Slashdot Mirror
Spammers Stoop To New Low
mathowie writes "I received an unsolicited spam this week from MonsterHut, extolling the virtues of their "products" which are "email marketing" (they're a spam cannon). After reporting it at Spamcop, I received an interesting email from their bandwidth host. It seems that before they could cancel MonsterHut's account for violating their terms of service, MonsterHut began suing them. The worst part? A judge granted MonsterHut a temporary restraining order, forcing Paetec to keep their site online while they continue spamming, before Paetec even knew about the suit. Paetec is collecting affadavits from people that received the spam, so if you did, fill one out. It may be their only chance against the court. How far will spammers go to get their word out? When's it going to stop?"
(The most annoying thing is that the judge who made the decision probably doesn't even have an e-mail account.)
Is it not possible to counter-sue, and get a restraining order on MonsterHut's system?
According to the affidavid filled by the plantiff, they were not involved in sending unsolicited email, and thus not violating any terms of use. If you possibly opted in through some other company then maybe it isn't technically spam? (according to the TOS)
The point I'm trying to make is I can understand why the court wants to show some restraint before allowing an ISP to cut a firm's internet access. What would be the consequences if they cut the pipes and then sorted it out? Monster Hut could be deprived alot of revenue!
I'm not trying to defend Monster Hut as they could very well be guilty. I just think that we should be pleased with the Judge's injunction until this gets litigated.
Since spam is getting more and more of a problem, I've decided to release my partial solution (content based spam filtering). :( ).
t ar.bz2
It currently kills about 70% of the spam I receive (still leaving about 20 messages per day in my normal mailbox
ftp://ftp.bero.org/pub/experimental/NoSpam-0.0.1.
And yes, it kills spam from monsterhut.com.
This message is provided under the terms outlined at http://www.bero.org/terms.html
Some interesting points so far...
The biggest part of the case is whether this was actually a case of unsolicited email or not. The Defendant has stated that they believed Monsterhut was an opt-in advertising service when, in fact, they buy their lists externally with the apparent assumption that these are genuine opt-in customers.
The Plaintiff has pointed to a provision in the contract that allows for a 2% complaint rate to avoid immediate termination of their contract. First, whoever agreed to this for the ISP should be shot considering the sheer amount of traffic Monsterhut can throw out and the number of spam messages that 2% allows for (the Plaintiff even mentions a number over 6 million outgoing messages to date, if I remember right). Apparently, this provision exists to protect Monsterhut from users who opt-in but later forget (or change their minds). When the ISP receives complaints, they are to forward them to Monsterhut who will verify the address, validity of the complaint, and apparently make the appropriate changes to their database. Makes you warm and fuzzy to know your complaints are, in fact, going directly to the spammer.
An interesting side effect to all this is the ability to verify individuals. Quite a lot of attention is paid to whether the individuals could be identified according to their email addresses and the fact that SpamCop removes this information. It seems this comes in to play during the complaint / remediation process. But it is even more important when dealing with the court. The Defense pointed out that the Plaintiff had ample opportunity to subpoena SpamCop for identifying information, but failed to do so.
One final interesting tidbit... the Judge wanted to define the difference the Defense saw between a case of one of the 2% mistaken users and a "true spam" case. The Defense began to talk about harvested email accounts that are not user email accounts, such as those used for contacts in Network Solution's whois database. The Plaintiff apparently perks up on this, grabs the ball, and attempts to run. It appears that Monsterhut does "use Network Solutions" to identify businesses offering services that could be marketed by Monsterhut. Since they only send mail out to, say, 5 "targeted" customers... why... this isn't the kind of mass emailings that we're all talking about. Not spam at all. Nosir.
That's right, I pay for it. Not only that, when it gets cut off unexpectedly I can suffer real losses. Of course the ISP can impose terms of service that the subscriber has to agree to. But if you're going to cut off the service you'd better be sure that the terms of service have really been violated.
The real problem is that Internet access is becoming an "essential" service like telephone service or electricity, but it's still being treated like a luxury. If you abuse your phone service then it can be cut off, but it's not something that's done lightly and certainly not because of an e-mail or simple lawyer's letter. Internet access should be the same.
It is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail. - Abraham Maslow
Im not supporting spam in any way, but if the goal is to reduce spam, maybe the way to go is to legalise it and regulate it?
Suppose its legal to send commercial offerings to people by email, lets say we add a tax of 1 cent per email. Tax would go towards enforcing the law.
The tax would make it unattractive to send to just any email address there is. They'd do more targetted stuff and use more opt-in lists, simply cuz they would be paying for it. They dont pay now, so why would they care that their spam hits half a million burmese farmers whose english is limited to "fack joo".
You wouldnt need any new laws to cover spam specifically either, it'd simply become tax evasion and you'd be invaded by the IRS (in the states atleast) if you did anything naughty.
Ofcourse, it wouldnt completely stop spam, but do you think anything could?
/proton
As i am Sysadmin an an ISP i get confronted with requests from our "law division" to shut down e-mail accounts from people accused to "spam" certain sites. most time i try to find out what user it is, get his phone number (my ISP is also the largest cell phone provider here - quite good, we have lots of user data) and give him a call. if he doesn't stop spamming i call again - and i shut down his account. unfortunately this only works with provate persons and not with companys. here in austria, to shutdown a account of a company that is accused of spamming, you have to log every mail they send for about half a year (after getting a search warrant from a judge of course). good thing: if they can't explain you about 70% of mails, they are out. bad thing: most times they can explain, and in some cases, 30% of mail traffic they can't explain is enough to spam a whole lot of people.
".Sig Stealer" was here
Is the definition of "spam" as specified in the AUP as shown in this document http://litigation.paetec.net/ptmol.pdf
According to the defense affidavit, "Spamming is the distribution of unsolicited commercial e-mail in bulk"
What constitutes "bulk" email from regular email? They do not define "bulk email" as being 10 messages or 10,000 messages, and this gives the spammer a technicality to argue before the court or a tool to delay the process.
Conformity is the jailer of freedom and enemy of growth. -JFK
look at all the junk snail mail you get every day, do you think that's going away any time soon?
My standard reply seems to work well. You could also try to look at some consumer groups, they have good advice on this.
'I will inform all my friends and their dog about your harassive and misleading marketing' (which I actually never do, griping about junk mail is boring) ... 'I hereby forbid you to send
me any mail in the future. I am not interested
in you products and never will' ... 'Legal actions may follow' (Some companies sending junk mail do not have large legal depts, so I try to scare them).
For the junk mail send to me by without an address, I have a 'No junk mail here, please' sticker on my mailbox. And if I get some, I call the local post office. The amount of junk mail I receive has diminished by about 75% in two years. Some of my neighbours have started imitating me, as they are getting sick of junk mail.
As absurd as spam seems, it works.
Sometimes spam is counter-productive.
The spam I get is mostly 'harvested' from the company website. Most of the spam we get is 'evaluate our new (MS-Win) software'. The department I work in has about 40 Linuxes, 5 Sun and 3 Mac workstations and 2 Windows machines for the secretaries. So, we do not use Windows software expect the Office package that the secretaries use. This is also clearly stated in our website.
The company spam policy is:
1. Sending spam is strictly forbidden. (This applies also to the marketroids, not only R/D where I work). Spamming would lead to suspending of e-mail account (or the employee, depending on how bad it was).
2. Any spam received should immediately be reported (forwardedto ). A 'legal actions may follow' reply describing our spam policy is sent to the spammer, his/her boss and the webmaster/sysadmin of the spam-sending company. In a few days, the spammer is added to a corporate blacklist for some period of time (something like 3 months). The spam-sending company is also informed on our policy. Anyone on the blacklist will have the following treatment: Any mail sent to our employees from their addresses is dumped automatically. No business will be made with anyone on the blacklist. Repeated spamming results in that we contact the ISP and CEO of the company sending spam, and ask them to stop the harassment.
Some of our departments are Win-only, so the blacklist policy is actually hurting spammers. An their bosses are infomed on that.
A question to the real lawyers that read Slashdot (paging Dr. Hawk....)
/. that some ISPs try this, but find it difficult to follow through because the spammer just disputes the credit card charge, and the ISP gets in trouble with the credit card company. However, this seems to me to be a deliberate, premeditated violation of a contract on the part of the spammer, and an act of criminal fraud. Especially if the ISP makes the fine large enough, wouldn't that be felony fraud?
Paetec has a clear statement in their terms of service that prohibts the use of their service in the furthurance of spam. MonsterHut agreed to that TOS as part of their contract, with the obvious intent of violating that TOS. Does not that mean they entered into the contract in bad faith? Does not that mean that MonsterHut committed a tort of fraud? Does not that mean Paetec can bring countersuit?
I have been a long time advocate of ISPs, "free" e-mail services and "free" web hosting sites adding lines to the contracts stating spam is verboten, and then bringing fraud (charges|civil suit) against spammers. I've read on
OK, so it was several questions. And I know, that any practicing lawyer no more wishes to give out free advice than I wish to give out free computer service, but.... How about a little non-binding, pro bono, off the cuff, YMMV opinion?
www.eFax.com are spammers
This may already exist, and if so, please point me to it.
First, I use the SpamBouncer procmail scripts, so I actually don't see that much spam any longer. But SpamBouncer is just a set of pretty good heuristics for scoring mail, and sometimes it is a little over or under-zealous.
Second, I use mutt and it has a keystroke ('S') aliased to move a mail to the =spam folder and delete it from the current folder.
What if hitting 'S' (or pressing the hypothetical "Spam" icon in the Outlook toolbar) went so far as to make a MD5 checksum of the alleged spam and send a packet with that checksum off to a centralized server. The server then keeps a database of each checksum and increments a counter associated with that piece of alleged spam.
Now, when the procmail scripts see incoming mail they can request the value for that checksum from the server. Depending on user configuration, a certain threshold (100, 1000, 10000?) must be reached before agreeing that it spam and proactively moving it.
Upsides to this system: if widely used as directed it would be extremely effective at blocking spam. Relatively private (because you are sending checksums not the actual mail).
Downsides to this system: Someone could vote multiple times to make an email appear to be spam (you could have a second packet that decrements the counter as well that people could use on their "spam" folder, or less effectively, you could restrict it to one vote per IP). There is a central server (you could mitigate this by having hierarchical servers that communicate and synchronize with their parent and children in batches). Plus the first 'n' people still have to see the spam.
Yes, this is a lot of overhead to deal with the intelligent filtering of spam. But if we can reduce the efficacy of sending spam to negligible conversion ratios, then there will no longer be an economic incentive to send spam.
Now, I go check Monsterhut, and see that BeaverHome is proudly presented on the home page as a MonsterHut spamming customer!
A preliminary injunction was ordered to prevent one party in the dispute (the ISP) from withholding services essential to the business of the other party (the Spammer) until it can be determined on the balance of probabilities whether or not MonsterHut did in fact violate Paetec's Terms of Service.
It's perhaps analogous to saying that the State cannot execute a man until after he's been tried and convicted. In other words, MonsterHut deserves due process of law. I mean, when someone is arrested for capital murder we know he won't be executed prior to his trial... some people would like to say: "Since when can't a Government execute its citizens for violating its rules!" But, then, we have a name for those people, don't we? ;)
I'd hate to see people attack the fact that Paetec was enjoined from terminating MonsterHut's service because MonsterHut is a spam cannon... the injunction is a good thing insofar as justice is concerned. It does not prevent MonsterHut from ever being shut down.
However, precedents like these can help to protect you when, oh I don't know, the largest media content production and media distribution network in the world wants to shut you down for having unpopular opinions.
BRx.
Life after capitalism? The participatory economics project
First of all, the main bandwidth hit here is not on your individual machine, but on the sender's network. Thousands, or tens or hundreds of thousands, of emails a day degrades the performance of the network.
Second of all, think of your European friends, most of whom pay by the minute for email connections. Do really want to pay anywhere from a few pfennigs to a couple of marks a day for something you didn't ask for, don't want, and probably won't even read?
It's no big deal for me, moneywise, but it still pisses me off, especially when most of the spammers obfuscate their email address (which is illegal in only one state so far, I think), and when I get the same fucking email three times in a row (a 38 year old guy who weighed 264 lbs, then a 38 year old woman who weighed 264 lbs, then I got bored.) And it would be a big deal for me if I was a)paying by the minute, b)as active as I used to be on usenet and mailing lists, which function as reservoirs of email addys for spammers.
A better method would be to have spammers pay for their bandwidth and adopt an advertising convetion like putting ADV in the subject line.
This would kill the problem in two easy steps:
1. ISPs won't have pass the cost of mega-bandwidth waste to their customers because they'll be billing the spammers directly.
2. Users can make rules to put spam in either the proper folder or just delete it. Spam without an ADV gets reported to the authorities. With all these newly trained cyber-cops they'll appreciate the work of tracking down spammers.
As spam prices increase because of real cost billing "scam spam" will disappear because only legitimite businesses will be able to afford mass mailings. Instead of getting credit fixing ads you'll get coupons from Target. They're going to have to make you want to open those emails, especially for those who have them going into a bulk mail folder.
Sign the petition to get Disney to release Hayao Miyazaki's anime in the US.
I would think there is a big difference between free speech as in "publishing something on a web site for interested parties to download" and free speech as in "forcing something into someone else's mailbox".
If I sit in front of my house on the porch on a sunday afternoon and you come over for a discussion, that's your choice (even if you disagree with my opinion). That is free speech.
If I come to your house and start yelling my rants while it's obvious you do not want that, that's not free speech. That would be molesting you, I would guess.
Idempotent operation: Like MS software, wether you run it once or often, that doesn't make it any better.
Sadly you're right. Large companies with extensive legal resources can do pretty much whatever they want to indvidual clients. It's only when the victim has some money that things start to get interesting.
Anyway, I didn't dispute that. I'm just saying that there should be some recourse. Companies might be more careful about breaking contracts if they risked large punitive damages.
Finland has an interesting system regarding traffic fines. They're based on your salary, so if you're a billionare you still have to worry about getting caught speeding - the fine could be in the hundreds of millions of dollars. It makes a lot of sense.
The same kind of system should apply in these situations. If AT&T costs me a years wages by cutting off my connection (say I'm a consultant who works from home) then they should be liable for a year's worth of their revenue. Then they would have to think seriously before breaking their contracts.
It is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail. - Abraham Maslow
You say that they have a right to free speech.
What about my right to not have to listen?
And if all this spam was good and ethical, why are they forging From: addresses and using the "reply to this to be removed from our list" addresses to harvest more emails? It's not.
Look, people, as has been stated before, if we don't find a solution to stop spam, email will become useless as a form of communication. And what, YOU all want to use M$ Messenger Service or AIM?
Why do they have to be so concerned about cutting the pipe ? Under the DMCA they require ISPs to pull your plug as soon as the potentially illegal activety is reported, right ?
Seems like a double standard to me. Anyone else ?
you think it's easy, but you're wrong...
I have actually missed legitimate messages that were important because they were lost amist the noise of spams. There is absolutely no question in my mind that effective as soon as possible: All spam (even "opt-in" spam) must contain a header that cannot be modified (perhaps two): "Opt-in advertisement", "Advertisement". Under no conditions may the sender modify this. This should literally be a UN convention that countries sign onto (just like the various other international laws). If Bulevia decides that they don't need to follow it to get the token spammer taxes, they should be cut of/filtered from international pipes. It is bad enough to get sent unsolicited advertisements, but when the senders intentionally mask the subject to pretend that it's a reply, something else, etc. that is criminal in my mind: They're wasting my time. Additionally all spammers must check and obey a universal opt-out list: Not 10,000,000 different lists that ebb and flow to make it convoluted to get yourself off their list.
It is a sad state when everyone has to hide their email addresses because of these scumbags.
Re: Finland
That would provide a huge incentive for the police to hunt down any exotic sports car like a Ferrari. Imagine what would happen if Bill Gates was caught going 67 in a 65 mph zone! That ticket will be $2 million, sir. That really does not make sense - the infraction does not fit the penalty.
On page 33 of the transcript Monsterhut's lawyer admits that if one opts-in for "more information on sports" that one's address becomes part of the "common source of addresses that people can barter by exchange". So, asking for targeted information gets you put in a general opt-in for everything under the sun. I am surprised that nobody asked Mosterhut for the database that says that the people looking for "marrage enhancers" opted-in for that target!
;-)
Sports mail, in the example given, might be ok, but last time I checked marrage isn't a recognized sport (I could be wrong
One idea that I have for a spam law would be that the opt-in source and date must be included in the header of commercial bulk mail, and that the spammer must have on file auditable opt-in records that expire after one year. This way if you opted-in and forgot, or are no longer interested, the record would time-out and be removed. If it wasn't, you could then have recouse to sue/prosecute etc. Set some small number of identical/similar messages without this info to allow for legitimate sales contacts, but if the info wasn't included in the headers, organizations such as SpamCop could seek procecution upon collecting some similarly small number of complaints.
This would permit limited, targeted, legitimate mailings while outlawing the ones that comprise the majority of what winds up in my mailbox.
McFly777
- - -
"What do people mean when they say the computer went down on them?" -Marilyn Pittman
Disclaimer: I admin a qmail box, so unless you have qmail as your mail server, this probably won't work. (But you really should get it, because it rocks big time, even if you can't stand DJB)
.qmail file (which directs how mail is delivered):
/usr/local/bin/iftocc /dev/null' /bin/sed "s/^S[Uu][Bb][Jj][Ee][Cc][Tt]:/Subject: THISISSPAM ($SENDER) /" | qmail-inject -a username-safe@mydomain.com
/dev/null, but this way I can adjust my bccexempt filter if I need to, because it also lists the FROM address in the subject if it's marked as spam. I just have my email reader filter for THISISSPAM in the subject line, and if it finds it, it marks it as read and dumps it into a separate folder away from my Inbox where I don't have to look at it, or even know it's there. Once every 2 or 3 weeks, I quickly browse through the list of spam addresses, and if I find any legitimate emails, I add the sender to my bccexempt list so the mail will be delivered into my Inbox.
.qmail-safe file to handle the forwards where the legit email really gets sent to, and I have that dump into ./Maildir/ to deliver normally.
You will need to have DJB's mess822 package installed as well. That said, I put these lines in my
|condredirect username-safe@mydomain.com
|condredirect username-safe@mydomain.net sh -c 'echo $SENDER | grep -f bccexempt >
|/var/qmail/bin/preline -df
Line 1: Delivers any email where my address is in the To: or Cc: lines, and exits. Otherwise, it falls through to...
Line 2: Delivers any email where my address is in the Bcc: line, PROVIDED that the FROM address is listed in a special file in my home directory, called bccexempt. This way, it denies ANY bcc delivery to my address, unless I explicitly list the from address in my bccexempt file. It will then exit if it passes this test. Otherwise, it falls through to...
Line 3: Injects the phrase "THISISSPAM" into the subject line. This way, I can filter on the subject line in virtually ANY email reader on the planet. Another option would be to simply throw it into
Then I created a
The first month I had this in place, I received nearly 200 spams, and approximately 12 of those actually made it into my Inbox. This works so well because most spammers use BCC to send out their spam. This filter gives you control over who can BCC you. I know this doesn't stop spam at the source. I know it doesn't cut down on bandwidth usage. I know they can bypass it by mailing me directly. But I also know that there were 200 spams the first month that never entered my inbox.
-D