Over the last few months, I've been the victim of spams (excessively posted messages on Usenet) forged to look like I wrote them. Three sets of these messages came from goodnet.com, and others have come from gnn.com/megaweb.com and netzone.com
The first spam came from goodnet.com in early September. The account was opened under the name "John Grosclose", which is misspelled. The From: headers on the spam read "From: jgros@goodnet.com" while the Reply-To: header read "Reply-To: caradoc@neta.com". This resulted in many angry messages arriving in my mailbox and my postmaster's mailbox. The message included with this first spam listed a PERL script that could be used to issue more spam messages to Usenet. According to goodnet.com, they have made no progress in identifying the originator of this first forged spam in my name.
The second spam came from goodnet.com on Saturday, December 16th, 1995. The From: headers on this spam read "From: caradoc@neta.com", but the Path: and Message-ID headers indicated that it did in fact come from goodnet.com. UUNet verified that the spam messages did come into their network from goodnet.com. The message in this spam read "Spam for Freedom of Porn", and advised readers to contact their representatives to fight the "Internet Censorship" bill.
The third spam came through gnn.com, by way of megaweb.com's news server on Sunday, December 17th. This spam was much the same as the second, with the message indicating that I was offering some kind of "list" of pornographic materials available on the Internet.
The fourth spam came through netzone.com on Thursday, December 21st, posting binaries of nude women performing various acts. The titles of these messages were "Let's Annoy Johnny". The messages apparently did not propagate very well, perhaps due to their size or the fact that the auto-cancellers got them first.
On Sunday, December 24th, yet another spam went out from goodnet.com, this time having no message other than being "Santa's Xmas Gift". In this spam, the From: line was altered to indicate that the messages were from "Santa " (please note the trailing space) and that the gift was another set of spammed messages.
On Christmas morning, I got a note from one of the techs at goodnet.com, which was a cc: of another message sent to Dave Jemmett, the "front-man" for Goodnet. The message indicated that they'd figured out which user was responsible, and that the account had been disabled.
[Note: this has since been proven a lie. Finger indicates that both of the accounts implicated in the December spams are still active. See the notes for February.]
Reports have been made to the Phoenix Police Department and to the Maricopa County Attorney's Office, and an investigation should be underway as soon as everyone recovers from their holidays.
Thus far, none of the systems administrators from any of the compromised sites have made any public statements or announcements about what has or hasn't been accomplished at their sites to prevent this sort of thing in the future. Three of the spams came from one site, goodnet.com. It's probably in their own best interests to say something about what they're doing to handle this kind of thing, preferably posted either on their web site (www.goodnet.com, www.gnn.com, www.megaweb.com, and www.netzone.com) or in the newsgroup news.admin.net-abuse.misc.
If you are a user on any of the above-named sites, you should probably consider questioning your own site administrator (typically through postmaster@your.site.here) about the security measures they're using to prevent this kind of thing from happening to you.
There's no real news to report yet. Local law enforcement (Phoenix, Tempe, and Scottsdale, Arizona) all have the details of the case, as does the Maricopa County Attorney's Office. GNN and Megaweb (both part of America On-Line) have made it clear that this kind of thing won't be tolerated from their sites. GoodNet apparently still doesn't care about spams from their site. I finally put "*@goodnet.com" into my global killfile, and will soon be adding "*@good.net" to that.
Finger tells me that the accounts at GoodNet which were implicated (by a GoodNet technician) in the spam are still active, and voice messages, e-mail, and Usenet postings from Darin Wayrynen at GoodNet indicate that nothing will happen to those accounts.
I'm still receiving the infrequent requests for the list of "free pornographic sites" offered in the spam, but between the .procmailrc and Eudora filters I have in place, they're not annoying. Some of them have been rather amusing, like the request from an AOL user for "pix of women with dogs".
An article by David Hoye, with the Arizona Republic, has been placed on the WWW. It's not wholly about me, but is a well-written piece on e-mail abuses and spamming. They got the quotes right, but they did cut the one mentioning that most of the responses have resulted from the spams issued at GoodNet. Of course, they also didn't mention that aol.com occurred the most often in the requests for pornography.
Created 2/23/96 - iain@iaincaradoc.org - Last updated 7/14/96