15 August 2005
The clues that led us to the porn spammer
The story began when senior producer Allan Maraynes asked me if we could trace a piece of pornographic spam e-mail back to the person who sent it. Tracing spam is never easy. And as with any investigative story, we were not sure where the journey would lead.
But there are clues that we could follow.
The idea became a journey into how an adjunct one of the world's oldest businesses was combining with one of the newest trades. The trail would give us an opportunity to show viewers the money at stake, the lack of regulations, how this affects people's lives, and the people involved in the industry. One operating theme, as correspondent John Hockenberry said during the piece, was "return to sender."
We began doing something that most people would never do: We sought out spam. Associate Producer Michelle Feuer asked groups who complain about spam to provide us with examples so that we could glimpse the scope of what is out there. Within a couple weeks we had hundreds of different kinds of e-mail.
Once we got the e-mails, we began culling through them.
One of the worst aspects of the story is that we had to do what those who do not want spam should never do: We had to start by looking at those e-mails. The problem with that is, depending on the program you use for e-mail- like Outlook or Eudora- and how you adjust your settings, you run the risk of downloading a virus on your computer.
Here are some of the clues we were evaluating:
Every e-mail contains what is known as header information - information that offers clues about the route traveled by the e-mail to reach you. It will have a list of IP addresses. These are like those old stamps you would see on vintage steamer trunks, telling you about the various ports traveled through. Each address-a set of numbers-tells you the computers that e-mail passed through. And you can look up who owns those computers, though there is always a risk that the information is not accurate. These are known as "whois" searches. There are various places you could go for these kinds of searches, including this Web site.
You can look up who owns the pornographic Web site promoted by the spammer. For instance, we learned quickly that the owner of the Web site we eventually decided to profile was owned by a Canadian company called Global Media Resources. Trade publications such as Adult Video News profiled the company as a substantial player in the Internet porn business.
There are also other ways to learn about sites. For instance, a Web site operator- like any kind of company- could be involved in a business-related dispute. And just like traditional trade name disputes, Internet sites may get tangled in arguments about who owns a Web site name. A springboard to examine those is this site. And like any proceeding, the documents filed can offer another glimpse into a Web site operator.
Another resource are anti-spam organizations like Spamhaus. We did not use Spamhaus to track the spammer in our story. But the group compiles a lot of useful information about spammers.
Other clues could be embedded in e-mails. Even though e-mails could be filled with fancy graphics-or offensive pornography-there are ways to examine the source code used to assemble the missive. The ways to do so depend on your e-mail software. In the case examined by Dateline NBC, the source code told us what would happened if we "Clicked Here" on the e-mail, the computer routes that would be taken to the porn site. And we could see that there was a numeric code- something we later confirmed was an ID used by the spammer to get paid by the pornographic Web site. That ID number, visible in the source code of the spam profiled in the story, proved crucial to tracking down our spammer.
All of these approaches could be useful to tracking any spammer, not just those in the porn business.
We learned that the spam that so offended Julie in Texas was seemed to have been sent on this continent and that it involved a big pornographic Web site operator in Canada. There's a lot of spam that comes from all around the world, including China and some of the former Soviet republics. At least we were going to remain in North America for this story.
So at this point, we did not know the identity of the spammer. But we had leads to pursue.
It did not take long to learn something else about the pornographic Internet business: to combat child pornography, the U.S. government requires Web site operators to post a list of its Custodians of Record. The records are contracts and other documents showing those photographed for the Web sites are 18 years old or older. Often, these are photographers. So at most pornographic Web sites, you may notice a link tucked away that would lists Custodians of Records. You would know who has the documents. You get the company name and often an address. (But you cannot see the actual model contracts documenting the ages. Those are available only to law enforcement officials). These list of document keepers was another avenue for us to pursue. You can learn more about this law here.
One footnote: U.S. law requires spammers and other e-mail mass mailers to include a way to opt out of getting further e-mails. You may have seen these. They say something like "If You Don't Want More Emails From Us, Click Here." Spam experts told us you should think twice about ever clicking this. Opting out something you should only do if you trust the sender. If not, and you do click, it could tell a spammer that your e-mail account is for real, and that you read stuff from people you don't know. It's added incentive for them to keep spamming you. And since the law is rarely enforced, there is little you could really do to get the spammer to stop using this opt-out provision. Australia is one place that experts say has a much different approach, where you would have to opt in to get mass marketing e-mails to begin with.
On the hunt for the spammer, we learned about the Internet porn industry's major convention in Las Vegas. It precedes a better-publicized event designed more for those who are fans of porn stars. Producer Lynne Dale and correspondent John Hockenberry went there in January 2004, and saw first hand how the industry is constantly looking for ways to boost traffic-getting people to visit their Web sites. Key players in the business say they oppose spam as a means to do this. But as many people with e-mail accounts know, it still goes on. As you saw in the story, when they spoke with John Hockenberry, the Global Media representatives promised to reveal the name and address of Julie's spammer- the identity of the person we'd only known by a code number.
It's important to know that spammers make money not just by spamming you, but by selling your e-mail address (along with millions of others) to other spammers. It's an added reminder to be careful about giving out your e-mail address.
Avoiding spam
A good way for you to help avoid spam is with a spam filter. Ray Everett-Church, an anti-spam expert who appeared in the story, e-mailed this to us regarding spam filters:
The software that I have come to depend on personally is SpamAssassin, a free software package that is built and maintained by a volunteer community of anti-spam fighters. It's mainly for use on mail servers by ISPs and enterprises, but the same technology is available to the average user through another free software package called PopFile. It runs on Windows machines and works with just about any e-mail software like Outlook or Thunderbird. (But not proprietary services like AOL or Web mail services like Hotmail or Yahoo.) There are decent anti-spam software offerings from some of the big name anti-virus companies, but they can cost money and aren't all that more effective than PopFile. The upside of those, however, is that they have good service and support and are easy for the average user to install.
I also use Cloudmark's SafetyBar which is a plug-in for Outlook. It works alright as well, and is pretty easy to use.
If you want to be safe, anti-spam experts caution you to never open e-mails from someone you don't know, and to even turn off e-mail preview features. Anti-spam filters can also be a big help to block unwanted missives from even going into your inbox. There is a lot of money at stake with planting viruses on computers. The viruses can hijack your connection to the Internet, making you the unwitting sender of spam. Or the viruses could make you face unwanted popups, and push your Web browser to places you don't want to go.
But there are clues that we could follow.
The idea became a journey into how an adjunct one of the world's oldest businesses was combining with one of the newest trades. The trail would give us an opportunity to show viewers the money at stake, the lack of regulations, how this affects people's lives, and the people involved in the industry. One operating theme, as correspondent John Hockenberry said during the piece, was "return to sender."
We began doing something that most people would never do: We sought out spam. Associate Producer Michelle Feuer asked groups who complain about spam to provide us with examples so that we could glimpse the scope of what is out there. Within a couple weeks we had hundreds of different kinds of e-mail.
Once we got the e-mails, we began culling through them.
One of the worst aspects of the story is that we had to do what those who do not want spam should never do: We had to start by looking at those e-mails. The problem with that is, depending on the program you use for e-mail- like Outlook or Eudora- and how you adjust your settings, you run the risk of downloading a virus on your computer.
Here are some of the clues we were evaluating:
Every e-mail contains what is known as header information - information that offers clues about the route traveled by the e-mail to reach you. It will have a list of IP addresses. These are like those old stamps you would see on vintage steamer trunks, telling you about the various ports traveled through. Each address-a set of numbers-tells you the computers that e-mail passed through. And you can look up who owns those computers, though there is always a risk that the information is not accurate. These are known as "whois" searches. There are various places you could go for these kinds of searches, including this Web site.
You can look up who owns the pornographic Web site promoted by the spammer. For instance, we learned quickly that the owner of the Web site we eventually decided to profile was owned by a Canadian company called Global Media Resources. Trade publications such as Adult Video News profiled the company as a substantial player in the Internet porn business.
There are also other ways to learn about sites. For instance, a Web site operator- like any kind of company- could be involved in a business-related dispute. And just like traditional trade name disputes, Internet sites may get tangled in arguments about who owns a Web site name. A springboard to examine those is this site. And like any proceeding, the documents filed can offer another glimpse into a Web site operator.
Another resource are anti-spam organizations like Spamhaus. We did not use Spamhaus to track the spammer in our story. But the group compiles a lot of useful information about spammers.
Other clues could be embedded in e-mails. Even though e-mails could be filled with fancy graphics-or offensive pornography-there are ways to examine the source code used to assemble the missive. The ways to do so depend on your e-mail software. In the case examined by Dateline NBC, the source code told us what would happened if we "Clicked Here" on the e-mail, the computer routes that would be taken to the porn site. And we could see that there was a numeric code- something we later confirmed was an ID used by the spammer to get paid by the pornographic Web site. That ID number, visible in the source code of the spam profiled in the story, proved crucial to tracking down our spammer.
All of these approaches could be useful to tracking any spammer, not just those in the porn business.
We learned that the spam that so offended Julie in Texas was seemed to have been sent on this continent and that it involved a big pornographic Web site operator in Canada. There's a lot of spam that comes from all around the world, including China and some of the former Soviet republics. At least we were going to remain in North America for this story.
So at this point, we did not know the identity of the spammer. But we had leads to pursue.
It did not take long to learn something else about the pornographic Internet business: to combat child pornography, the U.S. government requires Web site operators to post a list of its Custodians of Record. The records are contracts and other documents showing those photographed for the Web sites are 18 years old or older. Often, these are photographers. So at most pornographic Web sites, you may notice a link tucked away that would lists Custodians of Records. You would know who has the documents. You get the company name and often an address. (But you cannot see the actual model contracts documenting the ages. Those are available only to law enforcement officials). These list of document keepers was another avenue for us to pursue. You can learn more about this law here.
One footnote: U.S. law requires spammers and other e-mail mass mailers to include a way to opt out of getting further e-mails. You may have seen these. They say something like "If You Don't Want More Emails From Us, Click Here." Spam experts told us you should think twice about ever clicking this. Opting out something you should only do if you trust the sender. If not, and you do click, it could tell a spammer that your e-mail account is for real, and that you read stuff from people you don't know. It's added incentive for them to keep spamming you. And since the law is rarely enforced, there is little you could really do to get the spammer to stop using this opt-out provision. Australia is one place that experts say has a much different approach, where you would have to opt in to get mass marketing e-mails to begin with.
On the hunt for the spammer, we learned about the Internet porn industry's major convention in Las Vegas. It precedes a better-publicized event designed more for those who are fans of porn stars. Producer Lynne Dale and correspondent John Hockenberry went there in January 2004, and saw first hand how the industry is constantly looking for ways to boost traffic-getting people to visit their Web sites. Key players in the business say they oppose spam as a means to do this. But as many people with e-mail accounts know, it still goes on. As you saw in the story, when they spoke with John Hockenberry, the Global Media representatives promised to reveal the name and address of Julie's spammer- the identity of the person we'd only known by a code number.
It's important to know that spammers make money not just by spamming you, but by selling your e-mail address (along with millions of others) to other spammers. It's an added reminder to be careful about giving out your e-mail address.
Avoiding spam
A good way for you to help avoid spam is with a spam filter. Ray Everett-Church, an anti-spam expert who appeared in the story, e-mailed this to us regarding spam filters:
The software that I have come to depend on personally is SpamAssassin, a free software package that is built and maintained by a volunteer community of anti-spam fighters. It's mainly for use on mail servers by ISPs and enterprises, but the same technology is available to the average user through another free software package called PopFile. It runs on Windows machines and works with just about any e-mail software like Outlook or Thunderbird. (But not proprietary services like AOL or Web mail services like Hotmail or Yahoo.) There are decent anti-spam software offerings from some of the big name anti-virus companies, but they can cost money and aren't all that more effective than PopFile. The upside of those, however, is that they have good service and support and are easy for the average user to install.
I also use Cloudmark's SafetyBar which is a plug-in for Outlook. It works alright as well, and is pretty easy to use.
If you want to be safe, anti-spam experts caution you to never open e-mails from someone you don't know, and to even turn off e-mail preview features. Anti-spam filters can also be a big help to block unwanted missives from even going into your inbox. There is a lot of money at stake with planting viruses on computers. The viruses can hijack your connection to the Internet, making you the unwitting sender of spam. Or the viruses could make you face unwanted popups, and push your Web browser to places you don't want to go.
# posted by vdodon @ 02:26 
