........................................................................... Received: from 209-64-116-062.mastercard.com ([209.64.116.62]:2391 "HELO mastercard.com") by halifax.chebucto.ns.ca with SMTP id ; Wed, 21 Jun 2000 14:37:06 -0300 Received: by mastercard.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 86256905.0060C69E ; Wed, 21 Jun 2000 12:37:03 -0500 X-Lotus-FromDomain: MASTERCARD From: customerservice@mastercard.com To: af380@chebucto.ns.ca Message-ID: <86256905.0060C3DF.00@mastercard.com> Date: Wed, 21 Jun 2000 12:36:47 -0500 Subject: Re:Is cardex.com affiliated with Mastercard? Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Return-Path: We did not receive your entire message. Please resend it. Thank you, MasterCard International Customer Service Your Original Message Was: I have received an unsolicited message promoting a electronic version of a cash card from cardex.com, called an ........................................................................... Received: from 209-64-116-062.mastercard.com ([209.64.116.62]:1479 "HELO mastercard.com") by halifax.chebucto.ns.ca with SMTP id ; Wed, 21 Jun 2000 19:19:17 -0300 Received: by mastercard.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 86256905.007A98F8 ; Wed, 21 Jun 2000 17:19:05 -0500 X-Lotus-FromDomain: MasterCard International@MASTERCARD From: MasterCard_International%MasterCard_International@mastercard.com Sender: "_MCAgent%MasterCard International"@mastercard.com To: af380@chebucto.ns.ca Message-ID: <86256905.007A9838.00@mastercard.com> Date: Wed, 21 Jun 2000 17:18:51 -0500 Subject: Thank you for visiting the MasterCard web-site. Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Return-Path: <"_MCAgent%MasterCard International"@mastercard.com> MasterCard International's Customer Service Center has received your inquiry. Our WebMail Support Team is in the process of reviewing your inquiry and if applicable, will respond to you shortly. Best Regards, Customer Service Center MasterCard International P.S. - Want to get more out of your MasterCard card? Here's an exciting new way to get one-of-a-kind savings when you shop on the Web. Sign up for MasterCard Exclusives Online(tm) and you'll receive special money-saving discounts on goods and services tailored to your specific interests. Save time, save money -- join MasterCard Exclusives Online(tm) today. Visit: www.mastercard.com/exclusives! http://www.mastercard.com/cgi-bin/indirect/meo_custsvc/www.mastercard.com/exclusives ........................................................................... Received: from 209-64-116-062.mastercard.com ([209.64.116.62]:3107 "HELO mastercard.com") by halifax.chebucto.ns.ca with SMTP id ; Sat, 24 Jun 2000 07:17:04 -0300 Received: by mastercard.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 86256908.00387C20 ; Sat, 24 Jun 2000 05:16:57 -0500 X-Lotus-FromDomain: MasterCard International@MASTERCARD From: MasterCard_International%MasterCard_International@mastercard.com Sender: "_MCAgent%MasterCard International"@mastercard.com To: af380@chebucto.ns.ca Message-ID: <86256908.00387B79.00@mastercard.com> Date: Sat, 24 Jun 2000 05:16:52 -0500 Subject: Thank you for visiting the MasterCard web-site. Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Return-Path: <"_MCAgent%MasterCard International"@mastercard.com> MasterCard International's Customer Service Center has received your inquiry. Our WebMail Support Team is in the process of reviewing your inquiry and if applicable, will respond to you shortly. Best Regards, Customer Service Center MasterCard International P.S. - Want to get more out of your MasterCard card? Here's an exciting new way to get one-of-a-kind savings when you shop on the Web. Sign up for MasterCard Exclusives Online(tm) and you'll receive special money-saving discounts on goods and services tailored to your specific interests. Save time, save money -- join MasterCard Exclusives Online(tm) today. Visit: www.mastercard.com/exclusives! http://www.mastercard.com/cgi-bin/indirect/meo_custsvc/www.mastercard.com/exclusives ........................................................................... Received: from 209-64-116-062.mastercard.com ([209.64.116.62]:3732 "HELO mastercard.com") by halifax.chebucto.ns.ca with SMTP id ; Mon, 26 Jun 2000 13:22:25 -0300 Received: by mastercard.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 8625690A.0059EDDF ; Mon, 26 Jun 2000 11:22:15 -0500 X-Lotus-FromDomain: MASTERCARD From: customerservice@mastercard.com To: "Norman L. DeForest" Message-ID: <8625690A.0059EC3E.00@mastercard.com> Date: Mon, 26 Jun 2000 11:22:06 -0500 Subject: Re:Re:Is cardex.com affiliated with Mastercard? Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Return-Path: Thank you for visiting the MasterCard website at www.mastercard.com. MasterCard International provides products and services to over three thousand financial institutions that issue MasterCard. We do not issue cards directly. All MasterCards are issued through our member financial institutions. Each member financial institution determines their own lending policy, fees, interest rates and benefits included in their offer. Card Ex is an affiliate of MasterCard International. Best Wishes, MasterCard International Customer Service Center Your Original Message Was: On Wed, 21 Jun 2000 customerservice@mastercard.com wrote: > We did not receive your entire message. Please resend it. > > Thank you, > > MasterCard International > Customer Service > > > Your Original Message Was: > > I have received an unsolicited message > promoting a electronic version of a cash > card from cardex.com, called an It appears that there is *another* thing wrong with your form. 1. Both buttons are labelled as "submit" buttons even though one is not so those with text-only browsers can get very confused. 2. It is impossible for lynx users to cut-and-paste in a form so text from some other source can't be quoted. 3. Lynx users can't enter more lines of text than there are on the form nor easily proofread any line of text that's longer than the specified form width. and now I find out that 4. not all of the text is properly submitted. Could I suggest that you get your webmaster to include an email address on each page for enquiries? Adding the following line to the ... section of all of your web pages would also allow lynx user to send you a comment or query from *anywhere* in the page and would allow them to quote the page being commented about: To avoid spam, you could encode it as: which spammers' harvestors would fail to recognise as an address. What I was trying to submit in the first place was (approximately, since another disadvantage of a form is that the sender of a message can't send a carbon copy to himself): I have received an unsolicited message promoting a electronic version of a cash card from cardex.com, called an iCard. The spam and their web site refers to the card as a "MasterCard iCard" but I could find no reference to any sort of "virtual" cash card on your site. Also, they claim that the virtual cash card can only be sent by email. Since email can be very-easily intercepted and there is no encryption, I feel that this is a highly insecure method of delivery. Are they *really* affiliated with your and to what address of yours can I report this? Either they are affiliated with you and are using unethical methods of advertising and insecure methods of delivery or they are misrepresenting themselves as being associated with you (in which case I suspect that your lawyers would be interested). >From their web site: http://www.cardex.com/internetcard/faq.html ; Q. What is iCard? ; ; A. A CardEx iCard is a virtual prepaid debit card that is used to make ; online purchases anywhere MasterCard is accepted. The iCard is ; ordered, delivered, and redeemed online for convenience. The iCard is ; available in denominations ranging from $25 to $250 and is ; rechargeable for continued use. [118] Top [snip] ; Q. What if I don’t have an e-mail address for the person I’m ; sending to? ; ; A. Because our iCards are delivered electronically, we do need a valid ; e-mail address to send the card to. You can always order a CardEx ; GiftCard, which is delivered to a physical address. To learn more ; about the GiftCards, click here. [122] Top [snip] ; Q. What if I lose my card number? ; ; A. If you lose your MasterCard iCard number, you can contact our ; Customer Service Department at [137] CS@cardex.com. Please indicate ; that you have lost your card number. You will be required to provide ; your user name, password and e-mail address. We will e-mail your card ; number to you within 24 hours. [138] Top [snip] ; [170] [INLINE] [171] [INLINE] [172] Welcome to CardEx |[173] ; MasterCard iCard[174] | [175] MasterCard GiftCards[176] | [177] [snip] 173. http://www.cardex.com/internetcard/index.asp 174. http://www.mycardex.com/ 175. http://www.cardex.com/corporate_giftcards.html The spam was also sent with the recipients' addresses in the "To:" field -- all 3479 of them (the previous record for any spam I received was 2840 recipients in the "To:" header), (a) accounting for the large size of the message and (b) providing another source of pre-harvested addresses should one or more of the recipients be other spammers. A copy of the spam with full headers is currently available on my web site should you wish to see it for yourself. I can't keep it there indefinitely because it uses up a lot of my disk quota. You can grab all 179247 bytes of it (yes, it was that large) at: http://www.chebucto.ns.ca/~af380/spam-cardex.txt Also a large number of the recipients were users at freenets and community nets which I know provide exclusively text-only service with lynx (my ISP, the Chebucto Community Net only recently phased in a new PPP service but most of its users still have only text-only service) which can't access https URLs necessary to place an order with Cardex even if the users wanted to. This is clearly abuse on and of the Internet and, if the company is *not* affiliated with you, is also fraud. Whether they are affiliated with you or not, they are dragging *your* reputation down in the mud. Please take the appropriate steps to stop this abuse. If I don't hear from you within a reasonable time I will be forced to assume that nothing was done. In that case, I will make the fact of this spamming public knowledge. -- Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html af380@chebucto.ns.ca [=||=] (A Speech Friendly Site) Q. Which is the greater problem in the world today, ignorance or apathy? A. I don't know and I couldn't care less. ........................................................................... Received: from 209-64-116-062.mastercard.com ([209.64.116.62]:1076 "HELO mastercard.com") by halifax.chebucto.ns.ca with SMTP id ; Tue, 27 Jun 2000 12:06:40 -0300 Received: by mastercard.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 8625690B.0052FD76 ; Tue, 27 Jun 2000 10:06:28 -0500 X-Lotus-FromDomain: MASTERCARD From: customerservice@mastercard.com To: "Norman L. DeForest" Message-ID: <8625690B.0052F2F8.00@mastercard.com> Date: Tue, 27 Jun 2000 10:05:54 -0500 Subject: Re:No reply to my query yet: "Is cardex.com affiliated with Mastercard?" (fwd) Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Return-Path: Thank you for contacting MasterCard International. We too are concerned about the unusual amounts of unsolicited commercial e-mail used by a handful companies that offer merchant account services. These companies are not affiliated with MasterCard International and most aren't affiliated with our member banks, so we do not have the ability to discourage this practice. We suggest you contact the soliciting company directly about their practices and ask them to remove you from their mailing list. Thanks for your comments. Best regards, MasterCard International Customer Service Center Your Original Message Was: Not only have you failed to provide me with a timely answer to my questions, I see by the access statistics for my web site that you have not even had a look at the evidence. If I have received no reply by Monday then I will have to assume that either (a) the "MasterCard iCard" advertised in the spam I got was genuine and you have no objections to people spamming with *huge* messages on your behalf (three messages of that size would over-fill most users' INBOXes here causing any subsequent wanted email to bounce) OR (b) the "MasterCard iCard" advertised in the spam I got was *not* genuine and you have no concern for people being defrauded by someone else's misuse of your name as long as you are not stick with the losses. In either case, I will be making the fact of the spam and your lack of response public by posting the spam to a net-abuse newsgroup (with the 3479 addresses removed and replaced with a count), making the spam publically available to all (with the 3479 addresses removed and replaced with a count or "xxx"ed-out replacements) on my web site, and submitting it to a local newspaper. Just for your records, you will also receive a copy of the original spam so you can see the reason for my objections to it and why I am concerned about it being connected with you. A copy of my original message is below. -- Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html af380@chebucto.ns.ca [=||=] (A Speech Friendly Site) "I look at the roses through world colored glasses." -- Ron Schwarz in news.admin.net-abuse.email ---------- Forwarded message ---------- Date: Wed, 21 Jun 2000 19:17:05 -0300 (ADT) From: "Norman L. DeForest" To: customerservice@mastercard.com Subject: Re:Is cardex.com affiliated with Mastercard? On Wed, 21 Jun 2000 customerservice@mastercard.com wrote: > We did not receive your entire message. Please resend it. > > Thank you, > > MasterCard International > Customer Service > > > Your Original Message Was: > > I have received an unsolicited message > promoting a electronic version of a cash > card from cardex.com, called an It appears that there is *another* thing wrong with your form. 1. Both buttons are labelled as "submit" buttons even though one is not so those with text-only browsers can get very confused. 2. It is impossible for lynx users to cut-and-paste in a form so text from some other source can't be quoted. 3. Lynx users can't enter more lines of text than there are on the form nor easily proofread any line of text that's longer than the specified form width. and now I find out that 4. not all of the text is properly submitted. Could I suggest that you get your webmaster to include an email address on each page for enquiries? Adding the following line to the ... section of all of your web pages would also allow lynx user to send you a comment or query from *anywhere* in the page and would allow them to quote the page being commented about: To avoid spam, you could encode it as: which spammers' harvestors would fail to recognise as an address. What I was trying to submit in the first place was (approximately, since another disadvantage of a form is that the sender of a message can't send a carbon copy to himself): I have received an unsolicited message promoting a electronic version of a cash card from cardex.com, called an iCard. The spam and their web site refers to the card as a "MasterCard iCard" but I could find no reference to any sort of "virtual" cash card on your site. Also, they claim that the virtual cash card can only be sent by email. Since email can be very-easily intercepted and there is no encryption, I feel that this is a highly insecure method of delivery. Are they *really* affiliated with your and to what address of yours can I report this? Either they are affiliated with you and are using unethical methods of advertising and insecure methods of delivery or they are misrepresenting themselves as being associated with you (in which case I suspect that your lawyers would be interested). >From their web site: http://www.cardex.com/internetcard/faq.html ; Q. What is iCard? ; ; A. A CardEx iCard is a virtual prepaid debit card that is used to make ; online purchases anywhere MasterCard is accepted. The iCard is ; ordered, delivered, and redeemed online for convenience. The iCard is ; available in denominations ranging from $25 to $250 and is ; rechargeable for continued use. [118] Top [snip] ; Q. What if I don’t have an e-mail address for the person I’m ; sending to? ; ; A. Because our iCards are delivered electronically, we do need a valid ; e-mail address to send the card to. You can always order a CardEx ; GiftCard, which is delivered to a physical address. To learn more ; about the GiftCards, click here. [122] Top [snip] ; Q. What if I lose my card number? ; ; A. If you lose your MasterCard iCard number, you can contact our ; Customer Service Department at [137] CS@cardex.com. Please indicate ; that you have lost your card number. You will be required to provide ; your user name, password and e-mail address. We will e-mail your card ; number to you within 24 hours. [138] Top [snip] ; [170] [INLINE] [171] [INLINE] [172] Welcome to CardEx |[173] ; MasterCard iCard[174] | [175] MasterCard GiftCards[176] | [177] [snip] 173. http://www.cardex.com/internetcard/index.asp 174. http://www.mycardex.com/ 175. http://www.cardex.com/corporate_giftcards.html The spam was also sent with the recipients' addresses in the "To:" field -- all 3479 of them (the previous record for any spam I received was 2840 recipients in the "To:" header), (a) accounting for the large size of the message and (b) providing another source of pre-harvested addresses should one or more of the recipients be other spammers. A copy of the spam with full headers is currently available on my web site should you wish to see it for yourself. I can't keep it there indefinitely because it uses up a lot of my disk quota. You can grab all 179247 bytes of it (yes, it was that large) at: http://www.chebucto.ns.ca/~af380/spam-cardex.txt Also a large number of the recipients were users at freenets and community nets which I know provide exclusively text-only service with lynx (my ISP, the Chebucto Community Net only recently phased in a new PPP service but most of its users still have only text-only service) which can't access https URLs necessary to place an order with Cardex even if the users wanted to. This is clearly abuse on and of the Internet and, if the company is *not* affiliated with you, is also fraud. Whether they are affiliated with you or not, they are dragging *your* reputation down in the mud. Please take the appropriate steps to stop this abuse. If I don't hear from you within a reasonable time I will be forced to assume that nothing was done. In that case, I will make the fact of this spamming public knowledge. -- Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html af380@chebucto.ns.ca [=||=] (A Speech Friendly Site) Q. Which is the greater problem in the world today, ignorance or apathy? A. I don't know and I couldn't care less. ........................................................................... Received: from 209-64-116-062.mastercard.com ([209.64.116.62]:4547 "HELO mastercard.com") by halifax.chebucto.ns.ca with SMTP id ; Sun, 9 Jul 2000 09:32:23 -0300 Received: by mastercard.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 86256917.0044E127 ; Sun, 9 Jul 2000 07:32:20 -0500 X-Lotus-FromDomain: MasterCard International@MASTERCARD From: MasterCard_International%MasterCard_International@mastercard.com Sender: "_MCAgent%MasterCard International"@mastercard.com To: af380@chebucto.ns.ca Message-ID: <86256917.0044E062.00@mastercard.com> Date: Sun, 9 Jul 2000 07:32:07 -0500 Subject: Thank you for visiting the MasterCard web-site. Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Return-Path: <"_MCAgent%MasterCard International"@mastercard.com> MasterCard International's Customer Service Center has received your inquiry. Our WebMail Support Team is in the process of reviewing your inquiry and if applicable, will respond to you shortly. Best Regards, Customer Service Center MasterCard International P.S. - Want to get more out of your MasterCard card? Here's an exciting new way to get one-of-a-kind savings when you shop on the Web. Sign up for MasterCard Exclusives Online(tm) and you'll receive special money-saving discounts on goods and services tailored to your specific interests. Save time, save money -- join MasterCard Exclusives Online(tm) today. Visit: www.mastercard.com/exclusives! http://www.mastercard.com/cgi-bin/indirect/meo_custsvc/www.mastercard.com/exclusives ........................................................................... Received: from 209-64-116-062.mastercard.com ([209.64.116.62]:1913 "HELO mastercard.com") by halifax.chebucto.ns.ca with SMTP id ; Sun, 9 Jul 2000 11:45:17 -0300 Received: by mastercard.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 86256917.00510A8C ; Sun, 9 Jul 2000 09:45:11 -0500 X-Lotus-FromDomain: MASTERCARD From: customerservice@mastercard.com To: "Norman L. DeForest" Message-ID: <86256917.00510920.00@mastercard.com> Date: Sun, 9 Jul 2000 09:45:00 -0500 Subject: Re:Regarding MasterCard's clueless response to my query, "Is cardex.com , affiliated with Mastercard?" Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Return-Path: Thank you for your inquiry to MasterCard International. MasterCard International provides products and services to more than three thousand financial institutions issuing MasterCard cards. We do not issue cards directly. Each member financial institution determines their own lending policies, fees, interest rates and benefits. Card Ex is an affiliate with MasterCard. We apologize for any confusion we may have caused. If you would like to be removed from Card Ex's mailing list, or lodge a complaint, please contact Card Ex directly at 800-765-2991. If you would like to write to them, their address is: Card Express, Inc. 7595 Irvine Center Drive Irvine, CA 92618 Best regards, MasterCard International Customer Service Center jmb Your Original Message Was: [This message is also being publically posted to Usenet to the news.admin.net-abuse.email newsgroup.] In one of your replies to me (see below), you write: "Card Ex is an affiliate of MasterCard International." In another reply, you write: "We too are concerned about the unusual amounts of unsolicited commercial e-mail used by a handful companies that offer merchant account services. These companies are not affiliated with MasterCard International ...." There seems to be some conflict there. Your (lack of) action also seems to contradict your expression of concern. If companies *are* affiliated with you, such affiliation should require them to avoid advertising practices that could cause your name to come into disrepute. If an affiliate of your started advertising charge cards by placing collect telephone calls to people with the fraudulent announcement that it concerns a death in the family and then try to sell them credit cards once the charges were accepted, would you not take action against this sort of practice? Unsolicited bulk email has a similar effect. Some people have to connect to their Internet Service Providers via long-distance or by cellular modem where every minute on line costs them money. Others may live in countries where *all* calls have a per-minute charge and, in some cases, their ISP also imposes a per-kilobyte charge for data transfer. If they find it frequently necessary to download 180K bytes of a message just to find out that it is spam, it can cost them substantial money. As one famous anti-spammer once said, "Free speech isn't free if it comes postage-due." (The advantages of some email protocols to selectively send only the headers so a recipient can determine if the rest of the message is worth downloading is also defeated if more than 160K bytes of the message *is* in the headers.) Also, any attempt to make spam respectable threatens to make email unusable. For more on this see one of my Usenet posts on the subject: http://www.chebucto.ns.ca/~af380/yet-another-rant.html (and an added public comment on *your* lack of action so far). If a company is *not* affiliated with you and uses your name fraudulently in order to add respectability to whatever service that company is providing (or claiming to provide) then you should be taking legal action to stop such misrepresentation -- otherwise, legitimate promotions by you or your affiliates may become ineffective due to public mistrust of anything mentioning your name. Lack of action against unauthorised use could also lead to dilution of your trademark. Your two responses give no indication of your taking *any* action. In fact, the web access statistics indicate that you have *never* even looked at the file containing the spam I was reporting to you: http://www.chebucto.ns.ca/~af380/spam-cardex.txt That file is now no longer available. In its place is the same spam with all of the recipients' addresses (except mine) "xxx"ed out so that I may make the spam public without providing a fresh set of addresses for any spammer who encounters my site. It is still the exact original size as the original and can be found at: http://www.chebucto.ns.ca/~af380/spam-cardex.xxx.txt Notice that I have left my own addresses unchanged. Cardex.com not only sent the message to my current address but also to an address of mine that I have not used for more than two years (and which quit forwarding to me in November -- otherwise I would have received *two* copies of the 180K-byte spam). You also write: "We suggest you contact the soliciting company directly about their practices and ask them to remove you from their mailing list." Remove requests DO NOT WORK! Anyone who has been on the receiving end of spam can tell you that sending "remove" requests will usually result in the incoming spam increasing exponentially. Note: The term "mainsleaze" below is anti-spammers' slang for spam (and the senders thereof) from otherwise legitimate companies -- the kinds of advertisements that would have been perfectly acceptable if they had been sent by postal mail. See: http://www.rahul.net/falk/glossary.html#mainsleaze On sending "Remove" requests and the undesirability of allowing spamming to become acceptable as long as a "remove" address is provided: Possibilities: ("Advantages" are from the anti-spammer's perspective.) 1. "remove" address is genuine and spammer reads the email there. The probability of this is low but a few newbie spammers or mainsleaze sites may actually honour removes. However, if this (spamming and really honouring removes) was to become acceptable practice then the amount of spam would increase drastically. Advantage: wastes a few seconds of the spammer's time and may get you removed from the spammer's list. (Any advantage of being removed from this list is offset by the increasing number of new lists that would pop up due to removal becoming acceptable.) 2. "remove" address is genuine. The mail is read by a script that just adds the sender to a "do not mail list". Similar to #1 except that it does *not* waste the spammer's time. The disadvantages to this becoming acceptable are still present. Advantages: May get you removed from the spammer's list. (Any advantage of being removed from this list is offset by the increasing number of new lists that would pop up due to removal becoming acceptable.) 3. "remove" address is a genuine address. Spammer, however, uses a script to add the sender's addresses to a database to be included on his next "*** !!! CD OF 100,000,000 FRESH VERIFIED EMAIL ADDRESSES!!! *** ONLY $59.95 ***" Advantages: none. 4. "remove" address is genuine but is directed to /dev/null (or NUL on a DOS machine) and never read. Advantages: none. 5. Spammer's address is genuine but no "removal" address is given. A request for removal results in one or more of: a. Your address going on a CD (see #3), b. More spam from the same spammer, c. A "F*ck you. I have the right to send what I want. Quit interfering with my Free Speach[sic](tm)." reply from the spammer. (Mileage, wording, and [lack of] literacy may vary.) d. a mailbombing from the spammer, e. your address getting forged as the "From:" address of the spammer's next spam run. Advantages: none. 6. "remove" and/or spammer's alleged "From:" address is fictitious. All you get for your trouble is a bounce. Advantages: none. 7. "remove" and/or spammer's alleged "From:" address is forged and belongs to someone else. All a remove request does is become part of a mailbombing-by-proxy from a multitude of remove requests aimed at an innocent third party. Advantages: none. 8. Spammer's "remove" and/or "From:" address is an autoresponder. Sending anything to it gets you another spam and the spammer has an excuse to claim the second spam was solicited. Advantages: none. 9. Spammer's "From:" and "To:" address is configured as a mailing list. Any message you try to send to the spammer ends up going to the original list of spam victims. You also get a multitude of bounces from the invalid addresses on the list. Advantages: none. 10. Spammer requires a visit to a web page for removal. Not all people using email have web access. Web-based removal could set cookies on your machine to allow identifying you and tracking your movements. If the removal page requires JavaScript or ActiveX then other nasty or privacy-invading things can be done. An appropriately written CGI script could use the data you submit to an "Unsubscribe" page to forge a valid-looking "Subscribe" request submitted through the same or another form and give the spammer an excuse for sending more spam. And making the use of an "Unsubscribe" page acceptable will also make mainsleaze spam flood your INBOX. ***Cough**cough**telstra**cough*** Advantages: none. Which of the ten possibilities listed above is true in any given case can frequently be uncertain because it is impossible to distinguish the lying and fraudulent spammers from those that would otherwise be legitimate businesses (if they had not resorted to spamming) without a score card (and there are no score cards). Possibility #3 is the most frequent. Since the probability of possibility #1 is so low and the disadvantages of the other possibilities far outweigh the slim benefits of possibilities #1 and #2 by several hundred to one, sending a message to the spammer requesting removal seems like a rather unproductive thing to try. Furthermore, you have failed to address another concern of mine. If the alleged MasterCard iCard is sent only by email, what is stopping it from being intercepted by an unauthorised third party and being used by that person? Do you not have security standards for anything promoted with your name on it? >From your responses I can only conclude that (a) you are indifferent to any net-abuse associated with your name and (b) you don't care about security (or lack of it) associated with your name as long as it isn't you losing money. If I am wrong about either of these conclusions, I would appreciate receiving some evidence to the contrary. On Mon, 26 Jun 2000 customerservice@mastercard.com wrote: > Date: Mon, 26 Jun 2000 11:22:06 -0500 > From: customerservice@mastercard.com > To: "Norman L. DeForest" > Subject: Re:Re:Is cardex.com affiliated with Mastercard? > > > > Thank you for visiting the MasterCard website at www.mastercard.com. > > MasterCard International provides products and services to over three thousand > financial institutions that issue MasterCard. We do not issue cards directly. > All MasterCards are issued through our member financial institutions. Each > member financial institution determines their own lending policy, fees, interest > rates and benefits included in their offer. Card Ex is an affiliate of ^^^^^^^^^^^^^^^^^^^^^^^^^^ > MasterCard International. ^^^^^^^^^^^^^^^^^^^^^^^^^ > > Best Wishes, > > MasterCard International > Customer Service Center > > Your Original Message Was: > On Wed, 21 Jun 2000 customerservice@mastercard.com wrote: > > > We did not receive your entire message. Please resend it. > > > > Thank you, > > > > MasterCard International > > Customer Service > > > > > > Your Original Message Was: > > > > I have received an unsolicited message > > promoting a electronic version of a cash > > card from cardex.com, called an > > It appears that there is *another* thing wrong with your form. > > 1. Both buttons are labelled as "submit" buttons even though one is not > so those with text-only browsers can get very confused. > 2. It is impossible for lynx users to cut-and-paste in a form so text > from some other source can't be quoted. > 3. Lynx users can't enter more lines of text than there are on the form > nor easily proofread any line of text that's longer than the specified > form width. > > and now I find out that > > 4. not all of the text is properly submitted. > > Could I suggest that you get your webmaster to include an email address > on each page for enquiries? Adding the following line to the > ... section of all of your web pages would also allow lynx > user to send you a comment or query from *anywhere* in the page and would > allow them to quote the page being commented about: > > > > To avoid spam, you could encode it as: > > > HREF="mailto:%20customerservice@masterca > rd.com"> > > which spammers' harvestors would fail to recognise as an address. > > > What I was trying to submit in the first place was (approximately, since > another disadvantage of a form is that the sender of a message can't > send a carbon copy to himself): > > I have received an unsolicited message promoting a electronic version > of a cash card from cardex.com, called an iCard. The spam and their > web site refers to the card as a "MasterCard iCard" but I could find > no reference to any sort of "virtual" cash card on your site. Also, > they claim that the virtual cash card can only be sent by email. > Since email can be very-easily intercepted and there is no > encryption, I feel that this is a highly insecure method of delivery. > Are they *really* affiliated with your and to what address of yours > can I report this? > > Either they are affiliated with you and are using unethical methods of > advertising and insecure methods of delivery or they are misrepresenting > themselves as being associated with you (in which case I suspect that your > lawyers would be interested). > > >From their web site: > > http://www.cardex.com/internetcard/faq.html > > ; Q. What is iCard? > ; > ; A. A CardEx iCard is a virtual prepaid debit card that is used to make > ; online purchases anywhere MasterCard is accepted. The iCard is > ; ordered, delivered, and redeemed online for convenience. The iCard is > ; available in denominations ranging from $25 to $250 and is > ; rechargeable for continued use. [118] Top > [snip] > ; Q. What if I don’t have an e-mail address for the person I’m > ; sending to? > ; > ; A. Because our iCards are delivered electronically, we do need a valid > ; e-mail address to send the card to. You can always order a CardEx > ; GiftCard, which is delivered to a physical address. To learn more > ; about the GiftCards, click here. [122] Top > [snip] > ; Q. What if I lose my card number? > ; > ; A. If you lose your MasterCard iCard number, you can contact our > ; Customer Service Department at [137] CS@cardex.com. Please indicate > ; that you have lost your card number. You will be required to provide > ; your user name, password and e-mail address. We will e-mail your card > ; number to you within 24 hours. [138] Top > [snip] > ; [170] [INLINE] [171] [INLINE] [172] Welcome to CardEx |[173] > ; MasterCard iCard[174] | [175] MasterCard GiftCards[176] | [177] > [snip] > > 173. http://www.cardex.com/internetcard/index.asp > 174. http://www.mycardex.com/ > 175. http://www.cardex.com/corporate_giftcards.html > > The spam was also sent with the recipients' addresses in the "To:" > field -- all 3479 of them (the previous record for any spam I received > was 2840 recipients in the "To:" header), > (a) accounting for the large size of the message and > (b) providing another source of pre-harvested addresses should one > or more of the recipients be other spammers. > A copy of the spam with full headers is currently available on my > web site should you wish to see it for yourself. I can't keep it> there indefinitely because it uses up a lot of my disk quota. You > can grab all 179247 bytes of it (yes, it was that large) at: > > http://www.chebucto.ns.ca/~af380/spam-cardex.txt > > Also a large number of the recipients were users at freenets and community > nets which I know provide exclusively text-only service with lynx (my ISP, > the Chebucto Community Net only recently phased in a new PPP service but > most of its users still have only text-only service) which can't access > https URLs necessary to place an order with Cardex even if the users > wanted to. > > This is clearly abuse on and of the Internet and, if the company is *not* > affiliated with you, is also fraud. Whether they are affiliated with you > or not, they are dragging *your* reputation down in the mud. > > Please take the appropriate steps to stop this abuse. > > If I don't hear from you within a reasonable time I will be forced to > assume that nothing was done. In that case, I will make the fact of this > spamming public knowledge. > > -- > Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html > af380@chebucto.ns.ca [=||=] (A Speech Friendly Site) > Q. Which is the greater problem in the world today, ignorance or apathy? > A. I don't know and I couldn't care less. ... and on Tue, 27 Jun 2000 customerservice@mastercard.com wrote: > From: customerservice@mastercard.com > To: "Norman L. DeForest" > Date: Tue, 27 Jun 2000 10:05:54 -0500 > Subject: Re:No reply to my query yet: "Is cardex.com affiliated with > Mastercard?" (fwd) > > > > Thank you for contacting MasterCard International. > > We too are concerned about the unusual amounts of unsolicited commercial e-mail > used by a handful companies that offer merchant account services. These ^^^^^ > companies are not affiliated with MasterCard International and most aren't ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > affiliated with our member banks, so we do not have the ability to discourage ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > this practice. We suggest you contact the soliciting company directly about > their practices and ask them to remove you from their mailing list. > > Thanks for your comments. > > Best regards, > > MasterCard International > Customer Service Center > > Your Original Message Was: > Not only have you failed to provide me with a timely answer to my > questions, I see by the access statistics for my web site that you have > not even had a look at the evidence. > > If I have received no reply by Monday then I will have to assume that > either > > (a) the "MasterCard iCard" advertised in the spam I got was genuine and > you have no objections to people spamming with *huge* messages on > your behalf (three messages of that size would over-fill most users' > INBOXes here causing any subsequent wanted email to bounce) OR > > (b) the "MasterCard iCard" advertised in the spam I got was *not* genuine > and you have no concern for people being defrauded by someone else's > misuse of your name as long as you are not stick with the losses. > > In either case, I will be making the fact of the spam and your lack of > response public by posting the spam to a net-abuse newsgroup (with the > 3479 addresses removed and replaced with a count), making the spam > publically available to all (with the 3479 addresses removed and > replaced with a count or "xxx"ed-out replacements) on my web site, > and submitting it to a local newspaper. Just for your records, you > will also receive a copy of the original spam so you can see the > reason for my objections to it and why I am concerned about it being > connected with you. > > A copy of my original message is below. > > -- > Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html > af380@chebucto.ns.ca [=||=] (A Speech Friendly Site) > "I look at the roses through world colored glasses." > -- Ron Schwarz in news.admin.net-abuse.email > > ---------- Forwarded message ---------- [snip -- same message as quoted above in your earlier response] -- Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html af380@chebucto.ns.ca [=||=] (A Speech Friendly Site) "(To answer a previous question, I'm painting the inside of my killfile a pleasant lime & tangerine paisley)." -- Steve Atkins in n.a.n-a.e ........................................................................... Received: from 209-64-116-062.mastercard.com ([209.64.116.62]:2521 "HELO mastercard.com") by halifax.chebucto.ns.ca with SMTP id ; Sun, 9 Jul 2000 12:28:22 -0300 Received: by mastercard.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 86256917.0054FDB3 ; Sun, 9 Jul 2000 10:28:19 -0500 X-Lotus-FromDomain: MasterCard International@MASTERCARD From: MasterCard_International%MasterCard_International@mastercard.com Sender: "_MCAgent%MasterCard International"@mastercard.com To: af380@chebucto.ns.ca Message-ID: <86256917.0054FD71.00@mastercard.com> Date: Sun, 9 Jul 2000 10:28:12 -0500 Subject: Thank you for visiting the MasterCard web-site. Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Return-Path: <"_MCAgent%MasterCard International"@mastercard.com> MasterCard International's Customer Service Center has received your inquiry. Our WebMail Support Team is in the process of reviewing your inquiry and if applicable, will respond to you shortly. Best Regards, Customer Service Center MasterCard International P.S. - Want to get more out of your MasterCard card? Here's an exciting new way to get one-of-a-kind savings when you shop on the Web. Sign up for MasterCard Exclusives Online(tm) and you'll receive special money-saving discounts on goods and services tailored to your specific interests. Save time, save money -- join MasterCard Exclusives Online(tm) today. Visit: www.mastercard.com/exclusives! http://www.mastercard.com/cgi-bin/indirect/meo_custsvc/www.mastercard.com/exclusives ........................................................................... Received: from 209-64-116-062.mastercard.com ([209.64.116.62]:1766 "HELO mastercard.com") by halifax.chebucto.ns.ca with SMTP id ; Mon, 10 Jul 2000 17:14:14 -0300 Received: by mastercard.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 86256918.006F293B ; Mon, 10 Jul 2000 15:14:10 -0500 X-Lotus-FromDomain: MASTERCARD From: customerservice@mastercard.com To: "Norman L. DeForest" Message-ID: <86256918.006F286C.00@mastercard.com> Date: Mon, 10 Jul 2000 15:13:59 -0500 Subject: Re:Re:Regarding MasterCard's clueless response to my query, "Is cardex.com , affiliated with Mastercard?" Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Return-Path: Thank you for your inquiry to MasterCard International. MasterCard International provides products and services to more than three thousand financial institutions issuing MasterCard cards. We do not issue cards directly. Each member financial institution determines their own lending policies, fees, interest rates and benefits. Card Ex is an affiliate with MasterCard. We apologize for any confusion we may have caused. As stated in previous emails, MasterCard can not control the advertising policy of it's members. If you would like to be removed from Card Ex's mailing list, or lodge a complaint, please contact Card Ex directly at 800-765-2991. If you would like to write to them, their address is: Card Express, Inc. 7595 Irvine Center Drive Irvine, CA 92618 Best regards, MasterCard International Customer Service Center jmb Your Original Message Was: On Sun, 9 Jul 2000 customerservice@mastercard.com wrote: > Thank you for your inquiry to MasterCard International. > > MasterCard International provides products and services to more than three > thousand financial institutions issuing MasterCard cards. We do not issue cards > directly. > > Each member financial institution determines their own lending policies, fees, > interest rates and benefits. Card Ex is an affiliate with MasterCard. We > apologize for any confusion we may have caused. If you would like to be ^^^^^^^^^^^^^^^^^^^^^^^ > removed ^^^^^^^ > from Card Ex's mailing list, or lodge a complaint, please contact Card Ex ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > directly at 800-765-2991. If you would like to write to them, their address ^^^^^^^^^^^^^^^^^^^^^^^^ > is: I do NOT want to be removed from Card Ex's mailing list. I want Card Ex's mailing list removed from any computer remotely connected to the Internet until they adopt a strictly controlled and verivied opt-in policy for their mailings. They are spammers. Removing the addresses of only those that complain does NOT stop the spamming. Have you not read *anything* in my previous message or at the URLs I provided you with? Since they are using *your* name, you should be informing them that they should stop spamming -- period -- otherwise face the loss of affiliation with you. Note that spamming is now illegal in more than one State in the United States, including Virginia. If any of the other 3877 recipients of that message was a Virginia resident, Card Ex broke the law to promote something with your name on it. While each member financial institution may determine their own lending policies, fees, interest rates and benefits, it is *you* who should be setting the promotional, marketing, and security standards for anything with the name "MasterCard" associated with it. When someone charges a meal at a restaurant in Rome, London, or Paris using a card with MasterCard on it, he (or she) will ask "Do you take MasterCard?" He will not be asking "Do you accept charge-cards issued by Bubba's Bait Shop and Lending Emporium that happen to have the MasterCard name on them?" And you have not, in any way, addressed the security problem of sending the "iCards" by ordinary email. > > Card Express, Inc. > 7595 Irvine Center Drive > Irvine, CA 92618 > > Best regards, > > MasterCard International > Customer Service Center > > jmb > > Your Original Message Was: > [This message is also being publically posted to Usenet to the > news.admin.net-abuse.email newsgroup.] > > In one of your replies to me (see below), you write: > > "Card Ex is an affiliate of MasterCard International." > > In another reply, you write: > > "We too are concerned about the unusual amounts of unsolicited > commercial e-mail used by a handful companies that offer merchant > account services. These companies are not affiliated with MasterCard > International ...." > > There seems to be some conflict there. Your (lack of) action also seems > to contradict your expression of concern. If companies *are* affiliated > with you, such affiliation should require them to avoid advertising > practices that could cause your name to come into disrepute. If an > affiliate of your started advertising charge cards by placing collect > telephone calls to people with the fraudulent announcement that it > concerns a death in the family and then try to sell them credit cards once > the charges were accepted, would you not take action against this sort of > practice? Unsolicited bulk email has a similar effect. Some people have > to connect to their Internet Service Providers via long-distance or by > cellular modem where every minute on line costs them money. Others may > live in countries where *all* calls have a per-minute charge and, in some > cases, their ISP also imposes a per-kilobyte charge for data transfer. If > they find it frequently necessary to download 180K bytes of a message just > to find out that it is spam, it can cost them substantial money. As one > famous anti-spammer once said, "Free speech isn't free if it comes > postage-due." (The advantages of some email protocols to selectively send > only the headers so a recipient can determine if the rest of the message > is worth downloading is also defeated if more than 160K bytes of the > message *is* in the headers.) > > Also, any attempt to make spam respectable threatens to make email > unusable. For more on this see one of my Usenet posts on the subject: > http://www.chebucto.ns.ca/~af380/yet-another-rant.html > (and an added public comment on *your* lack of action so far). > > If a company is *not* affiliated with you and uses your name fraudulently > in order to add respectability to whatever service that company is > providing (or claiming to provide) then you should be taking legal action > to stop such misrepresentation -- otherwise, legitimate promotions by you > or your affiliates may become ineffective due to public mistrust of > anything mentioning your name. Lack of action against unauthorised use > could also lead to dilution of your trademark. > > Your two responses give no indication of your taking *any* action. In > fact, the web access statistics indicate that you have *never* even > looked at the file containing the spam I was reporting to you: > http://www.chebucto.ns.ca/~af380/spam-cardex.txt > > That file is now no longer available. In its place is the same spam > with all of the recipients' addresses (except mine) "xxx"ed out so that > I may make the spam public without providing a fresh set of addresses for > any spammer who encounters my site. It is still the exact original size as > the original and can be found at: > http://www.chebucto.ns.ca/~af380/spam-cardex.xxx.txt > Notice that I have left my own addresses unchanged. Cardex.com not only > sent the message to my current address but also to an address of mine that > I have not used for more than two years (and which quit forwarding to me > in November -- otherwise I would have received *two* copies of the > 180K-byte spam). > > You also write: > > "We suggest you contact the soliciting company directly about > their practices and ask them to remove you from their mailing list." > > Remove requests DO NOT WORK! Anyone who has been on the receiving end of > spam can tell you that sending "remove" requests will usually result in > the incoming spam increasing exponentially. > > Note: The term "mainsleaze" below is anti-spammers' slang for spam > (and the senders thereof) from otherwise legitimate companies -- the > kinds of advertisements that would have been perfectly acceptable if > they had been sent by postal mail. See: > http://www.rahul.net/falk/glossary.html#mainsleaze > > On sending "Remove" requests and the undesirability of allowing spamming > to become acceptable as long as a "remove" address is provided: > > Possibilities: ("Advantages" are from the anti-spammer's perspective.) > > 1. "remove" address is genuine and spammer reads the email there. > The probability of this is low but a few newbie spammers or > mainsleaze sites may actually honour removes. However, if this > (spamming and really honouring removes) was to become acceptable > practice then the amount of spam would increase drastically. > Advantage: wastes a few seconds of the spammer's time and may get > you removed from the spammer's list. (Any advantage of being removed > from this list is offset by the increasing number of new lists that > would pop up due to removal becoming acceptable.) > > 2. "remove" address is genuine. The mail is read by a script that just > adds the sender to a "do not mail list". Similar to #1 except that > it does *not* waste the spammer's time. The disadvantages to this > becoming acceptable are still present. Advantages: May get you > removed from the spammer's list. (Any advantage of being removed from > this list is offset by the increasing number of new lists that would > pop up due to removal becoming acceptable.) > > 3. "remove" address is a genuine address. Spammer, however, uses a script > to add the sender's addresses to a database to be included on his next > "*** !!! CD OF 100,000,000 FRESH VERIFIED EMAIL ADDRESSES!!! *** ONLY > $59.95 ***" Advantages: none. > > 4. "remove" address is genuine but is directed to /dev/null (or NUL > on a DOS machine) and never read. Advantages: none. > > 5. Spammer's address is genuine but no "removal" address is given. A > request for removal results in one or more of: > a. Your address going on a CD (see #3), > b. More spam from the same spammer, > c. A "F*ck you. I have the right to send what I want. Quit > interfering with my Free Speach[sic](tm)." reply from the spammer. > (Mileage, wording, and [lack of] literacy may vary.) > d. a mailbombing from the spammer, > e. your address getting forged as the "From:" address of the spammer's > next spam run. > Advantages: none. > > 6. "remove" and/or spammer's alleged "From:" address is fictitious. All > you get for your trouble is a bounce. Advantages: none. > > 7. "remove" and/or spammer's alleged "From:" address is forged and > belongs to someone else. All a remove request does is become part > of a mailbombing-by-proxy from a multitude of remove requests aimed > at an innocent third party. Advantages: none. > > 8. Spammer's "remove" and/or "From:" address is an autoresponder. Sending > anything to it gets you another spam and the spammer has an excuse to > claim the second spam was solicited. Advantages: none. > > 9. Spammer's "From:" and "To:" address is configured as a mailing list. > Any message you try to send to the spammer ends up going to the > original list of spam victims. You also get a multitude of bounces > from the invalid addresses on the list. Advantages: none. > > 10. Spammer requires a visit to a web page for removal. Not all people > using email have web access. Web-based removal could set cookies on > your machine to allow identifying you and tracking your movements. > If the removal page requires JavaScript or ActiveX then other nasty or > privacy-invading things can be done. An appropriately written CGI > script could use the data you submit to an "Unsubscribe" page to forge > a valid-looking "Subscribe" request submitted through the same or > another form and give the spammer an excuse for sending more spam. > And making the use of an "Unsubscribe" page acceptable will also make > mainsleaze spam flood your INBOX. ***Cough**cough**telstra**cough*** > Advantages: none. > > Which of the ten possibilities listed above is true in any given case can > frequently be uncertain because it is impossible to distinguish the lying > and fraudulent spammers from those that would otherwise be legitimate > businesses (if they had not resorted to spamming) without a score card > (and there are no score cards). Possibility #3 is the most frequent. > > Since the probability of possibility #1 is so low and the disadvantages > of the other possibilities far outweigh the slim benefits of possibilities > #1 and #2 by several hundred to one, sending a message to the spammer > requesting removal seems like a rather unproductive thing to try. > > > Furthermore, you have failed to address another concern of mine. If the > alleged MasterCard iCard is sent only by email, what is stopping it from > being intercepted by an unauthorised third party and being used by that > person? Do you not have security standards for anything promoted with > your name on it? > > > >From your responses I can only conclude that (a) you are indifferent to > any net-abuse associated with your name and (b) you don't care about > security (or lack of it) associated with your name as long as it isn't > you losing money. If I am wrong about either of these conclusions, I > would appreciate receiving some evidence to the contrary. > > > On Mon, 26 Jun 2000 customerservice@mastercard.com wrote: > > > Date: Mon, 26 Jun 2000 11:22:06 -0500 > > From: customerservice@mastercard.com > > To: "Norman L. DeForest" > > Subject: Re:Re:Is cardex.com affiliated with Mastercard? > > > > > > > > Thank you for visiting the MasterCard website at www.mastercard.com. > > > > MasterCard International provides products and services to over three thousand > > financial institutions that issue MasterCard. We do not issue cards directly. > > All MasterCards are issued through our member financial institutions. Each > > member financial institution determines their own lending policy, fees, > interest > > rates and benefits included in their offer. Card Ex is an affiliate of > ^^^^^^^^^^^^^^^^^^^^^^^^^^ > > MasterCard International. > ^^^^^^^^^^^^^^^^^^^^^^^^^ > > > > Best Wishes, > > > > MasterCard International > > Customer Service Center > > > > Your Original Message Was: > > On Wed, 21 Jun 2000 customerservice@mastercard.com wrote: > > > > > We did not receive your entire message. Please resend it. > > > > > > Thank you, > > > > > > MasterCard International > > > Customer Service > > > > > > > > > Your Original Message Was: > > > > > > I have received an unsolicited message > > > promoting a electronic version of a cash > > > card from cardex.com, called an > > > > It appears that there is *another* thing wrong with your form. > > > > 1. Both buttons are labelled as "submit" buttons even though one is not > > so those with text-only browsers can get very confused. > > 2. It is impossible for lynx users to cut-and-paste in a form so text > > from some other source can't be quoted. > > 3. Lynx users can't enter more lines of text than there are on the form > > nor easily proofread any line of text that's longer than the specified > > form width. > > > > and now I find out that > > > > 4. not all of the text is properly submitted. > > > > Could I suggest that you get your webmaster to include an email address > > on each page for enquiries? Adding the following line to the > > ... section of all of your web pages would also allow lynx > > user to send you a comment or query from *anywhere* in the page and would > > allow them to quote the page being commented about: > > > > > > > > To avoid spam, you could encode it as: > > > > > > > > HREF="mailto:%20customerservice@masterca > > rd.com"> > > > > which spammers' harvestors would fail to recognise as an address. > > > > > > What I was trying to submit in the first place was (approximately, since> > another disadvantage of a form is that the sender of a message can't > > send a carbon copy to himself): > > > > I have received an unsolicited message promoting a electronic version > > of a cash card from cardex.com, called an iCard. The spam and their > > web site refers to the card as a "MasterCard iCard" but I could find > > no reference to any sort of "virtual" cash card on your site. Also, > > they claim that the virtual cash card can only be sent by email. > > Since email can be very-easily intercepted and there is no > > encryption, I feel that this is a highly insecure method of delivery. > > Are they *really* affiliated with your and to what address of yours > > can I report this? > > > > Either they are affiliated with you and are using unethical methods of > > advertising and insecure methods of delivery or they are misrepresenting > > themselves as being associated with you (in which case I suspect that your > > lawyers would be interested). > > > > >From their web site: > > > > http://www.cardex.com/internetcard/faq.html > > > > ; Q. What is iCard? > > ; > > ; A. A CardEx iCard is a virtual prepaid debit card that is used to make > > ; online purchases anywhere MasterCard is accepted. The iCard is > > ; ordered, delivered, and redeemed online for convenience. The iCard is > > ; available in denominations ranging from $25 to $250 and is > > ; rechargeable for continued use. [118] Top > > [snip] > > ; Q. What if I don’t have an e-mail address for the person I’m > > ; sending to? > > ; > > ; A. Because our iCards are delivered electronically, we do need a valid > > ; e-mail address to send the card to. You can always order a CardEx > > ; GiftCard, which is delivered to a physical address. To learn more > > ; about the GiftCards, click here. [122] Top > > [snip] > > ; Q. What if I lose my card number? > > ; > > ; A. If you lose your MasterCard iCard number, you can contact our > > ; Customer Service Department at [137] CS@cardex.com. Please indicate > > ; that you have lost your card number. You will be required to provide > > ; your user name, password and e-mail address. We will e-mail your card > > ; number to you within 24 hours. [138] Top > > [snip] > > ; [170] [INLINE] [171] [INLINE] [172] Welcome to CardEx |[173] > > ; MasterCard iCard[174] | [175] MasterCard GiftCards[176] | [177] > > [snip] > > > > 173. http://www.cardex.com/internetcard/index.asp > > 174. http://www.mycardex.com/ > > 175. http://www.cardex.com/corporate_giftcards.html > > > > The spam was also sent with the recipients' addresses in the "To:" > > field -- all 3479 of them (the previous record for any spam I received > > was 2840 recipients in the "To:" header), > > (a) accounting for the large size of the message and > > (b) providing another source of pre-harvested addresses should one > > or more of the recipients be other spammers. > > A copy of the spam with full headers is currently available on my > > web site should you wish to see it for yourself. I can't keep it> there > indefinitely because it uses up a lot of my disk quota. You > > can grab all 179247 bytes of it (yes, it was that large) at: > > > > http://www.chebucto.ns.ca/~af380/spam-cardex.txt > > > > Also a large number of the recipients were users at freenets and community > > nets which I know provide exclusively text-only service with lynx (my ISP, > > the Chebucto Community Net only recently phased in a new PPP service but > > most of its users still have only text-only service) which can't access > > https URLs necessary to place an order with Cardex even if the users > > wanted to. > > > > This is clearly abuse on and of the Internet and, if the company is *not* > > affiliated with you, is also fraud. Whether they are affiliated with you > > or not, they are dragging *your* reputation down in the mud. > > > > Please take the appropriate steps to stop this abuse. > > > > If I don't hear from you within a reasonable time I will be forced to > > assume that nothing was done. In that case, I will make the fact of this > > spamming public knowledge. > > > > -- > > Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html > > af380@chebucto.ns.ca [=||=] (A Speech Friendly Site) > > Q. Which is the greater problem in the world today, ignorance or apathy? > > A. I don't know and I couldn't care less. > > ... and on Tue, 27 Jun 2000 customerservice@mastercard.com wrote: > > > From: customerservice@mastercard.com > > To: "Norman L. DeForest" > > Date: Tue, 27 Jun 2000 10:05:54 -0500 > > Subject: Re:No reply to my query yet: "Is cardex.com affiliated with > > Mastercard?" (fwd) > > > > > > > > Thank you for contacting MasterCard International. > > > > We too are concerned about the unusual amounts of unsolicited commercial > e-mail > > used by a handful companies that offer merchant account services. These > ^^^^^ > > companies are not affiliated with MasterCard International and most aren't > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > affiliated with our member banks, so we do not have the ability to discourage > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > this practice. We suggest you contact the soliciting company directly about > > their practices and ask them to remove you from their mailing list. > > > > Thanks for your comments. > > > > Best regards, > > > > MasterCard International > > Customer Service Center > > > > Your Original Message Was: > > Not only have you failed to provide me with a timely answer to my > > questions, I see by the access statistics for my web site that you have > > not even had a look at the evidence. > > > > If I have received no reply by Monday then I will have to assume that > > either > > > > (a) the "MasterCard iCard" advertised in the spam I got was genuine and > > you have no objections to people spamming with *huge* messages on > > your behalf (three messages of that size would over-fill most users' > > INBOXes here causing any subsequent wanted email to bounce) OR > > > > (b) the "MasterCard iCard" advertised in the spam I got was *not* genuine > > and you have no concern for people being defrauded by someone else's > > misuse of your name as long as you are not stick with the losses. > > > > In either case, I will be making the fact of the spam and your lack of > > response public by posting the spam to a net-abuse newsgroup (with the > > 3479 addresses removed and replaced with a count), making the spam > > publically available to all (with the 3479 addresses removed and > > replaced with a count or "xxx"ed-out replacements) on my web site, > > and submitting it to a local newspaper. Just for your records, you > > will also receive a copy of the original spam so you can see the > > reason for my objections to it and why I am concerned about it being > > connected with you. > > > > A copy of my original message is below. > > > > -- > > Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html > > af380@chebucto.ns.ca [=||=] (A Speech Friendly Site) > > "I look at the roses through world colored glasses." > > -- Ron Schwarz in news.admin.net-abuse.email > > > > ---------- Forwarded message ---------- > [snip -- same message as quoted above in your earlier response] > > -- > Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html > af380@chebucto.ns.ca [=||=] (A Speech Friendly Site) > "(To answer a previous question, I'm painting the inside of my killfile a > pleasant lime & tangerine paisley)." -- Steve Atkins in n.a.n-a.e > > -- Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html af380@chebucto.ns.ca [=||=] (A Speech Friendly Site) "(To answer a previous question, I'm painting the inside of my killfile a pleasant lime & tangerine paisley)." -- Steve Atkins in n.a.n-a.e ........................................................................... Received: from 209-64-116-062.mastercard.com ([209.64.116.62]:3216 "HELO mastercard.com") by halifax.chebucto.ns.ca with SMTP id ; Mon, 10 Jul 2000 18:44:26 -0300 Received: by mastercard.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 86256918.00776C0B ; Mon, 10 Jul 2000 16:44:24 -0500 X-Lotus-FromDomain: MasterCard International@MASTERCARD From: MasterCard_International%MasterCard_International@mastercard.com Sender: "_MCAgent%MasterCard International"@mastercard.com To: af380@chebucto.ns.ca Message-ID: <86256918.00776B07.00@mastercard.com> Date: Mon, 10 Jul 2000 16:44:12 -0500 Subject: Thank you for visiting the MasterCard web-site. Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Return-Path: <"_MCAgent%MasterCard International"@mastercard.com> MasterCard International's Customer Service Center has received your inquiry. Our WebMail Support Team is in the process of reviewing your inquiry and if applicable, will respond to you shortly. Best Regards, Customer Service Center MasterCard International P.S. - Want to get more out of your MasterCard card? Here's an exciting new way to get one-of-a-kind savings when you shop on the Web. Sign up for MasterCard Exclusives Online(tm) and you'll receive special money-saving discounts on goods and services tailored to your specific interests. Save time, save money -- join MasterCard Exclusives Online(tm) today. Visit: www.mastercard.com/exclusives! http://www.mastercard.com/cgi-bin/indirect/meo_custsvc/www.mastercard.com/exclusives ........................................................................... Received: from 209-64-116-062.mastercard.com ([209.64.116.62]:3481 "HELO mastercard.com") by halifax.chebucto.ns.ca with SMTP id ; Tue, 11 Jul 2000 16:55:02 -0300 Received: by mastercard.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 86256919.006D672B ; Tue, 11 Jul 2000 14:54:58 -0500 X-Lotus-FromDomain: MASTERCARD From: customerservice@mastercard.com To: "Norman L. DeForest" Message-ID: <86256919.006D66BC.00@mastercard.com> Date: Tue, 11 Jul 2000 14:54:47 -0500 Subject: Re:Re:Re:Regarding MasterCard's clueless response to my query, "Is cardex.com , affiliated with Mastercard?" Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Return-Path: Thank you for your inquiry to MasterCard International. MasterCard International provides products and services to more than three thousand financial institutions issuing MasterCard cards. We do not issue cards directly. Each member financial institution determines their own lending policies, fees, interest rates and benefits. Card Ex is an affiliate with MasterCard. As stated in previous emails, MasterCard can not control the advertising policy of it's members. We suggest you contact the soliciting company directly about their practices and ask them to remove you from their mailing list. Regards, MasterCard International Customer Service Center acc Your Original Message Was: On Mon, 10 Jul 2000 customerservice@mastercard.com wrote: > Thank you for your inquiry to MasterCard International. > > MasterCard International provides products and services to more than three > thousand financial institutions issuing MasterCard cards. We do not issue cards > directly. Each member financial institution determines their own lending > policies, fees, interest rates and benefits. Card Ex is an affiliate with > MasterCard. We > apologize for any confusion we may have caused. As stated in previous emails, ^^^^^^^^^^^^^^^^^^^^^^^^^^^ > MasterCard can not control the advertising policy of it's members. If you would ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 1. That is false. It was NOT so stated. Your earlier messages only stated: "Each member financial institution determines their own lending policies, fees, interest rates and benefits." *Nothing* was written about advertising policy. 2. Why can you NOT exercise any such control? Any advertising that would tend to besmirch the good name of MasterCard should be subject to *your* approval or disapproval. If, for example, an affiliate of yours started making collect long-distance telemarketing calls to people, giving false reasons for the calls until the reverse-charges were accepted, would you not have the right to have such actions stopped if the telemarketing was promoting MasterCard charge cards? If not, why not? If so, why is unsolicited bulk email any different -- especially since it can impose unwanted charges for on-line time for some recipients and it is also in violation of some State laws? 3. Can you give me any good reason why I should not give your indifference prominent exposure on my anti-spam page and urge people to switch to Visa or American Express? > like to be removed from Card Ex's mailing list, or lodge a complaint, please My aim is NOT getting my name off some list. My aim is to stop the spread of the false idea that spamming is becoming respectable so that the legitimate use of email isn't eventually sabotaged by tons of unrequested dreck filling users' INBOXes. Your apparent condoning of such practices is one the obstacles to my efforts. As long as you consider it to be respectable and perfectly acceptable and refuse to take a stand against this, my INBOX and those of others could be subjected to separate spam from each and every one of the "more than three thousand financial institutions issuing MasterCard cards". If YOU DO take a stand against it and announce that you will revoke your affiliation with any institution that uses abusive advertising practices (including spamming) then that is "more than three thousand" spams that each Internet user doesn't have to worry about receiving. > contact Card Ex directly at 800-765-2991. If you would like to write to them, > their address is: > > Card Express, Inc. > 7595 Irvine Center Drive > Irvine, CA 92618 > > Best regards, > > MasterCard International > Customer Service Center > > jmb > > Your Original Message Was: > On Sun, 9 Jul 2000 customerservice@mastercard.com wrote: > > > Thank you for your inquiry to MasterCard International. > > > > MasterCard International provides products and services to more than three > > thousand financial institutions issuing MasterCard cards. We do not issue > cards > > directly. > > > > Each member financial institution determines their own lending policies, fees, > > interest rates and benefits. Card Ex is an affiliate with MasterCard. We > > apologize for any confusion we may have caused. If you would like to be > ^^^^^^^^^^^^^^^^^^^^^^^ > > removed > ^^^^^^^ > > from Card Ex's mailing list, or lodge a complaint, please contact Card Ex > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > directly at 800-765-2991. If you would like to write to them, their address > ^^^^^^^^^^^^^^^^^^^^^^^^ > > is: > > I do NOT want to be removed from Card Ex's mailing list. I want Card Ex's > mailing list removed from any computer remotely connected to the Internet > until they adopt a strictly controlled and verivied opt-in policy for > their mailings. They are spammers. Removing the addresses of only those > that complain does NOT stop the spamming. > > Have you not read *anything* in my previous message or at the URLs I > provided you with? > > Since they are using *your* name, you should be informing them that they > should stop spamming -- period -- otherwise face the loss of affiliation > with you. Note that spamming is now illegal in more than one State in the > United States, including Virginia. If any of the other 3877 recipients > of that message was a Virginia resident, Card Ex broke the law to promote > something with your name on it. > > While each member financial institution may determine their own lending > policies, fees, interest rates and benefits, it is *you* who should be > setting the promotional, marketing, and security standards for anything > with the name "MasterCard" associated with it. When someone charges a > meal at a restaurant in Rome, London, or Paris using a card with > MasterCard on it, he (or she) will ask "Do you take MasterCard?" He will > not be asking "Do you accept charge-cards issued by Bubba's Bait Shop and > Lending Emporium that happen to have the MasterCard name on them?" > > And you have not, in any way, addressed the security problem of sending > the "iCards" by ordinary email. > > > > > Card Express, Inc. > > 7595 Irvine Center Drive > > Irvine, CA 92618 > > > > Best regards, > > > > MasterCard International > > Customer Service Center > > > > jmb > > > > Your Original Message Was: > > [This message is also being publically posted to Usenet to the > > news.admin.net-abuse.email newsgroup.] > > > > In one of your replies to me (see below), you write: > > > > "Card Ex is an affiliate of MasterCard International." > > > > In another reply, you write: > > > > "We too are concerned about the unusual amounts of unsolicited > > commercial e-mail used by a handful companies that offer merchant > > account services. These companies are not affiliated with MasterCard > > International ...." > > > > There seems to be some conflict there. Your (lack of) action also seems > > to contradict your expression of concern. If companies *are* affiliated > > with you, such affiliation should require them to avoid advertising > > practices that could cause your name to come into disrepute. If an > > affiliate of your started advertising charge cards by placing collect > > telephone calls to people with the fraudulent announcement that it > > concerns a death in the family and then try to sell them credit cards once > > the charges were accepted, would you not take action against this sort of > > practice? Unsolicited bulk email has a similar effect. Some people have > > to connect to their Internet Service Providers via long-distance or by > > cellular modem where every minute on line costs them money. Others may > > live in countries where *all* calls have a per-minute charge and, in some > > cases, their ISP also imposes a per-kilobyte charge for data transfer. If > > they find it frequently necessary to download 180K bytes of a message just > > to find out that it is spam, it can cost them substantial money. As one > > famous anti-spammer once said, "Free speech isn't free if it comes > > postage-due." (The advantages of some email protocols to selectively send > > only the headers so a recipient can determine if the rest of the message > > is worth downloading is also defeated if more than 160K bytes of the > > message *is* in the headers.) > > > > Also, any attempt to make spam respectable threatens to make email > > unusable. For more on this see one of my Usenet posts on the subject: > > http://www.chebucto.ns.ca/~af380/yet-another-rant.html > > (and an added public comment on *your* lack of action so far). > > > > If a company is *not* affiliated with you and uses your name fraudulently > > in order to add respectability to whatever service that company is > > providing (or claiming to provide) then you should be taking legal action > > to stop such misrepresentation -- otherwise, legitimate promotions by you > > or your affiliates may become ineffective due to public mistrust of > > anything mentioning your name. Lack of action against unauthorised use > > could also lead to dilution of your trademark. > > > > Your two responses give no indication of your taking *any* action. In > > fact, the web access statistics indicate that you have *never* even > > looked at the file containing the spam I was reporting to you: > > http://www.chebucto.ns.ca/~af380/spam-cardex.txt > > > > That file is now no longer available. In its place is the same spam > > with all of the recipients' addresses (except mine) "xxx"ed out so that > > I may make the spam public without providing a fresh set of addresses for > > any spammer who encounters my site. It is still the exact original size as > > the original and can be found at: > > http://www.chebucto.ns.ca/~af380/spam-cardex.xxx.txt > > Notice that I have left my own addresses unchanged. Cardex.com not only > > sent the message to my current address but also to an address of mine that > > I have not used for more than two years (and which quit forwarding to me > > in November -- otherwise I would have received *two* copies of the > > 180K-byte spam). > > > > You also write: > > > > "We suggest you contact the soliciting company directly about > > their practices and ask them to remove you from their mailing list." > > > > Remove requests DO NOT WORK! Anyone who has been on the receiving end of > > spam can tell you that sending "remove" requests will usually result in > > the incoming spam increasing exponentially. > > > > Note: The term "mainsleaze" below is anti-spammers' slang for spam > > (and the senders thereof) from otherwise legitimate companies -- the > > kinds of advertisements that would have been perfectly acceptable if > > they had been sent by postal mail. See: > > http://www.rahul.net/falk/glossary.html#mainsleaze > > > > On sending "Remove" requests and the undesirability of allowing spamming > > to become acceptable as long as a "remove" address is provided: > > > > Possibilities: ("Advantages" are from the anti-spammer's perspective.) > > > > 1. "remove" address is genuine and spammer reads the email there. > > The probability of this is low but a few newbie spammers or > > mainsleaze sites may actually honour removes. However, if this > > (spamming and really honouring removes) was to become acceptable > > practice then the amount of spam would increase drastically. > > Advantage: wastes a few seconds of the spammer's time and may get > > you removed from the spammer's list. (Any advantage of being removed > > from this list is offset by the increasing number of new lists that > > would pop up due to removal becoming acceptable.) > > > > 2. "remove" address is genuine. The mail is read by a script that just > > adds the sender to a "do not mail list". Similar to #1 except that > > it does *not* waste the spammer's time. The disadvantages to this > > becoming acceptable are still present. Advantages: May get you > > removed from the spammer's list. (Any advantage of being removed from > > this list is offset by the increasing number of new lists that would > > pop up due to removal becoming acceptable.) > > > > 3. "remove" address is a genuine address. Spammer, however, uses a script > > to add the sender's addresses to a database to be included on his next > > "*** !!! CD OF 100,000,000 FRESH VERIFIED EMAIL ADDRESSES!!! *** ONLY > > $59.95 ***" Advantages: none. > > > > 4. "remove" address is genuine but is directed to /dev/null (or NUL > > on a DOS machine) and never read. Advantages: none. > > > > 5. Spammer's address is genuine but no "removal" address is given. A > > request for removal results in one or more of: > > a. Your address going on a CD (see #3), > > b. More spam from the same spammer, > > c. A "F*ck you. I have the right to send what I want. Quit > > interfering with my Free Speach[sic](tm)." reply from the spammer. > > (Mileage, wording, and [lack of] literacy may vary.) > > d. a mailbombing from the spammer, > > e. your address getting forged as the "From:" address of the spammer's > > next spam run. > > Advantages: none. > > > > 6. "remove" and/or spammer's alleged "From:" address is fictitious. All > > you get for your trouble is a bounce. Advantages: none. > > > > 7. "remove" and/or spammer's alleged "From:" address is forged and > > belongs to someone else. All a remove request does is become part > > of a mailbombing-by-proxy from a multitude of remove requests aimed > > at an innocent third party. Advantages: none. > > > > 8. Spammer's "remove" and/or "From:" address is an autoresponder. Sending > > anything to it gets you another spam and the spammer has an excuse to > > claim the second spam was solicited. Advantages: none. > > > > 9. Spammer's "From:" and "To:" address is configured as a mailing list. > > Any message you try to send to the spammer ends up going to the > > original list of spam victims. You also get a multitude of bounces > > from the invalid addresses on the list. Advantages: none. > > > > 10. Spammer requires a visit to a web page for removal. Not all people > > using email have web access. Web-based removal could set cookies on > > your machine to allow identifying you and tracking your movements. > > If the removal page requires JavaScript or ActiveX then other nasty or > > privacy-invading things can be done. An appropriately written CGI > > script could use the data you submit to an "Unsubscribe" page to forge > > a valid-looking "Subscribe" request submitted through the same or > > another form and give the spammer an excuse for sending more spam. > > And making the use of an "Unsubscribe" page acceptable will also make > > mainsleaze spam flood your INBOX. ***Cough**cough**telstra**cough*** > > Advantages: none. > > > > Which of the ten possibilities listed above is true in any given case can > > frequently be uncertain because it is impossible to distinguish the lying > > and fraudulent spammers from those that would otherwise be legitimate > > businesses (if they had not resorted to spamming) without a score card > > (and there are no score cards). Possibility #3 is the most frequent. > > > > Since the probability of possibility #1 is so low and the disadvantages > > of the other possibilities far outweigh the slim benefits of possibilities> > #1 and #2 by several hundred to one, sending a message to the spammer > > requesting removal seems like a rather unproductive thing to try. > > > > > > Furthermore, you have failed to address another concern of mine. If the > > alleged MasterCard iCard is sent only by email, what is stopping it from > > being intercepted by an unauthorised third party and being used by that > > person? Do you not have security standards for anything promoted with > > your name on it? > > > > > > >From your responses I can only conclude that (a) you are indifferent to > > any net-abuse associated with your name and (b) you don't care about > > security (or lack of it) associated with your name as long as it isn't > > you losing money. If I am wrong about either of these conclusions, I > > would appreciate receiving some evidence to the contrary. > > > > > > On Mon, 26 Jun 2000 customerservice@mastercard.com wrote: > > > > > Date: Mon, 26 Jun 2000 11:22:06 -0500 > > > From: customerservice@mastercard.com > > > To: "Norman L. DeForest" > > > Subject: Re:Re:Is cardex.com affiliated with Mastercard? > > > > > > > > > > > > Thank you for visiting the MasterCard website at www.mastercard.com. > > > > > > MasterCard International provides products and services to over three > thousand > > > financial institutions that issue MasterCard. We do not issue cards > directly. > > > All MasterCards are issued through our member financial institutions. Each > > > member financial institution determines their own lending policy, fees, > > interest > > > rates and benefits included in their offer. Card Ex is an affiliate of > > ^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > MasterCard International. > > ^^^^^^^^^^^^^^^^^^^^^^^^^ > > > > > > Best Wishes, > > > > > > MasterCard International > > > Customer Service Center > > > > > > Your Original Message Was: > > > On Wed, 21 Jun 2000 customerservice@mastercard.com wrote: > > > > > > > We did not receive your entire message. Please resend it. > > > > > > > > Thank you, > > > > > > > > MasterCard International > > > > Customer Service > > > > > > > > > > > > Your Original Message Was: > > > > > > > > I have received an unsolicited message > > > > promoting a electronic version of a cash > > > > card from cardex.com, called an > > > > > > It appears that there is *another* thing wrong with your form. > > > > > > 1. Both buttons are labelled as "submit" buttons even though one is not > > > so those with text-only browsers can get very confused. > > > 2. It is impossible for lynx users to cut-and-paste in a form so text > > > from some other source can't be quoted. > > > 3. Lynx users can't enter more lines of text than there are on the form > > > nor easily proofread any line of text that's longer than the specified > > > form width. > > > > > > and now I find out that > > > > > > 4. not all of the text is properly submitted. > > > > > > Could I suggest that you get your webmaster to include an email address > > > on each page for enquiries? Adding the following line to the > > > ... section of all of your web pages would also allow lynx > > > user to send you a comment or query from *anywhere* in the page and would > > > allow them to quote the page being commented about: > > > > > > > > > > > > To avoid spam, you could encode it as: > > > > > > > > > > > > > > HREF="mailto:%20customerservice@masterca > > > rd.com"> > > > > > > which spammers' harvestors would fail to recognise as an address. > > > > > > > > > What I was trying to submit in the first place was (approximately, since> > > another disadvantage of a form is that the sender of a message can't > > > send a carbon copy to himself): > > > > > > I have received an unsolicited message promoting a electronic version > > > of a cash card from cardex.com, called an iCard. The spam and their > > > web site refers to the card as a "MasterCard iCard" but I could find > > > no reference to any sort of "virtual" cash card on your site. Also, > > > they claim that the virtual cash card can only be sent by email. > > > Since email can be very-easily intercepted and there is no > > > encryption, I feel that this is a highly insecure method of delivery. > > > Are they *really* affiliated with your and to what address of yours > > > can I report this? > > > > > > Either they are affiliated with you and are using unethical methods of > > > advertising and insecure methods of delivery or they are misrepresenting > > > themselves as being associated with you (in which case I suspect that your > > > lawyers would be interested). > > > > > > >From their web site: > > > > > > http://www.cardex.com/internetcard/faq.html > > > > > > ; Q. What is iCard? > > > ; > > > ; A. A CardEx iCard is a virtual prepaid debit card that is used to make > > > ; online purchases anywhere MasterCard is accepted. The iCard is > > > ; ordered, delivered, and redeemed online for convenience. The iCard is > > > ; available in denominations ranging from $25 to $250 and is > > > ; rechargeable for continued use. [118] Top > > > [snip] > > > ; Q. What if I don’t have an e-mail address for the person I’m > > > ; sending to? > > > ; > > > ; A. Because our iCards are delivered electronically, we do need a valid > > > ; e-mail address to send the card to. You can always order a CardEx > > > ; GiftCard, which is delivered to a physical address. To learn more > > > ; about the GiftCards, click here. [122] Top > > > [snip] > > > ; Q. What if I lose my card number? > > > ; > > > ; A. If you lose your MasterCard iCard number, you can contact our > > > ; Customer Service Department at [137] CS@cardex.com. Please indicate > > > ; that you have lost your card number. You will be required to provide > > > ; your user name, password and e-mail address. We will e-mail your card > > > ; number to you within 24 hours. [138] Top > > > [snip] > > > ; [170] [INLINE] [171] [INLINE] [172] Welcome to CardEx |[173] > > > ; MasterCard iCard[174] | [175] MasterCard GiftCards[176] | [177] > > > [snip] > > > > > > 173. http://www.cardex.com/internetcard/index.asp > > > 174. http://www.mycardex.com/ > > > 175. http://www.cardex.com/corporate_giftcards.html > > > > > > The spam was also sent with the recipients' addresses in the "To:" > > > field -- all 3479 of them (the previous record for any spam I received > > > was 2840 recipients in the "To:" header), > > > (a) accounting for the large size of the message and > > > (b) providing another source of pre-harvested addresses should one > > > or more of the recipients be other spammers. > > > A copy of the spam with full headers is currently available on my > > > web site should you wish to see it for yourself. I can't keep it> there > > indefinitely because it uses up a lot of my disk quota. You > > > can grab all 179247 bytes of it (yes, it was that large) at: > > > > > > http://www.chebucto.ns.ca/~af380/spam-cardex.txt > > > > > > Also a large number of the recipients were users at freenets and community > > > nets which I know provide exclusively text-only service with lynx (my ISP, > > > the Chebucto Community Net only recently phased in a new PPP service but > > > most of its users still have only text-only service) which can't access > > > https URLs necessary to place an order with Cardex even if the users > > > wanted to. > > > > > > This is clearly abuse on and of the Internet and, if the company is *not* > > > affiliated with you, is also fraud. Whether they are affiliated with you > > > or not, they are dragging *your* reputation down in the mud. > > > > > > Please take the appropriate steps to stop this abuse. > > > > > > If I don't hear from you within a reasonable time I will be forced to > > > assume that nothing was done. In that case, I will make the fact of this > > > spamming public knowledge. > > > > > > -- > > > Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html > > > af380@chebucto.ns.ca [=||=] (A Speech Friendly Site) > > > Q. Which is the greater problem in the world today, ignorance or apathy? > > > A. I don't know and I couldn't care less. > > > > ... and on Tue, 27 Jun 2000 customerservice@mastercard.com wrote: > > > > > From: customerservice@mastercard.com > > > To: "Norman L. DeForest" > > > Date: Tue, 27 Jun 2000 10:05:54 -0500 > > > Subject: Re:No reply to my query yet: "Is cardex.com affiliated with > > > Mastercard?" (fwd) > > > > > > > > > > > > Thank you for contacting MasterCard International. > > > > > > We too are concerned about the unusual amounts of unsolicited commercial > > e-mail > > > used by a handful companies that offer merchant account services. These > > ^^^^^ > > > companies are not affiliated with MasterCard International and most aren't > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > affiliated with our member banks, so we do not have the ability to > discourage > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > this practice. We suggest you contact the soliciting company directly about > > > their practices and ask them to remove you from their mailing list. > > > > > > Thanks for your comments. > > > > > > Best regards, > > > > > > MasterCard International > > > Customer Service Center > > > > > > Your Original Message Was: > > > Not only have you failed to provide me with a timely answer to my > > > questions, I see by the access statistics for my web site that you have > > > not even had a look at the evidence. > > > > > > If I have received no reply by Monday then I will have to assume that > > > either > > > > > > (a) the "MasterCard iCard" advertised in the spam I got was genuine and > > > you have no objections to people spamming with *huge* messages on > > > your behalf (three messages of that size would over-fill most users' > > > INBOXes here causing any subsequent wanted email to bounce) OR > > > > > > (b) the "MasterCard iCard" advertised in the spam I got was *not* genuine > > > and you have no concern for people being defrauded by someone else's > > > misuse of your name as long as you are not stick with the losses. > > > > > > In either case, I will be making the fact of the spam and your lack of > > > response public by posting the spam to a net-abuse newsgroup (with the > > > 3479 addresses removed and replaced with a count), making the spam > > > publically available to all (with the 3479 addresses removed and > > > replaced with a count or "xxx"ed-out replacements) on my web site, > > > and submitting it to a local newspaper. Just for your records, you > > > will also receive a copy of the original spam so you can see the > > > reason for my objections to it and why I am concerned about it being > > > connected with you. > > > > > > A copy of my original message is below. > > > > > > -- > > > Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html > > > af380@chebucto.ns.ca [=||=] (A Speech Friendly Site) > > > "I look at the roses through world colored glasses." > > > -- Ron Schwarz in news.admin.net-abuse.email > > > > > > ---------- Forwarded message ---------- > > [snip -- same message as quoted above in your earlier response] > > > > -- > > Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html > > af380@chebucto.ns.ca [=||=] (A Speech Friendly Site) > > "(To answer a previous question, I'm painting the inside of my killfile a > > pleasant lime & tangerine paisley)." -- Steve Atkins in n.a.n-a.e > > > > > > -- > Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html > af380@chebucto.ns.ca [=||=] (A Speech Friendly Site) > "(To answer a previous question, I'm painting the inside of my killfile a > pleasant lime & tangerine paisley)." -- Steve Atkins in n.a.n-a.e > > -- Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html af380@chebucto.ns.ca [=||=] (A Speech Friendly Site) "(To answer a previous question, I'm painting the inside of my killfile a pleasant lime & tangerine paisley)." -- Steve Atkins in n.a.n-a.e ........................................................................... AT THIS POINT, I QUIT BEATING MY HEAD AGAINST A STONE WALL and decided to just document this lack of concern about spamming affiliates on the part of MasterCard. ...........................................................................