Slashdot Mirror

← Back to Stories (view on slashdot.org)

Beating the Spam Merchants

Posted by timothy on from the boilss-your-heart-cockles dept.

Crowbraid writes: "Well-written column by Margie Boule from the Portland Oregonian about an individual who got tired of getting spam, sued the company for $25 an email, and won." See also Bennett Haselton's anti-spam page, where he has details on "pursuing the anti-spam lawsuits on four separate fronts." (Those lawsuits were mentioned a few months back.)

10 of 177 comments (clear)

  1. Spam Stories by kontos · · Score: 2, Interesting

    There have been a large number of Spam stories in the media this week. What's the deal? Mayby the politicians will start to see that this is something that matters to John Q. Public.
    Of course, mayby pigs will fly someday.

    --
    SM MBL-VIR looking 4 SIG 4 LTR. must be DDF, no 420, SD ok.
  2. Re:Wow by SirSlud · · Score: 3, Interesting

    Many of the spams I get regularly top 50k (HTML spams, with flash, gifs, etc, etc). On a slow modem (I dont have one, mind you), it take take abit longer than 2 seconds to download.

    Aside from that, its not about the money. It's about stopping the act of spamming. Unfortunately, the legal system tends to prioritize fiscal damages over inidivudual non-quantifiable damages, so it's probably wiser and faster to go the 'I'll sue to for time waster' route than the 'Spamming is unethical and against the law, and so I'll see if I can convince the police to lay charges' route.

    This is a more effective and faster route to go, and hits spammers where it hurts; their wallets. If they can't make any money from spamming, because the damages people file outweigh the commissions on the referrals and subscriptions they make, whats the point?

    --
    "Old man yells at systemd"
  3. Tennessee Spam Laws by aardwolf64 · · Score: 3, Interesting

    I did a little bit of research last week on Spam laws in my home state (Tennessee) According to Tennessee Spam laws, if a company based in Tennessee spams you after you have requested they remove your name, you can sue them for up to $5000 per day they continue to spam them. I found out about this law at SueSpammers.org.

    Incidentally, I have a spamcop IMAP e-mail account that filters out potential spam. There was one guy from Canada that kept spamming me over and over. I noticed that the unsubscribe link (which I had tried twice) pointed to a top level domain. Using Internic's WHOIS, I got the jerk's home address, phone number, and e-mail address. Luckily in this case it wasn't forged. After personally contacting him (and threatening legal action), I have gotten no spam from his "company" in 1 week. (Funny thing is, Canada has no anti-spam laws... it was all BSing)

  4. suing spammer by sheol · · Score: 2, Interesting

    I am attempting to do the same. I recieved a spam a couple days ago that caought my attention. They had copied an image from my homepage and used that in the spam they emailed me.

    I sent them back a letter demanding $110 for my time wasted. $100 for 'legal fees' and $10 under colorado law for each unsolicited commercial email.

    Hopefully if enough people do this, spammers will be more careful to who they send emails. Either that or spammers might start something like the RBL except it would be a list of spam-unfriendly recipients. That'll be the day...

    1. Re:suing spammer by xTK-421x · · Score: 2, Interesting

      Looks like we're not the only ones having this problem... Google Groups Search.. I'm going to have one of the Chinese guys here at work help me craft a letter to send to their Uplinks, perhaps it's just a language problem instead of ignorance..

      --
      "TK-421, why aren't you at your post?"
  5. We're missing the bigger picture here... by PyroJimmy · · Score: 3, Interesting

    ... which is the fact that spam cases need to eventually be taken through the court system, with a verdict being handed down by a judge or jury.

    This man doesn't qualify for hero status. He basically threatened the company with a lawsuit and accepted a little money to go away and not tell anyone about the company's practices (or at least without the company's name).

    When people settle cases, they may get some money and self-satisfaction, but it does very little good for anyone else. When a case is tried in court and a verdict is rendered, a legal precedent is set by which future actions are governed. This is the only truly effective way of fighting the onslaught of spam email in the long run.

    Even if you manage to get a huge settlement and put a company out of business, the way is still paved for 5 more companies to pop up and take its place. And in this case, it sounds like the company is absolutely free to continue its practices as it has in the past. Where's the good angle to this story?

  6. Why not getting help from the mail-client? by software_non_olet · · Score: 2, Interesting

    Everyone trying to track down a spam-source probably allready had the same problem:

    How to tell the complaining enduser to forward you the spam-email with all email headers intact? "What are email-headers?" is the number one question you hear. After two minutes explanation the next question will probably be "Where do I have to click to do that?". And another five minutes explanation later you know that you will never get that spam-email intact because you hear a phone ringing or the boss asking "Is that report ready?" in the background.

    Why not adding one button to each mail-client labelled "This is SPAM"? So the user simply has to click this button, is asked a confirmation question like "Do you really want to send the messaged titled blah..blah to your anti-spam department and erase it?" and then whoosh the mail is send with all headers (as an attachment) and with the propper legal text in in "user thisandthat declared the attached email a being UCE blah..blah". And the configurable antispam-address defaults to - say - spam@users_main_email_domain where you or your script is ready to handle it.

    Then depending on your policy you can check it and report it to the spammers ISP, or have an automatic script behind it, which updates your block-lists (e.g. after a number of complaints about the same sender or depending on the trustworthyness of the enduser). You could even implement scripts, which automatically delete this email (or all emails from the same source) from the POP accounts of your server and send them back to where they came from - with the propper RFC-compliant messages. Or send them to spamcop or whatever your agreed-on anti-spam policy says.

    Perhaps you know a friend who is writing Email-Clients or Plugins for these beasts (or you yourself can you that).

    If it's time to fight back, let's use automatic weapons!

  7. Why pursue spammers when you can ignore them? by tuxlove · · Score: 2, Interesting

    Repost of my message from previous spam story, sorry for repetition, but I think it might help people to see it: (no karma whoring, I'm already at max :)

    It's easy to stop spammers, but you need to have the ability to create an arbitrary number of email addresses. If you manage your own domain, or at least have the ability to create and destroy email addresses in your domain, you can virtually eliminate spam.

    Here's my recipe. I have no worries explaining this in public, because there's nothing the spammers can do to get around it. For every Internet service you use, every mailing list you subscribe to, every online retailer you buy from, you create a unique email address (for example, my PayPal email address is "paypal@mydomain.com"). In essence, you have a different "email channel" for every source which might potentially be used to send you email. As soon as you receive a single spam on any email address, you delete it. You'll never get spam for that address again, and if you really want you can create a new one for whatever site it was used for (e.g. if you get spammed on "paypal@mydomain.com" you can create a "paypal2@mydomain.com" and change your email address with PayPal; or you can just stop using PayPal). Simple so far.

    Where it gets trickier is your more "permanent" email addresses, but the problem is solvable. I have a main email address I've used for 10 years, and of course spammers have gotten a hold of that address many times over. I don't want to destroy that address, since all my friends and colleagues know it and expect it to exist. Notifying them all each time I cancelled it would become quite burdensome for all of us. To deal with this, I have created a tool which is executed by procmail that checks each incoming message to my permanent address to ensure that the sender is valid. I have a fairly small list of known valid senders which are allowed to send me email, and those go right through to my mailbox. Not only does the tool check the sender, but it optionally checks the "Received" header in the mail to ensure it's coming from the expected mail server (in case a spammer tries to pose as someone on my OK list - paranoid, true, but I like paranoia).

    This solves all problems except one - how do people I don't expect to send mail to me actually reach me? My tool also has a "disallow" list of mail servers, and any mail originating from one of those servers will be tossed in the trash. Mail from an unexpected sender whose server is not in the disallow list will get a response from my procmail tool with a special subject line in it. They are instructed to reply, and my mail tool will then accept their message on a one-time basis after scanning the subject line for the secret magic key. If I like the person, I'll add them to my "allowed" list so they never have to go through the two-step process again.

    What if a spammer figures out my scheme and makes a spam tool that auto-replies, you ask? For that to work, he would have had to use a real return address, which they never do. But if he did, I would then know who he was and be able to block further mail and pursue him, if desired. So far that's never happened. Even if it started to happen frequently, I have plans for an upgrade to my tool which would randomly vary the required method of reply in a way that was impossible to perform programmatically. No need for this so far.

    I realize that most of this can be done with procmail alone, but there are some aspects of it that are ugly or impossible to do with just procmail. It's integrated with sendmail to a small extent, as well, which requires a separate tool as well (future extensions for other mailers should be fairly easy).

    Maybe when this is all finished I'll make it publically available. Would anyone out there find it useful? (Or has it already been done, and am I wasting my time?)

  8. Sue on my behalf by TimButterfield · · Score: 2, Interesting

    I wonder if some of the services like SpamCop could handle something like this. For each spam that is reported, allow sending the "$25 will be owed for each subsequent spam" along with the spam report. On collecting a sufficient quantity of subsequent spam from the same company, sue on behalf of the many receipients and split the cash to cover their expenses. Even if they could not sue directly on behalf of the inviduals, it would be nice to consolidate the contact information for the companies and individuals that could be sued for the spam received.

  9. Re:I would sue, but.... by GSloop · · Score: 3, Interesting

    As far as I'm concerned if you get spammed, it's your fault.

    My house is sited behind 48 inches of reinforced concrete. I have machine-gun pillboxes sited on each corner, each manned 24 hrs a dat. My house never gets burglarized. If you don't do the same and you do get burglarized, it's your fault.

    Sheesh!

    Need I say more?

    Cheers!