Computerworld - Every year, it seems my company gets more and more spam, and much of it is offensive. An employee in our public relations department recently received a particularly bad example.
The unsolicited e-mail advertised a child pornography Web site. The employee, both offended and frightened that management would think he had requested the information, passed it on to our human resources department. Human resources in turn passed it to our physical security team, which contacted local law enforcement officials. My team was called in to identify the source.
The From header indicated that the e-mail came from the domain of a game company in Hong Kong. It probably wasn't the culprit. The header is much like the return address on a letter: You can insert whatever address you like. We dug further, but we used an external Internet account so others wouldn't know that our organization was investigating.
From Russia, With Love
The pornography Web site's Domain Name System name was registered to someone in the U.K., but the name servers hosting the zone files were in Russia. The Web server in question was associated with the registrant's Internet service provider in Moscow. But the service provider offers wireless connectivity, which makes it much harder to find the physical server at the other end of the connection.
We decided against visiting the Web site itself—we don't want child pornography images in our cache or on our machines. Besides, the spam might be a law enforcement sting with a fake server, or the authorities might be waiting to raid the real server and be monitoring connections to the server in the meantime.
How did the e-mail get to us? By reading the series of headers on the e-mail, we traced it back to a mail server at a computer consultancy in Utah. It had apparently misconfigured its server, allowing anyone to connect.
You can report spam to services that test the source-mail servers to see if they're correctly set up. If so, the service adds the server to its blacklist and notifies the owner. We found the consultancy's server on one of these lists, so we knew it had been notified about the problem.
This convoluted web of international lies and deception reads like the plot of a James Bond novel but is normal for spam. It makes it very hard for anyone to take action against the spammers, because any legal action would involve numerous companies in many different jurisdictions. Although the total spam burden is expensive, each individual e-mail message doesn't cost that much time and storage, so we couldn't sue for much anyway.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
