How to bust the amateur spammers

"Within an hour I had the junk e-mailer's name, phone number and a photo of his house"

"Within an hour I had the junk e-mailer's name, phone number and a photo of his house"

On the Internet, nobody knows you're a dog. The sentiment behind this well-worn expression is that Internet users automatically have a degree of anonymity. However, contrary to popular wisdom, anonymity, particularly over the Internet, is a very uncertain state.

Let me give you an example.

Recently, I was spammed with some material that I didn't much like. Those who send junk e-mail tend to hide behind "re-mailer services", but this was different - it looked to be very much an amateur effort. Normally, when the author happens to be [email protected] or, there is little you can do except send an e-mail to "Abuse" at the respective service provider but this time I tried something a little more creative.

Working on the hunch that xyz123 might have popped up somewhere else on the Internet before, I ran all the big search engines (including Google and against the address. To my surprise, the same address popped-up on a school site, listing the names of ex-pupils and their contact e-mail addresses.

What came next was pretty simple. I ran the name, which was unusual, against and quickly obtained the suspect's address and telephone number, complete with an aerial photo of his street.

Of course, the next step was to reply to the original e-mail, politely suggesting that I never be bothered again, including the originator's home address details to support my request.

If only it were so easy with the other 100 or so spam messages I receive every month - "Simon Moores you have won a vacation" or "Simon Moores clear those debts today".

If the menace of spam represents one of the Internet's more pressing problems, then a secondary issue has to be the question of e-mail auditing.

In the light of the Enron scandal and allegations that Arthur Andersen shredded vital evidence, hard and soft copy alike, together with the stories and potential liabilities surrounding Allied Irish Bank, Ford Motor Company and a great many others, companies are now having to urgently review their policy on the use of
e-mail auditing.

Auditing the message flow passing in and out of a company server does not necessarily involve reading an individual's e-mail - it is generally more of a pattern recognition system to alert the company to message content that is suspicious or downright unacceptable, such as pornography.

A year ago, the very subject of e-mail auditing made me very nervous, but my own research now suggests that most of us will accept the idea, as long as the internal process conforms to a well-defined policy, is trustworthy and is used in a responsible manner and not as a gratuitous peep show.

The issue is an important one, but it remains a novel, vague and rather grey area for many companies.

As there is little real direction or advice on the matter, I am going to suggest that, through Computer Weekly, readers can access advice on the subject.

Simply e-mail any question on the issues surrounding e-mail auditing to [email protected] and I will do my best to get a reply back to you as quickly as possible.

Simon Moores is chairman of the Research Group

Read more on E-commerce technology