Slashdot Mirror
Internet Vigilante Justice, SPAM, and Copyrights
pdw writes "An interesting article about how vigilante justice on the Internet by anti-spam advocates can be just as threatening to the Internet as those proposed for copyright advocates."
← Back to Stories (view on slashdot.org)
This article demonstrates the problem we are up against getting people to secure their networks.
His mail server is an open relay, and he still doesn't realize it. Worse, he's a lawyer. These are the people that will be setting policy.
I wonder if it is even worth e-mailing to explain the situation to him.
Not only is he a lawyer, but hes a lawyer with an open relay, and he doesn't believe that spammers will 'lie' to get that server to propagate their mail!
His server was set up so poorly that all it took was a forged header saying it was from his domain to get a message through?
Sounds like he should have been blocked. Come on, at the very least do some ip checking. It sounds like his server wasn't a textbook open relay, but it was pretty close.
Well, setting your sender's address to a trivially guessed domain name (such as the reverse-mapped address of the host), you effectivly have an open relay. Guess what spammers are doing: they are using known-good addresses, and try sending spam from those addresses MX hosts in the hope that the MTA do this foolish kind of access check.
This has been discussed since at least five years, and has been a point in the many faqs and howtos on how to lock down your MTA for a long, long time.
If you really need to send mail through your MTA from arbitrary IP addresses, you need to employ authentication. Again, this is hardly a new technology, and many documents explaining how to combine SSL and authentication for SMTP exist.
How had it gained access to my mail server? Simple. It had forged the headers on its email to convince my mail server that the email it sent was from a permitted user.
One word: Authentification.
You see, my mail servers were set up to pass mail only from a domain name of which I am the only user. It blocks everything else. That's not an open relay. Unless you're a user in my domain, you can't use it.
Uh, it may not be a totally open relay in the literal sense of the word, but surely that still means it can be used to send spam, as long as the spammer figures out who to identify himself as - and if the Danes could do it, then it can't be that hard?
Any spam-block that relies entirely on the "from:" header is broken by design. What, spammers disguise their identities? Never!
He does seem remarkably clue resistant though. He *IS* running an open relay and admits it.
So what if you have to forge the FROM. It's not like spammers don't do that anyway.
This is the kind of thing you see every day in news:news.admin.net.abuse.email.
"Waah, I'm being blocked by your nasty list! I demand you stop blovking me or I'll drop piano's on all your heads! and I'm a lawyer!"
"A. no-one's blocking you, they're justing *choosing* not to accept email from known open relays (or whatever the perp feels accused of)."
"You're abusing my First Amendment Rights to 'Frea Speach'"
"Our list is based in the Gobi Desert. *Our* first amendment guarantees the right to tea with yak butter."
Also, searching for his email address to see if he had ranted on usenet, I found this: Archived Article
an Excerpt (from the above article by "R. A. Hettinga" ):
New Architect is a Microsoft/DotNet magazine. This article is
agitprop for Microsoft's identity solutions: UDDI, Passport, and Palladium.
Any reputation framework that arises in the wild would reduce the
profitability of a Microsoft solution, so they are going to badmouth it,
sue it, etc.
dave
Anyhow, IMHO this is an other blabla piece from someone who doesn't realy has an understanding of what he's doing.. Typical american sollution.. let's sue..
Nobody expects the spanish inquisition!
This guy admits his e-mail server WAS unsecure and is complaining that he got blacklisted. I understand his fustration, but I'm glad he was blacklisted.
Now what's needed is a simple to use tool to help users determine if their systems can be comprimized. Any ideas?
No, this guy *IS* an idiot. Based on what he says in his diatribe, he has his server configured to allow relay based on the sender email address. As he doesnt seem to realize he has discovered, this is NOT a secure way of configuring a server, and a server configured that way *IS AN OPEN RELAY*. Relay controls must be based on IP address, not sender email address. Other secure options include SMTP Auth and POP-before-SMTP.
His saying his server is not an open relay doesnt make it so. If some random person on the Internet can make his server send a message to some other random person on the Internet, then his server is insecure. Yes, spammers *DO* forge sender addresses in order to abuse these servers.
Spam, and the security and policies necesarry to try and get control of it, are by nature a very technical field. More and more people who are just upset that they cant mail, and thing the blacklists are responsible, and who arent willing to take the time to understand whats really going on, and starting to get off on their soapboxes like this. THEY ARE WRONG.
If you subscribe to New Architect, this guy wrote a followup article to this one after receiving a boat load of mail pointing out the he was in fact running an open relay. He admitted to being behind the times, etc, said he was sorry. He still doesn't take back the fact he's mad at the vigilantes out there. Sorry, there's no link yet, I think NA has a lag between the print and web editions.
:-)
Point being, if they can forge a header to get on your computer, a spammer can very easily do the same thing. An interesting thing on my campus is the technology department regularly scans and tries to hack into FTP sites running on campus, and sends an e-mail to the admins if they're successful. Some students got mad, but the moral of the story is, better to have someone trustworthy find your weakness rather than someone who's going to exploit it. This seems to be a new effective form of security that's emerging, since we can't depend everyone to stay up to date with the latest security issues, such as the Mr. Faussett in the article. I think vigilante is the wrong term, these blacklist ops are doing everyone a favor by helping to clean up insecure sites, which in the end saves everyone money. I propose we call them "Freelance Security Advisors" or something like that.
To play devil's advocate ... perhaps the notification from the RBL should be clearer? Instead of saying "you've been blackholed you nasty friend of spammers" if should say "you've been blackholed because your server accepts forged headers. I notice you're running XYZ server, so to fix the problem do A, B and C"
(Nb. I've never been blackholed, so I don't know what the notification really say. It could just be that this guy is illiterate)
There is no reason to allow sites from outside your LAN to relay through your mail server based just on the From line or the MAIL FROM smtp command. At the very least, it's pretty trivial to only allow mail to be sent to outside the LAN (or localhost) if it comes from inside the LAN. If you need to be able to send email through it when you're at work or away on business, for example, then set up an SSL tunnel or some sort of authentication.
A good 10-20% of all the spam I get has headers forged to look like it came from me or from mailer-daemon on my site. Allowing mail to go through based on where it claims to be coming from, rather than where it actually is coming from, is just plain stupid. Spammers lie. Their entire business model is based on a lie, so why would you assume that they'd never lie about being from your domain?
The next Cmdr Taco duplicate will be ready soon, but subscribers can beat the rush and see it early!
You want to beat on spammers using spews.org? And here I thought you linked to some quite violent imagery involving a steel pipe and some quick lime.
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
Then that's when you want SMTP AUTH or POP-before-SMTP, a pretty typical configuration on modern mail servers. Or use your dialup ISP's mail server as a smarthost--that's what it's for.
I'm sorry, but I'm really failing to see what part of this is not the spammers' fault... or yours. Certainly it wasn't the listing service "abusing the hell out of [your] pipe" or slamming your servers. And you say your admins "did fix it eventually." Was that in a day, a few weeks, a year, or what? A mere two-plus weeks to be taken off the blackhole advisory list sounds very reasonable under the circumstances.
Sounds like the blackhole service did you a favor. Certainly they limited the damage your company did to the rest of the Internet by passing along all that spam while the relay was open.
Should we recommend this guy to Bernie Shifman just in case he's still looking to sue people?
The truth is that these home-grown spam mitigation methods do have their problems.
One of them is evident in the article: well-meaning users often do not understand what might be insecure about their server configurations, or what might need to be done to fix them. I am very comfortable with sendmail configuration, and I can tell you that setting up the authorizations correctly for mobile users to be able to send email safely is a narrow, twisty labyrinth in comparison to the big, flashing exit door marked "promiscuous relay".Another problem in the home-grown nature of these solutions is the tendency for them to be personality-driven, instead of professional. Often, IP addresses (or even whole ISPs) are placed on blacklists because the blacklist maintainer does not mind creating a little collateral damage if they think it might create a little extra pressure on a spammer or an ISP.
Some blacklists have blocked out entire hosting companies, including some of the biggest ones on the net, simply because they did not think they acted with sufficient alacrity against spammers in their midsts. This kind of wild overkill is unfortunately too common, and perhaps it's a good argument in favor of for-profit blacklisting, which would probably exert some good influence on the question of list quality.
Earthlink rejects mail from any IP address that belongs to a dial-up pool that attempts to connect to their SMTP servers.
Ostensibly, this is done to reduce "direct-to-mx" spam, which is a very common spammer tactic. Unfortunately, it also makes life harder on the home linux enthusiast, or home business operator who might be running their own perfectly legitimate sendmail server. All part of the collateral damage in the spam wars: Internet access and Internet business are slowly becoming more expensive and possibly moving out of the reach of people with limited means.
So what should we do?
First, I think that current law against junk faxes should be extended to include junk emails. This would not eliminate spam, but it would give us the ability to correct the spammers who operate out in the open.
As a Libertarian, I want to jealously guard the right of the people to freedom of expression. But that right does not and cannot include the right to expropriate other people's time or money. You have a right to make your voice heard. You do not have a right to force me to pay for it.
Second, I think that we should be careful about the blacklists that we use, and prefer those operated by recognizable and accountable companies wherever possible.
Finally, I think that for the forseeable future, filtering at the user desktop will be necessary.
(Cards-on-the-table time: I am working on a new solution for end users to eliminate spam from their inboxes. It is based on a new method, and it will work for any user who uses a POP email account. It will be ready for public beta soon. Please write to me if you want to learn more.)
The struggle against spam is definitely picking up, and I think that a new equilibrium is approaching.
The flip-side of this liberty is that I have the full right to accept or deny any email I want and I have chosen to block email from open relays, so if Mom & Pop want to mail me, they'll have to make their server secure enough to meet my standards.
Btw, I'm using DSBL for my open relay and open proxy blocking...
Quoth the poster:
But you did ask the blackhole list people to check your server, yes? You do have the right to access your server in any way you see fit and to permit others the same access, correct?
If I contracted with a security testing firm to test the security of my office, I'd be severely annoyed with them if they did not try to lie their way past the office manager who watches the front door.
If they make a mistake, you and your organization are screwed until they decide to admit their mistake and correct it -- if they ever do. They have cute, pat answers to explain away any responsibility for their behavior and generally refuse to communicate with those they block. I have had a nasty experience recently with "relays.osirusoft.com" where a client of our was using them as a part of their Postfix RBL configuration. Some Nazi^H^H^H^H German nominated our mail server as a spamhaus when we were not. Without being tested, our server was blacklisted -- I checked my logs and saw no check on the date we were listed. We received no notice, no automated robot checked out server or would anyone respond to my inquiries, just accusations that I was supporting SPAM--an absolute lie. If you are listed, you have to be an evil SPAM supporter with their mentality.
It took one month of constantly e-mailing their retest e-mail address. Daily checking of my mail logs and seeing that their robot was being rejected from relaying, yet, we were not taken off the RBL. Finally, after a month, we were removed. Nothing changed in our configuration, no notice was given as to why we were removed nor why we were added outside of the nomination origin. We were just lucky that "relays.osirusoft.com" decided to do what's right but was too cowardly to admit they were wrong. Hiding behind the anonymity of the Internet with no responsibility to the people they harm. We will never know how many e-mail messages were lost because of "relays.osirusoft.com"'s mistake.
Pathetic.
Strange women lying in ponds distributing swords is no basis for a system of government.
Here is what I wrote to this guy back on July 25 when the article had just come out. I never received a response from him. Was he totally embarassed by his idiocy once it was explained to him? I guess so.
<lettertext>
I just read the article you wrote on New Architect Magazine entitled "Blind Vigilantes; Blackhole lists offer dark prospects". I feel you have missed certain points in your analysis, and as a result, you misunderstand what is going on. That's OK, because the majority of network administrators still do, too. As a lawyer you would not be expected to know this kind of stuff. You clearly know a lot more about it than the average lawyer. I'm writing in hopes of filling in the gaps. I sincerely hope you have the time to read this. It's long, but I think this is important.
First of all, I use these blackhole lists myself, so it is possible that your reply to me could bounce back. I can override it if I know the IP address of your mail server. But I won't know it until there is a server log telling me about it bouncing. What I'll do is get your IP address at that time, add it to the exception database, and you can repeat the reply later on. Or you can send me mail from Hotmail, which I believe is not blocked anymore.
I want to fast forward to the point in your article where I think the main misunderstanding is:
One of the methods spammers use to send their mail through a mail server configured like yours is to do exactly what you are complaining about. I see upwards of 10,000 of these a day on my servers. The spammers have these massive lists of email addresses, quite many of which are valid. What they do is look up which mail server those users would use, which is not hard because that's exactly what the whole system is designed to be able to do. Every delivered piece of email had to do that. Once they have this information, then they forge that user in their FROM line and start sending mail to the user's server. In the case of a server set up to test only the domain name in the FROM line, it works, and the spam message gets sent on its way.
That's why your mail server is considered to be an open relay, because it is possible for a spammer to use it, despite the fact that they are doing something illegal such as forging your domain name. If it lets a spammer forward mail, it's an open relay.
It is standard practice for every program (there are several available) which does the open relay tests to try dozens of different ways to fool a mail server into forwarding mail. Forging the domain name of the users of that server is one of the simpler tricks. There are some that are more complicated. These programs are simply doing exactly the same thing that a spammer would do. It's the same principle used by security test programs which test whether or not a computer can be broken into. They have to pull all the punches a hacker might try. Otherwise such programs will fail to detect a flaw and the program itself will be worthless.
I periodically run tests on all my mail servers to make sure I have not accidentally configured out the relay controls. I watch these tests take place, and they do this forgery exactly as expected.
Actually, that is not true. Read on and this will be explained.
Last year, one of my client companies, a local web hosting business, had a case of one of their customers running a spamming operation right from the server they were paying my client to use, in violation of their AUP. The customer got cut off, and my client asked me to help him clean up the mess. In so doing, I obtained a copy of not only the spamming software (a special version intended for running from web servers), but also a copy of a big list of about 1.5 million addresses.
There was something very interesting in this list. The first 1000 or so entries were email address that were familiar to me. They were OTHER SPAMMERS. That's right, other spammers have their own names in these lists. What that means is if any spammer discovers an open relay, the others find out about it fairly quickly. The "spammer network" as I might call it is very well connected. They all see the successes of the others. And much like wild animals on the African Savannah when one makes a kill, the others circle around to take their own bite out of the carcass. That's what is happening to your server.
The anti-spam group have some of their addresses on these lists, too. That's how they first find out if your mail server is an open relay. They get spam that some spammer who found it relayed through. That's how you were first put on the list.
The blackhole lists are run through a distributed database called DNS. This is the same thing that allows looking up a domain name to get the numeric IP address which the routers use to send packets to the correct destination. But the point about it is that DNS works as a general distributed database, and unless someone runs the DNS server wrongly, there is no mechanism to get a list of these addresses. All that can be done is to pick and address and do a lookup. Unlike a regular database, there is no means to do a query lookup like "give me all the IP addresses which are open relays".
In reality, there are sometimes some breakdowns in that security and the blocked addresses can get out. I've acquired one such list myself. But for the most part, spammers do one of two things. They scan the net at high speeds looking for open relays, and they scan through their mailbox which is on the lists to check for good pickings in recent spam they received.
They have a legal defense. You actually gave them permission to do the scan. Although you did not know the scan involved the address forgery, their defense is that the practice is the only way to test to see if a mail server is an open relay (that is, if it could be used by a spammer who would forge the address). As mentioned above, this and many other tests like it are standard practice in security testing (and testing for an open relay is simply one form of security test).
This is why when an open relay listing is in the database they will not remove it by periodically testing on their own accord. That would truly be illegal. They require you to consent to the test before they will do it. And again, the standard for these tests is to do exactly every know trick a spammer would try.
It is not their test that put you in the list in the first place. It was the fact that they received a copy of spam that some spammer relayed through your server first. It is that spammer that trespassed on your server and caused you the real harm.
Those who compile the database are just the messengers. But your real problem is that these guys are just the little fish. The big ones are even harder to reach. They are rumored to be in Bulgaria, an Eastern Europe country formerly behind the infamous Iron Curtain.
And there is the risk that they would win if they were present to defend their practice. They would certainly bring up the point that the original listing was due to a spammer discovering your open relay, and that they received permission from you to test their server.
The choice to use the information from blacklists to reject delivery of email in a mail server is something the owner of the mail server would do. This becomes a private property issue. I have the right to refuse any mail into my mail server I wish (except on the basis of the few parameters law now prohibits, like gender, race, religion, etc). I have the right to get my list of IP addresses to block from anywhere I like. If Joe down the street tells me he blocked email using his private little list of IP addresses and it cut out 90% of his spam, then of course I'd like for him to share it with me.
Could there be an issue of libel here? Sure, there could. But it's a clear line between saying "You are a spammer" and saying "Your mail server allowed a spammer (who uses forgery) to send spam to me, and when you gave me permission to test it, I found that by mimicking just what the spammer would do, it was still allowing it."
I do worry that the techniques used to reduce and prevent spam could be put to less noble uses. I also worry that facilities that exist on the internet to allow anonymous communications (which some people sometimes need to have) are abused by spammers (there are techniques to reduce that abuse) and in turn blocked by anti-spammers.
Personally, I don't consider the anti-spam movement to be less noble than peer-to-peer file sharing. The vast majority of what is shared on those networks is copyrighted material being shared well beyond the rights of the copyright owners. While I'm not advocating that those file sharing programs be outlawed, or the networks they use be shutdown, I do consider it to be less noble a thing that the effors of the anti-spam community to help keep mailboxes cleaner.
It depends on who is doing the breaking. If I break connectivity in my own server, even if I use information from someone else that I choose to use, who offers that information to me freely (I didn't illegally copy it), then what law have I broken? What tort have I committed? Who have I harmed? If it involves my customers in a service I provide to them, then it's a matter of the business relationship between me and that customer. In practice, my customers want the spam blocking since it proves to be very effective against spam.
As to your mail server. It is an open relay, and it needs to be closed.
If a thief enters a building by opening an unlocked door, it is breaking and entering. Merely opening the closed door was breaking, as opposed to the door being wide open. It does not matter if there was a lock on the door or not. It does not matter if the lock was left unlocked. It is still breaking.
Your mail server has a closed door, but it has no lock. You are making the assumption that spammers won't do the "breaking in" thing with address forgery. But they do. What you need is the equivalent of a lock on your mail server. Instead of just checking the FROM line to see if it has your domain name on it, it needs to check something that a spammer simply cannot forge at all. Usually this is an IP address. If you want to be able to use your mail server from other locations, then the IP address is not good enough. There is another method that is used which requires you to log in to READ your mail first. The way that works is when the mail reading login is done, the server notes what the IP address is from which the successful login came, and puts that IP address in a list which is valid for sending mail for some period of time, say maybe 30 minutes to an hour. Thousands of people use this technique successfully. It's typically called "SMTP after POP" (in reference to the POP protocol used to read mail in most cases).
The following has a number of useful links to help in testing and closing an open relay:
</lettertext>
now we need to go OSS in diesel cars
People like this can't be educated. He has taken a stand and refuses to believe that his mail server is an open relay even when presented with irrefutable evidence. He KNOWS that his mail server accepts forged mail. The problem is VERY clear to all the parties involved.
This lawyer is both stupid and stubborn which IMHO is the worst kind of lawyer.
As an FYI, most rejections refer you to web pages on the RBL which explain things. None of the web pages I have EVER seen has said anything about "you nasty friend of spammers". Instead, they generally inform you that you are running an open proxy or relay and point you to information on how to fix it, however they rely on YOU (or your administrator) to know what mail server you are running. The web page has NO way of knowing which mail server you are running based on your browser / browsers IP address. Note that SOME rejection messages can refer you to a CGI script that looks up the offending mail server info, but not all MTAs support the ability to customize error messages in the fashion needed for this functionality.
Your concern about failing to circulate blacklist removals is misplaced with regard to DNS based blacklists. The data expires in a finite amount of time from the cache, and removal processes are working pretty damned good. I've watched a number of notices posted on news.admin.net-abuse.email asking to be removed from the SPEWS list, and I check out whether they have fixed the problem or not. In most cases I find that the data had already been removed from SPEWS by the time I checked that (so now I check SPEWS first before checking to see if the problem is fixed).
Private blacklists are a problem because there's virtually no way to track them all down and get removed from everywhere (once you fix the problem). That's why we need central DNS based blacklists. But what we also need is to shield these central lists from stupid lawsuits from people who refuse to fix their problems or simply don't have a clue. Those who even so much as threaten to sue the list operators instantly get their IP addresses and domain names put in thousands of private blacklists where no one even looks to see if anything is ever fixed. And when they end up shutting down the central lists, they make things worse due to all the private lists. That's the primary reason SPEWS is so secret. Sure, it comes across to people who didn't know about it as a "Star Chamber" thing. And I didn't use it for several months until I verified it actually works to list what needs to be listed, and removes things when fixed.
now we need to go OSS in diesel cars
If it's not closed, it's open. Virtually all spammers forge headers - this is a VERY WELL KNOWN fact. What he SHOULD be doing is securing his mail server against unauthorized relaying. Restricting a mail server to only relay from email addresses from your domain is NOT enough. It needs to be based on IP address, SMTP Auth, or other mechanism that truely restricts unauthorized use. Information is widely available on the net on how to secure your server, so I'm not going to repeat it here, but you can check out http://spam.abuse.net/adminhelp/ for some info.
Most Mom & Pop's don't run thier own mail servers. If you don't have the knowledge to secure your mail server then you shouldn't be running one. You should use your ISP's. If you don't know how to drive a car, you probably shouldn't drive until you get some education. Take a cab or bus instead. It's the same thing.
Some students got mad, but the moral of the story is, better to have someone trustworthy find your weakness rather than someone who's going to exploit it.
Sometime in the next week or so, I am going to stop by your home and probe for any security problems that a burglar might exploit.
You sir, are of subhuman intelligence.
There is a distinct difference between a University testing the security of systems directly connected to its own network and jackasses like yourself equating it to random strangers "testing" a systems security.
To clarify in terms of the flawed analogy you provide, no one should have trouble with their landlord testing their home's security, as the landlord is the one who is responsible, and who fixes it when it is broken. That is not the same as inviting any random stranger off the street to do likewise.
The Future of Human Evolution: Autonomy
However, the reason to not do this is that it's insecure. A large percentage of the spam I receive claims to be from the domain that it's being sent to, so his system would happily relay it.
The second reason should trump the first reason, but obviously if you're a clue resistant lawyer with a chip on your shoulder, it doesn't.
For those who appreciate irony, consider this --
He's basically written this big diatribe, which to spammers says `hey! you can relay through my mail server!' ... so a spammer finds it, and forges their spam to allow it to go through it, and uses it to spam the world. Then somebody gets flooded with these spams, and sues our friend Bret. They can even use his article as evidence that his mail server was open and he knew it, but that he refuses to secure it.
If the list operator who tested your mail server did not test it by using the proper practices, which includes doing everything that spammers are known to be doing, or known to be capable of doing, then it would be the list operator who had failed to properly and correctly test your server. If it had been marked as closed, because of that, when in fact it was still open, then it would be the list operator who would have been negligent.
Security practices, and spam prevention is a form of security practice, do include performing tests that mimic what the security prevention is supposed to prevent. Your mail server is supposed to prevent relaying of forged addresses. So you have to do forged addresses to test that facility.
The only thing the list operators did wrong that I can see is they failed to get your signature in writing on a piece of paper that explained it to you. Had they done so, that piece of paper would have stated that they would be performing a test that adheres to current best practices in security testing, and that test would include every form of forgery and trickery known.
The ends not only do justify the means, they are also absolutely required!
Also, some mail server software is defective in ways that certain types of attempts, which spammers might try, and therefore have to be tested in a thorough test, could cause that defective software to fail, and may result in damage to your mail server. If that happens, your remedy should be with the maker of the defective software, unless the defects were documented and avoidable by proper configuration.
And if you want to have a private dialog about this, I am willing to explain it in more detail if you need that. I am not a lawyer, so I can't give it to you in purely legal terms, but I can certainly give you some real life analogies. You can find my email address a number of ways, such as the domain registration of one of my web sites.
now we need to go OSS in diesel cars
telnet naam.pair.com 25
.
Trying 209.68.1.237...
Connected to naam.pair.com (209.68.1.237).
Escape character is '^]'.
220 naam.pair.com ESMTP
HELO test.lextext.com
250 naam.pair.com
mail from: randomuser@test.lextext.com
250 ok
rcpt to: bret@lextext.com
250 ok
DATA
354 go ahead
Hello Mr. Fausett,
your mail server is wide open. please fix it.
250 ok
quit
221 naam.pair.com
Connection closed by foreign host.
So it seems the article published in New Architect is wrong. It is defamatory and it is claiming that the guy is innocent while he's guilty as sin.
I guess that's what passes for lawyers nowadays...
Please DO NOT flood the poor guy with email. He's enough trouble already: He's a lawyer, he's been caught pants down after claiming he wore belts and suspenders, he's a lawyer, he's been blacklisted, and he's a lawyer.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/