MEDIA RELEASE
For immediate release - June 2004

Spam - Fighting Back
Spammers get a taste of their own medicine
Article by Warren

Spam. The practice of sending unsolicited junk email is every internet user and system administrator's nightmare. An estimated 40% of all email sent worldwide is considered to be Spam with some countries receiving higher percentages than others.

A group of programmers based in the US and Europe are sick of receiving large quantities of spam daily and have combined forces to collectively attack the problem head-on.

The result of this ambitious project is a free software package entitled "SpamItBack".
SpamItBack (www.spamitback.com) is a unique concept which is designed to tackle the problem at its source rather than attempting to filter or remove spam once it has already been delivered to a mail server. As the saying goes; "Prevention is better than the cure"

The software is simplistic in design but somewhat complex operationally. Basically, the SpamItBack software functions by sending email messages to private spammer email boxes, online order forms and also HTTP requests to weblogs requesting that they cease sending spam. Users running the software are repeatedly sending requests to spammers listed on the software's database. The more people using the software, the more messages requesting individual spammers to stop spamming are received. In effect the spammer is being flooded with messages which renders the ordering and contact forms on their websites useless. The spammer usually ends up shutting down the domain and ceases sending spam related to the respective website that they are trying to entice people to visit and buy their advertised products.

The spammer database is strictly controlled by the SpamItBack team and users are able to download updates each time they use the software. To be effective, it is recommended that the software be run for an hour or more each day by each user. The more people using the software the more effective it becomes. Further information on how SpamItBack works is available later in this article.

In a private interview, James, who is the impetus behind the original SpamItBack project said, "It is often difficult for authorities to track and successfully prosecute spammers due to jurisdictional restrictions particularly when spammers operate from offshore locations." "We (the SpamItBack Team) believe that a more proactive approach is necessary that directly addresses the problem by making it increasingly difficult for spammers to operate."

James also said, "We began to see results within a few weeks of releasing the software with numerous domains and known spammer email addresses being shutdown after being flooded with messages by people using the software. The spammer's website log files also increase dramatically in size and can effectively shutdown the site from within depending on the number of requests sent. A number of the larger spam operations own in the vicinity of a thousand domain names. It is simply a matter of targeting each series of domains with the SpamItBack software and in a very short time those domains becomes impossible to use for spamming activities."

Even though millions of dollars are spent by authorities worldwide each year in a bid to combat spam, it is still an ever increasing problem. Statistical information provided by Brightmail (see www.brightmail.com/spamstats.html) shows that the percentage of spam related email filtered by Brightmail has jumped from 49% in June 2003 to 64% in May 2004. Brightmail filtered over 100 billion email messages in May 2004. This 15% increase in the last twelve months clearly demonstrates that the efforts of authorities are having little impact on the spam problem. Further statistical data available from, www.spamfilterreview.com, estimates that of the average 31 billion daily emails sent in 2003, a total of 12.4 billion were spam. This equals an approximate total of a whopping 4,500 billion spam messages sent to internet users and corporations in 2003.

When asked if SpamItBack is contributing to an increase the amount of Junk email cluttering the internet, James said, "we recognise that not everyone will agree with the methodology of what we are trying to achieve. It must however, be made very clear that the software is not sending out spam. "Spam", as it is currently defined is a - 'commercial solicitation' with the spammer usually sending out thousands or millions of emails every day to individuals. Responding to a spammer, telling them not to spam you, is not. The software is only sending messages to a selected group of individuals and companies that are confirmed spammers asking that they stop spamming. In actual fact, by rendering major spammer domains ineffective we are reducing the quantity of junk email being sent each day. Obviously in the past, a lot of people told spammers not to spam them, hence the reason spammers now resort to subterfuge, not providing any means of contacting the spammer. This software allows the individual receiving spam to once again tell the spammer to stop spamming. The majority of negativity towards SpamItBack stems from a misunderstanding of what the software does and how it operates."

How it all works.

The software operates with three tiers of defence against spammers. Firstly, the spammers known email addresses are targeted. Secondly the software automatically fills out online forms on spammer websites and thirdly it appends items to any log files on the spammers host server, if activated.

The software is fully automated. Once a user activates the package, the software commences sending messages to those spammers contained within its database.
A built in SMTP-server is included which means that the software connects directly with the spammers host web server as opposed to delivering mail via the users own ISP.
Messages are sent with randomly generated return address and source information, thus providing the necessary security for the user and making them untraceable by the spammer. 

The spammer database is managed under the strict control of the SpamItBack team. The only email addresses or domain details that are added to the database are those that are indeed from spammers. A strict selection criteria and controls process is adhered to at all times prior to a spammer being added. A number of clearly defined identification tasks are performed to confirm the status of a spammer and the information cross checked against several internationally recognised spammer databases before a spammer is finally added to the SpamItBack database.

Another unique feature of the software is the integration of a scoring system designed to encourage users to run SpamItBack on a regular basis. Each time the user runs the software, points are accumulated for each message sent which can then be uploaded to an online scoreboard at the SpamItBack website. It was interesting to note the battle that was raging for top placing's on the scoreboard. This feature provides a fun element to the software and encourages user participation.

The SpamItBack Team's actual locations and contact details are confidential for obvious security reasons. They can be contacted via the contact form provided on the SpamItBack website at www.spamitback.com.

According to "The Register of Known Spam Operations", Rokso database which is maintained by "The Spamhaus Project" www.spamhaus.org, approximately 200 known spam operations are responsible for 90% of the spam that is delivered every day.
The ROKSO database collates information and evidence on known hard-line spam operations that have been terminated by a minimum of 3 consecutive Service Providers for serious spam offenses. The team at SpamItBack are concentrating their efforts on targeting these major players in an effort to hamper their activities and reduce the quantity of spam being distributed and to ultimately stop their spamming operations. 

The SpamItBack software package is freeware and can be downloaded at www.spamitback.com