E-mail recipients at newmediagroup.com came under attack after Jim Youll, whose e-mail account is jim@newmediagroup.com, posted public messages supportive of those who have been working on a way to prevent Internet junk e-mail from reaching those who don't want it.
A business owner himself, Youll supports the right of businesses to advertise, but also believes that anyone who doesn't want the junk mail should be able to ban it permanently, and that criminal and civil recourse should be available to those who receive what has come to be called "Unsolicited Commercial E-mail" despite their requests that it not be sent to them. Youll also believes it should be illegal to send messages with forged headers, as it allows unscrupulous sellers to hide their true identities, and also allows massive "anonymous" attacks such as that perpetrated against him.
The attackers launched an inbound flood of messages addressed to Youll, then sent what is believed to be tens of thousands of messages outbound in several separate incidents over a period of thirteen days, fraudulently showing Youll's name and e-mail address as the sender. Recipients of the messages, already outraged at the volume of junk mail in their e-mail systems, wrote back to Youll to complain. And several thousand mis-addressed undeliverable messages "bounced" - contributing to the flood of the New Media Group mail system.
In all, the New Media Group mail server, which normally handles 20 to 30 messages a day, processed between 7,000 and 11,000 messages in fourteen days. Youll missed almost two weeks of work and has begun to incur attorney's fees which may amount to several thousand dollars as he seeks an investigation into the truth about what happened.
Explanation: This first run was apparently an e-mail bombing attack on the four people whose
names appeared at the bottom of the message:
Derek Tam, al442@freenet.carleton.ca
Peter Kosta, bn816@freenet.carleton.ca
Simon Carr, ca999@freenet.carleton.ca
Raymond Y. Chow, al955@freenet.carleton.ca
When the sending failed, they bounced back to nevwest.com, which sent them to me. Of those,
only the Derek Tam account was still active at the time. I have talked with Derek and he was the
subject of another similar attack recently. He has also publicly opposed junk e-mail. I believe his
account has since been disabled because it overflowed, and he has contacted me from another
mailing address.
2. Several hundred of the threatening messages were sent directly to my mailserver by the
computer nevwest.com, operated by CTE, Inc.
Wednesday, May 14, 1997 around 2200EDT through Thursday, May 15
The first fraudulent message was mass-mailed to addressees all over the world the night and early
morning(EDT) of 5/14 and 5/15. It bears my name as the sender and looks like an advertisement
from me. The machine nevwest.com sent these messages, and we began receiving a barrage of
letters of complaint throughout the day on 5/15.
C. Thursday, May 15, 1997 to Saturday May 17
1. A second fraudulent message was mass-mailed all over the world. This message took text from
the web page on which I had offered a reward, and turned it into a "game" then bombarded people
with it. The oiginal message was still in there, so that the message began growing longer. These
messages were apparently sent by the computer ispam.net, which is operated by Cyber
Promotions. This resulted in several thousand undeliverable messages, which were returned to me
Friday morning, 5/16 and throughout the day, and lots of angry messages and incoming mail from
people who are so frustrated with junk mail and thought I had mailed them.
2. A repeat of the above happened early Saturday morning with apparently a very large number of messages sent out. This caused an incoming flood of thousands of undeliverable messages. Our service provder delete some incoming mail to prevent his system filling up, and we reconfigured the systems to shift the load off his machines and onto ours. We processed several thousand messages Saturday morning, 4 to 6 per minute for several hours. These messages also were to sent from ispam.net.
D. Sunday, May 18 to Monday May 19 and continuing to present
1. A new message, again containing the old information, and now adding some taunts about me and a notice I posted to the website which people were by now reading to followup on this (Thousands of people have read the information on the website since last Friday). This was mailed early Sunday evening, EDT, and we received a flood of incoming failed-messages, and more complaints. The message now contains text from me as well as an excerpt from a message posted to the newsgroup comp.dcom.telecom, making this the lengthiest message yet. I received letters of complaint about this one through the week and an occasoinal new complaint still shows up.This again references "youll2die" and they added the phrase "I know I'm a hero though" to some text they copied from a message I posted to the comp.dcom.telecom newsgroup. Nevwest.com was the machine which sent these messages out.
E. Sunday, May 18, 0200 GMT (2200 EDT)
Two messages were posted to the newsgroup news.admin.net-abuse.email
1. A taunting message critical of the members of the newsgroup and their campaign against unwanted junk e-mail.
2. From "postmaster" at Nevwest.com. It claims their "SMTP ports" were used without authorization and "We have blocked this sender and taken the appropriate actions to insure in does not happen again."
F. Monday, May 26, 0800 EDT and 1600 EDT
A new message was mass-mailed to an
unknown but apparently very large number (thousands) of recipients. As
of 0900 EDT we had begun receiving bounced messages from systems around
the world. A second wave of mailings happened between about 1600 and 1730 EDT.
The relay machine for these messages was confirmed to be "relay5.ispam.net" [207.124.161.54]. This is a computer run by Cyber Promotions and connected to the Internet by New Jersey-based provider IDCI. The system at 207.124.161.54 at one point was hitting our server with > 20 messages/second of direct and indirect bounces.
Bounce messages from servers, and complaint messages from those who did not understand that the mailing was forged-by-losers were still coming in through 5/28 and are expected to continue for several days.
F. Thursday, May 29, 1425 EDT
No new progress to report. I'm having a hard time getting calls returned
but it's a short week. Stay tuned. Maybe we'll get this figured out
anyway and find these cowards. We're still getting a lot of angry mail
and some bounces, though not nearly as much as we get when they do an
outbound fraudulent mailing.
In other news, Cable&Wireless also has junk e-mailers on
its network. C&W is publicly-traded and I am now additionally
calling for C&W shareholders to demand that their company
take a responsible position as we are demanding of Alltel. The C&W
backbone was used in the attacks against me on 5/29.
G. Tuesday, August 12, 2300EDT
An eighth "anonymous" fraudulent mailing was sent to thousands of people around the world
this morning. As before, we have processed
several thousand bounced messages, answered hundreds of messages of complaint, and continued the ongoing criminal investigation.
The reward is increased to $3,000 plus one case of Hormel Spam (tm) donated a food pantry in your name for information leading to a successful criminal or civil prosecution of any party responsible for any of the Internet attacks against jim@newmediagroup.com
The attackers are using the same methods as always, and people on the Internet are becoming quite smart
about ignoring this trash instead of trying to retaliate.
So far, I have missed the better part of two weeks' work, haven't slept much, and have incurred long distance charges calling places from Nevada to the UK. My company's name has been dragged through the mud, as was mine, and my telephone number has been sprayed all over the Internet, leading to angry, threatening phone calls and even death threats.
I have received, and answered, hundreds of angry messages from people who threatened to mass mail me because they were so angry that I "sent them" the junk mail. My attorney's fees alone, are climbing well past $1,000 in these early stages.
This same type of attack closed
down an Internet company (joes.com) for ten days in January, and has
forced unfortunate individuals to lose the use of their private e-mail
addresses for periods ranging from weeks to forever. This is not the
first attack of this kind, but it's been one of the more brutal.