|
Author: A.Markley (1 Mar 08 1:13pm)
I just found this post. Sorry for the reply lag, but maybe it will help you and others.
In 2003, I had a similar nightmare. There are a few things you can do -- but it takes time and research. I was successful at shutting down "my" spammer's website. Naturally, the creep just set up a new domain and was back in business within hours. However, I inconvenienced him and brought him out of the shadows. Many spammers are involved with criminal gangs... maybe they network with each other, sharing lists of victims who fight back and aren't worth the trouble of joe-jobbing. All I know is that I've never suffered a similar attack.
1) First, immediately contact your ISP and let them know what's going on. They should be able to help with things like mail relaying and may be able to go after (or block) the spammer's domain or upstream ISP. If they can't (or won't) help you, switch to an ISP with a serious commitment to protecting their customers.
2) Next, put a "we didn't spam you" message on the home page of your site. This may help stop the hate mail (and put the spammer on notice that you're taking action). You can also use the statement when you write back to people who send hate mail. Write a short statement such as, "If you receive spam which appears to be from our domain, please rest assured that we didn't send it. We have been attacked by spammers using our return address in an effort to hide their true identity. We are investigating the situation and taking action. We apologize for any inconvenience the spammer has caused you." Don't post a link to the spammer's domain -- that just helps drive more traffic to their site. I posted a JPEG screen shot of a typical spam sample (and blacked out my apparent "from" address).
3) Keep detailed records of everything... every phone call, every letter, everything... they'll be useful if you're able to take legal action. If the spammer is in the USA, they're in violation of federal law. "My" spammer was hiding behind an ISP in Canada, but I tracked him back to Florida. If you can afford an attorney, buy an hour of his or her time for more advice and recourse. In essence, you're the victim of a form of identity theft.
You're probably also receiving bounced message reports from bad addresses on the spammer's list. These are very useful because the full header reveals the path from the spammer to the recipient and the bounce message to you. You have to do some detective work with a tracer route program and a whois tool, but you can build a useful profile on the spammer. If your local police department has a tech crimes division, contact them and ask for help. File reports with the Federal Trade Commission. Contact your local media and try to get them to run a story about what happened. Send a letter to your congressmembers and senators. In short, make a lot of noise. You may as well get some good PR value from a bad situation... and in the process, make life a little harder for spammers while helping to educate the public.
Related news feature at Wired.com:
http://www.wired.com/politics/law/news/2003/09/60635
Watch a short QuickTime video about what happened to me:
http://www.art101.com/video/nospam.html
Good luck and happy hunting.
Post Edited (1 Mar 08 1:14pm)
|
