Slashdot Mirror
Spammers Stoop To New Low
mathowie writes "I received an unsolicited spam this week from MonsterHut, extolling the virtues of their "products" which are "email marketing" (they're a spam cannon). After reporting it at Spamcop, I received an interesting email from their bandwidth host. It seems that before they could cancel MonsterHut's account for violating their terms of service, MonsterHut began suing them. The worst part? A judge granted MonsterHut a temporary restraining order, forcing Paetec to keep their site online while they continue spamming, before Paetec even knew about the suit. Paetec is collecting affadavits from people that received the spam, so if you did, fill one out. It may be their only chance against the court. How far will spammers go to get their word out? When's it going to stop?"
Oh, yes, they are big-time spammers, I've got some e-mail where they brag about it: Another successful marketing campaign brought to you buy: <a href="http://www.monsterhut.com" [snip] Judging from the address they sent it to, it comes from a web-harvest done about four years ago...
Employee of Inrupt, Project Release Manager and Community Manager for Solid
Think about the bigger picture for a second. What's happened is that a client of an ISP has forced the ISP to win in court before cutting off service.
We've seen lots of cases where service has been cut off for questionable reasons (hosting deCSS, hosting "slanderous" material, whatever) and the ISP's client has had _no_ recourse.
While I would wholeheartedly support the lynching of spammers, I also welcome any trend that forces ISPs to be accountable for disconnecting service. It's not right that my Internet access can be cut off because of unsubstantiated allegations made in a lawyer's letter to my ISP.
Rather than fighting to get these guys booted from their ISP, just enter their IP into the black-lists. If their outgoing mail is handled by the ISP, the ISP can set up a specific IP address as the source of the spam and the rest of the world can block it.
It is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail. - Abraham Maslow
Monsterhut Inc (NETBLK-PAET-RO-MONSTER-1)
1 Columbo Drive
Niagara Falls, NY 14305
US
Netname: PAET-RO-MONSTER-1
Netblock: 64.80.216.0 - 64.80.221.255
Coordinator:
Pelow, Todd (TP521-ARIN) tpelow@monsterhut.com
716-298-9797
now we need to go OSS in diesel cars
The operative word is precedent. If we let Monster off the hook, other spammers will take notice, and very soon it will no longer be just a "few" messages, but thousands of them. How would you feel if you had to pass an hour each morning sifting through your spam, fearing that you might miss an important message from your friends or coworkers? Today spam is not that bad, but if we don't react now, it may be that bad five years from now.
and they use faked headers:
Received: from smtp105.monsterhut.com ([12.105.4.105]) by <My ISP> with ESMTP id <Some id> for <My email address>; Mon, 23 Apr 2001 17:56:57 +0200 (MET DST)
Received: from _[15.51.190.3]_by (12.105.4.22:4221) by smtp105.monsterhut.com (LSMTP for Windows NT v1.1b) with SMTP id <2.00003F61@smtp105.monsterhut.com>; Tue, 24 Apr 2001 01:02:51 -0700
Received: from [131.105.201.168] by _[15.51.190.3]_by with SMTP id A40C47E11 Mon, 23 Apr 2001 11:49:51 PDT
Date: Mon, 23 Apr 2001 12:07:08 +0000
Subject: Send someone a special gift from Proflowers.com
Remark the "_[15.51.190.3]_by" on the second 'Received' line, this is an attempt to make you believe that 12.105.4.22 was not the original sender but just a relay for the faked adress 15.51.190.3
The third 'Received' line is completely faked.
My ISP has stated in its AUP that the use of faked headers in email or usenet postings is a sufficient reason for immediate termination of an account.
I bet they'd love our opinions :)
716-298-9797
MonsterHut (aka Beaverhome) has been a well-known spamhaus for at least a couple of years. For further information regarding this rotten outfit, take a look at this link on The Spamhaus Project's ROKSO database. Lots of good history there. Or simply search DejaGoogle on Beaverhome or Monsterhut.
Rich
Some addresses Monster Hut sent to were only used as points of contact for domains with NetSol.
There is no way they could have opted in anywhere since these addresses aren't used for anything other than domain contact.
If one of those people got an unsolicited email, then it's spam, against terms of service, and reasons for terminating the contract.
Monster Hut got that 2% complaint figure thrown in hoping it would save them from getting cut off for spamming, knowing there's no way to get 120,000 separate provable complaints.
But they forgot that that's complaints on truly opted-in spam -- and they should have to prove the opt-in status. They can't -- they're toast.
You don't have any "right" not to be cut off by your ISP. They don't have any "right" to cut you off. Let's quit talking about rights here. What the two of you have is a BUSINESS CONTRACT. If they want to cut you off, and it says in your contract that they can't, then the only "right" you have is to sue them. There is no unalienable RIGHT to provide or have provided Net access. It's a business agreement, and it should be handled that way.
PaeTec sold the service because, well, that's what they do. PaeTec's T&C's explicitly prohibit spamming (defined in the contract as unsolicited e-mail) and MonsterHut represented that they only send targeted e-mail to addresses that have opted in. Using PaeTec's definition, not spam.
Where PaeTec blew it is by allowing an addendum to the contract that essentially allows 2% of MonsterHut's mail to be spam. MonsterHut contracted the addendum to cover the case of what they claim are people who opted in and then forgot or who've just got an axe to grind. Furthermore, the 2% means that 2% of all recipients have to complain.
MonsterHut has sent 96 million e-mails. That means just under two million people have to complain before reaching the 2% threshold. Oops.
So the basic lesson learned here is: Don't allow stupid addendums to service contracts. Or, don't do things based on a percentage of volume.
In this particular case, it would seem (believe it or not) that if MonsterHut were found in violation of the 2% rule, an acceptable remedy would be to send out more spam on the bet that fewer than 2% would complain about the new round of mail. Relief through dilution.
(Consider the nuclear power industry. In the early days, dumping of radioactive material was legally limited to some number of microcuries per milliliter. Got something to dump that's too hot? Just add water. There's a radioactive stream in Windsor, CT. as result. These days disposal is limited by total microcuries. )
Another way of identifying spam is looking for keywords and phrases. Each match raises the likelyhood that it's spam. A product has been built for this too, although I forget it's name. Supposed to work fairly well.
I personally use the RSS, DUL, soon the RBL, and a very very long access list of known spammers.
Go read the transcript. The ISP claims the right to terminate service with no notice, but allows 30 days to cure a breach of contract, but promises not to terminate service simply because of complaints where a user opted in but forgot. Problem is that they have affadavits from people who didn't opt in, but got the email anyway. Monsterhut is trying to assert that users opt to receive email related to their internet service simply by listing an address in whois. Monster is also trying to assert a lot of nonsense that the judge isn't putting up with.
-russ
Don't piss off The Angry Economist
In this case, it appears Paetecs original contract was vague about the 'bulk' that constituted spam; the addendum on 2% was unclear; and their termination letter was not consistent with the terms of the contract on the 30 day cure provision. Paetec did not cross its 'T's on this.
You can be sure that the AOL handling of TOSing people is a -lot- more tightly done. ISPs who deal with "bulk emailers" need to be airtight too.
-dB
"It if was easy to do, we'd find someone cheaper than you to do it."
Because it's not just "a few messages." Just now, I checked my mailbox, and it had about 30 messages in it since the last time I checked it (last night). Of those, maybe one or two were legitimate e-mails (routine messages that I could delete right away). Of the rest, about half were spam, and the other half were double-bounce error messages from the Electric Minds mail server--spam that someone tried to send to minds.com email addresses, that the server tried to bounce but failed for one reason or another (usually because the return address does not exist, or the machine would not handle the incoming SMTP connection properly), and hence that get passed to me.
When I get double-bounces back, I usually "blackhole" the address that the spam was sent to (i.e. set up that address as an alias to /dev/null). Occasionally, though, some companies will "carpet-bomb" the minds.com server with spam for random numerical addresses (like "00000001@minds.com"), and I have to blackhole an entire "from" domain (or range of "from" domains, as with the fscking bastards at edirectnetwork.net and opt-in-net.net). This is a royal pain to deal with on a daily basis, despite the fact that I use qmail as my mail server, which makes it easier to perform these operations.
That's why, whenever I hear someone say "I don't know why you guys hate 'spam' so much," I want to reach for my LART.
Eric
Be who you are...and be it in style!
This is a temporary restraining order. THe very nature of these is that you get one at the time of filing to protect the status quo. A time for a preliminary injunction hearing is set, typically within ten days, which is the first time that evidence from both sides will be heard. There is *nothing* sneaking about getting the TRO before the other side heres of the suit; you serve them both at the same time.
While the standard of evidence to get the TRO is pretty much "file an affadavit,", to get the preliminary injunction you must show a likelihood of winningat trial and that you will be irreparably harmed. If the other side shows you perjured yourself in the TRO affadavit, you tend not to get it (Judges *hate* perjury. They were the group most angry at Clinton).
hawk, wsq.