“Automatic complaints are sent when a filter whose action is set
to Kill after complaining is triggered. For each filter, you can
configure who the complaint should be sent to. … The message
body is also scanned for e-mail and website addresses. If any
addresses are found, they’re added to the lists mentioned
above.” Source: http://www.spamkiller.com/Features.html
SpamKiller is spam filtering software. Its purpose is to scan
incoming email for spam and take appropriate action in response
to those messages that are identified as spam, such as automatic
deletion. Another handy function is that the software allows the
user to generate automatic and manual complaint emails which the
user then sends to the webmaster of the offending domain as well
as any number of other recipients such as spam-reporting
“authorities” and the webhost and/or ISP of the person sending
the offending mail.
Good idea, you say? Fair enough, you say? Well … maybe. Note
the quote above: “… The message body is also scanned for
e-mail and website addresses … [and] added to the lists
mentioned above”, i.e. the list of recipients of the complaint.
Now, imagine this. Let’s say you’re a paying advertiser in my
ezine. Your ad contains your URL and email address. I spam mail
my ezine or send it to someone who forgets they subscribed and
they think it’s spam.
Imagine further that the recipient of my so-called spam uses
SpamKiller software (or some similar program). The software
scans the message header and extracts the relevant information
about the person who sent the email (me). Fair enough. Assuming
that it IS spam, of course.
But the capability of the software doesn’t stop there. As
mentioned in the above quote, it also scans the message BODY,
which contains your ad, and adds your URL and email address to
the list of recipients of the complaint. The ever-diligent
big-spam-hunter also makes sure that one or more spam-reporting
“authorities” is copied on the complaint.
WeStopSpam.net*, diligent, professional organization that it is,
immediately and automatically forwards the complaint to
firstname.lastname@example.org and your webhost, an equally diligent,
professional organization shuts your site down for three days
You, of course, learn about all of this AFTER the event.
Think it can’t happen to you? Think again. It happened to me.
This week. Except I wasn’t a paying advertiser in the offending
ezine. The publisher of the ezine reprinted one of my articles.
The article contained my resource box. The resource box
contained my website URL. SpamKiller added my URL to the list of
recipients of the email complaining of the “spam”, copied
WeStopSpam.net and WeStopSpam.net forwarded the email to
email@example.com with the result that my webhost, DumbHost*, shut
down my site for what was to be three days.
The actual downtime was two hours. By that time I had threatened
to sue and they finally got around to actually READING the
offending email and realizing that I, in fact, was just an
There is so much that is wrong in this whole scenario that it’s
hard to know where to begin.
THE PERSON WHO GENERATED THE COMPLAINT
Let’s start with the individual who generated the complaint in
the first place. This is the person using the SpamKiller
software. His email to me (which was auto-generated by
SpamKiller) contained the following subject line:
“UCE Complaint (So-and-So Newsletter*)”
The body started out:
“I have received the attached unsolicited e-mail from someone at
your domain. [He had not.]
“I do not wish to receive such messages in the future, so please
take the appropriate measures to ensure that this unsolicited
e-mail is not repeated.
“— This message was intercepted by SpamKiller
The full text of the intercepted message followed.
The header of the offending email clearly showed that the sender
of the email was someone from so-and-so.com*. Unfortunately, the
newsletter concerned contained virtually nothing but my article
interrupted by what I assume were paid ads.
I’m sure that the paid advertisers in this particular ezine also
received a complaint and that WeStopSpam.net received a copy and
automatically forwarded it to the advertiser’s ISP and/or
webhost who may or may not have shut them down, at least
temporarily. (Hopefully not all webhosts are of the calibre of
DumbHost when it comes to this sort of thing.)
So, this individual, in his zealousness to rid the Internet of
spam, blithely dragged the names and reputations of at least
half a dozen perfectly innocent bystanders through the mud.
The moral of the story? If you use spam-filtering software and
the complaint-generating function that comes with it, have the
common decency and responsibility to stop and think about who
you’re adding to your hitlist. If you don’t, and you get it
wrong, don’t be surprised to find a process- server on your
SPAM FILTERING SOFTWARE
To give SpamKiller its due, it appears to be an excellent
product. There’s a free 30 day download available at
http://www.spamkiller.com . I downloaded it myself to see what,
if any, cautions are given to users about the need to make sure
that the recipient of the complaint is, in fact, responsible for
the email concerned.
Well, there is such a caution but it took me a good 45 minutes
to find it. The software comes with an excellent, comprehensive
built-in help facility. Tucked away at the end of the page on
“Sending manual complaints” is the caution:
“Note: SpamKiller does not check that the loaded addresses are
appropriate for the selected message. Don’t use a … complaint
unless you are certain that its recipients are responsible for
the spam that you are complaining about.”
I would respectfully suggest that this warning be displayed in a
more prominent position, coupled with warnings about what can
happen to those who use the software in an irresponsible manner
so as to ensnare innocent parties.
Now, let’s take a look at WeStopSpam.net’s role in all of this.
In my case, “all” they did was forward a complaint they had
received from our friend in the previous section to my webhost.
Here’s what they sent:
“From: firstname.lastname@example.org To: email@example.com
X-Loop: one Subject: [WeStopSpam (http://www.ahbbo.com)
id:17846286] So-and-So Newsletter Date: Sun, 25 Feb 2001
23:14:50 -0700 (MST) X-Mailer: Mozilla/4.0 (compatible; MSIE
5.5; Windows 98) via http://westopspam.net/ v1.3.1 – WeStopSpam
V1.3.1 – This message is brief for your comfort. …
Spamvertised website: http://www.ahbbo.com >
http://www.ahbbo.com is 188.8.131.52; Tue, 27 Feb 2001
02:56:58 GMT Offending message: …”
So, my website was reported for spamming because it was
“spamvertised” – lovely butchering of the English language, I
must say. This appears to be a coined term for a website that is
advertised by means of spam. This means that any paying
advertiser in the ezine itself is treated as a spammer, merely
because spam was used to send the ezine.
I checked out the website of the ezine concerned. It proclaimed
that its 85,000 subscribers were all “opt-in” i.e. that the
subscribers each took some positive step to have their email
address added to the ezine’s mailing list.
Any reputable advertiser is going to be concerned that the
recipients of the ezine are opt-in, so this would have been of
comfort to the advertisers concerned in this instance.
Mind you, when I sent an email to the address displayed at the
publisher’s site, it bounced. Maybe this person IS a spammer. I
don’t know. And that’s the point. How are you supposed to know
that if you’re just the advertiser or article author?
But, as far as WeStopSpam.net is concerned, that doesn’t matter.
The mere fact that the advertiser’s opportunity was advertised
in the allegedly spam email is sufficient to make the advertiser
a legitimate target. In my case, I didn’t even advertise! The
publisher of the ezine ran my article. How many of you out there
make your articles freely available for reprint?
WeStopSpam.net would presumably have you restrict the reprint
rights to your articles to only those publishers who you know
for a FACT are sending to a 100% guaranteed opt-in list. How do
you do that? Quite simply, you can’t. To expect any such thing
is just unreal and smacks of an appalling lack of understanding
about how the online world works.
A reasonable compromise would be if reprint rights were granted
to publishers who send their ezine to an opt-in list. I would
have no objection to that. Of course, that wouldn’t help you
with WeStopSpam.org because their policy is to shoot first and
ask questions later … but wait, on second thought, they don’t
even ask questions later. They just shoot.
You don’t get a “please explain” or anything else. You’re
convicted first and then it’s up to you to prove that you’re
innocent. Of course, by then, the damage is done. But
WeStopSpam.org doesn’t care. I’m sure they see it as just a
casualty of war.