Slashdot Mirror
Spammers Stoop To New Low
mathowie writes "I received an unsolicited spam this week from MonsterHut, extolling the virtues of their "products" which are "email marketing" (they're a spam cannon). After reporting it at Spamcop, I received an interesting email from their bandwidth host. It seems that before they could cancel MonsterHut's account for violating their terms of service, MonsterHut began suing them. The worst part? A judge granted MonsterHut a temporary restraining order, forcing Paetec to keep their site online while they continue spamming, before Paetec even knew about the suit. Paetec is collecting affadavits from people that received the spam, so if you did, fill one out. It may be their only chance against the court. How far will spammers go to get their word out? When's it going to stop?"
%gv tro.pdf
No one said you have to use an Adobe product to view the output of one.
--
#nohup cat
Oh, yes, they are big-time spammers, I've got some e-mail where they brag about it: Another successful marketing campaign brought to you buy: <a href="http://www.monsterhut.com" [snip] Judging from the address they sent it to, it comes from a web-harvest done about four years ago...
Employee of Inrupt, Project Release Manager and Community Manager for Solid
Think about the bigger picture for a second. What's happened is that a client of an ISP has forced the ISP to win in court before cutting off service.
We've seen lots of cases where service has been cut off for questionable reasons (hosting deCSS, hosting "slanderous" material, whatever) and the ISP's client has had _no_ recourse.
While I would wholeheartedly support the lynching of spammers, I also welcome any trend that forces ISPs to be accountable for disconnecting service. It's not right that my Internet access can be cut off because of unsubstantiated allegations made in a lawyer's letter to my ISP.
Rather than fighting to get these guys booted from their ISP, just enter their IP into the black-lists. If their outgoing mail is handled by the ISP, the ISP can set up a specific IP address as the source of the spam and the rest of the world can block it.
It is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail. - Abraham Maslow
Monsterhut Inc (NETBLK-PAET-RO-MONSTER-1)
1 Columbo Drive
Niagara Falls, NY 14305
US
Netname: PAET-RO-MONSTER-1
Netblock: 64.80.216.0 - 64.80.221.255
Coordinator:
Pelow, Todd (TP521-ARIN) tpelow@monsterhut.com
716-298-9797
now we need to go OSS in diesel cars
The operative word is precedent. If we let Monster off the hook, other spammers will take notice, and very soon it will no longer be just a "few" messages, but thousands of them. How would you feel if you had to pass an hour each morning sifting through your spam, fearing that you might miss an important message from your friends or coworkers? Today spam is not that bad, but if we don't react now, it may be that bad five years from now.
and they use faked headers:
Received: from smtp105.monsterhut.com ([12.105.4.105]) by <My ISP> with ESMTP id <Some id> for <My email address>; Mon, 23 Apr 2001 17:56:57 +0200 (MET DST)
Received: from _[15.51.190.3]_by (12.105.4.22:4221) by smtp105.monsterhut.com (LSMTP for Windows NT v1.1b) with SMTP id <2.00003F61@smtp105.monsterhut.com>; Tue, 24 Apr 2001 01:02:51 -0700
Received: from [131.105.201.168] by _[15.51.190.3]_by with SMTP id A40C47E11 Mon, 23 Apr 2001 11:49:51 PDT
Date: Mon, 23 Apr 2001 12:07:08 +0000
Subject: Send someone a special gift from Proflowers.com
Remark the "_[15.51.190.3]_by" on the second 'Received' line, this is an attempt to make you believe that 12.105.4.22 was not the original sender but just a relay for the faked adress 15.51.190.3
The third 'Received' line is completely faked.
My ISP has stated in its AUP that the use of faked headers in email or usenet postings is a sufficient reason for immediate termination of an account.
I bet they'd love our opinions :)
716-298-9797
Because most of the spam I get is pornospam. And not light playboy.com stuff, but sick nasty shit.
My whole family uses the net+email and having that stuff appear in the inbox (with html, images) is not acceptable.
MonsterHut (aka Beaverhome) has been a well-known spamhaus for at least a couple of years. For further information regarding this rotten outfit, take a look at this link on The Spamhaus Project's ROKSO database. Lots of good history there. Or simply search DejaGoogle on Beaverhome or Monsterhut.
Rich
Some addresses Monster Hut sent to were only used as points of contact for domains with NetSol.
There is no way they could have opted in anywhere since these addresses aren't used for anything other than domain contact.
If one of those people got an unsolicited email, then it's spam, against terms of service, and reasons for terminating the contract.
Monster Hut got that 2% complaint figure thrown in hoping it would save them from getting cut off for spamming, knowing there's no way to get 120,000 separate provable complaints.
But they forgot that that's complaints on truly opted-in spam -- and they should have to prove the opt-in status. They can't -- they're toast.
One solution is to cut MonsterHut off at the bank teller. On their web site is a very prominent animated ad for Hertz rental cars. Fire off a letter to Hertz stating that as long as they use a company that engages in mass email campaigns you will never rent a rental car from Hertz.
However, it seems to me that MonsterHut would very much like to be legitimate; it's not like the Nigerian Money Scam spam I received yesterday has a sophisticated web site associated with it. Maybe someone should try removing themselves from the MonsterHut list and see if they're the single legit mass emailer in 15 years of email.
You don't have any "right" not to be cut off by your ISP. They don't have any "right" to cut you off. Let's quit talking about rights here. What the two of you have is a BUSINESS CONTRACT. If they want to cut you off, and it says in your contract that they can't, then the only "right" you have is to sue them. There is no unalienable RIGHT to provide or have provided Net access. It's a business agreement, and it should be handled that way.
PaeTec sold the service because, well, that's what they do. PaeTec's T&C's explicitly prohibit spamming (defined in the contract as unsolicited e-mail) and MonsterHut represented that they only send targeted e-mail to addresses that have opted in. Using PaeTec's definition, not spam.
Where PaeTec blew it is by allowing an addendum to the contract that essentially allows 2% of MonsterHut's mail to be spam. MonsterHut contracted the addendum to cover the case of what they claim are people who opted in and then forgot or who've just got an axe to grind. Furthermore, the 2% means that 2% of all recipients have to complain.
MonsterHut has sent 96 million e-mails. That means just under two million people have to complain before reaching the 2% threshold. Oops.
So the basic lesson learned here is: Don't allow stupid addendums to service contracts. Or, don't do things based on a percentage of volume.
In this particular case, it would seem (believe it or not) that if MonsterHut were found in violation of the 2% rule, an acceptable remedy would be to send out more spam on the bet that fewer than 2% would complain about the new round of mail. Relief through dilution.
(Consider the nuclear power industry. In the early days, dumping of radioactive material was legally limited to some number of microcuries per milliliter. Got something to dump that's too hot? Just add water. There's a radioactive stream in Windsor, CT. as result. These days disposal is limited by total microcuries. )
On Freebsd-security they got this spam from ptc.com. Not often you get spam with an 1-888-782-3776 number, from a computer software company filled with technical people who should know better.
It is not often the Spam marketing company Aprimo has the VP of sales:
"Before Aprimo? Marketing, we faced challenges in arranging our executive conferences and product seminars because we had disparate databases and inconsistent lead and project management systems. We now have a targeted audience that we go after with an integrated marketing program. We anticipate that the new marketing management system will be responsible for an increase in sales from the executive conferences and product seminars this year."
-John D. Stuart
Senior VP Worldwide Field Marketing
PTC
I just spent 4 rounds with PTC.com, makers of Pro E.
The worldwide Vice President of marketing John Stuart:
1) Does not know what spam is
2) feels the advertising campaign goal is to contact as many people as possible.
The head of sales, Dan:
1) Does not know what spam is, and even AFTER given a definition.
2) Thinks that spam works, because, well, I called, didn't I?
3) Spam does not cost anyone any money.
4) FreeBSD must have a marketing partnership with PTC.
Does calling 1-888-782-3776 and letting know that SPAM is bad work?
Lets say I'm using my wireless Palm with the bacis service. After about 50 messages, each one starts costing $.20 per k. So each spam message costs me $.20 per k.
Luckily this address has not slipped out yet, but considering my other 'spam' address gets on average 100 messages a day. 95% "opt in" ( intentional or not ), 5% totally unsolicited, ( I don't recall ever having a need for Miss Cleo, nor Sex related products and services ). And not to mention all thos "contests" I have won, but never entered.
If you want to hurt MonsterHut, have tens of thousands of slashdotters email all of their clients (Hertz, Beaverhome, GrandPrixOnline, etc) and let them know you are boycotting their services because they are doing business with a known spammer, and you don't approve. Also send MonsterHut an email letting them know you are doing it. For that matter, send about 1,000,000 of them a day to MonsterHut (fire with fire...).
Smart enough to be rich?
Another way of identifying spam is looking for keywords and phrases. Each match raises the likelyhood that it's spam. A product has been built for this too, although I forget it's name. Supposed to work fairly well.
I personally use the RSS, DUL, soon the RBL, and a very very long access list of known spammers.
ie, they bought email addresses, spammed them, and basically admitted to PaeTec that this is their business.
Continue reading, please.
The Hardt affidavit ALSO says that the "externally generated targetted lists" are all opt-in.
I am on one of those lists. I have never opted-in to ANYTHING.
Go read the transcript. The ISP claims the right to terminate service with no notice, but allows 30 days to cure a breach of contract, but promises not to terminate service simply because of complaints where a user opted in but forgot. Problem is that they have affadavits from people who didn't opt in, but got the email anyway. Monsterhut is trying to assert that users opt to receive email related to their internet service simply by listing an address in whois. Monster is also trying to assert a lot of nonsense that the judge isn't putting up with.
-russ
Don't piss off The Angry Economist
How many of you have actually read any of the pdf files? Hemos, you should have at least. The suit was not brought about due primarily to spamming (although it is mentioned in the case), but due to a conflict over the lines to be installed for the company's bandwidth. Basically, they are arguing they were given the runaround first, the spamming concerns coming later. If there is evidence of them spammin, I would whole-heartedly agree to cutting their access, but I don't agree that they should have been given the ole bait-and-switch on their original bandwidth agreement.
"Every man is a mob, a chain gang of idiots." - Jonathan Nolan, Memento Mori
In this case, it appears Paetecs original contract was vague about the 'bulk' that constituted spam; the addendum on 2% was unclear; and their termination letter was not consistent with the terms of the contract on the 30 day cure provision. Paetec did not cross its 'T's on this.
You can be sure that the AOL handling of TOSing people is a -lot- more tightly done. ISPs who deal with "bulk emailers" need to be airtight too.
-dB
"It if was easy to do, we'd find someone cheaper than you to do it."
Because it's not just "a few messages." Just now, I checked my mailbox, and it had about 30 messages in it since the last time I checked it (last night). Of those, maybe one or two were legitimate e-mails (routine messages that I could delete right away). Of the rest, about half were spam, and the other half were double-bounce error messages from the Electric Minds mail server--spam that someone tried to send to minds.com email addresses, that the server tried to bounce but failed for one reason or another (usually because the return address does not exist, or the machine would not handle the incoming SMTP connection properly), and hence that get passed to me.
When I get double-bounces back, I usually "blackhole" the address that the spam was sent to (i.e. set up that address as an alias to /dev/null). Occasionally, though, some companies will "carpet-bomb" the minds.com server with spam for random numerical addresses (like "00000001@minds.com"), and I have to blackhole an entire "from" domain (or range of "from" domains, as with the fscking bastards at edirectnetwork.net and opt-in-net.net). This is a royal pain to deal with on a daily basis, despite the fact that I use qmail as my mail server, which makes it easier to perform these operations.
That's why, whenever I hear someone say "I don't know why you guys hate 'spam' so much," I want to reach for my LART.
Eric
Be who you are...and be it in style!
This is a temporary restraining order. THe very nature of these is that you get one at the time of filing to protect the status quo. A time for a preliminary injunction hearing is set, typically within ten days, which is the first time that evidence from both sides will be heard. There is *nothing* sneaking about getting the TRO before the other side heres of the suit; you serve them both at the same time.
While the standard of evidence to get the TRO is pretty much "file an affadavit,", to get the preliminary injunction you must show a likelihood of winningat trial and that you will be irreparably harmed. If the other side shows you perjured yourself in the TRO affadavit, you tend not to get it (Judges *hate* perjury. They were the group most angry at Clinton).
hawk, wsq.
We had a similar situation about 2 years ago with the company I work for (ISP). We found the loophole that we did not guaantee delivery of e-mail through the system. We simply routed all port 110 and 25 traffic for their IP ranges to the bit bucket. They opted to drop suit and leave our services. A good "I'm sorry we can't seem to locate the problem" can come in handy.
:-)