Reed Konsler (
Mon, 19 May 1997 23:07:21 -0400 (EDT)

>Mime-Version: 1.0
>Date: Mon, 19 May 1997 17:47:47 +0100
>From: (Comm Office)
>Subject: "SPAM WARS" ESCALATE -- A McLUHAN POST (Not Arch.)
>Precedence: bulk
>[Notes: "delist" instructions to this e-list are
>appended to the end of each "regular" posting. They
>also appear at the end of the postings in our
>Archives at <>. Because of the
>size of this list, only proper de-list messages
>will be processed!]
>[This is a special, "non-archived" post for the
>McLuhan-List. If you want to keep the material,
>"save" it to your own system because it will NOT be
>kept in our Archives]
>WOW! Talk about synchronicity! About the same time that we notified you, our
>readers, about "SPAM WARS" it looks like several have actually started.
>Many of you
>have taken time to update us on news you have captured, including, of
>course, the
>Compuserve lawsuit against CyberPromotions, and related activities. The most
>outrageous, however, is repeated below (thanks to
> --
>AGAINST THOSE WHO TAKE AN ANTI-SPAM position! Read this yourself and
>We said in 94 that the Internet was like the "wild west" and unfortunately
>it will take lawmakers to stop the bulk of the junk email (in most BUT NOT ALL
>jurisdications -- some are "outside the law").
>------ as received ------
>>>Date: Thu, 15 May 1997 20:01:52 -0400
>>>From: Jim Youll <>
>>>Subject: headers were forged in junk e-mailing;
>>> retaliation against my public anti-SPAM activities
>>>We are a very small company. We are being attacked electronically, because
>>>of my public anti-spam stance:
>>>(A) Our server was subjected to an inbound bombing from the hijacked
>>>servers into our mailserver last night (14 May 1997).
>>>(B) Thousands of messages were sent OUT today (15 May) from the same
>>>hijacked servers, resulting in a torrent of complaining, hostile, violent
>>>mail to our mailboxes. Some people began to mailbomb us with large
>>>I have 99.9% confidence that the hostile messages were injected into the net
>>>from a computer dialed into, a UK ISP, and have the
>>>corroborating records to prove it, at least everything I can get without
>>>cooperation from I am unable to reach anyone at
>>> who will assist in this investigation.
>>>The messages were relayed off and SMTP
>>>The administrators at these sites have not been terribly supportive, though
>>>they claim to be working on it. They have also received quite a bit of
>>>inbound mail, but appear somewhat unsure about what to do or ``how that
>>>happened''. They've asked me if *I* sent the messages.
>>>Complete details of the attack and my anti-junkmail posting which started
>>>all this appear here:
>>>The message I have sent out follows. I need support from the UK. I am
>>>prepared to do whatever it takes to get a prosecution.
>>>-- quoted message follows --
>>>My domain is under attack by someone who doesn't like my
>>>MILITANT, PUBLIC ANTI-SPAM stance. To date, their actions have included
>>>sending apparently several thousand e-mail messages, forged showing my name
>>>as the sender. In addition, this same party or someone working with them
>>>conducted a denial-of-service attack on our system last night, 14 May. See
>>>, including system logs clearly showing the
>>>terrorists' use of third-party unsecured SMTP servers as relays (which you
>>>will also see by looking at the headers of the messages that were sent).
>>>Their attack has also included threats of harm against me.
>>>PLEASE let people know this did not originate at It is a
>>>complete forgery. We are TRYING to investigate and at the moment have a
>>>number of backbone carriers and MCI security, involved. I am doing all I
>>>can. PLEASE tell people to stop writing to complain. This did not come
>>>from us. We don't spam. I am FIGHTING spam and that is why I was targeted
>>>in this manner. When you see their mail-bomb messages to me, you will
>>>I am seeking cooperation from the sites that were used as relays. Sheila,
>>>apparently an administrator at (office@ is their e-mail
>>>address; if you have received junk that bounced off their mailer, I STRONGLY
>>>suggest you contact them and demand the holes be closed.) Carleton Freenet
>>>has notified me (15 May 1997, 1600 EDT by e-mail) that they will not release
>>>their SMTP logs, which would show the origin of the message injected into
>>>their mailer. A man reached at said he had ``one technician
>>>working on it'' but really didn't understand the specifics, and was not very
>>>excited about helping. This is all very exciting for electronic terrorists,
>>>I am sure.
>>>New Media Group (and I in particular!) do not send or generate commercial
>>>e-mail. Ever. We are a small Internet presence provider working closely
>>>and on-site with clients in the Midwestern US. Only. We do not seek,
>>>service, or advertise to anyone outside that area, and we do not use e-mail
>>>for advertising.
>>>Copies of all logs and the threatening messages which came here have been
>>>forwarded to security officers at all ISPs we could identify, and at the
>>>security offices of backbone providers involved in this. We're trying, but
>>>it will be difficult to identify who did this. We're trying. I fully
>>>intend to press criminal and civil charges at the very moment an indictment
>>>becomes feasible.
>>>The reason we have been targeted is that I (personally, not this company)
>>>have been leading a campaign AGAINST junk e-mail. Please help me find out
>>>who did this.
>>>If you look at the headers, you will see that the messages did not come from
>>>here. The incoming messages threatened more attacks unless I stop my
>>>campaign to free people from unwanted junk e-mail. This is terrorism, plain
>>>and simple and I call on the entire Internet community to help track down
>>>the responsible parties. I will appreciate any assistance you can provide.
>>>I am offering a reward of $1,000 for information leading to the arrest and
>>>conviction of the perpetrators of this crime.
>>>NOTE ADDED 16 May 1997:
>>>We were hit again overnight 15 to 16 May. This time messages were sent to
>>>many addresses in the U.S. Primarily the incoming has been bouncing due to
>>>bogus or no-longer-in-use names at these locations. The nature of the
>>>addressing suggests that the names were culled from newsgroups and other
>>>public sources, and that the system doing the gathering went back some
>>>distance in time to get them, as many were expired.
>>>... It's been a busy couple of days. We have received approximately 2,500
>>>undeliverable messages in the last few hours. (Normal is 20-50 per day.)
>>>The incoming complaints and attacks are slowing, because I think people are
>>>learning that is ANTI-junk. Word is getting out, and
>>>hopefully that will help in the future.
>end post

Reed Konsler