Spammers Stoop To New Low

mathowie writes "I received an unsolicited spam this week from MonsterHut, extolling the virtues of their "products" which are "email marketing" (they're a spam cannon). After reporting it at Spamcop, I received an interesting email from their bandwidth host. It seems that before they could cancel MonsterHut's account for violating their terms of service, MonsterHut began suing them. The worst part? A judge granted MonsterHut a temporary restraining order, forcing Paetec to keep their site online while they continue spamming, before Paetec even knew about the suit. Paetec is collecting affadavits from people that received the spam, so if you did, fill one out. It may be their only chance against the court. How far will spammers go to get their word out? When's it going to stop?"

Oops, unexpected outage.

[Kris_J]

I think there have been plenty of examples where an unexpected outage has lead to loss of service with no legal recourse -- perhaps that's what Paetec needs in this instance.

(The most annoying thing is that the judge who made the decision probably doesn't even have an e-mail account.)

Re:Oops, unexpected outage.

[Quila]

Someone else not reading.

Re:Oops, unexpected outage.

[SuiteSisterMary]

Almost sounds as though the judge specifically wants to go through the entire process, check and doublecheck at every step of the way, to provide a rock-solid, bullet-proof, airtight precident against spammers that other courts can then gleefully use to go after spammers double-barrled. Sounds like a good idea to me.

Re:Oops, unexpected outage.

[0_KrUsH]

We had a similar situation about 2 years ago with the company I work for (ISP). We found the loophole that we did not guaantee delivery of e-mail through the system. We simply routed all port 110 and 25 traffic for their IP ranges to the bit bucket. They opted to drop suit and leave our services. A good "I'm sorry we can't seem to locate the problem" can come in handy.

:-)

Oh, great...

[EvilStein]

This is the LAST thing we need.. spammers being allowed to bully ISPs/upstream providers around and using the court system to do so. What kind of a judge would allow something like that? I haven't read the .pdf files yet (I'm pissed at Adobe still, and I axed Acrobat Reader) but I can't imagine a sane person actually letting something like that happen. :(

This is a job for the A-Team..or 12 angry machete swinging Samoans.

Re:Oh, great...

[Caid+Raspa]

What kind of a judge would allow something like that? ... I can't imagine a sane person actually letting something like that happen.

Nicely put. But in USA(c) or United States of America (for Corporations), what did you expect? A sane legal system?

The thing I can't understand is why has PaeTec sold the service to MonsterHut? I thought MonsterHut is a well-known spammer. If someone is well known to violate the policies of the corporation I work in, they end on our 'corporate blacklist' and will not be dealed with. Sometimes we share the blacklists with a few of our competitors so that someone having/being a constant problem will not be able to change from one to the other provider. For example, if someone can't keep his deals with one of our competitors, why should he treat us differently? We don't take risks like that. No company can be forced to sell/buy a service/product. This is also a good way of saving legal costs and trouble. I think 10% of our customers make 90% of the trouble.

Activities that will generally put you to our blacklist include spamming, paying bills only after 3rd reminder, and some other things.

Re:Oh, great...

[old_n_anal]

It runs long, but it's really helpful to read the complaint and particularly the transcript.

PaeTec sold the service because, well, that's what they do. PaeTec's T&C's explicitly prohibit spamming (defined in the contract as unsolicited e-mail) and MonsterHut represented that they only send targeted e-mail to addresses that have opted in. Using PaeTec's definition, not spam.

Where PaeTec blew it is by allowing an addendum to the contract that essentially allows 2% of MonsterHut's mail to be spam. MonsterHut contracted the addendum to cover the case of what they claim are people who opted in and then forgot or who've just got an axe to grind. Furthermore, the 2% means that 2% of all recipients have to complain.

MonsterHut has sent 96 million e-mails. That means just under two million people have to complain before reaching the 2% threshold. Oops.

So the basic lesson learned here is: Don't allow stupid addendums to service contracts. Or, don't do things based on a percentage of volume.

In this particular case, it would seem (believe it or not) that if MonsterHut were found in violation of the 2% rule, an acceptable remedy would be to send out more spam on the bet that fewer than 2% would complain about the new round of mail. Relief through dilution.

(Consider the nuclear power industry. In the early days, dumping of radioactive material was legally limited to some number of microcuries per milliliter. Got something to dump that's too hot? Just add water. There's a radioactive stream in Windsor, CT. as result. These days disposal is limited by total microcuries. )

Re:Oh, great...

[GreyPoopon]

The problem is sharing a black list is even more of a problem then dealing with an occasional law suit. It gets into 'unfair trade practices' and turns into a federal anti-trust case against all the involved ISPs.

So don't "share" them. Just post your list (in a nice downloadable form) somewhere on your web site. If all ISPs do this, they can each download everybody elses lists.

Or, have somebody who is NOT an ISP sponsor a big blacklist that all ISPs can contribute to and get the contents of if they so wish.

Re:Oh, great...

[Misch]

Or, have somebody who is NOT an ISP sponsor a big blacklist that all ISPs can contribute to and get the contents of if they so wish.

We have that. It's called spamhaus.org and the database of known spammers is called Rosko

Re:Oh, great...

[Misch]

Defendant's argument is that the clause only applies to mails sent within the terms of the contract, which is a "targeted e-mail marketing" (not-spam). Defendant is arguing that the clause doesn't apply to unsolicited e-mail. (i.e. the e-mail addresses they plucked off of Network Solutions whois databases.)

Re:Oh, great...

[pjrc]

MonsterHut has sent 96 million e-mails. That means just under two million people have to complain before reaching the 2% threshold. Oops.

Even if this is true, it's not necessarily 2 million people, but 2 million emails. They send the same thing out over and over, so in all likelyhood most of the complaints will be about many messages. Maybe in this case the slashdot effect will do some good for the world....

I've been dreaming about setting up an anti-spam program and service (free, I hope) that would use real-time reporting like MAPS/ORBS and user feedback like spamcop. The idea would be to keep an near-real-time updated list of regexes with match all the recent spams but are highly unlikely to match any normal emails.

I wonder if anyone else is doing this sort of real-time-regex list?

Countersue

[sopuli]

Is it not possible to counter-sue, and get a restraining order on MonsterHut's system?

Does Monster Hut send spam?!

[tester13]

According to the affidavid filled by the plantiff, they were not involved in sending unsolicited email, and thus not violating any terms of use. If you possibly opted in through some other company then maybe it isn't technically spam? (according to the TOS)

The point I'm trying to make is I can understand why the court wants to show some restraint before allowing an ISP to cut a firm's internet access. What would be the consequences if they cut the pipes and then sorted it out? Monster Hut could be deprived alot of revenue!

I'm not trying to defend Monster Hut as they could very well be guilty. I just think that we should be pleased with the Judge's injunction until this gets litigated.

Re:Does Monster Hut send spam?!

[KjetilK]

Oh, yes, they are big-time spammers, I've got some e-mail where they brag about it: Another successful marketing campaign brought to you buy: <a href="http://www.monsterhut.com" [snip] Judging from the address they sent it to, it comes from a web-harvest done about four years ago...

Re:Does Monster Hut send spam?!

[nmarshall]

but what this looks like is that Monster Hut is claming that Paetec is caning them based on hearsay. thus this could be really bad for isp's, if spammers can sue to stay online and dismiss complains as hearsay...

Re:Does Monster Hut send spam?!

[Eggplant62]

MonsterHut (aka Beaverhome) has been a well-known spamhaus for at least a couple of years. For further information regarding this rotten outfit, take a look at this link on The Spamhaus Project's ROKSO database. Lots of good history there. Or simply search DejaGoogle on Beaverhome or Monsterhut.

Rich

Re:Does Monster Hut send spam?!

[blang]

Why bother?
Just submit a slashdot story about them. That will take care of their web site.

Re:Does Monster Hut send spam?!

[Misch]

You ask:
Does Monster Hut send spam?!

I reply:

Beaverhome / MonsterHut / Neal Martin records from the Rosko database at spamhaus.org

Re:Does Monster Hut send spam?!

[rfc1394]

Tester13 writes:

According to the affidavid filled by the plantiff, they were not involved in sending unsolicited email, and thus not violating any terms of use. If you possibly opted in through some other company then maybe it isn't technically spam? (according to the TOS)

I would also agree with this point. If you opt-in - even if you don't realize it - it's not spam. I don't like it that way but if they put up say, a check box like the one below this message when I typed it in that says "Post Anonymously" I should not be able to complain when it shows my e-mail address.
While I think most spammers deserve at least Summary Execution or even more severe punishment (as soon as I figure out what kind of punishment would be more severe) what it sounds like, is that this company was buying addresses from others where people probably opted in and didn't realize it, then some complained when they got mails and didn't realize they had inadvertantly opted in to something.
It might also include some where the party they bought the E-mail addresses from were in fact spamming and Monster Hut was unaware of it (or claims that they were unaware). But what seems odd to me is that this company apparently was - if the claims are true - using valid return addresses and was clearly identifying whom they were. Two practices that real spammers never do.

The point I'm trying to make is I can understand why the court wants to show some restraint before allowing an ISP to cut a firm's internet access. What would be the consequences if they cut the pipes and then sorted it out? Monster Hut could be deprived alot of revenue!

I agree as well. It seems like the ISP was going to institute a "shut them down first and ask questions later" scenario. That is probably quite valid if someone really is spamming. However the contract they signed - if the trial documents are correct - indicates they knew the company was in the business of sending commercial e-mail where the person agreed to get it. If true, then, it would imply a little more investigation would be needed because there are going to be people who forgot that they joined some of these e-mail opt-in things and then complain about it.

I'm not trying to defend Monster Hut as they could very well be guilty. I just think that we should be pleased with the Judge's injunction until this gets litigated.

I agree as well. In this case, the injunction preserves the status quo, since the court could if it's shown that Monster Hut really was spamming, rule in favor of the ISP. Also, if their customer is really spamming the injunction protects the ISP against retaliation because their upstream providers can't cut their feed due to the practices of the customer because the ISP can say it has no choice because it's under a court order (and if the supplier does something to interfere with that then they can get an order as well or the other provider might conceivably be in contempt of court), and if Monster Hut really was spamming, it's certainly not going to do so now, and if it did, it would be easy enough to check. Also, a trial would certainly provide considerable evidence if they were up to something unsavory.

Reading the court transcript tells me two things that were lacking in this case: make sure you write your contracts carefully and if you have to enforce the contract, get lawyers who know something about how people send messages through the Internet; it looks like the lawyers - on both sides - were about as clueless as a 15-year-old Script Kiddie.

Re:Does Monster Hut send spam?!

[DNS-and-BIND]

Registering a domain name does not count as opting in to a spam campaign.

YEAH!

[Perdo]

We can just spam 'em with our affadavits! Yeah that will get our point across... .. . Never mind.

Re:Oh, great... (o/T)

[EvlPenguin]

%gv tro.pdf

No one said you have to use an Adobe product to view the output of one.

Oh yes it is.

[iainl]

I don't care if the entire email is one big remove message, if its unsolicited advertising then I'll laugh at their corpses. I know you were kidding, but some idiots really believe that they can eat my bandwidth just as long as they claim to have an option that says 'yes, I do read your spam. Now don't send that particular one again'.

Actually this is a good thing...

[Ami+Ganguli]

Think about the bigger picture for a second. What's happened is that a client of an ISP has forced the ISP to win in court before cutting off service.

We've seen lots of cases where service has been cut off for questionable reasons (hosting deCSS, hosting "slanderous" material, whatever) and the ISP's client has had _no_ recourse.

While I would wholeheartedly support the lynching of spammers, I also welcome any trend that forces ISPs to be accountable for disconnecting service. It's not right that my Internet access can be cut off because of unsubstantiated allegations made in a lawyer's letter to my ISP.

Rather than fighting to get these guys booted from their ISP, just enter their IP into the black-lists. If their outgoing mail is handled by the ISP, the ISP can set up a specific IP address as the source of the spam and the rest of the world can block it.

Re:Actually this is a good thing...

[Ami+Ganguli]

Your connection is not a right, it's a privilige that you pay for.

That's right, I pay for it. Not only that, when it gets cut off unexpectedly I can suffer real losses. Of course the ISP can impose terms of service that the subscriber has to agree to. But if you're going to cut off the service you'd better be sure that the terms of service have really been violated.

The real problem is that Internet access is becoming an "essential" service like telephone service or electricity, but it's still being treated like a luxury. If you abuse your phone service then it can be cut off, but it's not something that's done lightly and certainly not because of an e-mail or simple lawyer's letter. Internet access should be the same.

Re:Actually this is a good thing...

[Skapare]

I just got attempted mail delivery from Monsterhut on August 29. It was blocked because I already subscribe to a number of spam blocking zones. More info is available about why Monsterhut is blocked here.

As long as we can block spammers, we don't have to take it out on the ISPs. It's when the spam gets mixed up with legitimate mail (such as from an open relay where otherwise good mail comes from, or via a regular mail server relayed by their customers) that we need to complain directly to the hosting ISP.

Another approach is to complain to any businesses that appear to be customers of Monsterhut, such as Hertz, even if that company wasn't involved in spamming. Tell them (the customers) that because Monsterhut is spamming, any legitimate email promotions they might send out won't get through because everyone has Monsterhut blocked off.

Re:Actually this is a good thing...

[Erasmus+Darwin]

"In the meantime, they should not be penalised for an unproven allegation."

When I first heard about this incident (about 4.5 months ago), PaeTec had already received several affidavits from people who had had addresses spammed that had been used exclusively for domain name registration. I'm surprised that the judge hasn't considered there to be enough evidence to revoke the injunction until the completion of the trial.

ARIN info

[Skapare]

Monsterhut Inc (NETBLK-PAET-RO-MONSTER-1)
1 Columbo Drive
Niagara Falls, NY 14305
US

Netname: PAET-RO-MONSTER-1
Netblock: 64.80.216.0 - 64.80.221.255

Coordinator:
Pelow, Todd (TP521-ARIN) tpelow@monsterhut.com
716-298-9797

Re:OT: Microsoft QotD

[really?]

A Microsoft lawyer was interviewed on BBC Radio 4 this morning and he came out with this classic:

"We have by far the most open system!"

John Franks, Head of EU law, Microsoft.

And that's not true? Think back just a couple of weeks and you're going to remember all the hoopla about CodeRed ... and the various e-mail viruses...and
Oh, he had something else in mind ... err ... never mind then. :-)

Cultivated e-mail addresses. You jest, surely?

[jgp]

http://www.monsterhut.com/our_lists.htm:

"All of our email lists are permission based. Our lists have been cultivated through list broker alliances and affinity agreements that we have established."

Translation:

"We didn't ask permission, but we don't feel guilty about that. Our lists were purchased in bulk on CD-Rs in exchange for sexual favours. We hope to aquire more CD-Rs as it's the only sex we get."

Re:Cultivated e-mail addresses. You jest, surely?

[Pope]

But the holes in CDRs are sooo tiny...

Oh, wait a minute, that makes more sense now...

Send fake DMCA violation letters...

[cyberdonny]

Send an authentic looking "lawyer's letter" claiming that on Sunday August 12th, you found pirate movies on their site only to find them gone on Monday 13th, but back next Saturday and gone again on Monday.

The ISP personnel will have to come in working during a weekend to check on the claims, and, fearing DMCA litigation, they'll prefer to cut off Monster waiting for a sworn affidavit from them that they have no pirated movies on their site.

Re:Send fake DMCA violation letters...

[Pig+Hogger]

Send an authentic looking "lawyer's letter" claiming that on Sunday August 12th, you found pirate movies on their site [monsterhut.com] only to find them gone on Monday 13th, but back next Saturday and gone again on Monday.

Won't work.

The DMCA does not have force of law where they are, and the ISP personnel will be glad to tell them to shove up their lawyer's letter.

Re:Send fake DMCA violation letters...

[cyberdonny]

> The DMCA does not have force of law where they are, and the ISP personnel will be glad to tell them to shove up their lawyer's letter.

Huh? Paetec (the ISP) is located in NY, which is in the US. DMCA is federal law, thus it certainly applies. > whois paetec.net
Domain Name: PAETEC.NET
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com
Name Server: NS1.PAETEC.NET
Name Server: NS2.PAETEC.NET
Updated Date: 02-jan-2001

Registrant:
Paetec Communications (PAETEC-DOM)
290 Woodcliff Drive
Fairport, NY 14450
US

Domain Name: PAETEC.NET

Administrative Contact, Billing Contact:
Noren, Bill (NB519-ORG)
dnsadmin@PAETEC.COM
PaeTec Communications
290 Woodcliff Drive
Fairport, NY 14450
US
(716) 340-2737
Fax- - (716) 340-2509
Technical Contact:
Paetec Hostmaster (PH2710-ORG)
dns@PAETEC.NET
Paetec Communications
One PaeTec Plaza
600 Willowbrook Office Park
Fairport, NY, US 14450
US
1-877-472-3832
Fax- 1-716-340-2786

Record last updated on 02-Jan-2001.
Record expires on 04-Jun-2002.
Record created on 04-Jun-1998.
Database last updated on 31-Aug-2001 00:08:00 EDT.

Domain servers in listed order:

NS1.PAETEC.NET 64.80.255.250
NS2.PAETEC.NET 64.80.255.251

Re:I don't know why you guys hate "spam" so much

[cyberdonny]

> I don't get it.. what's so difficult in deleting a few messages that you might not want to read ?

The operative word is precedent. If we let Monster off the hook, other spammers will take notice, and very soon it will no longer be just a "few" messages, but thousands of them. How would you feel if you had to pass an hour each morning sifting through your spam, fearing that you might miss an important message from your friends or coworkers? Today spam is not that bad, but if we don't react now, it may be that bad five years from now.

Spam protection

[bero-rh]

Since spam is getting more and more of a problem, I've decided to release my partial solution (content based spam filtering).
It currently kills about 70% of the spam I receive (still leaving about 20 messages per day in my normal mailbox :( ).

ftp://ftp.bero.org/pub/experimental/NoSpam-0.0.1.t ar.bz2

And yes, it kills spam from monsterhut.com.

Re:Spam protection

[bero-rh]

IANAL, so I can't tell you whether or not this could hold in court.

The reason I've put it in is because spammers will probably want to figure out how to prevent their mail from being blocked, and rephrase the typical spam phrases I'm catching, and I don't want that to happen.

The possible solutions would have been

• Don't release it
  This worked quite nicely in the last month or so - reduced the amount of spam I get, but doesn't help anyone else. A rather egoistic approach, not a solution.
• Release it under a binary only license
  I've actually considered this for the first time in my life, using a license like Use the binary, don't reverse engineer it, but if you need to run it on a platform other than Red Hat Linux on x86 simply let me know and I'll give you the source under the condition that you don't make it available, but make your resulting binary available. But then, I know what I think of proprietary software, so I'd rather avoid this one, as well.
• Explicitly forbid abuse of the source
  That's the one I picked - I don't know if it can be enforced (it'll probably be hard to prove a spammer rephrased his spam because he looked at the phrases being blocked), but making clear it's not ok and threatening consequences might stop one spammer or two.
  Since sending spam is illegal in many countries, this is not even much of an additional restriction to the GPL - it's just a "Don't use this program for illegal purposes"

I'm not sure if the license with this addition still meets all the terms of the Open Source Definitions (not shutting anyone [spammers] out), but I think everyone will understand this restriction. ;)

Re:Spam protection

[jfunk]

Yup, the GPL specifically forbids arbitrary restrictions to specific groups, even if they are spammers.

It looks like Bero is trying to use the DMCA for 'good' but I don't agree with it, for the same reason the GPL disallows it.

We shouldn't be acting like the Adobes or the MPAAs of the world. We don't want to stoop to their level, even if spam annoys us.

Re:Spam protection

[ajs]

I get about the same rate with my simple procmail filters. I do the following:

1. Bounce subject-less mail
2. Bounce anything where the initial headers indicate content-type charset containing: ks_c|b2312|DEFAULT_CHARSET|iso-2|euc
3. Bounce anything with a content-type starting with: text/html|application/|image/|x-.*
   NOTE: This is only for the initial header. If you have an attachment of one of those types, I allow it.
4. A content-type header somehwere in the headers or body, but no content-type: text/plain anywhere in the headers or body.
5. Match a few case-sensitive things in subjects like, FREE!|LOSE WEIGHT
6. A bunch of simple regular expressions on the body including
   • =?charset
   • HR 3113 and S. 1618 references
   • !!!
   • SirCam signature, EAALoQAA4ftAnNIbgBTM0hkJBUaG
7. Bounce some pesky domains that are often mentioned in SPAM or by pushy recruiters
8. Bounce some bulk mailer signatures

I actually send a reply, assuming that: a) most spammers will never read it and b) my name is already on their lists and c) Someone unfairly caught by my filters will know why I didn't reply in person.

Re:Spam protection

[pointwood]

I use sneakemail (http://sneakemail.com) to create disposable email addresses.

Excellent service, easy to use and puts you back in control of your email address!

Need a working email address but don't want to hand out your real address? Create a new sneakemail address, label it and you got it.

If you get spam on that sneakemail address then you just filter it or delete the address. Furthermore you know that who has spammed you (or sold your address), since you (if you are smart) have only used that address at one particular site.

My explanation is probably not good, but take a look at their site - they have excellent howto's, etc.

Re:Spam protection

[ajs]

I speak and read english. If someone sends me Japanese, it's SPAM. This won't be the case for everyone, but it is for me (and the sheer volume of foreign-language spam I get is astounding).

Re:Spam protection

[bero-rh]

That's pretty similar to what my tool is doing, with the exception that I'm not filtering out Japanese or text/html (some people do send legit messages with broken mail clients).

Re:Spam protection

[bero-rh]

Nice fix - but you can't do that for your business address.

("Hi, CEO of important customer! Sure we can talk about this via email! My current address is foo1234567@sneakemail.com, and if I discontinue reading that, please try bar7654321@sneakemail.com!").

Re:Spam protection

[bero-rh]

Since sending spam is illegal, I consider the addition to the license a simple case of "you may not use this to do illegal things", much like you implicitly claim "I won't use this to kill someone" when you buy a knife.

I think it's ok to make this so clear that even a braindead spammer can understand it. ;)

Re:Spam protection

[bero-rh]

It doesn't catch this (yet). But you can turn off sending the bounce messages (they're completely optional).

I decided against adding lookups of the IP owner because of speed and traffic issues - I need this thing to handle >= 8000 messages a day (yes, I'm running it over mailing list folders as well. spam from linux-kernel is just as annoying as spam sent to me directly).

Re:Spam protection

[Elbereth]

Shouldn't it be called "less spam", rather than "no spam"?

Re:Oh, great... (o/T)

[darylp]

No one said you have to use an Adobe product to view the output of one.

Try telling that to Dmitry Sklyarov.

Yes, they do!

and they use faked headers:

Received: from smtp105.monsterhut.com ([12.105.4.105]) by <My ISP> with ESMTP id <Some id> for <My email address>; Mon, 23 Apr 2001 17:56:57 +0200 (MET DST)
Received: from _[15.51.190.3]_by (12.105.4.22:4221) by smtp105.monsterhut.com (LSMTP for Windows NT v1.1b) with SMTP id <2.00003F61@smtp105.monsterhut.com>; Tue, 24 Apr 2001 01:02:51 -0700
Received: from [131.105.201.168] by _[15.51.190.3]_by with SMTP id A40C47E11 Mon, 23 Apr 2001 11:49:51 PDT
Date: Mon, 23 Apr 2001 12:07:08 +0000
Subject: Send someone a special gift from Proflowers.com

Remark the "_[15.51.190.3]_by" on the second 'Received' line, this is an attempt to make you believe that 12.105.4.22 was not the original sender but just a relay for the faked adress 15.51.190.3
The third 'Received' line is completely faked.

My ISP has stated in its AUP that the use of faked headers in email or usenet postings is a sufficient reason for immediate termination of an account.

Re:Yes, they do!

[AstroJetson]

There's always the debate: Is is spam or is it not spam? It's like the porno debate of a few decades ago - I know it when I see it but it's hard to define in law. Well, faking headers and using open relays are two of the ways you can tell for sure. If it's legit (ie, you opted-in), there's no need for the subterfuge.

I just love spam that at the bottom says: "This is not spam, blah, blah, blah....." Then why are you sending it through an open relay and pretending to be someone else???

However, as much as I hate spam, I agree with the original poster. The court doesn't know whether these guys are spammers. Better to err on the side of caution than put some struggling company out of business by mistake. I hope justice prevails in the end, though. And by that I mean that the spammers should be forced to listen to Britney Spears for 20-life. On second thought...that's not harsh enough.

Give MonsterHut a Call...

[Cheviot]

I bet they'd love our opinions :)

716-298-9797

A good read!

[_Sprocket_]

I'd like to advise everyone to hit the link, grab some documents (especially the transcript) and have a good read. I've found the transcript fascinating and I'm only at pg. 47.

Some interesting points so far...

The biggest part of the case is whether this was actually a case of unsolicited email or not. The Defendant has stated that they believed Monsterhut was an opt-in advertising service when, in fact, they buy their lists externally with the apparent assumption that these are genuine opt-in customers.

The Plaintiff has pointed to a provision in the contract that allows for a 2% complaint rate to avoid immediate termination of their contract. First, whoever agreed to this for the ISP should be shot considering the sheer amount of traffic Monsterhut can throw out and the number of spam messages that 2% allows for (the Plaintiff even mentions a number over 6 million outgoing messages to date, if I remember right). Apparently, this provision exists to protect Monsterhut from users who opt-in but later forget (or change their minds). When the ISP receives complaints, they are to forward them to Monsterhut who will verify the address, validity of the complaint, and apparently make the appropriate changes to their database. Makes you warm and fuzzy to know your complaints are, in fact, going directly to the spammer.

An interesting side effect to all this is the ability to verify individuals. Quite a lot of attention is paid to whether the individuals could be identified according to their email addresses and the fact that SpamCop removes this information. It seems this comes in to play during the complaint / remediation process. But it is even more important when dealing with the court. The Defense pointed out that the Plaintiff had ample opportunity to subpoena SpamCop for identifying information, but failed to do so.

One final interesting tidbit... the Judge wanted to define the difference the Defense saw between a case of one of the 2% mistaken users and a "true spam" case. The Defense began to talk about harvested email accounts that are not user email accounts, such as those used for contacts in Network Solution's whois database. The Plaintiff apparently perks up on this, grabs the ball, and attempts to run. It appears that Monsterhut does "use Network Solutions" to identify businesses offering services that could be marketed by Monsterhut. Since they only send mail out to, say, 5 "targeted" customers... why... this isn't the kind of mass emailings that we're all talking about. Not spam at all. Nosir.

Re:A good read!

[ergo98]

Just about every spam I've been getting over the past little bit has about 60% of the body full of disclaimers and justifications for the spam, and it usually indicates that somehow I have "opted-in" to their spam list. My favourite are the ones that include long rambling essays on how you can simply "delete the message" if you don't like it, and that it helped saved trees because the alternative was that they would direct mail: Give me a break. >99% of these shady, quasi-illegal scams (I still gotta pick up the several hundred university diplomas that are waiting for me, and that will earn the respect of family and friends) couldn't garner enough investment to send paper mailings to a small neighbourhood, let alone the millions they indiscriminately spam. And sure it sounds great that I can "just delete it", but when there's thousands of spammers sending out this crap "just deleting" turns into a pretty onerous job.

When's it going to stop?

[MongooseCN]

When's it going to stop?

It's not. As absurd as spam seems, it works. There are millions of people who think they were specially selected to recieve that email and go out and by whatever junk they were mailed. Besides, look at all the junk snail mail you get every day, do you think that's going away any time soon?

Re:When's it going to stop?

[sql*kitten]

Besides, look at all the junk snail mail you get every day, do you think that's going away any time soon?

The difference is, when you receive junk mail in the post, the sender pays. When you receive it in your inbox, you pay.

On my "public" mail address, which gets most of the spam I get, it actually saves me time to log in via the web mail interface, delete the spam, them POP3 download the real mail when I'm on a modem.

Re:When's it going to stop?

[Sir+Tristam]

Another option is just to go ex-directory, which is what my phone line is. Admittedly it's in the UK and I don't know how your phone directories work, but...

I live in the US in Florida, also. State law prohibits sales solicitation calls to any phone number that is on the state's "no-call" list (costs you $10 first year, $5 each additional year) OR a phone number that is unlisted or unpublished. Unpublished numbers are not in the paper directory, but can still be found through directory assistance; unlisted numbers are not even available through directory assistance.

All this info is available in the front of my white pages phone book; YMMV.

Chris Beckenbach

Re:When's it going to stop?

[koreth]

Besides, look at all the junk snail mail you get every day, do you think that's going away any time soon?

Well, actually, yes -- a couple months ago I went to Junkbusters and sent out all the "take me off your mailing list" requests their site will generate for you. It has cut my paper junk mail volume way down. Not completely to zero, but now I rarely get any junk mail from businesses I'm not already dealing with.

Re:If I were the owner of the ISP

[n76lima]

"I would just shut off MonsterHut."
This equals "I will rot in jail for contempt of Court."

"But you better get your shit together and make sure you can prove they are spamming."

They tried this. They brought affidavits to Court showing numerous complaints from those that have email addresses setup for only Network Solutions contact, and spam traps that have never been used for public email, etc.

"Something that puzzles me though is I wonder why the ISP didn't force MonsterHut to sign to some kind of agreement that protects the ISP and grants power to the ISP to cut them off for violating the TOS."

They did have an agreement that specifically banned "B.U.C.E." or SPAM. But MonsterHut argued that they should be allowed to continue unless 2% of the 69 million emails sent came back as complaints! PAETEC has been warned by Vario (their upstream provider) that they are in danger of being cut off because of this!

"This should be a lesson for other ISP's who may know how to run an ISP (e.g. technically) but not how to protect themselves legally."

Fat chance. PAETEC had a contract negotiated with MonsterHut which the Judge examined and found to be valid, but he issued the injuction anyway, inspite of MonsterHut not meeting deadlines for depostions, etc.

Re:Hate it

[Skapare]

Spamming is simply a method of communication used by people with small minds to extract money from other people with small minds. The problem with spamming is that the flack hits the rest of us.

Legalise and regulate is the answer?

[proton]

Im not supporting spam in any way, but if the goal is to reduce spam, maybe the way to go is to legalise it and regulate it?

Suppose its legal to send commercial offerings to people by email, lets say we add a tax of 1 cent per email. Tax would go towards enforcing the law.

The tax would make it unattractive to send to just any email address there is. They'd do more targetted stuff and use more opt-in lists, simply cuz they would be paying for it. They dont pay now, so why would they care that their spam hits half a million burmese farmers whose english is limited to "fack joo".

You wouldnt need any new laws to cover spam specifically either, it'd simply become tax evasion and you'd be invaded by the IRS (in the states atleast) if you did anything naughty.

Ofcourse, it wouldnt completely stop spam, but do you think anything could?

/proton

It is Spam

[Quila]

Some addresses Monster Hut sent to were only used as points of contact for domains with NetSol.
There is no way they could have opted in anywhere since these addresses aren't used for anything other than domain contact.

If one of those people got an unsolicited email, then it's spam, against terms of service, and reasons for terminating the contract.

Monster Hut got that 2% complaint figure thrown in hoping it would save them from getting cut off for spamming, knowing there's no way to get 120,000 separate provable complaints.

But they forgot that that's complaints on truly opted-in spam -- and they should have to prove the opt-in status. They can't -- they're toast.

10 reasons why I hate spam

[clarkie.mg]

Why I hate spam ? Easy, here are the reasons :

1. It's a violation of my privacy. In the country I live, it is illegal to collect and use information about individuals without notifying them and let them correct the info.

2. It hides non-spam messages. As spammers do not mark they messages as advertisements, it is sometimes difficult to spot real email among a list of spam email.

3. It forces me to hide. I cannot use my email on usenet, on the web. I have to use tricks when I have to give my email, those cost time. Multiple email are mandatory to protect your privacy.

4. There is no limit in the amount of spam email you can receive. As it costs almost nothing to send spam, the number of email you receive can be very impressive and cost you time and money. It is worse if you have multiple emails (work, home, topic1, topic2, school, work2, usenet, mobile phone, ...).

5. It can interrupt your work. like said in a previous post.

6. It is a menace for children. Some spam are offensive, illegal or pornographic making the internet a unsafe place in the mind of parents.

7. Spammers hide themselves and forge emails in their messages. You can not answer, complain to their messages.

8. More, as they use a hotmail, yahoo or other email address, these services are sometimes blocked or suffer bad image.

9. Remember that unlike postal advertising, YOU pay for spammers, the whole internet community pays for them.

10. It is illegal, period.

When I'll have time, I'll publish this on my web site : http://unixe.net .

M.G.

matter of common sense

[jlemmerer]

As i am Sysadmin an an ISP i get confronted with requests from our "law division" to shut down e-mail accounts from people accused to "spam" certain sites. most time i try to find out what user it is, get his phone number (my ISP is also the largest cell phone provider here - quite good, we have lots of user data) and give him a call. if he doesn't stop spamming i call again - and i shut down his account. unfortunately this only works with provate persons and not with companys. here in austria, to shutdown a account of a company that is accused of spamming, you have to log every mail they send for about half a year (after getting a search warrant from a judge of course). good thing: if they can't explain you about 70% of mails, they are out. bad thing: most times they can explain, and in some cases, 30% of mail traffic they can't explain is enough to spam a whole lot of people.

Re:matter of common sense

[Vuarnet]

WTF is up with Australia?
Austria. Not Australia. And I always thought nothing was "up" with Australia, "the land down under".

The thing that will help the spammer...

[duffbeer703]

Is the definition of "spam" as specified in the AUP as shown in this document http://litigation.paetec.net/ptmol.pdf

According to the defense affidavit, "Spamming is the distribution of unsolicited commercial e-mail in bulk"

What constitutes "bulk" email from regular email? They do not define "bulk email" as being 10 messages or 10,000 messages, and this gives the spammer a technicality to argue before the court or a tool to delay the process.

Re:The thing that will help the spammer...

[duffbeer703]

Unfortunately, this sort of thing is the reason why lawyers can charge so much. Small details make the difference in legal action.

You have to stop it.

[Caid+Raspa]

Just gripe on slashdot about spam/junk mail and you'll receive it forever. Take action and it will end after a long fight. However, junk mail and spam can be reduced by simple means.

look at all the junk snail mail you get every day, do you think that's going away any time soon?

My standard reply seems to work well. You could also try to look at some consumer groups, they have good advice on this.

'I will inform all my friends and their dog about your harassive and misleading marketing' (which I actually never do, griping about junk mail is boring) ... 'I hereby forbid you to send me any mail in the future. I am not interested in you products and never will' ... 'Legal actions may follow' (Some companies sending junk mail do not have large legal depts, so I try to scare them).

For the junk mail send to me by without an address, I have a 'No junk mail here, please' sticker on my mailbox. And if I get some, I call the local post office. The amount of junk mail I receive has diminished by about 75% in two years. Some of my neighbours have started imitating me, as they are getting sick of junk mail.

As absurd as spam seems, it works.

Sometimes spam is counter-productive.

The spam I get is mostly 'harvested' from the company website. Most of the spam we get is 'evaluate our new (MS-Win) software'. The department I work in has about 40 Linuxes, 5 Sun and 3 Mac workstations and 2 Windows machines for the secretaries. So, we do not use Windows software expect the Office package that the secretaries use. This is also clearly stated in our website.

The company spam policy is:

1. Sending spam is strictly forbidden. (This applies also to the marketroids, not only R/D where I work). Spamming would lead to suspending of e-mail account (or the employee, depending on how bad it was).

2. Any spam received should immediately be reported (forwardedto ). A 'legal actions may follow' reply describing our spam policy is sent to the spammer, his/her boss and the webmaster/sysadmin of the spam-sending company. In a few days, the spammer is added to a corporate blacklist for some period of time (something like 3 months). The spam-sending company is also informed on our policy. Anyone on the blacklist will have the following treatment: Any mail sent to our employees from their addresses is dumped automatically. No business will be made with anyone on the blacklist. Repeated spamming results in that we contact the ISP and CEO of the company sending spam, and ask them to stop the harassment.

Some of our departments are Win-only, so the blacklist policy is actually hurting spammers. An their bosses are infomed on that.

(Paging Dr. Hawk....)

[wowbagger]

A question to the real lawyers that read Slashdot (paging Dr. Hawk....)

Paetec has a clear statement in their terms of service that prohibts the use of their service in the furthurance of spam. MonsterHut agreed to that TOS as part of their contract, with the obvious intent of violating that TOS. Does not that mean they entered into the contract in bad faith? Does not that mean that MonsterHut committed a tort of fraud? Does not that mean Paetec can bring countersuit?

I have been a long time advocate of ISPs, "free" e-mail services and "free" web hosting sites adding lines to the contracts stating spam is verboten, and then bringing fraud (charges|civil suit) against spammers. I've read on /. that some ISPs try this, but find it difficult to follow through because the spammer just disputes the credit card charge, and the ISP gets in trouble with the credit card company. However, this seems to me to be a deliberate, premeditated violation of a contract on the part of the spammer, and an act of criminal fraud. Especially if the ISP makes the fine large enough, wouldn't that be felony fraud?

OK, so it was several questions. And I know, that any practicing lawyer no more wishes to give out free advice than I wish to give out free computer service, but.... How about a little non-binding, pro bono, off the cuff, YMMV opinion?

Another way to help filter spam?

[image]

This may already exist, and if so, please point me to it.

First, I use the SpamBouncer procmail scripts, so I actually don't see that much spam any longer. But SpamBouncer is just a set of pretty good heuristics for scoring mail, and sometimes it is a little over or under-zealous.

Second, I use mutt and it has a keystroke ('S') aliased to move a mail to the =spam folder and delete it from the current folder.

What if hitting 'S' (or pressing the hypothetical "Spam" icon in the Outlook toolbar) went so far as to make a MD5 checksum of the alleged spam and send a packet with that checksum off to a centralized server. The server then keeps a database of each checksum and increments a counter associated with that piece of alleged spam.

Now, when the procmail scripts see incoming mail they can request the value for that checksum from the server. Depending on user configuration, a certain threshold (100, 1000, 10000?) must be reached before agreeing that it spam and proactively moving it.

Upsides to this system: if widely used as directed it would be extremely effective at blocking spam. Relatively private (because you are sending checksums not the actual mail).

Downsides to this system: Someone could vote multiple times to make an email appear to be spam (you could have a second packet that decrements the counter as well that people could use on their "spam" folder, or less effectively, you could restrict it to one vote per IP). There is a central server (you could mitigate this by having hierarchical servers that communicate and synchronize with their parent and children in batches). Plus the first 'n' people still have to see the spam.

Yes, this is a lot of overhead to deal with the intelligent filtering of spam. But if we can reduce the efficacy of sending spam to negligible conversion ratios, then there will no longer be an economic incentive to send spam.

Re:Another way to help filter spam?

[image]

> A spammer could put a few random characters into each message so that all the checksums would be different.

I'm not 100% sure they could -- not without losing the ability to send one mail to a server with multiple recipients. I remember back about 5 years ago when I was at Tripod and we were sending out our weekly newsletter to millions of people, our challenge was personalizing it. It wasn't the computational overhead of processing of the outbound email to include the individual name. It was the fact that we could no longer deliver all the AOL mails, Earthlink mails, etc., to their servers as one mail with a bunch of BCC's.

Maybe spammers don't deal in that volume, or I may be remembering this *entirely* wrong, and you may be perfectly correct.

Re:Another way to help filter spam?

[dwlemon]

I've read of somebody using dict to filter out all non-words, stripping out all short words, then sorting and uniqing the results.. and then getting a checksum.

that may be overkill but it'd strip out any randomness that the spammer may have put into the message.

Re:Another way to help filter spam?

[Ramses0]

Take a look at Nilsimsa. It appears that it is designed to

1. grep through a huge amount of messages
2. detect "duplicate" messages by a sloppy checksumming algorithim
3. bounce those "duplicate" messages in the future

Most of the time, these duplicate messages will be spam, but if this little proggie had a human touch behind it, the future would seem a lot better. I would implement the filtering/bouncing as a "bulk mail" folder, much like yahoo does. Sometimes I'll find a few newsletters in that folder which I honestly did subscribe to, and I wouldn't be surprised if some sort of bulk-filter accidentally picked up on those too.

--Robert

One solution

[Seska]

One solution is to cut MonsterHut off at the bank teller. On their web site is a very prominent animated ad for Hertz rental cars. Fire off a letter to Hertz stating that as long as they use a company that engages in mass email campaigns you will never rent a rental car from Hertz.

However, it seems to me that MonsterHut would very much like to be legitimate; it's not like the Nigerian Money Scam spam I received yesterday has a sophisticated web site associated with it. Maybe someone should try removing themselves from the MonsterHut list and see if they're the single legit mass emailer in 15 years of email.

Re:One solution

[Hertzresponse]

Hertz is not affiliated with MonsterHut in anyway and has not used MonsterHut in any of its marketing efforts. The ad posted on MonsterHut was created without Hertz knowledge or permission. We have asked MonsterHut to remove it immediately from their site.

Hertz does not spam and is a strong advocate of internet privacy and anti-spamming legislation.

Re:One solution

[Kushana]

I received this email this afternoon:

Thank you for bringing the ad on www.MonsterHut.com to our attention. This
ad was produced without our knowledge. Actually we never heard of the site
until we received your e-mail today. Our legal team will be in touch with
MonsterHut.com to rectify this potentially illegal situation and to
instruct them to promptly take this ad down.

We value your business and hope in no way this incident has changed your
opinion of Hertz. Thank you for your continued support.

Sincerely,

Joseph Torpey
Manager, Interactive Marketing
The Hertz Corporation

Beaverhome

When I read this story, the situation of Beaverhome came to mind. Years ago, they sued their ISP when their ISP cut them off for spamming. I talked to them by voice to tell them to stop spamming me, and they laughed in my face.

Now, I go check Monsterhut, and see that BeaverHome is proudly presented on the home page as a MonsterHut spamming customer!

Does anybody recognise this ?

[AftanGustur]

My company has been a victim of spam. The "From" address was forged so the mail appeared to come from us. Finding who is actually behind "Cybernet Enterprise"is a hard thing and the telephone number only gives a cryptic ansvering machine.

Does anybody recognise this ?

*** Begin Spam
We offer some of the best bulk e-mail prices on the Internet. We do all the mailing for you. You just
provide us with the ad! It's that simple!

What we offer:

*General AOL Lists or other ISPs
$200.00 for 1-million e-mails sent.
$400.00 for 3-million e-mails sent.

Snip..
...
...

Cybernet Enterprise 209-656-9143
go nettech27@excite.com to be removed. Please no mail bombs, legit removal.

Re:Damn...

[bacchusrx]

I think you misunderstand what's happened. The dispute is precisely over whether or not MonsterHut has in fact violated Paetec's terms of service.

A preliminary injunction was ordered to prevent one party in the dispute (the ISP) from withholding services essential to the business of the other party (the Spammer) until it can be determined on the balance of probabilities whether or not MonsterHut did in fact violate Paetec's Terms of Service.

It's perhaps analogous to saying that the State cannot execute a man until after he's been tried and convicted. In other words, MonsterHut deserves due process of law. I mean, when someone is arrested for capital murder we know he won't be executed prior to his trial... some people would like to say: "Since when can't a Government execute its citizens for violating its rules!" But, then, we have a name for those people, don't we? ;)

I'd hate to see people attack the fact that Paetec was enjoined from terminating MonsterHut's service because MonsterHut is a spam cannon... the injunction is a good thing insofar as justice is concerned. It does not prevent MonsterHut from ever being shut down.

However, precedents like these can help to protect you when, oh I don't know, the largest media content production and media distribution network in the world wants to shut you down for having unpopular opinions.

BRx.

I have very little sympathy

[gowen]

Both parties seem to acknowledge that, at the times of the contract:

MonsterHut were in the target commercial email business.

The legality of it aside, junk mail (paper and electronic) is a pain in the ass to the recipient and almost never desired and PaeTec took MonsterHuts money knowing they had basically immoral[0] purposes.

If you sup with the Devil, use a long spoon -- Proverb

[0] Anyone really not believe that wasting my time in order to try and sell me stuff I don't want isn't immoral?

Re:I don't know why you guys hate "spam" so much

[ajs]

What's more I get about 20-100 pieces of spam a day (and that's just what my filters which took months to perfect catch).

This represents a huge use of bandwidth and my personal time. Just identifying it as spam and deleting takes enough time that I could spend hours each month. I will not tolerate that.

Wrong.

[NineNine]

You don't have any "right" not to be cut off by your ISP. They don't have any "right" to cut you off. Let's quit talking about rights here. What the two of you have is a BUSINESS CONTRACT. If they want to cut you off, and it says in your contract that they can't, then the only "right" you have is to sue them. There is no unalienable RIGHT to provide or have provided Net access. It's a business agreement, and it should be handled that way.

Re:Wrong.

[Ami+Ganguli]

Sadly you're right. Large companies with extensive legal resources can do pretty much whatever they want to indvidual clients. It's only when the victim has some money that things start to get interesting.

Anyway, I didn't dispute that. I'm just saying that there should be some recourse. Companies might be more careful about breaking contracts if they risked large punitive damages.

Finland has an interesting system regarding traffic fines. They're based on your salary, so if you're a billionare you still have to worry about getting caught speeding - the fine could be in the hundreds of millions of dollars. It makes a lot of sense.

The same kind of system should apply in these situations. If AT&T costs me a years wages by cutting off my connection (say I'm a consultant who works from home) then they should be liable for a year's worth of their revenue. Then they would have to think seriously before breaking their contracts.

Re:Wrong.

[Ami+Ganguli]

But what are the punitive damages based on? Whatever the damages are, they obviously aren't an effective deterrent. The fine needs to be big enough that the board of directors and shareholders notice.

Note that I don't really feel that the victim should necessarily get all the proceeds. Give it to charity or something like that. If I lose a week's salary (that's a more realistic number for lost Internet access) then I want to be compensated reasonably - lawyers fees, financial losses, maybe a little extra for the trouble. I don't expect to walk away a millionair. But the company that screwed me over should feel some pain - enough to get a few incompetant mangers fired and make sure that they change the way they do business.

Spam in general

[egon]

I have to admit that I find it interesting that everybody wants to stop spammers. So many of these same folks are the ones that want Dmitri released for exercising free speach... *sigh*

I know I'll probably get moderated down into oblivion for saying this, but I don't see how this is any different than the Dmitri case. I know - people will start talking about "well, it costs me to download it so they're hurting me financially". And I suppose that what Dmitri did isn't going to hurt Adobe financially?

Anyway, I don't remember who said it, but somebody once said (paraphrase) "I may disagree strongly with what you have to say, but I'll defend to the death your right to say it."

I guess that only applies when what somebody has to say doesn't annoy us and cause us to have to hit the 'd' key.

Re:Spam in general

[osolemirnix]

I would think there is a big difference between free speech as in "publishing something on a web site for interested parties to download" and free speech as in "forcing something into someone else's mailbox".

If I sit in front of my house on the porch on a sunday afternoon and you come over for a discussion, that's your choice (even if you disagree with my opinion). That is free speech.
If I come to your house and start yelling my rants while it's obvious you do not want that, that's not free speech. That would be molesting you, I would guess.

Re:Spam in general

[bero-rh]

There are actually big differences.

Everyone has the right to free speech. But I have the right not to listen.

Also, for the money case: Dmitri isn't going to hurt Adobe financially, at least not directly.
Red Hat is hurting Microsoft financially by making fewer people buy Windows - does that make us thieves? I don't think so. And this is much more like DmitriAdobe than SpammerUser is.

Re:I don't know why you guys hate "spam" so much

[gad_zuki!]

First off, spam usually equals scam. Think those penis pump devices work or that credit fixer is going to do anything than offer you a high interest load?

Second, unlike traditional junk mail spammers do not pay the real cost for their mailings. Bandwidth is usually stolen. Guess who eats up the cost? The customers of the ISP. We're paying for the penis pumps HTML ads.

What? @home is $6 more this month! Wonder why.

Third, its inconsiderate to put someone on a mailing list and have them manually unsub themselves 10 times a day to avoid more spam.

Fourth, spammers won't agree to any convention for easy filtering, like Subj: ADV blahblah. Instead they send use fake names with misleading subjects to fool people into reading their aluminum siding ad. With an ADV tag we could put it straight into our spam folders or auto-delete it.

Spam sucks.

Sign the petition to convince Disney to bring Hayao Miyazaki's anime to the US.

Re:I don't know why you guys hate "spam" so much

[hearingaid]

you get five messages a day. that's pretty low.

I live in a heavily filtered world, now. before, though: at one point I was more like sixty messages a day of spam.

try coming back to that after two weeks of Christmas. unenjoyable.

Won't even need the tax

[gad_zuki!]

A better method would be to have spammers pay for their bandwidth and adopt an advertising convetion like putting ADV in the subject line.

This would kill the problem in two easy steps:

1. ISPs won't have pass the cost of mega-bandwidth waste to their customers because they'll be billing the spammers directly.

2. Users can make rules to put spam in either the proper folder or just delete it. Spam without an ADV gets reported to the authorities. With all these newly trained cyber-cops they'll appreciate the work of tracking down spammers.

As spam prices increase because of real cost billing "scam spam" will disappear because only legitimite businesses will be able to afford mass mailings. Instead of getting credit fixing ads you'll get coupons from Target. They're going to have to make you want to open those emails, especially for those who have them going into a bulk mail folder.

Sign the petition to get Disney to release Hayao Miyazaki's anime in the US.

Re:What will get spammers to stop...

[Detritus]

I've often thought that this could be a profitable new business for the mafia. They could sell spam insurance. Spam one of their customers and you get a free concrete flotation device and a swimming lesson.

Re:possible solution to spam

[shokk]

See SpamGourmet. Does what you want it to do.

This happened last April

[finial]

Hmmm... The identical thing involving the same two entities happened last April... I wonder if Paetec is really pursuing this or whether they're in on it and sending this "woe is me" out as a ruse.

The reply to the complaint (April 5, 2001):

From: IP Admin
To: "'21047903@reports.spamcop.net'"
Subject: RE: [SpamCop (http://www.monsterhut.com) id:21047903] Compare and
Save at CompareWebHosts.com
Date: Thu, 5 Apr 2001 17:35:20 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
charset="iso-8859-1"
Status: U

PaeTec Communications, Inc. received the attached complaint from you
regarding your contention that you received spam, i.e., that you received an
unsolicited, commercial, bulk e-mail. PaeTec is an integrated
telecommunications provider which offers access to the Internet to
businesses. PaeTec strongly opposes spamming. The e-mail about which you
complained originated from a customer of PaeTec's by the name of MonsterHut.

PaeTec's agreement with MonsterHut expressly prohibits the
sending of spam. In reliance on the complaints it received from you and
others stating that the e-mail you received from MonsterHut was spam, PaeTec
informed MonsterHut that it was terminating its contract.

MonsterHut responded by commencing litigation against
PaeTec. Prior to PaeTec being advised of the existence of the litigation,
MonsterHut obtained a temporary restraining order from the Court, which
prevents PaeTec from terminating MonsterHut's contract pending a hearing at
which both sides can present evidence. The only proof before the Court at
the time it issued the injunction was MonsterHut's claim that it had
received permission from the recipients, such as yourself, to send the
e-mail, and therefore, the e-mail was not spam. PaeTec has disputed
MonsterHut's assertion and has demanded that MonsterHut prove that you and
the other recipients solicited the e-mail. MonsterHut has also claimed that
virtually every complaint PaeTec received was simply a request to be removed
from MonsterHut's mailing lists and was not an allegation that its e-mail
was spam. PaeTec interprets your communication as not simply requesting
removal, but complaining that the e-mail was spam.

It would be very helpful for PaeTec to obtain sworn
statements, which are also known as affidavits, from you and others stating
(if true) that, to the best of your knowledge, you did not solicit e-mails
from MonsterHut, you did not opt-in to being included on the mailing list of
MonsterHut, you did not opt-in to be included on any mailing list that
indicated you were authorizing the sending of e-mails by other unspecified
parties, and that your complaint was not merely a request to have your name
removed from a mailing list. If you are willing to assist PaeTec in its
efforts to vacate the injunction and terminate MonsterHut's Internet access
service, please reply to this e-mail and advise of your willingness to do
so. On the other hand, if you did solicit e-mail from MonsterHut and/or if
you intended merely to request that your name and address be removed from
MonsterHut's mailing list, PaeTec would appreciate it if you would advise it
of those facts so that it can take them into account in deciding whether to
pursue a termination of MonsterHut's service.


The affidavit request (April 9, 2001):


From: IP Admin
To:
Subject: Monsterhut Affidavit
Date: Mon, 9 Apr 2001 17:14:37 -0400
Importance: high
X-Priority: 1
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
charset="iso-8859-1"
Status: U

Thank you very much for indicating a willingness to help PaeTec
Communications, Inc., in our litigation with MonsterHut. We have gotten a
tremendous positive response from members of the Internet community, and
this will make a big difference in our efforts to vacate the injunction and
to prevent MonsterHut from using PaeTec's network and/or IP addresses to
spam. MonsterHut contends that all of its commercial bulk e-mail is
permission-based and therefore not spam. MonsterHut also contends that most
of the complaints PaeTec has received (particularly those received through
Spam-Cop) were merely requests to be removed from MonsterHut's mailing list,
and were not allegations that the complainant had been spammed. We hope to
refute those claims with your help.

Attached to this e-mail is the text of a sample affidavit that
PaeTec has prepared to assist you in putting your statement into a form we
can submit to the court as evidence. The text of the proposed affidavit is
also located at a website created solely for this purpose,
. The text is somewhat generic because of
the volume of people who have indicated a willingness to sign an affidavit.
As a result, we must ask you to type in some basic information. Please fill
in your name on the first line. In item 1, please fill in the state and
county in which you live. If you do not live in the United States of
America, please modify the language in Item 1 to indicate the country in
which you live and your general location using the equivalent terminology
that is applicable in your country.

Next, please review the text in Items 2-8 very carefully to ensure
their accuracy. Feel free to make whatever additions, deletions, or
modifications you feel are necessary. Since this affidavit is being given
under oath, we want you to be sure that it accurately and truthfully
reflects the facts pertaining to your situation. In this regard, the vast
majority of the people who responded to my last e-mail stated they were
absolutely certain they had never solicited e-mail from MonsterHut. As a
result, the sample affidavit was written this way. A relatively few people
indicated that "to the best of my knowledge" they never solicited e-mail
from Monster Hut. If you feel more comfortable providing a sworn statement
with this type of qualifier, please add it to the appropriate sentence(s) in
paragraph 6 of the sample affidavit. In addition, we need you to fill in
two pieces of information. In Item 5, please indicate the month and date on
which you received your e-mail from MonsterHut, and type in the subject line
of the message you received from MonsterHut. If you cannot recall this
information, it is located below in the "Original Message" portion of this
response or in our initial e-mail to you. In Item 7, please fill in the
blank to indicate whether your initial complaint was made via Spamcop or
directly to PaeTec.

We have left a blank area after the number 9 at the end of the text
so that you may add any additional information that you believe would be
helpful to demonstrate that MonsterHut's e-mail was unsolicited by you .
For example, a large number of people indicated that the e-mail address to
which the MonsterHut e-mail was sent is used only as a contact point for
domain registration purposes with Network Solutions. As another example, a
number of others indicated the e-mail address was not active or was used
solely as a "spam trap". Many others of you indicated the address was used
for only certain specific purposes and was never used to solicit e-mail from
anyone from this address. If you do not wish to add any information, please
delete the number 9.

Once the affidavit meets with your approval, please type in your
name below the signature line next to the word "By:", print out the
affidavit as a separate document, and sign it before a notary public (or if
you are from outside the United States, the equivalent official in your
country who can attest to a signature affixed to a document that is sworn to
under oath). In order for the affidavit to be considered by the Court, we
must receive the original signed copy so
we can submit it to the Court. Therefore, please mail the original, signed
affidavit to PaeTec's outside legal counsel at the following address:

Suzanne, Galbato, Esq.
Bond, Schoeneck & King, LLP
One Lincoln Center
Syracuse, New York 13202
United States of America

If you do not wish to incur the expense of mailing, PaeTec will send you a
self-addressed, stamped envelope for you to send it the original if you
provide PaeTec with a mailing address to which it can send the envelope.

Finally, many of you requested that we ask MonsterHut for its proof
that you solicited e-mail from it. We already have made a formal request
for this proof from MonsterHut. MonsterHut has not yet formally responded
to this request and its time to do so will not expire until after PaeTec
must submit its affidavits to the Court. Moreover, in informal
communications, MonsterHut has advised our attorneys that, at this time,
MonsterHut will be unable to prove on an individual basis that most of you
solicited the e-mail because most of the complaints went through Spam-Cop,
which masks the identity of the complainants,. As a result, we have
requested that MonsterHut describe the sources from which it obtained the
names it used. It appears there may be a relatively few sources.

If you have any questions, please contact us by e-mail at
ipadmin@paetec.com
. On behalf of PaeTec, we want to thank you for your assistance.

Simple answer, at least for us

[macdaddy]

Just block them. They've been in my access list with a REJECT statement for some time now. My access list is just under 1000 lines long, including a few RELAY entries. I don't wait for MAPS to list them in the RBL, RSS, or DUL. I do the research, scan the logs from time to time, and block them myself. Simple.

Re:Free speech and all that...

[egon]

"What about my right to not have to listen?"

Well, I'm not sure I would agree with that as a "right". In our society, there's a lot of stuff we'd rather not have to deal with, but that doesn't mean we should do away with it.

Ex: I'm particularly unfond (is that a word?) of white supremists. I would be willing to stand by them to support their right to say whatever they want though. Do I want to hear their rhetoric? Certainly not. But the moment we begin to say they can't express whatever they feel, we become judges. Then who's to say that a particular opinion that you (or I, or anybody else) have can't be censored or made "wrong"?

"And if all this spam was good and ethical, why are they forging From: addresses and using the "reply to this to be removed from our list" addresses to harvest more emails? It's not."

I would agree with you that it is unethical - and in fact, this is part of what I despise about spam. Personally, I think forging email headers should be illegal - that would certainly make filtering spam easier. However, this has little to do with my point. My point is not the ethicality or morality of such things - it's wheter we should be attempting to repress it from happening.

"Look, people, as has been stated before, if we don't find a solution to stop spam, email will become useless as a form of communication. And what, YOU all want to use M$ Messenger Service or AIM?"

After all, mail was made completely useless by junk mail. Hell - nobody uses mail for anything more - they all just use the telephone. To go back to my example, the US is a completely useless place to live (well, ok, maybe this isn't a good example *grin*) because with one bad thing in it (in my example, the white supremists) the whole thing is made bad.

But under the DMCA they cut first and sort later !

[corporatewhore]

Why do they have to be so concerned about cutting the pipe ? Under the DMCA they require ISPs to pull your plug as soon as the potentially illegal activety is reported, right ?
Seems like a double standard to me. Anyone else ?

How can anyone claim spam does not cost anything?

[flatcat]

Lets say I'm using my wireless Palm with the bacis service. After about 50 messages, each one starts costing $.20 per k. So each spam message costs me $.20 per k.

Luckily this address has not slipped out yet, but considering my other 'spam' address gets on average 100 messages a day. 95% "opt in" ( intentional or not ), 5% totally unsolicited, ( I don't recall ever having a need for Miss Cleo, nor Sex related products and services ). And not to mention all thos "contests" I have won, but never entered.

Easy, boycott MonsterHuts clients...

[eFlashDash]

If you want to hurt MonsterHut, have tens of thousands of slashdotters email all of their clients (Hertz, Beaverhome, GrandPrixOnline, etc) and let them know you are boycotting their services because they are doing business with a known spammer, and you don't approve. Also send MonsterHut an email letting them know you are doing it. For that matter, send about 1,000,000 of them a day to MonsterHut (fire with fire...).

Re:Oops, unexpected stay in jail.

[Russ+Nelson]

In general, you must do what a judge tells you to do in relation to actions in his court. A judge has considerable latitude to throw you in jail for the rest of your life or until you comply with the judge's order. It's called contempt of court.
-russ

Been done already

[macdaddy]

And it's an interesting idea. The only problem is random strings within the message. You've noticed the "[x623k9fd]" crap at the end of many of your subject lines (way way out there) haven't you? That random crap is usually different for each and every message that gets spammed out. Many large ISP MTAs filter mail when more than XYZ pieces of it come in with the same subject line, so they have to get creative and write random gibberish. That by itself will nix the MD5sum idea. Let's say we skip the subject line and just MD5sum the body. Shortly there after the spammers will start doing the same thing to text within in the message. They could stick some random giberish in HTML comments or tack it on to the end of a URL like "fred.html?blahblahblah". Bye bye MD5sums again.

Another way of identifying spam is looking for keywords and phrases. Each match raises the likelyhood that it's spam. A product has been built for this too, although I forget it's name. Supposed to work fairly well.

I personally use the RSS, DUL, soon the RBL, and a very very long access list of known spammers.

Go read the transcript.

[Russ+Nelson]

Go read the transcript. The ISP claims the right to terminate service with no notice, but allows 30 days to cure a breach of contract, but promises not to terminate service simply because of complaints where a user opted in but forgot. Problem is that they have affadavits from people who didn't opt in, but got the email anyway. Monsterhut is trying to assert that users opt to receive email related to their internet service simply by listing an address in whois. Monster is also trying to assert a lot of nonsense that the judge isn't putting up with.
-russ

"Keitai" spammers are the worst

[Linux+Freak]

Spammers are scum. When I used to be an active anti-spammer (gave it up a few years back as it got to be too much of a time suck -- kind of like SlashDot is now. ;-) ) I had to deal with mail bombs, death threats, revenge spam, etc. Very interesting times.

The ones who are really pissing me off now are the mobile phone spammers. I live in Japan and have to pay 300 yen (about $3.00 US) every month for the "privilege" of e-mail. Before registering my mail alias (I used a word which is NOT in common use in Japan :p) my e-mail address was numeric (ie. my phone number). After getting dozens of spam messages delivered there (no stretch to send e-mails from 090-0000-0000 to 090-9999-9999, right?), I got sick of it and registered my alias. I hadn't even started USING the address and I'm already getting about 5 spams a day to it (what, did NTT Docomo sell my damned address or something?) The damned phone WAS set to ring whenever I got an incoming mail, but I got tired of being woken up at 3:00am when some damned deai advertisement arrived, so I had to disable THAT too.

Not only do I pay 300 yen a month, but I have to pay per packet, so everytime one of these SCUMBAGS sends me spam, it's an actual yen or two increase in my monthly bill -- per message. It doesn't take long to add up.

So to the previous person who said, "Just calm down and hit 'delete'", there are many, many reasons to disagree with you.

.... and you "jump" to conclusions...

[Prothonotar]

How many of you have actually read any of the pdf files? Hemos, you should have at least. The suit was not brought about due primarily to spamming (although it is mentioned in the case), but due to a conflict over the lines to be installed for the company's bandwidth. Basically, they are arguing they were given the runaround first, the spamming concerns coming later. If there is evidence of them spammin, I would whole-heartedly agree to cutting their access, but I don't agree that they should have been given the ole bait-and-switch on their original bandwidth agreement.

Not new, but this is how you stop it

[Kagato]

Last year the same thing happened to a friend of mine owns an ISP. The key is to fight dirty tricks, with dirty tricks. Basically, you set up a sendmail rule to accept the spam message, then drop kick it to /dev/null. So, the Spammer sees in his logs that the message was accepted. But on the backend you're dumping his traffic. If they call just tell them it's SPAM filters upstream and you can't do anything about it. Perhaps you'd like to sue sprint or AOL about it.

MOD PARENT DOWN

[jareds]

This is not informative, this is just failure to read the information given.

If you followed some of the links in the article, you'll find that the litigation began in March. The "same identical thing" didn't happen twice, it happened once and is still ongoing. Courts are slow.

ISPs: cross your "T"s

[dbrower]

What comes out of the transcript is the same thing that has just happened in a case involving a perceived conflict of interest with a utility regulator in California. Activist demanded a court remove him from a post for a violation of a conflict rule. The judge held that the rule was badly written, and the proof offerered was not clear enough to make the case. His soundbite was, "if you want to hang someone on a technicality, you've got to cross all your 'T's".

In this case, it appears Paetecs original contract was vague about the 'bulk' that constituted spam; the addendum on 2% was unclear; and their termination letter was not consistent with the terms of the contract on the 30 day cure provision. Paetec did not cross its 'T's on this.

You can be sure that the AOL handling of TOSing people is a -lot- more tightly done. ISPs who deal with "bulk emailers" need to be airtight too.

-dB

Re:I don't know why you guys hate "spam" so much

[ajs]

Nope. SPAM. The lot of it. Doesn't matter how long it takes for me to write filters to catch it all. Unsolicited commercial email is still unsolicited and commercial.

What ever happened to....

[Restil]

"We reserve the right to refuse service to anyone"????

Granted... those businesses under regulation like utilities can't very well just refuse to provide services if the customer is paying, as the customer has no other options, but bandwidth is not exactly a monopolized industry.

-Restil

Sidenote

[ergo98]

I have actually missed legitimate messages that were important because they were lost amist the noise of spams. There is absolutely no question in my mind that effective as soon as possible: All spam (even "opt-in" spam) must contain a header that cannot be modified (perhaps two): "Opt-in advertisement", "Advertisement". Under no conditions may the sender modify this. This should literally be a UN convention that countries sign onto (just like the various other international laws). If Bulevia decides that they don't need to follow it to get the token spammer taxes, they should be cut of/filtered from international pipes. It is bad enough to get sent unsolicited advertisements, but when the senders intentionally mask the subject to pretend that it's a reply, something else, etc. that is criminal in my mind: They're wasting my time. Additionally all spammers must check and obey a universal opt-out list: Not 10,000,000 different lists that ebb and flow to make it convoluted to get yourself off their list.

It is a sad state when everyone has to hide their email addresses because of these scumbags.

Re:Sidenote

[Zwack]

I'd agree...

You don't want to know how upset my wife got when I received an e-mail from "Jenny" with the subject of "Re: You have got to look at this."

It was formatted to look like a complaint from
someone about an e-mail that I sent out saying to look at some pornographic website.

It wasn't until I showed her the full headers showing that "Jenny" had sent the complaint about the website from the same domain that she calmed down a bit.

As if it wasn't bad enough sending me spam, making it look like a complaint about ME sending spam is MUCH worse.

Zwack

Re:I don't know why you guys hate "spam" so much

[Erbo]

I don't get it.. what's so difficult in deleting a few messages that you might not want to read?

Because it's not just "a few messages." Just now, I checked my mailbox, and it had about 30 messages in it since the last time I checked it (last night). Of those, maybe one or two were legitimate e-mails (routine messages that I could delete right away). Of the rest, about half were spam, and the other half were double-bounce error messages from the Electric Minds mail server--spam that someone tried to send to minds.com email addresses, that the server tried to bounce but failed for one reason or another (usually because the return address does not exist, or the machine would not handle the incoming SMTP connection properly), and hence that get passed to me.

When I get double-bounces back, I usually "blackhole" the address that the spam was sent to (i.e. set up that address as an alias to /dev/null). Occasionally, though, some companies will "carpet-bomb" the minds.com server with spam for random numerical addresses (like "00000001@minds.com"), and I have to blackhole an entire "from" domain (or range of "from" domains, as with the fscking bastards at edirectnetwork.net and opt-in-net.net). This is a royal pain to deal with on a daily basis, despite the fact that I use qmail as my mail server, which makes it easier to perform these operations.

That's why, whenever I hear someone say "I don't know why you guys hate 'spam' so much," I want to reach for my LART.

Eric

Re:What will get spammers to stop...

[bonehead]

I thought it was pretty much accepted that drowning is one of the more serene and peaceful ways to die.

How about removing their skin with a belt sander, then packing them in salt?

Ever seen a commercial bacon slicer operate? All kinds of interesting things come to mind.

Or, just let them bleed to death through a massive open wound where their genitalia used to be.

Not saying that I'd ever do these things to a spammer myself, but I might watch it on pay-per-view. :-)

Send it to the judge.

[jcr]

Would someone please post the snail-mail and e-mail addresses of the judge in question?

Next Monsterhut spam I get, I'll just forward to the judge. Maybe he won't mind deleting it.

If I can't get his e-mail address, I'll send it to him by snail-mail. Maybe he'll get a clue.

-jcr

Attorney: this is only for 10 days or so

[hawk]

I am a lawyer, but this is not legal advice. If you need legal advice, contact an attorney licensed in your own jurisdiction.

This is a temporary restraining order. THe very nature of these is that you get one at the time of filing to protect the status quo. A time for a preliminary injunction hearing is set, typically within ten days, which is the first time that evidence from both sides will be heard. There is *nothing* sneaking about getting the TRO before the other side heres of the suit; you serve them both at the same time.

While the standard of evidence to get the TRO is pretty much "file an affadavit,", to get the preliminary injunction you must show a likelihood of winningat trial and that you will be irreparably harmed. If the other side shows you perjured yourself in the TRO affadavit, you tend not to get it (Judges *hate* perjury. They were the group most angry at Clinton).

hawk, wsq.

Re:Free speech and all that...

[Kwil]

Actually, we have a very strong right not to listen. They can be allowed to say anything they want. They have no right to be up in my face to say it.

Consider, while I have every right to sing (badly) Jingle Bells at the top of my lungs in the middle of July. Does that same right extend to doing it outside your bedroom window at 3:00am? Of course not. Even if I'm not directly on your property I can get arrested for doing that. Free speech arguments won't hold any water against a disturbing the peace charge, even though free-speech is a constitutional right. Ergo, my "right" to free speech does not trump your "right" to a pleasant existance and a good night's sleep.

Now when you consider that my e-mail address is my property, I've paid good money for it after all, what right do they have to come stomping up on to my property with their shouted slogans of cheap furniture or judgements collected? Take this one step further to the poster who's getting spam on his cell-phone and having to pay for it.. or the fax spammers that existed before the law was put in to stop them. When spammers use *my* resources (time, bandwith, paper, storage, money) to do their marketing, without my permission - that's wrong, and should be stopped.

The difference between Dmitri and Spam is that only those who wanted to hear what Dmitri had to say went to listen to him. Those that didn't, didn't hear him. If you WANT to get spam and opt-in to all kinds of lists, well, go ahead. Until I opt-in though.. spammers can stay the hell out of my mailbox.

Exactly so.

[Kasreyn]

While I hate monsterhut as much as the next guy (yes I've been spammed by them, no I didn't save it so I can't help with the affidavits), this is definitely a good thing.

Anyone remember the recent case where the copyright-piracy-cops got an IP wrong and cut off some innocent guy's cable access, for downloading a DivX while - get this - while he was out at the movies with his computer turned OFF? And it took him months to get back on his cable ISP and he could not get them to waive the bill for that month.

This is definitely a good thing, because if it can be done to the spammers it can be done to us. We need more levelheadedness - and more spam blackholes. Not more litigation and access-cancelling.

I've *personally* threatened reporting spammers to MAPS in the past, and about 50% of the time I never hear from them again. Perhaps this means they fear that, hmm? =)

-Kasreyn

Oh, happy hipocrisy...

[Gruneun]

Someone potentially violates a Terms-of-service agreement.

Someone complains to the ISP.

The ISP shuts down the account.

So, the client takes the ISP to court. You'll notice the ISP couldn't provide good proof to shut them down (I assume, probably incorrectly, that all of you read the PDF transcript of the hearing, too) and the judge sided with the "alleged" spammers.

So, being a just and fair audience, we in the Slashdot forums changed our opinion on such a matter...
cause this time we don't like the client.

It is IRONIC though to watch

[Archfeld]

big business tactics get used against another big business rather than against you and I. A pre-emptive law suit, you almost have to admire the low cunning and infernal dedication of this spamco.'s lawyers.

The only thing that'll stop this...

[alumshubby]

...is if Guido and Vito drop off a horse head in somebody's bed.

Seriously, until somebody can get a successful lawsuit so there's a legal precedent established, this kind of baloney will continue. Once there's a severe financial disincentive to engage in spamming, i.e., you'll get your fanny sued off in an open-and-shut case based solidly on law, spamming will move off of e-mail and on to USENET where...gulp, G*d forgive me...it belongs.

Re:Who buys into this stuff anyways?

[MrBogus]

Two theories:

1) In direct postal mail a response rate of .5% is considered good. It could be that with essentially 0 cost to the sender that a response rate of .01% makes it all worthwhile.

2) Spammers don't make any money from spam. Instead they make their money scamming would-be spammers by selling 'consulting services', address lists (often containing the known complainers), and harvesting or mailing software (uhh, free dimitry!). It's a big pyramid scheme, which is why they talk themselves up like Amway salesmen. And it's natural because people think "I get so much spam, SOMEONE must be buying this stuff".

Of course, once the sucker has taken the hook and realized that spamming isn't a get-rich-quick scheme, the dim bulb goes off in their head and they immedeately start running trying to hook other would-be spammers. The cycle continues.

Re:Unbalanced system

[bacchusrx]

"guilty until proven innocent" does not apply since we are talking about one company providing a service to another under contract. Due process only applies to government action against individuals (including corporations in the US). If you rented a house to someone and discovered thay they were punching holes in the walls should the court stop you from evicting them if the renter claims the holes constitute "normal wear"? No, of course not. Perhaps not-- but, in my jurisdiction at least, landlords have no right to evict. Only the provincial Housing Tribunal is allowed to evict a tenent. And yes, landlords are as good as enjoined from kicking you out up to and until an eviction order is issued by the Tribunal.

BRx.

Right

[Fred+Ferrigno]

You don't have any "right" not to be cut off by your ISP. They don't have any "right" to cut you off.

What part of his post does this contradict?

Let's quit talking about rights here.

OK, but you started it. The word "right" is used only once in his post ("It's not right ...") to mean that premature disconnections are not 3. Fitting, proper, or appropriate , legal issues aside.

I don't like "rights language" any more than you do, but for once when someone isn't using it, you go ahead and bash him anyway.

It works?

[ackthpt]

As absurd as spam seems, it works.

Maybe on cattle, but not me. Most of it is just a con. Once the mark has submitted enough information to be stolen from or have their identify swiped, the victim is poorer but smarter.

As a practice, I cease to do business with companies which spam me, and I make sure they know why they have lost a customer. I highly recommend the return communication, since they'll pay more attention to someone who isn't silent on the matter.

Re:Cool! Let's ALL email......

[Sir+Tristam]

Now that's real smart. And I wonder where they'll get the addresses for their next round of "solicited" e-mails. Or were you planning on all of us forging our headers in our emails to them?

Chris Beckenbach

Should go to trial about now

[Animats]

Reading the hearing transcript from April, the judge laid out a schedule leading to a trial date of August 31. That's today. So this should be going to trial about now.

The big problem in this case is that the ISP, or at least one of its sales reps, agreed to knowingly host a bulk mailing operation. In addition to the regular terms of service, there was a "pink contract" side deal. (PSInet used to do that, and it cost them.) All spam complaints to the ISP were to be referred to the spammer, and the ISP was not to take action against the spammer unless the percentage of complaints exceeded 2%. The spammer sent out about 65 million E-mails, and only a few thousand complaints came in. So the 2% threshold wasn't reached.

But the ISP decided to terminate the spammer, despite a 3 to 5 year contract term.

The judge made an interesting point in the preliminary injunction. Because the ISP's standard terms put a very low cap on the money damages its customers can claim, a "terminate now and sort out the money issues later" litigation wasn't possible. Therefore, the judge granted the preliminary injunction against disconnection until the matter is resolved at trial. So this is a case of a damage-limiting clause backfiring.

What about spam that is sent with..

[josepha48]

your own email as the reply to?

I started recieving spam this week, that has me as the sender even though I did not send the spam. How do you 'filter out' that? Also isn't that a form of impersonation / identity theft?

I am wondering if anyone has thought about implementing a new SMTP protocol that will prevent spam. I wonder if it is possible to do....

Re:Content filtering sucks, use an accept list

[bero-rh]

Content filtering doesn't suck - while an accept list kills even more spam, it also kills some legit mail (such as bugzilla notifications), causes problems when you sign up for a mailing list, and simply annoys people (think "important customers") who want to send you a message.

There are situations in which an accept list is better - but for others, content filtering is much better than nothing.

Re:You don't have to open source everything ...

[bero-rh]

That would kill the biggest point of making it open source: I want people to be able to add their own rules (and send them back to me for inclusion in the next release). I don't think we can ever come up with a spam filter that catches all spam, but we can definitely get closer to that goal.

Different people usually receive different spam. ;) For example I'm quite sure I've been getting all those "hot teen pix" and "enlarge your penis" spams ever since I made the mistake of telling a "statistic survey" (needed to be filled out to get to a download page) that I'm single.

Also, I simply don't believe in closed source.

In what way is this targeted???

[McFly777]

On page 33 of the transcript Monsterhut's lawyer admits that if one opts-in for "more information on sports" that one's address becomes part of the "common source of addresses that people can barter by exchange". So, asking for targeted information gets you put in a general opt-in for everything under the sun. I am surprised that nobody asked Mosterhut for the database that says that the people looking for "marrage enhancers" opted-in for that target!

Sports mail, in the example given, might be ok, but last time I checked marrage isn't a recognized sport (I could be wrong ;-)

One idea that I have for a spam law would be that the opt-in source and date must be included in the header of commercial bulk mail, and that the spammer must have on file auditable opt-in records that expire after one year. This way if you opted-in and forgot, or are no longer interested, the record would time-out and be removed. If it wasn't, you could then have recouse to sue/prosecute etc. Set some small number of identical/similar messages without this info to allow for legitimate sales contacts, but if the info wasn't included in the headers, organizations such as SpamCop could seek procecution upon collecting some similarly small number of complaints.

This would permit limited, targeted, legitimate mailings while outlawing the ones that comprise the majority of what winds up in my mailbox.

How I blocked 90% of my spam using qmail

[embo]

Disclaimer: I admin a qmail box, so unless you have qmail as your mail server, this probably won't work. (But you really should get it, because it rocks big time, even if you can't stand DJB)

You will need to have DJB's mess822 package installed as well. That said, I put these lines in my .qmail file (which directs how mail is delivered):

|condredirect username-safe@mydomain.com /usr/local/bin/iftocc
|condredirect username-safe@mydomain.net sh -c 'echo $SENDER | grep -f bccexempt > /dev/null'
|/var/qmail/bin/preline -df /bin/sed "s/^S[Uu][Bb][Jj][Ee][Cc][Tt]:/Subject: THISISSPAM ($SENDER) /" | qmail-inject -a username-safe@mydomain.com

Line 1: Delivers any email where my address is in the To: or Cc: lines, and exits. Otherwise, it falls through to...
Line 2: Delivers any email where my address is in the Bcc: line, PROVIDED that the FROM address is listed in a special file in my home directory, called bccexempt. This way, it denies ANY bcc delivery to my address, unless I explicitly list the from address in my bccexempt file. It will then exit if it passes this test. Otherwise, it falls through to...
Line 3: Injects the phrase "THISISSPAM" into the subject line. This way, I can filter on the subject line in virtually ANY email reader on the planet. Another option would be to simply throw it into /dev/null, but this way I can adjust my bccexempt filter if I need to, because it also lists the FROM address in the subject if it's marked as spam. I just have my email reader filter for THISISSPAM in the subject line, and if it finds it, it marks it as read and dumps it into a separate folder away from my Inbox where I don't have to look at it, or even know it's there. Once every 2 or 3 weeks, I quickly browse through the list of spam addresses, and if I find any legitimate emails, I add the sender to my bccexempt list so the mail will be delivered into my Inbox.

Then I created a .qmail-safe file to handle the forwards where the legit email really gets sent to, and I have that dump into ./Maildir/ to deliver normally.

The first month I had this in place, I received nearly 200 spams, and approximately 12 of those actually made it into my Inbox. This works so well because most spammers use BCC to send out their spam. This filter gives you control over who can BCC you. I know this doesn't stop spam at the source. I know it doesn't cut down on bandwidth usage. I know they can bypass it by mailing me directly. But I also know that there were 200 spams the first month that never entered my inbox.

-D

P.O. Box != no bulk mail

[Old+Man+Kensey]

Speaking as someone who's rented two P.O. and one Mailboxes Etc. box, you'll still get junk mail.

The little-known difference between junk mail and first-class personal is that bulk mail rates actually subsidize the first-class rate. Translation: if the post office abolished junk mail, everybody else would end up paying more postage.

The rules for bulk mail dictate things like how it's sorted and bundled. Ever notice the "CAR-RT SORT" notation on a bulk-mail label? That refers to the "carrier route". Basically when the post office gets a mailing from a bulk-mail operation, it's pre-sorted, pre-packaged, pre-everything and the carrier just picks up the bundle for his route. All this means the post office has no processing cost (which is where most of the postage you pay actually goes). Spam, on the other hand, is analogous to ad circulars coming "postage due".

I look at it like property rights. Generally if the neighbor's kid cuts through my yard on the way to school, I'm going to hassle him just enough to make my point -- maybe grab him by the ear and escort him off the property in front of his buddies. I have the right to bodily throw him over the fence if I want (and if he pisses me off enough, I just might). But generally I'll use a minimum of force, even though I have the right to use much more. Likewise I think we have to accept the fact that an innocent unsolicited e-mail (commercial or not) from someone you happen not to like can be turned into a major pissing contest if unsolicited bulk e-mail is outlawed, but just trust that the vast majority of people aren't going to unnecessarily be an asshole about it and deal sensibly with the ones that are.

The Butler Did It!

[_Sprocket_]

Wow. I finally finished the whole story. And I have to admit, I was surprised at the ending. Its like a good murder mystery. Sure, we no at the end murder was done. But there?s a great twist in this story as to who the guilty party was. And just how a disreputable spammer manages to keep their fat pipe running with the help of a court injunction.

(spoiler warning)

.

.

.

.

.

.

.

OK. So throughout the hearing, the judge is pretty hot on the trail of the Plaintiff. Sure, the Defendant?s notice of termination letter brought up some questions (a sub-plot I expect to see played out in detail during the sequel). But the Plaintiff is unable to prove that their email list is, in fact, opt-in and even admits to abusing the Network Solutions whois database for unsolicited commercial email (SPAM).

And then the Judge plunges us in to the plot twist. The butler did it; its the ISP?s fault.

We should have known it all along. First the Defendant should have known better than to do a deal with the Devil - a disreputable spammer. And they even agreed to the Devil?s own terms - a 2% worm hole. Plenty of room to wiggle through the threat of service termination.

But the final blow... the act of injustice itself... is failing to show damage caused by Monsterhut. The judge at one point admits to having a grandson who knew more about computers than he did. And in the end, he describes home computers as sometimes frustrating and that he could understand how interruptions in personal and professional email would be annoying. But he failed to see the damage Monsterhut could do, while Monsterhut was able to demonstrate the damage that they would suffer from termination of service. And so we?re left with the final, grisly scene - the stammer gets their injunction and the status quo is maintained until the actual court case.

And so, this leads me to wonder... IS there damage that will / can be done to the ISP? Can the upstream provider cut off (or filter outgoing SMTP traffic from) the ISP since they are unable to control a spammer THEY had decided to do business with?

Re:You don't have to open source everything ...

[bero-rh]

Even if it weren't against the Geneva Convention,
it's probably a bad idea - since AIs start out being
naive, they might sign me up for a "Make Money
Fast" spam. ;)