Rep. Bill Jones Thinks Spam is "Innovative"

GMontag writes "Wired is running this story:Candidate: Spam in Every Pot about candidate-for-governor Bill Jones' spam campaigning. The most telling quote: "Jones spokesman Darrel Ng said the e-mail wasn't spam, commonly defined as unsolicited commercial e-mail. Ng instead classified Jones' non-commercial mass-mailing as an "innovative way to use the Internet.'" Another interesting item: "An examination of the e-mail sent out by the Jones campaign revealed forged headers. The e-mail, purportedly sent from an MSN.com address, was actually routed through the server of an elementary school in Chonnam, Korea.""

Don't think this will be the only one...

[No-op]

I hate to say it, but I think we're going to see much more of this kind of mentality coming from our elected officials (and candidates). You have to realize they farm this sort of thing out, and to them it's all a broad spectrum of marketing/contact/fundraising/etc.

I doubt the candidate in mind was even aware of what was going on, but when confronted he responded as you would expect any politico to respond. doublespeak and warm fuzzies, with a handful of buzzwords.

Hopefully there will be a day when there is a representative we can stand behind- the only way we can get there is for all of us to make our voices heard, and to use the system to fight the system. as many have said before, make phone calls or write actual letters spelling out WHY you feel something is bad, and rational reasons as to why they as your elected representative should be against something.

my 2 cents. have a good weekend!

Fast Forward to October

[Tyler+Eaves]

In a new state record, Candiate Bill Jones received only 1 vote. Many blame his poor showing on the fact the he hired his campaign spokesperson because he promised to "Get Vote$$ fa$$t"

SPAM!

[PopeAlien]

Shouldn't this be under the category "Its funny, laugh"?

But many who received Jones' e-mail are not California residents. Some aren't even U.S. citizens. Evidently, the address harvester used by Jones' vendor assumed that all e-mail addresses containing ".ca," a suffix that identifies a Canadian domain, belong to California residents.

Well, clearly if he could get the much coveted Canadian vote he'd win by a landslide..I bet the Canadians aren't voting for any other Californian Politicians. I don't know why no one has ever tried this before. How innovative!

My Bill Jones experience

[zsazsa]

I submitted my page on Bill Jones's spams a couple days ago, and it was rejected:

2002-02-28 00:58:56 California Gubernatorial Canidate Resorts to Spam (articles,spam) (rejected)

Anyway, I'm not bitter. Check out my page on it anyway: http://polpo.org/jonesspam/. Basically, I pick apart the mail and the "click here to remove yourself from our list" page (which involves some novel Javascript-based HTML obfuscation) and find out who one of the spammers might be.

After talking with some people about this and doing a simple Google search I found that he's been doing this for a couple months now, with MSNBC doing this story on it in December. They have a followup story here.

By the way, don't count on Bill Jones's office writing you back when you complain to them about the spam. I haven't recieved a response yet.

Ian

Kick him out of Office and bankrupt him.

[www.sorehands.com]

His spam may not have violated California law, but may have violated the TCPA (the junk fax law).

If your computer has a fax modem attached, a printer attached, and fax software, then it is a fax machine for the purpose of the federal definition.

What you should do:

• File lawsuit against him for $500 against him and the campaign.
• Work as hard as you can to ge the word out that he is scum, that abuses the computer equiptment of schools (if that is true), and help his opposition.

Lets make an example of this SPAM scum.

This is not legal advice until I go to law school, graduate law school, pass the bar, and confirmed that your retainer check cleared.

Lest we forget...

[fobbman]

A properly filled-out ballot is an innovate way to show your disgust of these practices.

Re:And the surprise is?

[phyxeld]

I, for one, am only surprised that email spam has not been used for campaigning earlier.

I'm very surprised anyone would want to use spam for political purposes. It's just stupid. Your average spammer doesn't care about his reputation, so it doesn't matter that 95% of the people who see their message will angrily throw it away. Politians, however, live off of their reputation. They can't afford to piss off that many people at once.

I'm sure this guy is regreting it. I mean, his website is blackholed right now, a few days before the primary! And this guy was supposedly "net savy"....

Spamming for dumbasses

[t0qer]

Uhh, this isn't a troll, it's a true story and it might shed somelight on how spam operators do their dirty deeds.

About 2 months ago I had the chance to take a road trip with one of my best buds to go see his father down in bakersfield. For those that don't know what bakersfield is, it's a shithole of a dirty little town somewhere between Sacramento and LA on the I5.

Now if it's a shithole of a little town, why would I in my right mind want to go there, sleep on a floor for 3 days, and eat crappy food. Well, my friends dad *supposidly* had a T1 line going into his apartment and was running spam operations from that. I told my friend that's bullshit, Ma bell don't run T1's to anything but businesses, i've ordered enough of them to know.

We got down there, I was expecing to walk in, and find a wirespeed DSL modem or something. Upon closer inspection I found a CSU/DSU and a cisco 2500 router. Holy shit this guy really did have a T1 line. I started talking to him about the legal/social ramifications of his business. After about 30 minutes of talking to him I could tell, he got a hair up his butt one day thinking spam was going to be a big money maker for him, paid someone to set him up and that was it. Not only did he not have a clue that hijacking someones SMTP server is bad, but he said SMTP servers that don't run open relays are interferring with his ability to do business and started screaming "ITS MY RIGHT TO SPAM AND ANYONE WHO TRIES TO STOP ME IS INTRUDING ON MY AMERICAN RIGHTS TO RUN A BUSINESS"

I stopped talking to him after that. He just would not accept that using someone elses server without their permission is just plain wrong. Anyways...

He started trying to talk me and my friend into getting into the business with him. I told him it would be a conflict of interest for me because I am a sysadmin of course, but I would be more than happy to watch him work to learn for myself.

His network consisted of 6 win98 machines, 1 BSD box that he had no idea what it did. They ran some windows GUI based tool called SMTPscan. Basically it had 2 boxes to input your IP range into, it would scan that range and report back usable servers. I can't remember the actual name of the program he used to send the mail with, but I remember him pasting that list from SMTP scan into it.

Also to note was his lack of a true list management system. His remove e-mails pointed back to a hotmail account so his main server would be isolated from any attacks. He would manually go into his hotmail account. These removes did nothing though, let me explain it from his point of view.

Basically when your remove yourself from a spam list, it's just for that spam. The spammer still has a list for some new product that he hasn't sent out yet, if he hasn't sent it out how can you be removed?

So this guy maintains a list of 4,000,000 e-mails and ALLWAYS spams to all of them. Legally he's found a loophole to cover his ass and can happily spam the same list as long as he's selling something different.

I just wanted to post this so everyone would know, spammers aren't really the most technically minded people. To them it's
1. Spam
2. ****
3. Profit

While to us it's
1.Spam
2.Flood someone elses server, slander some legit company by relaying pr0n spam. Eat Bandwidth
3. Profit

I hope you enjoyed this post, please mod accordingly if you did.

--toq

Re:Before everyone goes off half-cocked here...

[Tackhead]

> Before everyone goes off half-cocked here about how political spam should be illegal, I'd like to gently remind people to think of the potential consequences to our society of banning any form of political speech, regardless of how tacky it might be.

If Bill Jones had spammed from Bill Jones' machine, and paid Bill Jones' ISP to deliver the outbound spew, you might have a point.

But according to the article, Bill Jones didn't do that. According to the article, Bill Jones raped an open relay in Korea. That is, he sent an SMTP transaction to a server (a server on which he had no authorized access), and commanded that server's MTA to deliver multiple copies of his spew to recipients in California and Canada.

Ignoring the theft-of-service issue that applies to all spam delivered through open relays, the server was on foreign soil -- that is, he appropriated the resources of a foreign government to influence the results of a domestic political event. That sounds like it could be in violation of numerous election finance laws (at a minimum), and a potential diplomatic incident to boot.

I happen to believe that all spam is theft (by conversion) of my mailbox. That is, Bill Jones has the right to speak, but he doesn't have the right to appropriate my resources to deliver his speech.

But even if you choose accept that sort of theft as OK in certain cases, how can you deny that (if the article is true) what he did is anything other than unauthorized access to, and theft of service from (if not a denial-of-service attack on) the Korean high school's server?

Newspeak. It is spam, damnit.

[praedor]

The really telling thing is the forged headers. Even if you could argue the points of political mailings being spam/not being spam, as far as I'm concerned, using a fake email/forged headers makes it spam. Forged email/headers trumps all other arguments. It is spam.

Spam Works!

[Crispin+Cowan]

Hey, spam really can increase your penis size. It has turned Bill Jones into a giant dick! :-)

Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase

Teergrube and Reverse Teergrube DDOS for KR, RBL?

[billstewart]

If you google for Teergrube (German for "Tar Pit"), you'll find several implementations that happily sit on Port 25 (either on machines that don't run their own SMTP servers, or perhaps are called out by the real sendmail when receiving mail from a known spammer) and answer v...e...r.....y.....s....l....o....w.....l.....y, with lots of delays and perhaps some try-later error messages. The usual application for Teergruben is to place a bunch of spambait addresses out on your web sites for the spammer's harvesting system to find, since any mail addressed to them is obviously spam, and log the senders' machines so you can track them down. The theory is that if somebody's sending out a few mail messages to real people and mistakenly send to you, responding slowly isn't a problem, but if they're trying to send thousands of spams per minute, and each of the N simultaneous outgoing SMTP sessions they can maintain keeps running until it hits one of the thousands of tarpits waiting for them, they'll use up all their capability waiting for tarpits to respond and be unable to bother real people, and thus they DDOS themselves. If they're abusing mail relays, and spreading the load around, that's a bit rougher, but each mail relay can also get bogged down. Also, dialup or open relay IP address that gets caught in the tarpit is one you can add to the blacklists on your real mail server, though you probably don't want to do that for non-dialup machines that aren't running relays, because they may simply have bad users (e.g. AOL has spammers, but also has your mother-in-law, so you don't want to block all mail from AOL.) You may not have a current DUL for Korea, but if you don't expect to get mail from anybody in Korea, or the mail goes to one of your spambait addresses, you can trap them too.

That works nicely if enough people do it, especially if they spread around lots of spambait addresses. But what about an active response - if you receive mail from an open-relay machine (either on the RBL, or one that you test, e.g. yet another Korean school box), you could send it ten simultaineous messages, v...errr....y...s....l...o...w..ly. Not enough to flood it, or kill it permanently, but enough that if it's trying to spam N destinations at a time, it will have some fraction of them tie up a few percent of its incoming SMTP capacity, and therefore quickly block its relay capability.

It's a bit dodgy, and you need to check your ISP's acceptable use policy to make very sure you're not violating it, but it's basically a scale attack which won't harm any systems that have real people sending out real mail, might bother real systems sending out real mailing lists (so obviously don't do this to systems you subscribe to), but will interfere with abused machines being abused by spammers as well as with spammers using their own machines directly.