Rep. Bill Jones Thinks Spam is "Innovative"

GMontag writes "Wired is running this story:Candidate: Spam in Every Pot about candidate-for-governor Bill Jones' spam campaigning. The most telling quote: "Jones spokesman Darrel Ng said the e-mail wasn't spam, commonly defined as unsolicited commercial e-mail. Ng instead classified Jones' non-commercial mass-mailing as an "innovative way to use the Internet.'" Another interesting item: "An examination of the e-mail sent out by the Jones campaign revealed forged headers. The e-mail, purportedly sent from an MSN.com address, was actually routed through the server of an elementary school in Chonnam, Korea.""

Kick him out of Office and bankrupt him.

[www.sorehands.com]

His spam may not have violated California law, but may have violated the TCPA (the junk fax law).

If your computer has a fax modem attached, a printer attached, and fax software, then it is a fax machine for the purpose of the federal definition.

What you should do:

• File lawsuit against him for $500 against him and the campaign.
• Work as hard as you can to ge the word out that he is scum, that abuses the computer equiptment of schools (if that is true), and help his opposition.

Lets make an example of this SPAM scum.

This is not legal advice until I go to law school, graduate law school, pass the bar, and confirmed that your retainer check cleared.

Spamming for dumbasses

[t0qer]

Uhh, this isn't a troll, it's a true story and it might shed somelight on how spam operators do their dirty deeds.

About 2 months ago I had the chance to take a road trip with one of my best buds to go see his father down in bakersfield. For those that don't know what bakersfield is, it's a shithole of a dirty little town somewhere between Sacramento and LA on the I5.

Now if it's a shithole of a little town, why would I in my right mind want to go there, sleep on a floor for 3 days, and eat crappy food. Well, my friends dad *supposidly* had a T1 line going into his apartment and was running spam operations from that. I told my friend that's bullshit, Ma bell don't run T1's to anything but businesses, i've ordered enough of them to know.

We got down there, I was expecing to walk in, and find a wirespeed DSL modem or something. Upon closer inspection I found a CSU/DSU and a cisco 2500 router. Holy shit this guy really did have a T1 line. I started talking to him about the legal/social ramifications of his business. After about 30 minutes of talking to him I could tell, he got a hair up his butt one day thinking spam was going to be a big money maker for him, paid someone to set him up and that was it. Not only did he not have a clue that hijacking someones SMTP server is bad, but he said SMTP servers that don't run open relays are interferring with his ability to do business and started screaming "ITS MY RIGHT TO SPAM AND ANYONE WHO TRIES TO STOP ME IS INTRUDING ON MY AMERICAN RIGHTS TO RUN A BUSINESS"

I stopped talking to him after that. He just would not accept that using someone elses server without their permission is just plain wrong. Anyways...

He started trying to talk me and my friend into getting into the business with him. I told him it would be a conflict of interest for me because I am a sysadmin of course, but I would be more than happy to watch him work to learn for myself.

His network consisted of 6 win98 machines, 1 BSD box that he had no idea what it did. They ran some windows GUI based tool called SMTPscan. Basically it had 2 boxes to input your IP range into, it would scan that range and report back usable servers. I can't remember the actual name of the program he used to send the mail with, but I remember him pasting that list from SMTP scan into it.

Also to note was his lack of a true list management system. His remove e-mails pointed back to a hotmail account so his main server would be isolated from any attacks. He would manually go into his hotmail account. These removes did nothing though, let me explain it from his point of view.

Basically when your remove yourself from a spam list, it's just for that spam. The spammer still has a list for some new product that he hasn't sent out yet, if he hasn't sent it out how can you be removed?

So this guy maintains a list of 4,000,000 e-mails and ALLWAYS spams to all of them. Legally he's found a loophole to cover his ass and can happily spam the same list as long as he's selling something different.

I just wanted to post this so everyone would know, spammers aren't really the most technically minded people. To them it's
1. Spam
2. ****
3. Profit

While to us it's
1.Spam
2.Flood someone elses server, slander some legit company by relaying pr0n spam. Eat Bandwidth
3. Profit

I hope you enjoyed this post, please mod accordingly if you did.

--toq

Teergrube and Reverse Teergrube DDOS for KR, RBL?

[billstewart]

If you google for Teergrube (German for "Tar Pit"), you'll find several implementations that happily sit on Port 25 (either on machines that don't run their own SMTP servers, or perhaps are called out by the real sendmail when receiving mail from a known spammer) and answer v...e...r.....y.....s....l....o....w.....l.....y, with lots of delays and perhaps some try-later error messages. The usual application for Teergruben is to place a bunch of spambait addresses out on your web sites for the spammer's harvesting system to find, since any mail addressed to them is obviously spam, and log the senders' machines so you can track them down. The theory is that if somebody's sending out a few mail messages to real people and mistakenly send to you, responding slowly isn't a problem, but if they're trying to send thousands of spams per minute, and each of the N simultaneous outgoing SMTP sessions they can maintain keeps running until it hits one of the thousands of tarpits waiting for them, they'll use up all their capability waiting for tarpits to respond and be unable to bother real people, and thus they DDOS themselves. If they're abusing mail relays, and spreading the load around, that's a bit rougher, but each mail relay can also get bogged down. Also, dialup or open relay IP address that gets caught in the tarpit is one you can add to the blacklists on your real mail server, though you probably don't want to do that for non-dialup machines that aren't running relays, because they may simply have bad users (e.g. AOL has spammers, but also has your mother-in-law, so you don't want to block all mail from AOL.) You may not have a current DUL for Korea, but if you don't expect to get mail from anybody in Korea, or the mail goes to one of your spambait addresses, you can trap them too.

That works nicely if enough people do it, especially if they spread around lots of spambait addresses. But what about an active response - if you receive mail from an open-relay machine (either on the RBL, or one that you test, e.g. yet another Korean school box), you could send it ten simultaineous messages, v...errr....y...s....l...o...w..ly. Not enough to flood it, or kill it permanently, but enough that if it's trying to spam N destinations at a time, it will have some fraction of them tie up a few percent of its incoming SMTP capacity, and therefore quickly block its relay capability.

It's a bit dodgy, and you need to check your ISP's acceptable use policy to make very sure you're not violating it, but it's basically a scale attack which won't harm any systems that have real people sending out real mail, might bother real systems sending out real mailing lists (so obviously don't do this to systems you subscribe to), but will interfere with abused machines being abused by spammers as well as with spammers using their own machines directly.