I’m Fighting Acai Berry Spam Today

Clarifying the
Meaning of Spam

The term spam refers to email that has the purpose of promoting and selling a product or service. Furthermore, the email message has to be from an organization or individual that you didn’t request information from, nor did you tell them that it was okay to contact you. The FTC defines spam as “unsolicited commercial email” or “UCE” for short. If you tell a company it’s okay to send you email, then that applies to all email from that company unless otherwise specified.

FTC Law, Commercial Email:
CAN SPAM ACT 2003

  • Bans false or misleading ‘Header’ information. The “From” and “To” info must be accurate.
  • Prohibits deceptive “Subject” lines. The subject must match the content of the message.
  • Message must have an “opt out” or “unsubscribe” method. The link must
    be good for 30 days, and must be honored in 3 business days. (Previously 10 days
    was the allowance, but this changed in July 2008)
  • Message must list a legitimate physical address. The sender cannot register the address under an assumed name either.
  • Message must clearly state that it is an advertisement.

Update and Clarification (May 6, 2009):  This post is about spam in general, using Acai Berry spam as an example. I aim to (1)  illustrate that sometimes email addresses and web site addresses don’t match; and that when WHOIS is used, one may often find that they might not belong to the same person or organization. That should be a warning as to the legitimacy of the email message (or the site). Some readers have focused more on the email aspect of spam, but (2) much spam directs you to a web site. As some commenters have pointed out: email addresses can be spoofed, and tracking an email can be very difficult, BUT it is my opinion that web sites can be easier to track. (Read my “Spam Fighting Update”).

The original article begins here:

I hate spam.

I mean I really hate spam.  I don’t just delete it, I report it. I send it to the FTC’s spam@uce.gov email address so they can record it. If I get really bothered about it, I contact the company that registered the name for the owner of the email address and let them know that someone is using their service for spamming.  A lot of decent companies don’t like to hear about that.  It can hurt their law abiding users. How’d you like to learn that your emails don’t go through because someone on the same service as you was spamming, and getting everyone else blocked because of it?

For about two weeks now I’ve been receiving emails claiming to be from the “American Health Association” telling me how to lose weight with various products made from Acai Berries. After clicking unsubscribe links (when available) and deleting, I began to “get testy” when they continued rolling in. So I started fighting back.

The Law Is On Our Side

Let’s see what laws and such are on my side and yours here.

  1. Web and email addresses have to be registered to an owner or registrant. It is illegal to do so under an assumed name.
  2. Commercial messages (they wanted me to buy these berry products) must by law contain truthful addressing info both in email and in the physical world. And, once more, no assumed names are allowed. A physical address must be included.
  3. Many other nations have teamed up with the US to fight spam, so even if these spammers aren’t in the US, the country they live in may work with the US to fight spam.
  4. Many reputable internet and email services will not allow their clients to use their systems for the delivery of spam.

How did I fight back?

The Registrant / Owner of the Email Address. If the message was from the “American Health Association” then its email address — according to my Google search — would be either “@ahahealth.com” or “@americanhealthfoundation.com”.

Instead the email addresses pointed to “@brightbat.com” and “@prodemosite.com” among others. So there’s an FTC violation for false or misleading header information.

Want to know the registrant/owner of an “@whatever.com” address? Just go to Google and search for “whois whatever.com”. There’s no space in whois, and don’t include the quotation marks either. So I did a search for whois brightbat.com and whois prodemosite.com. Both came up with private or anonymous listings, they were both registered through the same service and one was registered just yesterday (a one day old address) and the other was registered in mid July.  Go to Google and try searching for them yourself. Oh, heck, here’s the direct link to brightbat’s listing and here’s prodemosite.

Also, the addresses were registered through a company in the UK, and the UK works with the US to fight spammers.

I contacted the private registration service, PrivacyProtect.org, and reported the owners of these two addresses. Privacy Protect will reveal the registry information if they deem it appropriate. I let them know the owners of these addresses were sending spam messages in violation of the provisions of the FTC’s CAN SPAM Act. I also forwarded copies of the emails to them at abuse @ privacyprotect.org.

What Other Violations Were In Those Emails?

You can follow along with the violations by taking a look at the legal requirements for commercial email messages listed in the yellow box at right. Several people have received up to three or more years in jail for violating these laws.

Back to the Acai berry violations:

  1. Along with the misleading email names (claiming to be the AHA when they weren’t), they also
  2. failed to mention the messages were advertising
  3. failed to include a postal address
  4. In several cases they failed to include an unsubscribe link, and in some cases the link didn’t work. All violations.

What Else Did I Learn?

The people at PowerSupplements, a manufacturer of Acai berry products wasn’t to thrilled to hear about the Acai berry spam. That was according to a report at SpamFighter.com, a provider of spam filtering software at www.spamfighter.com.

So if you decide you’d like to join the fight against spam you can follow my lead.

  1. Look for the same violations I looked out for.
  2. Forward spam to the FTC at spam@uce.gov.  (UCE stands for unsolicited commercial email).
  3. Want to go the extra mile? Go to Google, and do a whois search on the email address it came from.  Just use the part of the address that comes after the @ symbol, don’t use the whole address. Then find out where the reistered the address. For example, whois brightbat.com. Then find out who the registrar is and let them know a user of their service is sending out spam.

If anyone has a question, please email them to me using the Contact link, or, if it relates to today’s message, please use the Comment and Question link below. Follow me on Twitter. I’m looking forward to hearing from you.


16 comments

  1. amy says:

    I get DOZENS of SPAM from Acai Berry EVERY WEEK. I told them repeatedly to STOP! I have written them at
    —- North University, Provo, Utah 84604
    to stop. I am sending another letter cerified today.

    HOW CAN I SUE THESE BASTARDS?

  2. Mad in San Diego says:

    I get tons of SPAM on a daily basis from Acai Burn and other bogus Acai products with Matt Lauer’s face on them. Every spam email has a different address. They suck!

    Acai Burn
    —- Army Post Road
    Des Moines, IA 50321

    Vasillissis Freiderikis 33
    1st Floor
    PC —-
    Niosia Cyprus

  3. Anonymous Coward says:

    Um, you do realize that in most cases, the domain of the e-mail is not even associated at all with the real sender?

    E.g., someone claiming to be the AHA might send an e-mail from aha@example.com, but the sender does not even control or own example.com; you have two levels of forgery: a fake organization and a fake sending e-mail address. Since SMTP has no mechanism for authentication (and SPF/DomainKeys is not that widely deployed), you can never trust the source domain–if you complain to them, chances are, you are chasing a ghost (I’ve been on the receiving end of this too many times–Google up backscatter).

    Also, virtually all the spam these days are sent by criminals using hacked computers. Look at the trace of those headers, and all of them will lead you back to some innocent IP–of a residential broadband user, of a computer at a respected company, or even to a government computer. Spammers control literally millions of hacked/compromised computers around the world to do their spamming. Reporting that spam is not very productive because it’s almost all noise and no signal. And they don’t need some spam law to throw these people in jail–most of these people end up getting hit with computer intrusion charges IF they ever get caught (but many of their host countries, like Russia, turn a blind eye).

    So while I too am inundated with Acai Berry spam (which is how I found this), your method, which would’ve worked in the 90’s before spam became the province of the cyber mafia, is… um… useless and probably counterproductive.

  4. Thanks for writing, AC. Thanks for elaborating on the methods being used. BUT, as you say, very early on, “in most cases”. That shows you, and I, know it will work in some cases.

    The professionals have many layers of coverage and subterfuge, but the amateurs, the affiliates, the semi-pros, the “don’t know any better”, the desperate, and the “hey why not try it” folks can still get caught. It doesn’t matter how skilled a criminal is, they’re still a criminal.

    My method may not help much against the pros, but in a few instances I’ve been contacted by law enforcement for more information. I’ve even been contacted by the victims who owned the domains being exploited, and I’ve been thanked for my efforts. I know that some suspects have been caught.

    So knowing, as I do, that “chances are” my methods won’t help in all cases, doesn’t stop me from trying to make a difference. It hasn’t proven useless.

    I’m not certain how it would be counterproductive.

  5. Thanks, Amy and Mad, for your efforts to make a difference. Most people won’t try, and that’s what the lawbreakers are hoping for.

  6. SysAdmin says:

    Just to clear the points, AC is pretty much explained it all and this is pretty much true that little can be done about spamers forging from and return-path headers, yet there are ways of fighting spam, that are pretty solid and straight forward.
    1) In the headers look for address where the message came from, e.g. IP from which the spam message was sent to your mail server, usually looks like this [rom dsl81 (unknown [81.214.4.167]) by your mail server (Postfix) with ESMTP id 7A69D2F71E; Wed, 29 Apr 2009 16:04:51 -0400 (EDT)]. Thats your starting point. In this case the spamers IP is 81.21.4.167.
    2) Get the complete information about this IP:
    a) IP Whois is your friend: http://ws.arin.net/whois/, this will tell you, or point you to correct whois service, complete registrar information for the give network block. In this case its “Turk Telekom ADSL-20K” and country this block belongs to is TR.
    3) In this case its ADSL ISP in Turkey, this means several things:
    a) ISP doesn’t block usage of port 25 to deliver mail, and spamer just connects to your mailserver directly. (fyi: i can make all email look like they came from whitehouse in that setup)
    b) there is little you can do about the spamers on that network, which gives you limited choices of dealing with this.
    4) Action:
    a) If so happened that ISP hosting the network block is in US, they are liable for spaming and you can go ahead and notify them or authorities, this will produce results. As a side note, it doesn’t matter what kind of spam message it was, as long as its spam there is no excuse.
    b) If ISP is not covered by legal domain you can blacklist the whole network either by blocking connections on your firewall to port 25 or just make a rule in your spam filtering engine to mark the mail from that network block as spam.
    c) You can do a pretty radical things based on the nature of your business:
    * block everything but US and get over with it, your SPAM level will drop 99%, whatever sneak will be easy to deal with legally.
    * block the designated list of SPAM offenders (ISPS) and your spam level will drop 30% minimum. e.g. http://www.spamhaus.org/drop/drop.lasso

    5) Breeze deeply and be systematic, thats the only way. If they pissed you off then you are doing something wrong 🙂

  7. Thanks for the IP tracing and spam-fighting tips, Sys, and thanks for writing.

  8. Update and Clarification (May 6, 2009): This post is about spam in general, using Acai Berry spam as an example. I aim to (1) illustrate that sometimes email addresses and web site addresses don’t match; and that when WHOIS is used, one may often find that they might not belong to the same person or organization. That should be a warning as to the legitimacy of the email message (or the site). Some readers have focused more on the email aspect of spam, but (2) much spam directs you to a web site. As some commenters have pointed out: email addresses can be spoofed, and tracking an email can be very difficult, BUT web sites are easier to track.

  9. […] blog post titled “I’m Fighting Acai Berry Spam Today” from August 14, 2008 is the 4th most read post on Skylarking. It has received a fair amount […]

  10. Nothing worse than

    – replying to spam (e.g. to tell them to stop)
    – clicking unsubscribe links on spam

    if your e-mailaddress was addressed by the spamming program because it was generated automatically (through brute-force generation of a@a.aaa, b@a.aaa etc.), any of the aforementioned actions will report to the spammer that the randomly generated address does in fact exist. Even if it wasn’t, it shows the spammer that the address is active and is being read regularly, giving him more reason to target it (and even share it with others).

    Unsubscribe links will probably contain some id or even your entire e-mailaddress in case you’re wondering how clicking a link can report the address to the spam initiator.

    Sander

  11. Good points, Sander. I would only click unsubscribe links for sites that I know and trust, and never for an unknown site or in an unsolicited message.

  12. F*** ACAI says:

    I get their spam constantly despite blocking anonymous emails and their domain. They are super aggressive. All their ads feature Matt Lauer (from the Today Show). I wonder if he know his face is plastered on this s*** product!

  13. Comp Sci guy says:

    I will never forget my first lesson on how to send spam. It came from a 14 year old using a Sun server and standard email protocols. He showed me how you can connect to an email service and send mail using any text as a return address (in this Juvenal’s case, it was sexually explicit). This was later confirmed in my computer science classes (for networking) that email servers today do very little in preventing these type of messages. Two ways that [the world] could deal with this would be to 1) change the email server protocols to require authentication and reporting a real return address associated with that authenticaion, having all others blocked on all upper level internet servers and ISPs -or- 2) force all email transmittions to one server for verification. These both have privacy / functionality trade offs. Neither would be full proof, they would be like a window protecting a house. The root of the problem lies in the core of all internet traffic, a UDP message. As long as UDP messages are allowed (which is critical for the entire internet to work at this moment in time) then any message of text can make its way to any IP address posing as any type of message (email-as spam, ping packets-DoS attacks, etc…). Since UDP messages can be fabricated containing any return address, as long as it has the proper format it can become untraceable. The only combat would be to re-design the internet protocols disallowing all old message types (anything based on UDP) — requiring a lot of money and time, and someone smart enough to determine what that would be. And it would have to be global (all routers, hubs, switches, servers, phones, computers, all internet transmitting devices, for all the world). Daunting to say the least.

    I found this message because my boss (without his knowledge or permission) has been sending me Acai Berry Trial emails at random times in the day. The email headers indicate that the are originating out of China.

  14. Alan Segal says:

    Register for an account at spamcop.net

    They have a free account, and a paid account. The paid account is more aggressive with spam (it takes into account spam reports from other users), and is simpler to use to report new spam.

    They will provide an email address for you to submit the spam to (You must foward the email with all the header information)

    If you use the free service, they will send you an email when the spam is ready to be reported. Click on the link in the email, and you will see a bunch of information obtained from the letters, including some information about the originating ISP.
    You can submit the spam report to go to the originating ISP.

    I have read somewhere that spamcop.net provides blacklists to ISPs.

  15. miniminded says:

    I’m an admin of a company with more than 300 email account

    every spam my associate get, they report to me so i can block them out in the future…

    I used to report the acai stuff that i get in my company email address… but i lose interest at my 500 something reports… i realize that nowadays those spam most likely are comming from bots… the sender address and the recipient address are often same,…

    it even tried to utilize “non delivery report” to send spam by spoofing the sender address with your address and the recipient address with a non exist address… that way your address get the non delivery report, along with the original message, the spam…

    i also noticed that blocking the website link was usually useless, since it was registered everywhere and the url was usually “dsftyuenkaosro.asdfrto.cn” or “yesfghhhkjfydrh.ru”…

    nowadays i just block it by filtering “\sac+?a+?i\s” in the header and body of an email… from then on no acai or accai or acaaai or acccccaai can get through…

    i have my piece at last…

  16. Bernadette says:

    interesting. if you are interested in acai, acaiberrytoyourdoor.com delivers a nice trial package totally free.

Leave a Reply

Your email address will not be published. Required fields are marked *