Slashdot Mirror
Beating the Spam Merchants
Crowbraid writes: "Well-written column by Margie Boule from the Portland Oregonian about an individual who got tired of getting spam,
sued the company for $25 an email, and won." See also Bennett Haselton's anti-spam page, where he has details on "pursuing the anti-spam lawsuits on four separate fronts." (Those lawsuits were mentioned a few months back.)
Oh my god, I'd better call my lawyer... I may already be a millionaire!
The speed of time is one second per second.
There have been a large number of Spam stories in the media this week. What's the deal? Mayby the politicians will start to see that this is something that matters to John Q. Public.
Of course, mayby pigs will fly someday.
SM MBL-VIR looking 4 SIG 4 LTR. must be DDF, no 420, SD ok.
What, do you make your living off of Spam? I for one wouldn't mind making a few hundred bucks at the expense of the assholes that keep trying to sell me Herbal Viagra and fake University degrees.
No, it's just that no one has subscribed, so Taco sold Slashdot to the Python boys. Now it's nothing but spam, lovely spam.
Soon, they'll be promoting the Spam Club!
www.lucernesys.comHorizon: Calendar-based personal finance
In many cases, spam coming from a Chinese ISP really originates in the US, and is being bounced off of an open email relay.
"I e-mailed back, saying 'Take me off your subscription list. I don't want this.' " And then Harold put a little bite in his request. "I wrote, 'I will charge you $25 per message as a reading fee,' " for every subsequent e-mail.
;-)
:: Worth Every Red Cent!
Harold says the fee was not just a threat; it was a reasonable charge for time and equipment. "I have to download the message, to find out it's junk and delete it. If you're using my download time, you are in effect using my services. During that time I can't use my computer, which is essential in my business."
OK, so apparently this dude thinks he's worth:
($25.00 / 2 seconds to download and identify a message) * (60 seconds / 1 minute) * (60 minutes / 1 hour) = $45,000.00 / hour.
Hell, I'll even subtract $1.00 (I'm rounding up mind you) for bandwidth and computing costs to handle the huge 2KB spams.
So, he thinks he's valued at $44,999.00 / hour. Much better.
Must be a really smart guy
m o n o l i n u x
On a few occasions, they say they've even managed to successfully claim their fee.
No, this isn't a small-town lawyer who wants to make a name for himself. An actual lawyer would not use small claims court and would not use Nolo Press guides to find out what the law is. Wind_Walker needs to work on his reading comprehension skills.
That one is already in your mailbox, with Ed MacMahon's picture on it.
If tits were wings it'd be flying around.
Nothing to see except your glib attempt to discredit the time-honoured art of self defense.
He's the one that initiated the litigation, you idiot.
Thus, it isn't time that the offender owes him (or should owe him) for, because he is investing and sp[ending the time at his initiative and discretion to recoup the monetary damages (although we all know that the damages are more of a bonus on top of simply discouraging spammers through the act of instigating litigation when the law permits it.)
By your reasoning, I could prank call you 20 times a day. Then, when you decide to actually spend some time defending yourself, you're suggesting I'd get to make fun of you for taking more time to defend yourself than I'd originally taken by harrassing you.
You're an idiot, because you either dont realize (or are too glib to account for in your reasoning) that it's not about the money or time, it's about the harrassment. It's about getting spam to stop, regardless of the time and money it costs us. Unlike some people, many humans utilize the law to try and limit unscrupulous behaviour because it's unscrupulous, not because we can count pretty numbers that tell us how much money or time we 'lost' as a result of unethical behaviour by companies or individuals.
"Old man yells at systemd"
It is the small persons equalizer for corprate greed. Basically you can force a large company to show up and spend money on their lawyers, while you just show up and tell the judge what happened.
Used it twice, one time my bank was cashing my car payment checks, but not crediting my loan... Needless to say when they threatened to take my car away, I filled suit. Long story short, they paid up rather than spend the money on lawyers (which they would have lost anyway)
The other time it was my wifes employer not doing the right things with her termination... Got the district manager and ourselves infront of a mediator and a deal was struck...
You won't get rich with small claims court (I think it only covers up to 1,500 maybe 2,500) but it is very simple to file and win a reasonable case
Well, *yeah*, but the thing is that it's the chinese ISPs that are vectoring it because the US ISPs know better than to get caught vectoring spam themselves...
/Brian
The fundamental change that the Internet introduced was the economic fact that sending n pieces of email took the same effort as sending 1. The fact that this essentially puts the cost (storage, bandwidth, attention, etc) onto the recipient distorts the incentive for posting which consequently leads to spam. This is the old story of privatise the benefits and socialise the losses.
... if the email wasn't worth their time, then they would "charge" the sender a small amount. If the free market worked, then advertisers would figure out the cost of your attention (especially if they lumped their mistakes) and be more selective in their branding activities (as well as reduce visual pollution). However, because the consumer doesn't have any expectation of privacy, much less opinion as to their preferences, B2C cheerfully ignore these minor details in their belief that buying xxx will solve your worries.
The book EarthWeb (see http://www.baen.com/blurbs/067157809X.htm, http://www.the-earthweb.com/) had a good idea in that people could set a threshold
Marketing is a necessary evil but the economic costs should be bourne by the originators (whoch have control over quantity) rather than the public at large. How much do you value your attention (and thus time)?
LL
As a programmer with Hormel's entrail engineering department, I've heard a lot about this within our company. There's been a lot of noise here in Porkopolis about buying advertisements and front page name association story endorsements on Slashdot. I don't agree with it and I'm putting my job on the line posting this, but this is why you are seeing (and will continue to see) a lot more news about spam, and even more spam about spam.
Thank you. Have a good day, and don't forget to try our other canned meatstuffs.
I think the hardest part to catching spammers is finding out and proving who they are. They do damn near every trick in the book to hide thier identity.
What might be more effective is to go after the people hiring them. Spam usually gives you a phone number (that's the only piece of reliable information) to call so you can get scammed. Don't buy anything from someone who won't tell you who they are. Call them up, find out as much information as possible, then rip them a new hole. Post the information on the internet, let the trolls troll the spammers.
If you think education is expensive, you should try ignorance -- Derek Bok, president of Harvard
Better yet, send out an e-mail to everyone telling them about this great money-making opportunity!
And I don't put my e-mail in public places where spammers would look to pick it up. As far as I'm concerned if you get spammed, it's your fault.
I find it important that people reading my website can respond back to me. I don't see why me providing an email address so they can respond makes me at fault for getting spammed, any more than leaving a car in a parking lot while I shop makes me at fault for it getting stolen.
Beating the Spam Merchants
Good, you find the Spam Merchants and I'll find my bat!!
I stole this Sig
but all this Spam news is making me hungry.
Spam Nachos anyone??
I did a little bit of research last week on Spam laws in my home state (Tennessee) According to Tennessee Spam laws, if a company based in Tennessee spams you after you have requested they remove your name, you can sue them for up to $5000 per day they continue to spam them. I found out about this law at SueSpammers.org.
Incidentally, I have a spamcop IMAP e-mail account that filters out potential spam. There was one guy from Canada that kept spamming me over and over. I noticed that the unsubscribe link (which I had tried twice) pointed to a top level domain. Using Internic's WHOIS, I got the jerk's home address, phone number, and e-mail address. Luckily in this case it wasn't forged. After personally contacting him (and threatening legal action), I have gotten no spam from his "company" in 1 week. (Funny thing is, Canada has no anti-spam laws... it was all BSing)
It doesn't make you at fault for getting spammed. However you COULD, as many websites do, make a form that allows users to send you e-mail addresses without actually revealing your e-mail address to them. It's not difficult and it saves you trouble, so why not?
The GeekNights podcast is going strong. Listen!
I love stories like this where the individual triumphs over evil.
;-)
In the State of Washington you can sue for up to $250.00 per spam. Spam is defined as unrequested commercial bulk email that has either a misleading subject line and/or invalid return address.
The real problem with trying to collect is that most spammers make it VERY difficult to trace the email back. They may bounce it off of an open relay or use stolen accounts and they almost always use a false return address.
You can usually find the domain that the email came from by looking at the header information but if they bounced it off of an open relay in China it may not do you any good.
Really, the only ones that you should try to go after should be the ones that are stupid enough to provide you with real information in the body of the letter that will allow you to track them down.
Most of the time the spammer wants one thing: Your money. So he may give an 800 number or a web page URL. If you can convince him that you need his real address to send him money the may provided it and you can send him a subpoena instead.
Some spammers will try to get your credit card number. Once they have it you may find yourself the unwilling donator of a brand new laptop or some other piece of property that the spammer can sell on the black market.
Never, never, never, give a spammer your credit card number.
The race isn't always to the swift... but that's the way to bet!
Shouldn't take long.
-------------------------------------------------
(I've gotten into a few good e-mail discussions via the address I post here. I also get about 20 spam messages a day, between having my address having been here and briefly on one of the Linux mailing lists. Is it worth it? The jury's still out.)
Stupid job ads, weird spam, occasional insight at
I am attempting to do the same. I recieved a spam a couple days ago that caought my attention. They had copied an image from my homepage and used that in the spam they emailed me.
I sent them back a letter demanding $110 for my time wasted. $100 for 'legal fees' and $10 under colorado law for each unsolicited commercial email.
Hopefully if enough people do this, spammers will be more careful to who they send emails. Either that or spammers might start something like the RBL except it would be a list of spam-unfriendly recipients. That'll be the day...
Being careful about who and how you reveal your email address to is a good and effective idea to prevent spam, but eventually the spammers may find you with their equivalent of a dictionary attack. They will try variations of common names and initials on your domain mail server until they have a list of valid ones. This is sometimes how they get an address, even if you have been careful, especially if you are in one of the popular mail services (@hotmail.com, etc.)
Sadly, this does nothing about all the lame pyramid-scheme and enlarge-your-body-parts spam we all get. This originates from rather stupid individuals who've ben conned into joining high-tech versions of the old stuff-envelopes scam, and thus pop up faster than you can smack them down.
I'm not trying to troll here, but this whole discussion got me thinking, how effective are the current means of blocking spam, such as RBL, blocking out certain countries, etc., if so much spam is getting to people's inboxes? Whenever I read the mail-abuse.org website, they talk about how effective they are, but if so many people are using their product and other products like theirs, why is spam still a problem? Or is this just a case of the people who are not using these products complaining about the spam?
In case of fire, do not use elevator. Use water!
Or put your address in a small GIF file that the spambots cannot read.
This man doesn't qualify for hero status. He basically threatened the company with a lawsuit and accepted a little money to go away and not tell anyone about the company's practices (or at least without the company's name).
When people settle cases, they may get some money and self-satisfaction, but it does very little good for anyone else. When a case is tried in court and a verdict is rendered, a legal precedent is set by which future actions are governed. This is the only truly effective way of fighting the onslaught of spam email in the long run.
Even if you manage to get a huge settlement and put a company out of business, the way is still paved for 5 more companies to pop up and take its place. And in this case, it sounds like the company is absolutely free to continue its practices as it has in the past. Where's the good angle to this story?
Such as web archives of mailing lists for opensource projects? It must be nice to sit there handing out advice and calling people idiots when you never contribute to the community.
Most of the spam I get is at an address harvested from mailing list archives for GCC, Doxygen, and few other much smaller projects. Does that mean I'm an idiot? If you think so, perhaps you shouldn't be using these programs (after all, an idiot has contributed to them).
Does that mean I'm going to stop sending mail to a public mailing list? No, because as much as I'd like to reduce the amount of spam I get, I'd much rather see improved software.
Suing spammers is being an idiot? Huh?
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
I do know this is a standard clause in boilerplate agreements lawyers typically put together. But these things can be changed, and often do get changed during the course of negotiations. What is the dollar amount you would put on agreeing to hide the identity of someone who wronged you and is now finally agreeing to pay up for it, but won't pay as much (if any at all) if you don't agree to include that clause? And likewise, what is the dollar amount for agreeing not to submit it to slashdot/kuro5hin/etc?
now we need to go OSS in diesel cars
I like being able to post in a public forum and get private email back. I do it all the time on Usenet.
I don't have an unlisted phone number, either. Never had.
Having said that, I don't put my private email on slashdot. Used to, but some of the people here kinda scare me. Anybody who'd devote so much of their lives to trolling, well, they got a screw loose and many of them write automation to crap flood slashdot. I don't want that to happen to my inbox.
In any case, I don't feel that I should make myself difficult to reach just to avoid spam. You know, they solved the problem of junk faxes back in 1996, the problem of spam could be solved with appropriate legislation. I'm starting to suspect that the lawmakers want this problem to fester until they can use it as a justification to shut down all anonymous use of the Internet.
Hmmmm... For somebody as paranoid as I am, you'd think I'd be more careful with my identity...
I'm not an idiot. I don't use the address book. I do use PGP. I remove myself from any and all non-spam newletters and announcements I don't want. And I don't put my e-mail in public places where spammers would look to pick it up. As far as I'm concerned if you get spammed, it's your fault.
Pure flamebait!
Certainly someone not an idiot would realize the potential that email has to enable persons previously unaquainted to communicate with one another, even if he personally never intended to participate in public discourse, offer assistance to others, or receive feedback.
But while spamming is still a problem, deal with it and don't be an idiot.
Indeed, slashdot trolling at its finest. Congratulations.
PJRC: Electronic Projects, 8051 Microcontroller Tools
Everyone trying to track down a spam-source probably allready had the same problem:
How to tell the complaining enduser to forward you the spam-email with all email headers intact? "What are email-headers?" is the number one question you hear. After two minutes explanation the next question will probably be "Where do I have to click to do that?". And another five minutes explanation later you know that you will never get that spam-email intact because you hear a phone ringing or the boss asking "Is that report ready?" in the background.
Why not adding one button to each mail-client labelled "This is SPAM"? So the user simply has to click this button, is asked a confirmation question like "Do you really want to send the messaged titled blah..blah to your anti-spam department and erase it?" and then whoosh the mail is send with all headers (as an attachment) and with the propper legal text in in "user thisandthat declared the attached email a being UCE blah..blah". And the configurable antispam-address defaults to - say - spam@users_main_email_domain where you or your script is ready to handle it.
Then depending on your policy you can check it and report it to the spammers ISP, or have an automatic script behind it, which updates your block-lists (e.g. after a number of complaints about the same sender or depending on the trustworthyness of the enduser). You could even implement scripts, which automatically delete this email (or all emails from the same source) from the POP accounts of your server and send them back to where they came from - with the propper RFC-compliant messages. Or send them to spamcop or whatever your agreed-on anti-spam policy says.
Perhaps you know a friend who is writing Email-Clients or Plugins for these beasts (or you yourself can you that).
If it's time to fight back, let's use automatic weapons!
Especially if it causes them to lose advertisers who want a cheeper way to reach people.
"Communism is like having one [local] phone company " - Lenny Bruce
faster than cpu speed, and hard drive storage, doesn't it seem that spam will get worse as the technology provides more and more bandwidth at ever lower prices? It doesn't seem that the extreamly rare individual costing the spammers some pocket change is a significant pressure against the behavior. And since the bandwidth is going to probably be less and less of an issue, doesn't it seem likely that spam will just be something we'll have to just accept? At least until law makers provide some real teeth for little guy to rend soft pink spammer flesh. Unless ISP decide to throw their weight around for their customers, with the problem getting easier for them to ignore, it's just going to end up an accepted, and shitty part of life.
It'd be interesting to see what spam cost the world in lost time, and lost network resources.
--Jimmy has fancy plans; and pants to match.
Giving a proper email address in a public forum is like posting your phone number on a billboard in times square, and then expecting nobody you don't want to call!
Posting my phone number on a billboard in times square should be like posting my email on a billboard in time square, not like posting my email on a few limited-interest mailing lists and web pages.
I don't expect that my email will be limited to those I particularly want to talk to. I do expect that it will be reasonable human beings with an interest in communicating with me. Fradulently titled commercial email that I get 7 copies of (3 email aliases and 4 mailing lists that I'm on) don't count.
I don't have an option to hide my email address, either. Besides my webpage, I'm a Debian maintainer (creating several publicly known aliases) and a contributer to several email lists with public archives.
Repost of my message from previous spam story, sorry for repetition, but I think it might help people to see it: (no karma whoring, I'm already at max :)
It's easy to stop spammers, but you need to have the ability to create an arbitrary number of email addresses. If you manage your own domain, or at least have the ability to create and destroy email addresses in your domain, you can virtually eliminate spam.
Here's my recipe. I have no worries explaining this in public, because there's nothing the spammers can do to get around it. For every Internet service you use, every mailing list you subscribe to, every online retailer you buy from, you create a unique email address (for example, my PayPal email address is "paypal@mydomain.com"). In essence, you have a different "email channel" for every source which might potentially be used to send you email. As soon as you receive a single spam on any email address, you delete it. You'll never get spam for that address again, and if you really want you can create a new one for whatever site it was used for (e.g. if you get spammed on "paypal@mydomain.com" you can create a "paypal2@mydomain.com" and change your email address with PayPal; or you can just stop using PayPal). Simple so far.
Where it gets trickier is your more "permanent" email addresses, but the problem is solvable. I have a main email address I've used for 10 years, and of course spammers have gotten a hold of that address many times over. I don't want to destroy that address, since all my friends and colleagues know it and expect it to exist. Notifying them all each time I cancelled it would become quite burdensome for all of us. To deal with this, I have created a tool which is executed by procmail that checks each incoming message to my permanent address to ensure that the sender is valid. I have a fairly small list of known valid senders which are allowed to send me email, and those go right through to my mailbox. Not only does the tool check the sender, but it optionally checks the "Received" header in the mail to ensure it's coming from the expected mail server (in case a spammer tries to pose as someone on my OK list - paranoid, true, but I like paranoia).
This solves all problems except one - how do people I don't expect to send mail to me actually reach me? My tool also has a "disallow" list of mail servers, and any mail originating from one of those servers will be tossed in the trash. Mail from an unexpected sender whose server is not in the disallow list will get a response from my procmail tool with a special subject line in it. They are instructed to reply, and my mail tool will then accept their message on a one-time basis after scanning the subject line for the secret magic key. If I like the person, I'll add them to my "allowed" list so they never have to go through the two-step process again.
What if a spammer figures out my scheme and makes a spam tool that auto-replies, you ask? For that to work, he would have had to use a real return address, which they never do. But if he did, I would then know who he was and be able to block further mail and pursue him, if desired. So far that's never happened. Even if it started to happen frequently, I have plans for an upgrade to my tool which would randomly vary the required method of reply in a way that was impossible to perform programmatically. No need for this so far.
I realize that most of this can be done with procmail alone, but there are some aspects of it that are ugly or impossible to do with just procmail. It's integrated with sendmail to a small extent, as well, which requires a separate tool as well (future extensions for other mailers should be fairly easy).
Maybe when this is all finished I'll make it publically available. Would anyone out there find it useful? (Or has it already been done, and am I wasting my time?)
A reply to one of my comments in the slashdot article about ORBZ Shuts Down has pointed to a new article which reveals the identity of the party who threatened ORBZ operator Ian Gulliver with jail.
In that new article it is mentioned that Ian's lawyer advised him against releasing a copy of the search warrant. Why? Is it copyrighted?
now we need to go OSS in diesel cars
I got unsolicited mail (post office mail) addressed to 'NanoGator Animation, Inc.'. I know where they got this info. When I registerred my domain, I sarcastially put that as the billing info. That is the only time I have ever used that name.
I've come up with ideas ad nauseum about how to fight spam, but so far the solutions either require really limiting your capabilities, or threaten to force spam to come through other ways such as Instant Messaging. Maybe we're fighting the wrong battle. What are some other approaches to fighting spam?
One approach to fighting spam would be to devalue it. Anybody know how we could do this? One idea I had was to generate a bunch of fake lists and actually sell those to would be mass-solicitors. Tainted addresses would increase suspicion of whether or not it'd be worth buying a list.
Another one would be to generate so much spam that everybody is forced to take steps against it. I realize this would initially do more harm than good, but if our mailbox did get 1400 mail mesasges a day like mentioned in a previous article, then it would make unsolicited mail far less interesting. I'm willing to switch to IM (or a private email network) for a month or two to blow it out heh.
Anybody else have ideas about how to devalue spam? If we brainstormed a few ideas, something really interesting might pop up.
"Derp de derp."
In fact, Apreche is a CS student at Rochester, and has this little website.
The very first link on the home page is News Archive, that leads to a non-existant page. The university's server generates a much-nicer-than-usual 404 error page, which includes among other info Apreche's email address, specifically "slr2777@osfmail.rit.edu" (which wouldn't have been very difficult to guess based on the user-style url for his site).
Also on each interior page is a mailto: link to "apreche@mail.rit.edu", preceeded with the text "Clik here to e-mail me".
Apreche, you really should fix that link... but when someone types http://www.rit.edu/~slr2777/somerandomename, they're gonna see your email address. At least it won't be due to a broken link on your own home page!
PJRC: Electronic Projects, 8051 Microcontroller Tools
I wonder if some of the services like SpamCop could handle something like this. For each spam that is reported, allow sending the "$25 will be owed for each subsequent spam" along with the spam report. On collecting a sufficient quantity of subsequent spam from the same company, sue on behalf of the many receipients and split the cash to cover their expenses. Even if they could not sue directly on behalf of the inviduals, it would be nice to consolidate the contact information for the companies and individuals that could be sued for the spam received.
You could always use Sneakemail - gets you a (virtually unlimited) number of e-mail adresses in the format of [random letters/digits]@sneakemail.com. See my e-mail as an example. Sneakemail is free, and the addresses all redirect into one account. You can specify filtering for each addy, and remove/replace one if the spam load gets annoying despite the filters. More info on their homepage.
(And no, I just work for them. But I do think the service rocks.)
Quality, performance, value; you get only two, and you don't always get to pick.
As far as I'm concerned if you get spammed, it's your fault.
My house is sited behind 48 inches of reinforced concrete. I have machine-gun pillboxes sited on each corner, each manned 24 hrs a dat. My house never gets burglarized. If you don't do the same and you do get burglarized, it's your fault.
Sheesh!
Need I say more?
Cheers!
It would. It could be substantial, too. And it may still be possible to find out who, though not find out the settlement terms. Since the case was filed with a small claims court, the records should exist, and should be public, unless a judge orders them sealed (and I don't know it would have been carried that far).
now we need to go OSS in diesel cars
I love your exaggerated analogies. Let's say you have a nice 4 bedroom house with jewerly and electronics in it. Now you don't lock your doors, windows, or have ay theft deterrent system whatsoever. When you go on vacation you leave the house wide open. Your jewelry isn't even in a safe place, it's in an open jewerly box on the dresser in your bedroom. If you don't have any security and you get robbed, well how could you not see it coming?
This is my last post today. I take precautions to prevent getting spammed. And it works. Beause I haven't been spammed in years. If you don't take precautions, and you invite spam, it's going to come to your party. If you leave the door open, spam is going to come in. The spammers aren't 100% to blame. Spamming and robbing are both crimes. No amount of law will stop them from happening. We might be able to put spammers in jail and take all their mail, but I would rather have a clean e-mail box and not bother with suing people.
Of course as a money making-scheme I could set up a new e-mail box, invite spam into it, then sue. In which case I would be just as evil as they are. Lock your doors when you aren't at home.
The GeekNights podcast is going strong. Listen!
I would rather have a clean e-mail box and not bother with suing people.
It's easy to have a clean mailbox. Just never bother hooking it up to an email account. But the whole point of email is that people can put something in that mailbox. If you're going to go to extreme measures to not let anyone put anything in the mailbox, why bother having it?
or display it as a non-hyperlinking image.
Intelligent Life on Earth
I do expect that it will be reasonable human beings with an interest in communicating with me. Fradulently titled commercial email that I get 7 copies of (3 email aliases and 4 mailing lists that I'm on) don't count
That's like yelling "no fair!" at a playground. You have to get over the fact that they don't play by any rules at all. Grabbing a valid email address is like finding a heads-up penny in the street to them. Even if they just watched a little old lady drop a bunch of change in a supermarket, they'll pick it up and keep it.
Intelligent Life on Earth
any more than leaving a car in a parking lot while I shop makes me at fault for it getting stolen.
yeah, but it's hard to steal a car, and it can net you a long time in prison... I think a better analogy would be leaving your wallet or just your license on the floor in the middle of the street... someone is bound to pick it up and it is your fault for leaving it there.
Don't trust a bull's horn, a doberman's tooth, a runaway horse or me.
I know. I was thinking class-action lawsuit seeking a similar judgment.
In one of the cases discussed here, the spammer got really upset about being dragged into discovery about his spamming. But many ISPs keep SMTP forwarding logs. Can you use discovery subpoenas to get *them* to produce their log files for a small claims case? That would be an interesting way to go after the spammers who are their customers, if their abuse people aren't helpful enough.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks