing with commercial junk?
* 8. Who doesn't belong on this blacklist?
* 9. How to advertise on the Internet?
* 10. What other blacklists are out there?
* 11. How can I help?
* 12. How to give feedback?
* 13. The Blacklist in itself.
1. What is this?
This is the Blacklist of Internet Advertisers. It is intended to curb
inappropriate advertising on usenet newsgroups and via junk e-mail. It
works by describing offenders and their offensive behavior, expecting
that people who read it will punish the offenders in one way or
another.
The list is posted regularly to several newsgroups, stored on a number
of FAQ archives around the world and the most recent version is always
available on the WWW as http://math-www.uni-paderborn.de/~axel/BL/.
Titus Brown (http://www.cco.caltech.edu/~cbrown/) is kind enough to
operate a temporary mirror of the list in the US. It is updated daily
and accessible as http://www.cco.caltech.edu/~cbrown/BL/
If you read the non-html version and you don't know what to do with
all the links given or what the WWW is or how to access it by email,
send mail to mail-server@rtfm.mit.edu with the text
send usenet/news.answers/www/faq/*
in the body of the message.
Whenever you see a link of the form "BL/something" here, you can get a
valid WWW address by prepending the string
"http://math-www.uni-paderborn.de/~axel/" for the German version or
"http://www.cco.caltech.edu/~cbrown/" for the US version of the list.
2. Who gets on the list, and for how long?
People and companies who were pointed out to me for sending out
unsolicited commercial e-mail or posting inappropriate commercials to
usenet newsgroups or mailing lists or who offer to help in doing same.
I also monitor the newsgroups news.admin.net-abuse.misc and
news.admin.net-abuse.announce.
With "inappropriate commercials" I basically mean ads posted to
unrelated newsgroups or mailing lists or to those which traditionally
don't tolerate commercial messages. The number of complaints I receive
is also a factor.
Everyone added to the blacklist gets notified so that they can correct
possibly inaccurate information. As a general rule, people are taken
off the list after 3 months unless they repeat their behavior. Their
entries are then move to the archive at BL/archive.html for
educational purposes. Note that the archive is not part of the
blacklist as such.
3. What is the philosophy behind it?
In a nutshell: the Internet is probably as close to an anarchy as we
can get. This is good. Therefore, punishing of unwelcome behavior
should be done by private individuals, following the same grass roots
philosophy that governs the rest of the net. Read more about it in
BL/blacklist_philosophy.html.
4. Spam, Velveeta, ... what are you talking about?
Spam and Velveeta are two fine food products which, on the Internet,
stand for certain unwelcome behaviors.
Spam has its own page on the WWW:
http://sp1.berkeley.edu/findthespam.html featuring a spam contest
and many comments. Spam was also the main ingredient in a hilarious
Monty Python sketch: ftp://suned.zoo.cs.yale.edu/lib/python/spam.Z is
the transcript and
ftp://ftp.cis.ksu.edu/pub/Sparcsounds/misc/spam.au.gz is the sound
recording.
On the Internet, spam stands for posting multiple copies of the same
(or slightly altered) article to many newsgroups, without crossposting
them. This means that the article will be transmitted to and stored
on every usenet host multiple times: once for every newsgroup
involved. EMP (Excessive Multi-Posting) is a different name for the
same thing.
Although we don't have a dedicated Velveeta home page yet, there's at
least a cheese page at http://corsa.ucr.edu/~formy/cheese.html.
On the Internet, Velveeta means the excessive crossposting of an
article to many unrelated newsgroups, also known as ECP.
Spam is much worse than Velveeta (try it!). Recently, more and more
mixtures of the two appeared: many copies of an article, each of which
crossposted to a large number of newsgroups. Some call this "jello".
For the purposes of this list, I won't make a distinction between
spam, velveeta and jello - if the ad ends up in a wrong newsgroup,
then it is by (my) definition inappropriate advertising and will be
recorded.
5. What can I do with the blacklist?
If you judge that one of the described behaviors deserves some
punishment, you could for example do one of the following. (Note that
some of these might be illegal in some jurisdictions. Check the books
first and don't blame me.)
* Boycott the advertising business. Tell your friends about the
boycott and the reasons behind it.
* Send them or their sysadmins a message informing them that you
disapprove of their behavior. If a phone number is given, you
might want to try to call them collect. 1-800 numbers are also
always warmly welcomed. The 1-800 directory is at
http://att.net/dir800/
* If the blacklisted business is a so-called "WWW mall" which sells
advertising space to other businesses, you might want to inform
these advertisers about the blacklist entry and about possible
consequences for their profits.
* You can send a note (by registered mail) to the email junk
mailers, informing them that you will charge $500 for proofreading
every commercial email originating from them. If one arrives, send
out an invoice, then sue them in small claims court, win, and turn
the account over to a collection agency.
* Put them in your kill file, so that you'll never see an usenet
article written by them again. Read the documentation of your news
reader about kill files. The kill mechanism of rn-style
newsreaders is explained in the killfile-faq, available via anon
ftp from ftp.cs.columbia.edu in the directory
/archives/pub/usenet/news/answers.
* Filter them out of your mailbox. If you read mail on a unix host,
you can get more information about how to use the programs
procmail, mailagent or filter for this task from the Mail
filtering and Robots page
http://www.jazzie.com/ii/internet/mailbots.html
Much more in-depth, technical and comprehensive information about
the information filtering problem in general is available from
Doug Oard's Information Filtering Resources Page at
http://www.enee.umd.edu/medlab/filter/filter.html
As always, if you don't use Unix and you're not willing to spend
$$$, you're screwed.
* Use procmail and an AI engine like emacs doctor to engage them in
a fake mail dialog.
* If they operate an automatic mail-back robot, you could test their
intelligence by sending them an e-mail with FROM or REPLY-TO
header containing their own address. There are many other fun
things one can do with these robots.
* Say individuals A and B are on the list. You can send an e-mail
message to B with fake FROM-header A saying "I'm interested in
your product/service." In this fashion, the advertisers will end
up on each other's mailing lists.
* Have a look at the shell script BL/fletch.txt and reflect about
possible uses :-)
* If you are a system admin, you could stop forwarding mail or news
originating from them. Or, if the culprit owns their own domain,
you can deny them access to your ftp, gopher, telnet, irc, nntp
and WWW servers.
* If you operate a cancelbot, you could automatically cancel all
usenet postings originating from them. Note however that the noble
Cancelmoose[tm] (see point 7) strongly disapproves of this
behavior.
* And for the truly perverse: since the unedited texts of all ads
are provided, you can use this list as the ultimate Zombie Cyber
Mall[tm].
6. What if I wanted to punish YOU?
You can use some of the measures from question 5 against me. The
buddies who love to hear about the progress of my work hide behind
postmaster@uni-paderborn.de.
If you want to do it right though, you'll have to start a Blacklist of
Blacklist Maintainers.
Also, please keep the threats of legal action coming - you don't do it
in vain: the most amusing ones are published as BL/threats.txt while
flames go to BL/flames.txt
Moreover, all usenet postings concerning the Blacklist will have the
word "Blacklist" somewhere in the subject line. Put it in your kill
file and you won't have to hear about it ever again.
7. How about other ways of dealing with commercial junk?
Here are other things you can do, short of having put people on the
blacklist:
* Send a complaint to them or their sysadmin directly. There's a
neat script for doing that painlessly from within nn and rn-style
newsreaders called adcomplain. It is posted on the first of each
month to alt.sources and can also be gotten from
BL/adcomplain.txt. It is a good idea to familiarize yourself
with the various header fields of news articles; often it is very
easy to spot if some spammer uses a bogus From-line (in which case
you should still report the spam, but not complain to the wrong
address).
* Spam originating from AOL is very effectively dealt with by their
postmaster abuse@aol.com; usually they cancel it even without
having received any complaints. Spam originating at netcom should
be reported to abuse@netcom.com; they are also responsive. If the
anon server anon.penet.fi was used to advertise, drop
abuse@anon.penet.fi a line. (Anyone interested in starting a
Black/White list of Internet access providers?)
* Chris Lewis cancels all spam mercilessly. Read his reports posted
to news.admin.net-abuse.misc. More information about that group
and net-abuse in general is contained in the FAQ, which is
available as http://www-sc.ucssc.indiana.edu/~scotty/acena.html
* A while back, the Cancelmoose[tm] <moose@cm.org> did all the spam
canceling, but now she is working on a different approach called
NoCem. You can read more about it on the Moose's homepage at
http://www.cm.org/nocem.html.
* If you operate you own news site, Rahul Dhesi's perl script unspam
can help you in locally deleting spam - you won't have to wait for
Cancelmoose[tm]'s cancel messages. However, it can't detect the
spam - you need to know. It's at BL/unspam.txt.
* Jonathan Kamens has recently posted his spam detector; it's at
BL/spam_detect.txt.
* If the offender is from the US, you can run to Mama and whine
about things like illegal money making pyramid schemes or
deceptive advertising. Mama in this case is the FTC: Federal Trade
Commission, Consumer Protection Bureau, Division of Advertising
Practices, 6th St. and Pennsylvania Ave. N.W., Washington, DC
20580, (202) 326-3090
* A nice collection of all sorts of phony scams, many of which also
featured on this Blacklist, has been put together by the U.S.
Postal Inspection Service at
http://www.usps.gov/websites/depart/inspect/consmenu.htm
* Tell business people about the netiquette, i.e. point them to
everything listed under point 9, below.
8. Who doesn't belong on this blacklist?
As you might have guessed, one blacklist is too small for all the
assholes of the world. On a completely unrelated matter: the Church of
Scientology's war against Usenet has been nicely documented by Ron
Newman at http://www.cybercom.net/~rnewman/scientology/home.html
Also, the common Get-Rich-Quick and Make-Money-Fast pyramid schemes
don't belong on this list. They usually come from newbies who are
scared to death by some 20 well-written flames, and blacklisting them
would be too harsh a treatment. However, if you catch one of these
idiots, you can make money fast. For details, read BL/idiots.txt.
Legal information about money making pyramid schemes is available at
BL/pyramid_legal.txt
If you think it would be worthwhile to have a blacklist for
non-commercial spams around, you'll have to start it yourself.
9. How to advertise on the Internet?
My advice is: create your own WWW page and announce it once on
comp.infosystems.www.announce and then try to get it listed in the
various WWW libraries and indexes. Information about how to do this is
at http://ep.com/faq/webannounce.html You can then publish your WWW
address in paid ads in the print media as well.
If you must advertise on usenet, then the biz.* and *.marketplace
groups are for you (not all at once!). As a general rule, you should
read every group for at least a week before you post anything there.
This way, you can find out what the group is all about and whether
commercials are appreciated there. Note that *.forsale groups were
created to accommodate users who want to sell some personal stuff and
not for commercial ads. Also: the *.marketplace groups in local
hierarchies like ny.* are only for products that have a genuine
connection to that area, e.g. New York; it is not sufficient that you
hope that someone from New York might want to buy your product. For
information about these advertising newsgroups check out the Usenet
Marketplace FAQ at http://www.phoenix.net/~lildan/FAQ
Never send out unsolicited commercial e-mail to individuals or mailing
lists.
Here is a list of documents describing the netiquette and how it
relates to advertising:
* Read the FAQs in the news.announce.newusers newsgroup, which are
archived on ftp.cs.columbia.edu in the directory
/archives/faq/news/announce/newusers. The Usenet primer by Chuq
Von Rospach and the Usenet Posting Rules by Mark Horton are good
places to start.
* I also dug up a good article by Daniel P Dern about how to
advertise on the net (must be good: has the word "Blacklist" in
it): gopher://gopher.internet.com:2200/00/News/cmd-ibiz
* An excellent paper explaining the rationale behind the netiquette
is at BL/netmyths.html and has been contributed by Guy Berliner.
* Netiquette for Usenet Site Administrators is explained by the
Indiana University Support Center in
http://ancho.ucs.indiana.edu/FAQ/USAGN/
10. What other blacklists are out there?
I'm aware of one blacklist operated by Pierre Beyssac
<pb@fasterix.frmug.fr.net> who tries to keep the french usenet
hierarchy fr.* clean of all commercials. It is written in french,
posted regularly to the groups fr.news.reponses, fr.news.divers and
fr.biz.d and available on the web as http://www.freenix.fr/liste-pub/.
Comes with neat cost estimates for all the ads.
11. How can I help?
* If you encounter an instance of offensive advertising on the
internet, send me a copy (including all headers), or, even better,
post it to news.admin.net-abuse.misc. If you post it, you should
first browse over the last couple of Subject lines in that group
to make sure that no one has reported that incident before. Then,
you should use an informative Subject line yourself. (Read the
charter of the group at BL/nana_charters.txt) If you send it
directly to me, please check the latest version of this list first
so that I won't get multiple complaints about incidents already
covered. The latest version is always accessible on the WWW from
http://math-www.uni-paderborn.de/~axel/BL/
All contributions will be treated confidentially.
* It's especially important to report all instances of unsolicited
commercial junk e-mail, since these can take up more bandwidth,
are more intrusive and less visible than usenet postings.
* If you see an anonymously posted ad, please respond immediately
and fake interest. You'll get a response, hopefully with a real
e-mail address and can then report the real person behind the
scam. Then send a complaint about inappropriate usage including a
copy of the ad (with all the headers) to the administrator of the
anon server (this would be abuse@anon.penet.fi in case
anon.penet.fi was used).
* If you see an ad which contains nothing but a Post Office Box
number in the USA as contact address, you can get the true
identity of the POB holder from the respective postmaster, if you
provide them with a copy of the ad. This is the law. Let me know
about what you find out in this fashion.
* Please start your own blacklist, especially if you disagree with
some of the rules for getting on and off this list or if you would
like to focus on a particular news hierarchy. Tell me about it and
I will include a pointer to it here. A blacklist of Internet
access providers is badly needed.
* Let me know about any creative suggestions for the answer to
question 5.
* The blacklist and its archive are growing constantly. I'd
appreciate it if someone could write an indexing tool which would
allow search based on name, geographical location or e-mail
address of offender. (Preferably with a form-based html
interface.) Shouldn't be too difficult since the stuff is already
formatted, but I don't have the time.
* Feel free to contact me if you find that any information in this
document is inaccurate.
* Tell people about this page.
12. HOW TO GIVE FEEDBACK?
I have set up some space on the web where you can leave your comments
or read and respond to other people's remarks regarding the Blacklist.
It's at http://emile.math.ucsb.edu:8000/HyperNews/get/blacklist.html
Please don't use that site to complain about specific advertisers.
13. THE BLACKLIST IN ITSELF
I have formatted it in such a way that automatic processing becomes
easy. Every entry can contain some or all of the fields ID, Name,
Address, Phone, Email, Entered, Changed, Behavior, Remarks in this
order. A line starting with whitespace is a continuation of the
preceding line. Several Names, e-mail addresses etc. are separated by
commas and optional whitespace. Blank lines separate the entries.
Every entry has a unique ID so that your program can decide whether it
has processed that entry before when a new list arrives. Furthermore,
the original offensive article is accessible as
http://math-www.uni-paderborn.de/~axel/BL/<ID>.txt where the true ID
is to be substituted for <ID> (or by just clicking on the ID if you
read the HTML version of this document).
===Blacklist start===
ID: CS941211
Name: L. Canter, M. Siegel
Address: 3333 East Camelback Road, Suite 250, Phoenix, AZ 85260, USA
Cybersell, P.O.Box 13510, Scottsdale, AZ 85267, USA
Cybersell, 10245 E. Via Linda, Suite 222, Scottsdale,
AZ 85258, USA
Phone: (602) 661-3911, (602) 661-5202
Email: 73450.3565@CompuServe.COM
Entered: 1994/12/11
Changed: 1995/04/11
Behavior: The famous greencard lawyers. In 1994, they repeatedly sent
out a message offering their services in helping to enter
the US greencard lottery to almost all usenet newsgroups.
(Note in passing: they charged $100 for their service, while
participating in the greencard lottery is free and consists
merely of sending a letter with your personal information at
the right time to the right place.) When the incoming mail
bombs forced their access provider to terminate their
account, they threatened to sue him until he finally agreed
to forward all responses to them. Read all about it with gopher
gopher.well.sf.ca.us in Authors, Books.../Online Zines.
They signed an agreement with their access provider, PSI, to
refrain from sending out junk e-mail or spamming usenet. The
text is available over the net as
http://www.psi.com/press/Canter-Siegal-6-23.html
Nevertheless, they have repeatedly spammed usenet again,
although the postings were quickly found and canceled by
the cancelbot Cancelmoose[tm]. PSI has cut their USENET
access. They have since written a book, "How to Make a
Fortune on the Information Superhighway" and founded an
internet advertising company, Cybersell. The book promotes
several advertising strategies on the internet including
gathering addresses from usenet and sending out junk e-mail,
posting commercials to inappropriate newsgroups, advertising
on irc and even via talk. They basically contend that all
these behaviors are legal and therefore ok. They ridicule
the terms "internet culture" and "netiquette" and claim that
the internet, once all real-world laws are applied to it,
will make a great source of income for attorneys. Canter
& Siegel were behind the grand Credit Repair Spam
and the Virtualmall spam. This finally forced their service
provider, psi.com, to cut them off completely as of 1995/02/12.
Update: At 1995/03/01, cyber.sell.com apparently
acquired a new feed from sprint (800-669-8303). However,
they can't be reached with ping yet. Sprint apparently has
decided against providing access to them.
On 1995/03/22, they spammed usenet again, this time with an
ad for their book. A couple of interesting things to note
about this one:
- They spammed from two accounts, one on netcom and one on
crl. The accounts have been nuked.
- They put certain usenet hosts in the path line, so that
their spam wouldn't reach these hosts, thereby trying
to avoid the spam cancelers. To no avail, of course.
- They systematically varied From and Subjet headers, again
hoping to avoid being canceled.
- They forged Approved-headers, so that their ad appeared
in several moderated newsgroups.
- The spam spilled into several mailing lists, prompting
the following anti-spamming policy from the Debian
mailing list: BL/debian.txt.
The Water Spam, also orchestrated by
C&S, shows similar characteristics.
Remarks: Don't bug the owners of cybersell.com; they were the access
providers for (and hence victims of) C&S during their
first spam and acquired the domain name cybersell
immediately - very much in the spirit of creative punishment :-)
ID: AD941223
Name: Jess Guim, Advanz Home Office Companion
Address: 319 East 95th Street, Dept. 2, New York, NY 10128-5761, USA
Email: adhoc@ix.netcom.com
Entered: 1994/12/23
Changed: 1995/01/21
Behavior: Posted their ads about desktop publishing to several
rec.food groups.
Advertises his tool for creating e-mail lists of potential
customers via unsolicited e-mail. When complaining to him,
he sends even more information about his program.
Remarks: He claims to give a 30 days money-back guarantee on his
products.
ID: TM941223
Name: TMI
Phone: voice: 408-429-5400, fax: 408-429-6100
Email: tmi@scruznet.com, info2@tmi.org, info3@tmi.org,
info@tmi.org
Entered: 1994/12/23
Changed: 1995/01/21
Behavior: Spammed the soc.culture hierarchy with ads for discount
telephone service. Repeated it even after having been
blacklisted.
They recently tried to find out Cancelmoose[tm]'s spam
criteria by posting a sequence of low-volume spams, which
were classified as part of one big spam and hence canceled.
Remarks: They have now their own domain, tmi.org, but continue to use the
newsserver of scruznet.com.
ID: KL950105
Name: Kevin Jay Lipsitz a.k.a. Krazy Kevin
Address: 350 Richmond Terrace #5-P, Staten Island, NY 10301
PO Box 990, Staten Island, NY 10312
Phone: 718-967-1234, 718-967-1550 (fax),
718-967-1144 (fax)
Email: krazykev@escape.com, krazykev@kjl.com
lipsitz@ingress.com
Entered: 1995/01/05
Changed: 1995/10/30
Behavior: Spammed almost the whole usenet repeatedly with anonymous
ads (Hi, my name is Anne Nelson...") for a long distance
calling plan. He was warned by the admin of the anon server,
then lost his account there and did it again with a new account.
He told me on the phone that a company called
Card Call USA, INC.
6232 N. 7th ST. #109
Phoenix, AZ 85014
Phone: 602-264-7000
Fax: 602-266-0687
uses a pyramid-like promotion scheme where every customer
gets a commission for each new customer they bring and in turn
for each new customer these new ones bring and so on up to
level 7.
Kevin Lipsitz is a customer of Card Call USA and tries to
bring new customers to get these commissions.
His using the anon server is evidence enough that he
knew that he was doing something wrong.
Incidentally, he sent me the membership application for CC
USA. Point #6 of the contract, which Kevin most probably
signed, reads:
"6. I agree to operate in a lawful, ethical, and moral manner
and to do nothing that will adversely reflect upon CCUSAI, its
clients or its other Independent Sales Representatives. I
understand that any act deemed by CCUSAI to be detrimental to
CCUSAI, in any manner, is grounds for the termination of my
status as Independent Sales Representative and all corresponding
commissions."
As of 1995/02/20, he uses the new e-mail address at escape.com.
On 1995/02/26, he anon-spammed again, this time advertising
his magazine club.
It occurred again on 1995/03/04.
As of 1995/04/28, he owns his own domain kjl.com. This is
nothing but a bunch of mailboxes on escape.com. Apparently,
escape got tired of the complaints. Complaints should
properly go to root@escape.com, since root@kjl.com is Kevin
himself.
He is also the source of the ubiquitous "===>> World's
*Cheapest* Way to get USA Magazine Subscriptions..."
postings. There have been complaints that he doesn't deliver
all ordered magazines. He has started to send his ads to
mailing lists also.
Remarks: I tracked him down by answering to one of his ads using an
old e-mail address, to which he promptly responded.
The second time, I responded again to his anon ad, and he
apparently recognized me and tried to harass me over the
phone. Next was a truly pathetic first attempt at
mailbombing. [Kevin, next time pick an ftpmail service
without per day traffic limits, jeeez]
His account on panix.com is no more.
An excellent analysis of one of his recent postings
and lots of personal information about him is at
BL/kl_info.txt
Recently, several articles about him, including cancel
reports, have been canceled from news.admin.net-abuse.misc.
ID: KK950105
Name: Kim Kerns, Applied Information Technologies, Inc.
Address: POB 2634, Midlothian, VA 23113, USA
Phone: 704-559-5988, 800-576-5146, 804-378-8050
Email: applied@vnet.net, BYNH09A@prodigy.com, lorcine@aol.com
Entered: 1995/01/05
Changed: 1995/01/09
Behavior: Spammed many newsgroups with a long distance calling plan. Varied
subject lines, posting sites and exact text, apparently to avoid
cancelbots.
The company selling the phone service is Applied Information
Technologies, Inc., POB 2634, Midlothian, Va. 23113. This company
employs a promotion scheme offering commission to every customer
for each call people sponsored by them make.
After being blacklisted and notified about it, he did it again
repeatedly.
Remarks: Note the 1-800 number. He doesn't seem to own vnet, so you
can put pressure on his postmaster.
ID: CY950121
Name: Cybergear
Address: 2770 St. Albans NW, North Canton, Ohio 44720, USA
Email: cybergear@delphi.com
Entered: 1995/01/21
Changed: 1995/10/30
Behavior: Posted their ad for t-shirts to at least 30 unrelated
newsgroups, sometimes changing the subject to avoid
canceling and to make the postings technically on-topic.
Did it again on 95/02/05. And again in May.
ID: BO950212
Name: Stuart Bar-On, Parallel Performance Group
Address: 450 Jordan Rd., Suite E, Sedona, AZ 86336, USA
Phone: (520) 282-6300 (voice), (520) 774-0896 (fax)
Email: ppg@ppgsoft.com, ppginc@shell.portal.com
ppginc@earth.usa.net, ppg@primenet.com, strand@ppg.strand.com
ppg@unicomp.net, info@ppginc.com
ppg@ppgsoft.com, news@ppginc.com
Entered: 1995/02/12
Changed: 1995/10/30
Behavior: Engage in a large-scale junk e-mail assault.
Sent out unsolicited e-mail ads to postmasters, who were
supposed to forward it to their "Marketing Directors". They
got the addresses from InternNIC's list of registered domain
names.
In addition, they gathered e-mail addresses from usenet
postings and sent unsolicited commercial e-mail to those.
A new junk e-mail wave occurred around 1995/02/28. This time from
unicomp.com. I suspect that they scan usenet postings for
certain Organization-lines in the header.
Remarks: Their mail-bots and WWW pages are maintained by
zoom.com. In addition, the domain name ppgsoft.com is owned
by Bar-On but is nothing but a bunch of mailboxes on
stealth.romoidoy.com.
The domain ppginc.com, also owned by Bar-On, contains only a
couple of mail-bots residing on unicomp.net.
ID: CL950228
Name: Cyberlink Inc. and various agents
Address: 5855 Topanga Canyon Blvd., #520, Woodland Hills, CA 91367, USA
Phone: 818-702-0456 (fax), 216-461-1770 (fax), 216-231-2857 (voice)
800-266-2006 (voice)
Email: mvs3@po.CWRU.Edu, MRN@WVNVAXA.WVNET.EDU,
75017.605@CompuServe.COM, cyberlink@infomat.com,
fy755@cleveland.Freenet.Edu
Entered: 1995/02/28
Behavior: Persistent, slow spam of soc.culture.* groups, advertising
some long distance plan. Apparently, Cyberlink pays
commissions to agents who brings new customers, and several
of their agents spam. It's unclear whether Cyberlink is
aware of that. They need to change their rules.
Remarks: cyberlink@infomat.com seems to be an automatic mail-back
robot.
ID: WC950415
Name: WWCD Inc., Steve Schall
Phone: (410) 581-1110
Email: wwcd@wwcd.com, t-rock@access.digex.net, steve@wwcd.com
Entered: 1995/04/15
Behavior: Repeatedly posted announcements of their WWW server on a
large number of sports related newsgroups. Respond to
complaints with flames. Put at least 41 links to their
server on The-Mother-of-all BBS at
http://www.cs.colorado.edu/homes/mcbryan/public_html/bb/summary.html
Remarks: Access provider is digex.net.
ID: JS951030
Name: Jeff Allen Slaton, a.k.a. SpAmKiNg
Address: 6808 Truchas Drive NE, Albuquerque, NM 87109
Phone: (505) 821.1945 (fax/data modem)
Entered: 1995/10/30
Behavior: Persistent and large scale email and usenet spam. Sometimes
wants $5 for taking someone off his mailing list. His
messages usually contain ads for other businesses, but
sometimes also illegal money making pyramid schemes. Always
uses fake From lines, sometimes in order to punish past
access providers. He announced that he would get a T1
internet connection through MCI in order to annoy them. Some
articles on news.admin.net-abuse.misc criticizing him have
been canceled by an anonymous party.
Remarks: A web page containing personal information complete with
Social Security Number, photo, phone number of his employer,
and much more is at http://www.emerald.net/soren/spamking/.
Some more information about where he lives is at
BL/slaton_personal.txt.
Please complain to the businesses advertising on his mass
mailings and boycott them. He is probably connected to
the net through a SLIP or PPP connection provided by
InterRamp; they are unresponsive.
ID: SH951030
Name: Sam Hopkins
Phone: 800-746-6283
Email: root@pgh.nauticom.net, future21@pgh.nauticom.net
Entered: 1995/10/30
Behavior: Email spam to many web administrators. Trying hard to sound
genuinely interested in the web site, but failing.
ID: PB951030
Name: Peter Bruce, Resampling Stats
Address: 612 N. Jackson St. Arlington, VA 22201
Phone: 703-522-2713 (voice), 703-522-5846 (fax)
Email: postmaster@qcnet.com, stats@cais.com
Entered: 1995/10/30
Behavior: Persistent email spam about some statistical textbook.
Remarks: He owns qcnet.com; complaints should go to
postmaster@cais.com because they are the access providers.
ID: CJ951030
Name: Clark Johnson, JEM Computers, JEM Bargains
Email: clark@jembargains.com, sales@jembargains.com
Entered: 1995/10/30
Behavior: Email spam about computer hardware with Subject "Hi".
ID: IC951030
Name: IntraNet Cyber Products
Address: P.O.B. 18016, Clearwater, FL 34622
Entered: 1995/10/30
Behavior: Large scale email spam advertising a tape "first whispered
about on college campuses".
Remarks: The spam was injected from chisp50.slip.net and some other
machines in that domain by an unknown party, most probably
Jeff Slaton. They contain bogus Message-id headers pointing
to interramp.com, in an apparent move to try to punish
them. A "surrender" of the advertiser was mailed to the Telcom
Editor and is available at BL/IC_surrender.txt. It looks
like a scam to me (especially since it contains more
advertising for his tape), but judge for yourself.
ID: NB951030
Name: 900# Business
Phone: (801) 221-1163 Ext.900 (fax on demand)
Email: postmaster@socketis.com
Entered: 1995/10/30
Behavior: Repeated spam of unrelated groups with an ad for 900 numbers.
ID: NA951030
Name: NaSPA, Association for Corporate Computing Technical Professionals
Address: 7044 S. 13th Street, Oak Creek, WI 53154, USA
Phone: (414) 768-8000 (voice), (414) 768-8001 (fax)
Email: mbrship@nascom.com
Entered: 1995/10/30
Behavior: Spam of unrelated groups and unsolicited email with an
offer to join their association. Thanks, but no thanks.
ID: NL951030
Name: NiTeLife
Phone: 212-740-8235 (modem)
Entered: 1995/10/30
Behavior: Repeated and widespread spam advertising a BBS.
Remarks: Have been spamming from Interramp, Cyberden, and other
places. Return mail was directed to a throw-away AOL account
which has since been terminated. intermac.com provides them
with internet access.
ID: CD951030
Name: The CDCellar
Address: PO Box 340324, Dayton, OH 45434, USA
Email: cdcellar@dnaco.net
Entered: 1995/10/30
Behavior: Repeated spam of all music groups with an announcement for
their www site.
ID: EC951030
Name: Enviro Chemical
Address: 29 SW 5th St., Pompano Beach FL 33060, USA
Phone: 954-784-9511
Email: 76503.3066@CompuServe.COM, EFX2000@AOL.COM
Entered: 1995/10/30
Behavior: Spammed numerous unrelated newsgroups with an ad for their
internet anti censorship t-shirt. Were aware that this
was inappropriate.
ID: CY951030
Name: Cyberden, Peter Stone
Address: PO Box 150465, San Rafael CA 94915, USA
Phone: 510-636-9525 (voice), 510-633-9811 (modem)
Email: bat@cyberden.com
Entered: 1995/10/30
Behavior: Spammed usenet with announcements for their WWW site.
Remarks: Here are Peter's comments: BL/CD_response.txt
ID: PD951030
Name: Prime Data WorldNet E!Mail, Vernon Hale
Address: 1132 Richards Rd, Bowling Green, Ky 42104, USA
Phone: (502)529-9106 (fax), (502)529-9304 (voice)
Email: worldnet@pwrnet.com,
cybrcash@ix7.ix.netcom.com, prime@mwci.net
Entered: 1995/10/30
Behavior: Send out junk email newsletters with third party ads on
them. Some people received the newsletter again even after
having asked to be removed.
Remarks: Please complain also to the individual advertisers listed.
They have already lost an account on mwci.net because of
complaints. In the past, they have used toc.net to inject
the messages. They also maintain accounts on
valleynet.net. The admins of both valleynet.net and toc.net
don't see anything wrong with junk email and won't remove his
account.
ID: EA951030
Name: Email America Co.
Address: 626 Santa Monica Blvd.
Phone: 310-967-4070
Email: emaillists@aol.com, intelis@wavenet.com
Entered: 1995/10/30
Behavior: Offer bulk email lists for advertising use.
ID: HA951030
Phone: 800-555-8655
Entered: 1995/10/30
Behavior: Spam about pentadecanoic acid.
Remarks: Originated from luc.edu
ID: IT951030
Name: InterConnect TeleCard Inc.
Address: 4691 N. University Drive, Suite 202, Coral Springs Fl. 33067, USA
Phone: iti@igc.net
Email: 305-344-5076
Entered: 1995/10/30
Behavior: Spam about "No cost long distance plan". Yeah,
right. One week later, they spammed again in order to find
independent marketing representatives for said plan. They
want someone else to do the dirty work.
ID: JJ951030
Name: Jim Joyce
Phone: (206) 233-8517
Email: info.oaktreex.com">jim@info.oaktreex.com, 102640.200@COMPUSERVE.COM
Entered: 1995/10/30
Behavior: Repeated, large scale junk email about computer hardware.
Remarks: He owns oaktreex.com; access is provided by inetusa.com.
ID: LA951030
Name: LagdenVisa
Email: LagdenVisa@AOL.Com, 76065.1337@Compuserve.com, Lagden@ix.netcom.com
Entered: 1995/10/30
Behavior: Spam about the Greencard lottery. The good old times!
Remarks: The mentioned greencard lottery DV-97 does not yet exist.
ID: WR951030
Name: Walt Richardson
Phone: 800-488-0319
Email: icarus@halcyon.com
Entered: 1995/10/30
Behavior: Spammed ad for "Leadership Training".
ID: ES951030
Name: ECS Consulting Inc., Pat Gillespie
Email: patgil@bconnex.net
Entered: 1995/10/30
Behavior: Posts weekly ads about Internet Marketing Business to local
unrelated newsgroups.
ID: GR951030
Name: Guy Richard
Email: tradex@fla.net
Entered: 1995/10/30
Behavior: Spammed many unrelated groups with an ad for his internet
service.
ID: SS951030
Email: sshow@prysm.com
Entered: 1995/10/30
Behavior: Spam about PC software.
ID: US951030
Name: USTech
Email: ustech@haven.ios.com
Entered: 1995/10/30
Behavior: Spam about PC software, going to unrelated groups.
Remarks: ios.com seems to be unresponsive.
ID: MD951103
Name: Michael Dudley, Compass Callback Company
Phone: 617-321-1550 (voice), 617-321-6437 (fax)
Email: compas@tiac.net
Entered: 1995/11/03
Behavior: Repeated spam about callback schemes, assisted by Jeff Slaton.
They advertise using a pyramid like setup.
Remarks: Report about a conversation with Michael is at BL/MD_info.txt
ID: PP951103
Name: Database Communications
Email: powerpub@internetMCI.COM, dbase@internetmci.com
Entered: 1995/11/03
Behavior: Spam about envelope stuffing scam.
ID: LP951103
Name: Life Plus, M. Lantz
Phone: 800-572-8446, 800-214-1233, 800-214-1233, 206-776-1258,
206-771-4270
Email: mike42@nwlink.com
Entered: 1995/11/03
Behavior: Spam advertising miscellaneous drugs and a pyramid like
advertising scheme.
ID: LL951103
Name: Lorrin L. Lee
Address: 1750 Kalakaua Ave 3140, Honolulu HI 96826-3795, USA
Phone: 808-949-5000 (voice), 808-947-8817 (fax)
Email: lorrin@aloha.net
Entered: 1995/11/03
Behavior: Spam about how to make money on the internet.
ID: DT951103
Name: DTP Products
Phone: 334-973-9721
Email: dtp@python.viper.net, dtp@mindspring.com, Movieman5@aol.com
Entered: 1995/11/03
Behavior: Spam to 792 groups about their new internet access
offering. Off to a great start!
ID: RU951103
Name: Rudolph
Email: rudolph@ns2.icon.net
Entered: 1995/11/03
Behavior: Spammed their WWW site announcement.
===Blacklist end===
_________________________________________________________________
Last changed: 14-Nov-95
Copyright 1994, 1995 by Axel Boldt <axel@uni-paderborn.de>.
You can do with it whatever you want, unless you are blacklisted here.
Last-modified: 15 Nov 1995 06:03:54 +0100