The person who decided that HTML was a good format for email deserves to be shot by a firing squad of about a million persons armed with air rifles (or B-B guns, as I believe they say in the USA). Want to DDoS someone's web server by spamming? Easy! Just include the following approximately 400 times per spam.

<IFRAME SRC="http://www.nutters.org/log" WIDTH=100% HEIGHT=5 FRAMEBORDER=0 SCROLLING=no></IFRAME>

That's the kind of spam that's being sent today, and everyone who opens it in a viewer which is happy to render HTML and IFRAMEs then proceeds to send 400 consecutive requests to my web server for the same page. Bingo: instant distributed denial of service generated by spam.

I need MAJOR bandwidth -- like AKAMAI bandwidth, or I'm sunk.

In their latest mutation, our spam-kiddies are now using the Windows message protocol to put up alerts on the screens of unsuspecting Windows users. These contain a dire warning that your computer has been compromised, and you should contact tech support -- on my home or mobile numbers. (My thanks to the person who submitted this in my feedback box.)

Message from NUTTERS.ORG to X.X.X.X on 3/25/2003 4:48:35 PM
A HACKER HAS GOTTEN INTO YOUR SYSTEM
CALL TECH SUPPORT IMMEDIATELY:
+61 2 9801 2416
OR
+61 4 2528 0158
YOUR ENTIRE SYSTEM MAY RESET IF YOU DO NOT CORRECT IT.

Yes, folks, TFBW's tech support service is standing by 24/7 to solve your problems -- even if we've never heard of each other before.

How many more tricks do you think they have up their sleeves? And how cussedly stubborn am I going to be about putting up with this in good humour? Stay tuned to find out!

Here's another tactic they're trying. Since they seem to have figured out that my mail server is locked down pretty hard, they've taken to forging an entire message that is supposed to have originated in my system, and then they forward that to some poor random Joe as a complaint! Here's an example I let bounce in earlier. Bear in mind that this is the body of the message I'm posting here.

X-ClientAddr: 203.222.71.145@perfect.epsilon.com.au
Received: from PERFECT.EPSILON.COM.AU (PERFECT.EPSILON.COM.AU
[203.222.71.145])
by perfect.epsilon.com.au (8.11.6/8.11.6) with ESMTP id h2KJHx087497
for <>; Fri, 21 Mar 2003 20:28:59 -0500
Received: from nutters (unknown [203.134.64.66])
by mako1.telstra.net (Postfix) with ESMTP id 2F76447FF51
for <>; Sat, 22 Mar 2003 00:52:15 +0100 (CET)
Received: from nutters (unknown [63.240.213.250])
by smtp3.zope.com (Postfix) with ESMTP id 2F76447FF51
for <>; Sat, 22 Mar 2003 01:52:14 +0200 (CET)
Message-ID: <4116-220546321342021701@nutters>
From: "Brett Watson" <famous@nutters.org>
To: ADDRESSLISTANONYMOUS@SPAMSTOPPER.ORG
Subject: HELLO
Date: Sat, 22 Mar 2003 00:52:21 +0100
MIME-Version: 1.0
Content-type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit

-----Original Message-----
From: Brett Watson [famous@nutters.org]
Sent: Fri, 21 Mar 2003 20:28:59
To:
Subject: HELLO

Hello Fellow Webmaster, <br>
Please check out my most recent articles:<br>

...and so on. What the heck is "X-ClientAddr" supposed to be? And these guys really need to study up on the "Received" header thing. And they also need to figure out that I'm not associated with Zope.

Mind you, they did manage to confuse at least one person into complaining to me over this. I was pretty confused myself when I first saw it -- it didn't make any sense at all.

They're trying a new tactic, by the look of it. I've seen a whole bunch of bounces come in -- primarily from .au domains -- which contain the following key bit.

Hello, You have just been subscribed to the nuttes.org dailynewsletter!
You will now receive our hourly newletter

visit:
Check out the rest of my writings on:
http://www.nutters.org/log <http://www.nutters.org/log> or
http://www.epsilon.com.au/user/famous/
<http://www.epsilon.com.au/user/famous/>

_____

To be removed call:
+61 2 9801 2416 or
+61 4 2528 0158

_____

MAIL-AWAY MAILING SERVICE
---------------------------------------------------------------------------

So in addition to the usual "abuse" addresses, they're trying to get people to abuse me in person over the phone. I'll be polite. People tend to get very sheepish when they realise they've made a mistake. I wonder if it will generate any calls?

At the bottom of the same message, there's about twenty blank lines, followed by TWENTY-TWO instances of the following URL.

<http://www.epsilon.com.au/user/famous/submit.pl?id=contact&subject=Follow
Your Instructions For This to Stop&text=UEFF Jugement is final>

That's followed by about thirty links to my Nutters-dot-org logo. Go figure. The URL above is a link to my form-processing page, or it looks like it's meant to be. It's broken in the mail instance I have here. If it were properly formed and submitted, it would send me a message with a "subject" of "Follow Your Instructions For This to Stop", and a message body of "UEFF Jugement is final". Nice spelling, guys. Some of the earlier spams also seem to have links back to my feedback forms which also contain the phrase "follow_your_instructions_ASAP".

What do you all make of that? Anyone heard of a "UEFF" before?

Hi, folks. This spamming problem looks like it's not going away any time soon, so I'm creating this forum for people to discuss matters. I'll link to it from my home page, showing the latest additions, since my home page has turned into war-room-central.

The short-short version of the problem (for those who've just dropped by) is that some spammers have taken it into their heads to try to drive me from the face of the Internet by impersonating me in spam emails. They've been at it since roughly March 16th, 2003, as far as I can tell. They do a terrible job of impersonating me, but the average recipient isn't to know that, of course.

I've put up the barbed wire and sandbags, raised the Nutters.org flag, donned my pith helmet, loaded the elephant gun, and am counteracting their slimy tricks as well as I can.

If anyone wants to ask any questions about this bizarre state of affairs, I'm here to help. Just bear in mind that this is an open channel, chaps, and our enemy is watching. If you want to communicate in private, use one of the feedback forms on my home page.