When Spammers Try To Sue You

An Anonymous Coward writes: "I was looking for information about what recourse there is against spammers when I came across this site. It appears that Bernard Shifman sent email to several people trying to solcit employment via spam, and when they replied to him, asking him to stop, and reporting the spam to his ISP he threatend them with a lawsuit. It's a very entertaining read."

Hmm

[Iamthefallen]

Free tip for Mr.Shiffman, I hear TimeCanada are looking for a new webmaster.

And, I feel that my sig has never been quite so appropriate.

His Excuse...

[tunah]

No, really I was just replying to someone elses spam, but i guess the reply address was the mailing list. Copy of message follows:

===
Date: 2 Jan 03:34:45 GMT
Subject: Re: Make millions at home!

Why yes, yes I *would* like to MAKE MONEY FAST!

Bernard Shit^Hfman.

Replying to spammers is fun

[Whelkman]

Once in a while, I'll reply to the solicitors. Of course nine times out of ten it's a bogus email address, but once in a while it actually goes through.

I got that Nigerian money laundering email twice a day for a week from the same guy before I cut him an email threatening to take a squad of tanks to his contry and turn it into rubble. To my amazement, he actually replied! He (sarcastically, obviously) invited me to attempt to destroy his country.

I was expecting a DoS flood of Nigerian solicitations (which caused me to learn how to use procmail really fast), but, again, to my amazement, the spams stopped.

The moral: never underestimate the threat of tanks.

Re:Replying to spammers is fun

[mpe]

I got that Nigerian money laundering email twice a day for a week from the same guy before I cut him an email threatening to take a squad of tanks to his contry and turn it into rubble. To my amazement, he actually replied! He (sarcastically, obviously) invited me to attempt to destroy his country.

What gave it away was your saying "tanks". Had you said "bombers" they might have thought you were serious...

Re:Replying to spammers is fun

[Col.+Klink+(retired)]

This is the reply I last received from enforcement@sec.gov:

Dear Investor:

Thank you for taking the time to forward to us another instance of advance
fee frauds. I have fwded. it in turn to the Secret Service at:
419.fcd@usss.treas.gov.

Our only request would be that you be kind enough to forward any additional
iterations of and/or variations on the Nigerian advance fee fraud spam you
receive directly to the Secret Service. That Federal agency is handling
this matter, and it would be a great help for you to send them to the Secret
Service instead of the SEC: 419.fcd@usss.treas.gov.

Again, thanks for your e-mail.

Sincerely,

Jim Daly
U.S. Securities & Exchange Commission
Office of Investor Education and Assistance
(202) 942-7173, (202) 942-9634 (fax)
oiea@sec.gov

Re:Replying to spammers is fun

[Erik+Fish]

My favorite reply to the 419 scam (found in the spamcop.geeks group on the spamcop.net news server):

Subject: Re: Nigerian Scam ressurected
Date: Mon, 1 Oct 2001 09:21:03 -0500
From: "ISSA GIDADA" <IssaGidada@yahoo.com>

Dear DR.ONORIODE BOBOLO,

It is so good to hear from a fellow-countryman, having been raised and lived for many years in our most beautiful homeland, Nigeria. I want to send you my sincere thanks and gratitude for your kind offer of USD$25,000.000.00 (TWENTY FIVE MILLION UNITED STATE DOLLARS) for taking part in this funds transfer transaction.

However, I am a businessman too, and I make my living transferring large sums of money from and to my friends, relatives, and business associates in Nigeria. Therefore, I know that you would agree, that in order to participate in this wonderful opportunity, I must have an advance monetary commitment from you -- a good faith gesture on your part -- in order to proceed.

Therefore, I ask that you deposit just 10% ($2,500,000) of the $25M into my PayPal account as an indication that you truly possess the funds and are actually authorized to release them. Using the online PayPal service is a very convenient and secure way to transfer funds. All you need do is access the PayPal web site -- http://www.paypal.com -- open a PayPal account, deposit the funds into your new account, and then transfer the money into my existing account, which has already been set up to receive the $25M.

You only need my email address, which you already have, to transfer the funds into my account. Therefore, the complete safety of your account, as well as mine, is guaranteed and insured unconditionally. You have asked that this matter be handled with the strictest confidentiality, and I will agree to that condition, provided that the transfer takes place in a reasonable period of time, say by Friday, 5 October.

If the money has not been received by that time, I must assume that you are not making a legitimate offer, and that you might be someone other than who you say you are -- although I can tell by the exceptional language of your email, that is probably not the case. However, if that is the case, then I will be forced to embark upon a most unpleasant course of action that I would prefer not to undertake.

Because I have so many loyal friends in the Government of Nigeria and the Military, and many close ties within the Security Service where you work, it would be quite easy to locate your office and your home, as well as learn the identities of your friends and relatives.

I truly don't believe that you would want to jeopardize their health and well-being, and your own future. I will access my PayPal account on next Saturday to verify that your good-faith payment has been made. Once that takes place, we can move forward with the final transfer.

I trust that you will not disappoint me in this matter, since the consequences for non-compliance could be quite severe. I look forward with great anticipation to working with you.

Yours faithfully,


Issa Gidada, JD, MMB,
President & CEO
U.S./Nigeria Funds Transfer Organization
Beverly Hills, CA

Why hasn't SpamCop been mentioned?

[Tsar]

I'd have thought that someone would have brought up SpamCop by now. Is there a better service that I don't know about?

Anytime I get a spam, I hit the link that I received when I registered with SpamCop, and paste the email (complete with header) into the provided textbox. SpamCop processes the email, compiles a report of the offending spam, computes the appropriate reporting addresses, and delivers a copy to each one.

It even allows you to add text to the beginning of the report. I always add this:

The electronic mail message referenced in this report was transmitted to a user or users of an electronic mail service based in the state of Tennessee, USA, in direct violation of Tennessee Code Title 47, Chapter 18, Part 25: "Unsolicited Advertising by Electronic Means." See http://www.spamlaws.com/state/tn.html for the complete text of this law.

Does that make me a bad person?

--
Tsar's Hypothesis: As the population of the Earth increases, the sum of human intelligence remains constant.

Oh My God

[Rinikusu]

Jesus Christ. I just wasted 30 minutes of my life reading through that whole mess. I want those 30 minutes back!

Do I have such a miserable life that I'm willing to spend that much time on something that affects me in no way whatsoever AND the few minutes it takes to post about it on /.????

Man. I need to get back to work.

Re:Oh My God

[Harvey]

> Jesus Christ. I just wasted 30 minutes of my life reading through that whole mess. I want those 30 minutes back!

Sounds like it's lawsuit time to me...

Re:My problem with spam

[OmegaDan]

Your a troll but not a good one :)

The problem isn't of course any individual spammer but the problem as a whole ... I think in any given day I recieve between 15 and 25 spams either via email or messenger, this is between quite a few accounts (10 email accounts, maybe 6 messenger accounts). Where do my rights not to be bothered with this bullshit start, and "free speech" begin ... Im sure I spend (just) 5 mins a day deleting spams or closing AOL/ICQ spam windows ... Thats 12 seconds per spam if I recieve 25 a day. Do the math, thats 30 *hours* a year dealing with spam.

Im sure you'll have lots of trollish responses, but one had best not be "then don't use email."

Re:My problem with spam

[colinscott]

Spam is not really an issue of free speech. It's a matter of freedom to listen. When a spammer sends me email, then it costs my ISP (and hence me) money. If the net were truely a free resource then we still have issue that spam wastes my time. Not being immortal, I only have a limited amount of time available, and I don't want to use it reading spam.

Hence the point: Although I strongly believe in freedom of speech, I believe more strongly in the right to control what I listen to. I have no right to force people listen to what I have to say, and I expect the same in return.

Re:Tough luck...

I SUE YOU! I sue you all! I sue the Internet, you bastards!

Bernard Shifman

P.S. (I sue your little dog too. Please tell me what his name is so I can write it on the papers.)

Funniest quote ever

[tunah]

How much more helpful could I be than to provide you with the appropriate e-mail address? I could engrave it on a clue-by-four and deliver it to you in Chicago, I suppose.

Funniest thing i've read in a long time. Like my new sig?

Re:Funniest quote ever

[vladkrupin]

No, that's not that funny. The real kicker is the attorney representing Bernie Shifman (quoted from spambag.net):

Bernie Shifman left another voice mail message for me today (this time entirely in English) informing me that he's taking me court, represented by the law firm of "Tupoy, Durak, and Bolvan", Attorneys At Law.

For those poor non-Russian speakers... 'Tupoy', 'Durak', and 'Bolvan' are the three synonyms translated into English as 'idiot'! I bet the guy owns that law firm too!

Yes, I am hoping for an extra karma point for 'Funny' or maybe even 'Informative'. Karma is good. But even without it it's nice to share the fun with the 99% poor /.'ers souls who are illiterate in Russian.

Shifman spam and sue services

[arvindn]

Hi. I'm Bernard Shit^Hfman, and I do computer consultancy services. I'm looking for contract work. I specialize in spam and sue services: I offer advice on how to spam, and then sue for damages. So any time you want to make some money, you can use my phone number as a starting point.
P.S If you don't get back to me within a month, you'll be liable for damages resulting from my going out of work. My lawyers will be getting in touch with you and you could be facing upto $1500 a day
P.P.S wanna fuck me?

Your email adress

[Per+Abrahamsen]

Your troll would be so much more convincing if you didn't hide your email adress.

Think: In which world is speach most free:

1) A world where you can send single personal messages to anyone, but can't send multiple copies of the same message to people who haven't authorized you spending their ressources that way.

2) A world where you only can send messages to people who have explicitly authorized you to do so.

If we win the fight against spammers, we get world 1. If we lose, we get world 2.

Some people believe free speach, and thus world 1, is worth fighting for. Some feel the battle is already lost. Personally, my email filtering is now based on a whitelist, i.e. I have already joined world 2. Just like you have, by hiding your email adress.

Reminds me of a hoax

[mirko]

French Slashdotters may have heard about David Hirschmann. In short (if you don't like Fish) David Hirschmann was supposed to have some misconception of the corporate world which he shared with one of his female co-workers an inapropriate way. She then would have forwarded it around the Internet and at the end DH may have comitted suicide.
This got covered quite a lot by the French Press but finally appeared to be a hoax as no one of these protagonists actualy existed.
Now in this case I'd also tend to think that it may not be real...
I don't know people as stupid as this b.shifman that would have an internet connection.
There's something extreme here. it smells like comedy...

Re:Tough luck...

[zbuffered]

It's now just after 5am, Chicago time. Is anyone else fighting the urge to dial *67,773-391-0595 'till someone picks up, act drunk, and try to order a pizza?

DOH!

[Minupla]

You know you're having a bad day when the site trying to lambaste you gets listed on /.

You know you're having a worse day when the site refuses to crash under the /. effect!

Re:My problem with spam

[cgenman]

"Hmm. It looks like a beautiful morning. I'd like to share it. Let's just walk to my friend's house and and..."

"BEAUTIFUL WOMEN WANT TO MEET YOU!!!"
&nbsp&nbsp&nbsp"ARE YOU POOR, BROKE, DEEPLY IN DEBT!?!"
&nbsp"INVESTMENT OPPORTUNITIES AWAIT YOU!"

"...or maybe I'll just stay inside again today, so that I can listen to some Garcia and call them instead..."

&nbsp&nbsp&nbsp&nbsp&nbsp"WOULD YOU BE INTERESTED IN A PREVIEW OF OUR LONG-DISTANCE SERVICES?!"
&nbsp&nbsp&nbsp&nbsp"PLEASE DON'T HANG UP, THIS IS NOT A TELEMARKETING MESSAGE!!"
&nbsp&nbsp"HAVE YOU CONSIDERED THE COST OF HEALTH CARE FOR THE UNINSURED?!"

"...or not. And I think my member is a perfectly adequate size, thank you very much. Oh well, at least I can just IM them."

&nbsp&nbsp&nbsp&nbsp"DO YOU KNOW WHERE YOUR IT INFRASTRUCTURE IS!?!"
"I BECAME A MILLIONAIRE AND SO CAN YOU!"
&nbsp"YOU CAN BE PART OF THE ACTION AND WIN AT LORDOFTHERINGS.COM TODAY!!"
&nbsp&nbsp&nbsp"I SEND YOU THIS IM IN ORDER TO HAVE YOUR ADVICE."
"ARE YOU HAPPY WITH YOUR RELATIONSHIP?!"
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp"SPEND EVERY YEAR IN THE BAHAMAS WITH THIS AMAZING NEW PROGRAM!"
&nbsp&nbsp&nbsp"HOT YOUNG TEENS WANT TO BE FRIENDS WITH YOU!"
"HERE IS THE INFORMATION YOU REQUESTED!!"

&nbsp

"...maybe I'll just..."

&nbsp&nbsp"rssn wmn hre cll nw"

"damn, forgot to turn off sms. Maybe I'll just complain on slashdot."

&nbsp"YOU HAVE JUST 2 MORE CHANCES TO WIN $10,000 BY MODERATING THIS COMMENT UP TO 5 - INSIGHTFUL."

&nbsp

*whimper*

&nbsp

Oh, come on!

[Otto]

From the read it seems readily appearant that their only "provocative" actions were to forward a complaint to the postmaster addresses of whatever ISP Bernie was using at the time. From there this little shithead goes ballistic, threatens legal action, calls people names and generally harasses them. The guy is a moron and deserves every bit of it. Okay, so they don't let up when it becomes obvious that Bernie's full of shit, but big deal..

I personally think the only appropriate response left is just to have him whacked and be done with it (hey, I know some people in Chicago, you know?)... ;-)

My question is...

[Guppy06]

Has anybody gone through his resume and attempted to contact his (supposed) former employers to hear what they have to say about him, if anything? Did he really work for who he said he did? Is he committing fraud?

Re:spammers are a pest

[Xesdeeni]

Forget the law, I think we can eliminate most SPAM very simply with as small change to current technology I've outlined before:

"I can't figure out who to open a discussion with about this, but I have this simple idea that should at least eliminate the anonymous/spoofed spam, which is all I get.

You simply modify the mail servers to query the sending server whether a received mail actually came from that server. The query is a key based on the contents of the message and a key included with the message, which is itself based on the same contents and a private key of the sending server. If the sending server has been upgraded with this feature, it can validate, or not, the message. If it's not validated, the message is bounced. For backwards compatibility, if the sending server hasn't been upgraded, the message always goes through. [Here's the beauty of the idea:] But as more servers are upgraded, fewer and fewer servers will be able to be used as scapegoats for spoofed spam, and pressure will mount to upgrade these servers as well.

Eventually, the only spam you will get will be from a valid return address, which can be handled more effectively in more conventional ways. In fact, adding manual bouncing at this stage might be helpful as well, since now it really will bounce back to the sender.

I realize I've glossed over some details here, and someone much more experienced in mail servers will have to massage this approach to make it practical, but I think the germ of a very simple but effective idea is here."

Xesdeeni

What does Bill have to prove?

[Rogerborg]

I recall an online altercation that I had a few years back. A post appeared in one of the UK ISP groups advertising a "too good to be true" service. This was at the time when narrowband access was going nuts in the UK, with companies taking a year's money off of people, then going bust the next day.

As a warning to the terminally gullible, I posted the whois info for the domain, and noted that it didn't match the trading address on the website.

A few hours later I received a vicious email from the poster threatening legal action because I had posted his home address on the group, when he was only the admin for the site, and threatening to post my home details all over the place.

Well, fuck me sideways, I thought, and let loose with a tirade about how anyone could possibly call themselves an admin when they didn't even understand that whois records are public - which mine were, and so I couldn't give a damn about what he did with them.

Two minutes after I sent it, I thought... wait a minute. There's a real human being receiving this.

And so I hammered out an apology, a genuine and heartfelt and sincere apology. Oh, I didn't mean a word of it, of course. The guy had screwed up, and was too stubborn to admit it. But I screw up every day, and don't like having it pointed out, and it was simply cruel to heap any further misery on this poster.

So I apologised for posting his address, and he replied in a calmer manner, and we had a chat, and he turned out to be a decent (if slightly clueless) bloke. He declined my offer to post a public apology on the group. I would have had no qualms about doing so, because knowing that I was absolutely in the right meant that I really didn't have anything to prove, and that my priority was to reduce the amount of human suffering in the world (in a small way, but every little helps, right?).

It's a shame that Bill didn't take the opportunity to defuse this situation. It's so obvious that Shifman is in the wrong that it really doesn't need to be laboured. He's clearly not very bright, and so it's rather cruel (funny, yes, but cruel) to taunt him so. I'm sure that Bill could just send a without-prejudice apology and walk away from this, and we'd understand that he's doing it from kindness and generosity, to dig Shifman out of the hole that he's dug for himself.

The fact that Bill doesn't do this, and that he's taking care to avoid actionable statements even though he claims that Shifman has no case rather implies that Bill isn't entirely confident that he's in the right here. And that's a shame, because he could end this with one brave and courteous gesture, for pity's sake, and out of strength, not weakness.

Re:but your sig isn't necessarily accurate

This is Bernie. I wanted to let you know that this is the last straw. This post and all the others like it are slander and I'm suing you, slashdot and all of its ussers who read it for making a major big mistake with me.

Attention everyone: you must send the name of your attorney to me by 5 PM today or I will sue you for not letting me sue you and will have a major big law suit on your ass. If you really piss me off I will sue the entire country of Canada which deserves it anyways because it is not as smart as an expert IT guru from Chicago like me.

This post cost me $2 million to write so I'm suing slashdot for my costs.

BERNIE

Hmmm

[Linux_ho]

[linuxho@faramir linuxho] $ telnet mail.relay.com 25
Trying 63.192.100.60...
Connected to mail.relay.com (63.192.100.60).
Escape character is '^]'.
220 CheckPoint FireWall-1 secure SMTP server
HELO mail.microsoft.com
250 Hello mail.microsoft.com, pleased to meet you
MAIL FROM: bill.gates@microsoft.com
250 2.1.0 bill.gates@microsoft.com... Sender OK
RCPT TO: bernard@shifmanconsulting.com
250 2.1.5 bernard@shifmanconsulting.com... Recipient OK
DATA
354 Enter mail, end with "." on a line by itself

Hi Bernard,
I suppose having your name posted on Slashdot and having practically everyone in the IT industry know your name must be pretty humiliating given the context it was published in.

I'm sure you've learned a lesson about when it is a good idea to back off and apologize, even when you feel you are in the right. This is probably the most expensive way I have ever seen anyone learn that lesson.

I am offering you a job at Microsoft, mostly out of pity. Please send your resume to HR@microsoft.com with a cover letter indicating your areas of expertise, and attach a copy of this e-mail to it.

Bill Gates
Chief Visionary
Microsoft Corp.
^D

We owe Bernie more than this!

[scoove]

Bernie has done all of us slashdotters a great benefit by helping instill a meme that simplifies our lives. Just think of the ways we can save time now by immortalizing his name when we refer to disease of high-esteem, nonexistent competency fools that bark empty threats every time their useless lives are recognized for what they are.

For example, someone sent you a totally bogus loser resume?

"Oh geez, get rid of that resume. It's a Bernie Shifman."

Spending the weekend cleaning up a totally fscked up wiring or server job? "Yea, I'm working late on a Bernie Shifman job."

Bernie deserves to be imortalized as the /. poster boy for arrogant incompetence.

*scoove*

p.s. Anyone hear if Bernie's learned of his /. fame? Hey Bernie, your fifteen minutes are ticking!