Spam King Lives Large off Others' E-Mail Troubles

An anonymous reader writes "Those who are fighting spam will tell you that one of the most notorious spammers out there is Alan Ralsky. Well, the Detroit Free Press has a very interesting article on him. This guy is about as unrepentant as they come, and he's saying he wants to branch out into delivering pop-up spam via the Windows Messanging service present on most Windows boxes. If you sysadmins out there have been wavering about whether to block spam-friendly networks, read this article, then go to The Spamhaus Project and SPEWS and start getting IP ranges to block." Update: 11/25 12:35 GMT by H : Yep, it's a dupe. Nope, I haven't had my coffee yet.

Dupe

[Koyaanisqatsi]

Read the original version if you want

Alan Ralsky?

[meringuoid]

This Alan Ralsky?

http://slashdot.org/article.pl?sid=02/11/22/1658 25 6&tid=111

As described here, quite recently?

http://www.freep.com/money/tech/mwend22_20021122 .h tm

Furrfu... So, what's new? Now we know it's SMB popups for sure, then? What were those two Romanians doing telling him that would get through people's firewalls?

Re:Alan Ralsky?

[gmack]

Must be the same guys who sold him that "uncrackable encryption" for hiding links he one thought would keep my former employer's buisness free of spam complaints.

You would think he would have learned by now.

Re:Alan Ralsky?

[nzhavok]

So the Romanians lied to him, isn't this a good thing?

Dear Mr Ransky
!!!!DO NOT DELETE THIS!!!
!!!!THIS IS NOT SPAM!!!!!
Please read on to find out the latest trends in internet advertising, make $5000 per week just by sitting at your computer. Thanks to the world wide web and microsofts security become a millionaire in weeks!!! New advertising techniques developed by a crack team of romainian programmers allow direct-market-content-delivery-infrastructure-syst ems to be deployed on your PC. Market to millions realtime...


lalala, at least I hope it went something like that :-/

Re:Alan Ralsky?

[reaper20]

Pretty sure this is him.

Re: Spam King Lives Large off Others' E-Mail Troub

[Dunark]

This guy Ralsky sends a billion spams a day, which has got to be costing the unwilling recipients a huge amount of money in wasted resources and time, but the FBI is busy busting a few people who uncap their cable modems in Toledo Ohio.

Yay...

[Omkar]

C'mon, I know this guy deserves to be hung, drawn, and quartered, but let's not repeat the exact same link.

Windows Messaging Service Spam

[Moe+Yerca]

Let me tell you, this crap is uber annoying. It's enough to make me want to shut down the Messaging service, or at least get off my rear end and set up a firewall. Hell, ZoneAlarm should be able to block out the WinPopUp spam, but there will always be schmoes like me too lazy to protect their home networks for these guys to annoy...

Oh well, time to go to work.

Re:Windows Messaging Service Spam

[0x0d0a]

It's enough to make me want to shut down the Messaging service

So why the don't you? Second thing (first thing is downloading PuTTY) I do when getting on a Windows box is shut off the Server and Messaging services.

Re:Open In Case Of Slashdot Effect...

[dattaway]

Nice house. I'd like to throw him a housewarming party.

What's that address again?

[imag0]

Ralsky agreed to this interview and the tour of his operation only if I promised not to print the address of his new home, which I found in Oakland County real estate records.

Hehe. Looks like someone is going to get some hatemail. Nice of Mike Wendland to slip that in there like that.

Re:What's that address again?

[Chilles]

If someone from that area where to find and post his adress I'd sure take some time to fill in a few "free catalog" requests. Several tons of snail mail spam every day might just annoy him as much as his spam annoys me.

Re:What's that address again?

[Speare]

1. Visit the Oakland County real estate records.
2. ...
3. Profit!!

Oh, wrong joke. Can the guys who are collecting a few tons of AOL CDs please drop them off at THAT house, not back to Virginia? Thank you.

Less Investment = More Profit

[e8johan]

The response rate is the key to the whole operation, said Ralsky. These days, it's about one-quarter of 1 percent.

"But you figure it out," said Ralsky. "When you're sending out 250 million e-mails, even a blind squirrel will find a nut."

Has he never figured out that if he spewed out less shit to people not wanting it, he would have to spend less dollars on hardware, bandwidth and personal security.

Also, it looks like he is trying to hide (stealth spam, etc.). Why does he do that as he is claiming that his business is legitimate. Why not admit that he is a shit-bag, sending loads of e-mails nobody wants, eating bandwidth from research and serious commercial sites.

Re:Less Investment = More Profit

[Rinikusu]

Have you not figured out that the millions that he makes makes all that irrelevant? No, really. Hardware is dirt cheap (see beowulf clusters under $1k/node) these days, he's already paying for bandwidth (might as well keep the pipe flooded, unlimited access is great, no?), no one is actually taking shots at him through his windows (yet), hurling bombs through his garage or anything like that. Getting an unlisted number is relatively cheap, and the $50 or so he spends on a new cell phone is PEANUTS to what he really makes (seriously, if you're making $6-10k/WEEK net, does $50 every few months really make a difference on your bottom line?).

Oo

[Konster]

Mmm. SPAMNet, I love you. I get 1-2 SPAM e-mails a day, down from 20 or 30. Windows Messaging Service has been turned off by me minutes after installing XP, thank you. He'll do this, it'll be a pain for a week, then Steve Gibson at GRC.com will slap some binary together that will turn off WMS for those people that don't know how. It'll then show up all over the web and people careful about their computing environment won't be bothered by this SPAM shit. There should be laws against this!

Are we really afraid of Windows Messenging?

[brinko99]

Regardless of what Mr. Ralsky says, I don't feel that this new breed of Spam will ever come close to the problem e-mail Spam has. It seems to me that this type of spamming is just too easy to block. If this starts to become widespread, ISP's will likely ban any offending account. Any halfway secure corporate intranet should already prevent Windows messages to be passed in from the outside.

Ultimately, it's a lot harder to hide the identity of the sender here. There's no spoofed headers to fool people. Furthermore, most of the public doesn't _need_ Windows Messenging but they do need e-mail.

-- Brinko

Re:Are we really afraid of Windows Messenging?

[sql*kitten]

Any halfway secure corporate intranet should already prevent Windows messages to be passed in from the outside.

For those that don't know, the way to configure a firewall is to first block everything then selectively open only the ports that you need inbound. You can run a fully functional network with no inbound ports open at all, for example if you retrieve mail from your ISP you are initiating the connection. If network administrators are even only half competent, Windows Messaging will therfore be blocked by default.

This guy looks set to go

[FeatureBug]

So if Blocking Popup Ads is Theft, anyone wanna bet he has a good business model?

Re:This guy looks set to go

[rmohr02]

By that logic, blocking spam is also theft.

Re:This guy looks set to go

[Erasmus+Darwin]

You're comparing apples and oranges here. In one case, we're talking about pop-up ads tied to (otherwise free) content being provided on the web that the user is actively seeking out. On the other hand, we're talking about a spammer invading your computer, exclusively for the purpose of sending you unwanted ads.

Furthermore, in the case of "blocking pop-up ads being theft", it was a technological solution rather than a legal one. All it was was website content producers only providing content to users who don't block pop-ups. That're you're trying to draw some connection between the two scenarios is just absurd.

Re:This guy looks set to go

[jellomizer]

Well spam is really is theft. Compared to other forms of advertising.

Banner and even Popup adds: Although they use extra bandwith they help defer the cost of opertating a web site, thus keeping the content free for the site.

TV and Radio Adds: Help defer the cost of your TV shows that you watch.

Junk Snail Mail: Keeps the USPS running and keeping stamp prices low. With out Junk mail Stamps could be well over a doller for a a letter.

Some Bill Boards: Depending on their location. If they are located on City Busses and Shelters they help defer the cost of public transportation. But I dont like them just standing in on the road side distracting drivers.

All these other forms of advertising help the echonomy in the large. By causing movement of money to different indrustries. Spam Mail generally pays no one to send out the junk mail it looses productivty of its readers. So the only people really making money with SPAM are the Spammers, and they are not helping the echonomy they are just sucking up the money that could go toward better things.

Re:This guy looks set to go

[rmohr02]

Well, when you sign up for a service that claims they "may" sell user information, it would be a simple matter to add said clause to the TOS.

Popping up messages on your screen? How?

[Viol8]

The bit about the 2 romanian programmers writing something that will pop up messages on your screen. How will that work exactly? Is he being taken for a ride (we can only hope) or are these romanians going to exploit a bug in Windows (unix is safe unless someone is dumb enough to allow all hosts access to their X server) in which case it will be a crime and this f*ckwit can be busted for hacking?

Re:Popping up messages on your screen? How?

[Jucius+Maximus]

" The bit about the 2 romanian programmers writing something that will pop up messages on your screen. How will that work exactly?"

This is real and it does not exploit a windows 'bug' so to speak. There is a messaging service built into win2k/xp that is automatically enabled that can be used by network admins to send messages to clients. Unfortunately it will receive messages from any sender, not just a designated admin, and display them on the screen.

There was a previous article about this on /. describing it and how to turn it off.

OK, time to dig up...

[Ari+Rahikkala]

All the +5 funny responses about digging up +5 insightful and +5 informative responses that have already been posted on repeat stories!

Surely this is the guy...

[clickety6]

... we should be sending all our AOL CDs to ?

false logic?

[deathcloset]

I think people who copy the interview and then re-post it on slashdot as the first reply are great!
That said, From that response, Ralsky can monitor the effectiveness of his pitch and the subject line on the e-mail to make sure he's getting maximum return. Does this mean we should start opening e-mails that we are certain not to buy the product of?

Countermeasures

[osolemirnix]

Yeah but can't we do something about it? AFAIK, in contrast to email that comes in via someone elses open relay, a windows messaging request is a direct connection, so it's possible to get the senders IP adress.
Instead of firewalling the port, hack a small script that listens on the port and launches a "countermeasures" against the source IP adress.

Would some kind Windows hacker please program this?!
Yes I am aware that there may be legal implications, I'm just thinking about the tech here. That's why I'm saying countermeasures and not counterattacks, e.g. some kind of teergrube

Re:Countermeasures

[clone304]

How about a program that turns around and spams the hell out of them with Pop-ups? Surely they couldn't sue you for exercising your 1st amendment right to advertise to them. I'm sure what's his name needs some herbal viagra, or maybe he'd like to help the Nigerians with a little financial snafu.

Re:Countermeasures

[Skiboo]

You've got to understand that the computers that are sending this crap are generally just some poor schmoe that got trojanned, not the actual culprit. (Sure, you may be doing everyone a favour by blasting them off the net, but you're hurting innocent people).

Re:Countermeasures

[osolemirnix]

In that case it would be a cool hack to send the trojanned machine a windows message saying "Your machine got hacked and trojanned! Secure it!" and then sending it some kind of ping-of-death so it freezes in exactly such a way that the above windows message can be seen but nothing works anymore (but no BSOD, since we want the user to see the message).

That would really drive the point home with the machines user to fix his system (and it would keep the machine from spewing more spam).

And I would not consider that hurting since neither the user nor his machine would take any permanent damage.

Slashdotting spamvertized sites may help...

[DocSnyder]

In Germany we have a BIG problem with porn dialer spam. Most of these spammers use accounts on the Canadian freeweb hoster "netmails.com", who refuses to kick spamvertized sites even on several spam incidents which have been spamvertizing the same accounts for weeks. We suspect "pink contracts" between the spammers and Netmails as well as between Netmails.com and its uplink AT&T Canada to keep these accounts and the spamhaus Netmails.com online.

Lots of the spam recipients are just fed up, and after each spam run thousands of annoyed people slashdot spamvertized accounts on Netmails.com until it blows the whistle. With the effect that "paying customers" look for a new hoster with better performance and will no longer supply Netmails.com with money. Hosting costs (traffic) on Netmails.com's side are growing, income is shrinking - so finally Netmails.com will have to change their spamfriendly business model or go down.

If spammers and spamfriendly hosters will make the experience of each spam wave resulting in an enormous amount of network traffic and server load, they will have to think twice whether their infrastructure withstands the next spam run...

Re:Slashdotting spamvertized sites may help...

[odaiwai]

> What "definate proof" exactly is AT&T looking for?

Thay're waiting for his check to bounce and then they may shut him down. Otherwise, they're a spam friendly provider.

dave

nonsense

[g4dget]

You get spam mail be ordinary mail too and you pay for the delivery too (your tax money makes the USPS go!). So why don't you complain about it, too?

The USPS has not received tax money for operating expenses since 1982 (see here). Furthermore, people who send real-world junk-mail pay for the postage and the mailing. It's probably one of the bigger money makers for the USPS. If they didn't, it would have been stopped long ago.

E-mail spam is theft of service, pure and simple: the people sending the spam aren't paying the full cost.

I hate government intervention in the markets and involving the FBI should be an absolute nightmare to anyone with even a bit of libertarian in his heart.

So, libertarians now endorse theft because stopping it would restrict the liberty of the thief? I guess that sums up the internal contradictions of libertarianism as well as anything.

Re:nonsense

[iangoldby]

Better still, put the original mailing unopened back in the post, marked 'Return to sender', to get yourself taken off the mailing list.

I do this to all mail sent to me that I can identify as junk without opening it, and as a consequence I don't get more than one or two junk mails a week now, down from two or three a day a few years ago.

Re:nonsense

[jemoody]

Marking it 'return to sender' just gets it thrown in the garbage by the post office. Anything sent third class (bulk) mail doesn't get returned.

Re:nonsense

[iangoldby]

Just found this on http://www.recycle.mcmail.com/mail.htm:

Businesses or individuals determined to receive no more unwanted magazines or literature should write a letter to the sender, in a pre-paid envelope if provided, saying that they do not want more copies, quoting the code number on the mailing address label. Note that items marked 'return to sender' are likely to be diverted to landfill by the Post Office (Consignia).

I guess that means that sometimes the Royal Mail will return undelivered junk mail. But for a US perspective, see here and here.

Re:nonsense

[g4dget]

Inherent in any reasonable strain of libertariansism is the notion that "your freedom to swing your fists ends at my nose" - no contradictions there.

Well, my point is that for the libertarian I was responding to, libertarian principles do seem to be a justification for theft.

Re:nonsense

[g4dget]

Not really. Paper is a valuable raw material--its disposal pays for itself.

Granted, paper junk mail is still a nuisance, but because the paper spammer pays most of the costs, it is self-limiting.

spamhouse/spews

[Random+Walk]

As much as I dislike spam (2/3 of my daily mail
is spam), I dislike spamhouse/spews as well. Their
idea of blocking complete netblocks is IMHO
an utter failure - the damage is done to many small
websites that are on the netblock perchance.

The 'bad guys' are too high up to care if one of their
C-class netblocks has some problem. After all,
it is the webhosting companies on that netblock
who will loose customers, not the network operators.

Re:spamhouse/spews

[Dimensio]

Leave level3. Tell your provider to tell Level3 that they are not providing the service promised, as their spam-friendliness creates real and measurable negative impact on their customer base. Take them to court if necessary.

Level3 has a crime-tolerance problem. That isn't the fault of SPEWS and it isn't the fault of people who use SPEWS to filter.

screw world hunger ...

[taxman_10m]

... let's fight spam instead!

Re:Q: Hidden Code in Spam?

[terrencefw]

Err, what exactly does this mean, can anyone tell me? I really, really doubt that opening a mail in, say, pine will send back any message without action on my part.

So, is this something which triggers MS Outlook? Or is this just some BS that spammer told the poor journalist?

It's just an image link in HTML formatted email to trigger an HTTP get request, eg: http://someserver/image.pl?spamee_id=HKJHS89872

James

patched

[NineNine]

The Messenger Service hole was patched by MS weeks ago. Anyone running automatic updates, or anyone who does it reasonably often won't have this problem.

American Dream......

[siasl]

Yep, you got to love it. In America only two things are considered when in business. 1. Can it make money?....Duh. 2. Is it legal? The question never gets asked. Is it the right thing to do....? We have become a totally amoral society.

Re:American Dream......

[Nintendork]

We should do something about this now. The United States of America is the only country that revolves around currency and it's time for a change.

I declare myself ruler of the USA. My first change will be to run this country according to my religion, Nintendorkism. All business decisions will have to be approved by my ethics office. It doesn't matter if the general public would buy into something manufactured through shady, but legal means. I'll stop it before it gets on the market. There shall be no money. Everybody will be financially equal, thereby removing the need for innovation. It's about time we had another dark age!

Unethical business practice isn't just in the USA. It happens in every human society and hierarchy. Even the Catholic church screws up and hides crimes. Get used to it and quit ripping on the USA (Probably your own country, asshole). If you want to get a company to play nice, raise awareness about their poor business practices and convince the consumers to take their money elsewhere.

Re:American Dream......

[yog]

>>>"We have become a totally amoral society."

Since when has business been a "moral" activity? That's for the society as a whole to undertake. If the society as a whole develops rules of behavior which are imparted to children in school and adults in houses of worship or other community meeting places, business will tend to be more moral simply because people will tend to have more morality. Unfortunately there will always be a few immoral people who take full advantage of the system (e.g. our friend the spam king), but that's the price of a free society. With a generally moral populace, the immoral minority would be more or less controlled. For example, the spam king outrages others' sense of justice and causes them to take various kinds of action against him.

The questions you should be asking is, how can we improve our school systems to impart moral education to our children?

Re:Could someone please confirm...

[BJH]

Wrong one. That's his former address, apparently - it currently belongs to someone else.

The one you're after is:
Buyer: ALAN M RALSKY
Buyer Mailing Address:
6747 MINNOW POND DR, WEST BLOOMFIELD, MI 48322
Seller: BING CONSTRUCTION CO
Property Address: 6747 MINNOW POND DR, WEST BLOOMFIELD, MI 48322
Sale Date: 8/28/2002
Recorded Date: 9/12/2002
Sale Price: $ 740,000 (Full Amount)

And a picture of the location is available at:

http://terraserver.homeadvisor.msn.com/addressim ag e.aspx?t=1&s=10&lon=-83.4306683068011&lat=42.53497 71549766&alon=-83.43067008&alat=42.53497312&w=1&re f=A%7c6747+Minnow+Pond+Dr%2c+West+Bloomfield%2c+MI +48322

Re:I'm buying a can or two of spam

[JaredOfEuropa]

In his own words... "When you're sending out 250 million e-mails, even a blind squirrel will find a nut."

Damn straight... Send out 250 million e-mails, and chances are that you'll hit someone who will take it further than moaning about it on Slashdot.

No wonder this guy is hiding. He realises that with such incredibly large bulk mailings, your response, however small a fraction of the total, will not be zero. That includes responses of the violent kind.

Re:no sex?

[Halo1]

Not only that, it's simply not true. Look at this, more zoo and "incest porn" (whatever that is) from Ralsky than you can shake a stick at.

Re: Spam King Lives Large off Others' E-Mail Troub

[Steve+B]

I hate government intervention in the markets and involving the FBI should be an absolute nightmare to anyone with even a bit of libertarian in his heart.

Nonsense. It is the FBI's job to arrest thieves when they fall under federal rather than the usual state jurisdiction. The only civil liberties issue is that the investigation and arrest must be made in a manner consistent with the rights of the accused (and anyone else who might be involved).

Re:Could someone please confirm...

[jht]

That's handy. Not that I'd advocating it, of course, but wouldn't that be a ideal fake address to use if you had to use one registering for a pr0n site?

Just a thought...

address

[sacevoy]

found this at http://www.spamblocked.com/

6747 Minnow Pond Dr, West Bloomfield, MI 48322

The Mapquest search seems to bear out what Mike Wendland's column
reported since Minnow Pond Drive is very near to Halsted/Maple.

http://www.mapquest.com/maps/map.adp?mapdata=yNJ u1 Eg45fdtL0I1l7A%252bRXryNLPs0tgSXSzgCSYyXdlhnNA5GuI mU26ugsD9TleE3bAJDCkCeR1KHPRAN3eOguDm6GJlXfBQ%252f %252bytAvtEFOk1KIRMQrYhzhCb2%252fQQoDd%252bv6en1TF YgC5qnNLhyvhLoB5SGUpVu6iKfCDtashTT43qqVZrXSD8%252f RiCttILGiR53V3Ej9PwP%252b2eBXeaOfUXhC%252f2kGv9gBL BEbjZkBT5BZE1jokd0tLX47qLUho9KLPMBh4MrQoqSQSTCxhKt LbVavysiAwiD%252f0%252bB0Fw1YlrXnHnr%252bajvdQO%25 2bMJbh0QsBcTlXRdSAMEAAe4%252fdBTKr6X75XKoOdqokT1th 4hOTrPl0cjmcP4pjqlTs48gqJepStYr6ONr59CQFSw%253d&cl ick=center&mqmap.x=159&mqmap.y=88

somebody post this guys address

[hype7]

I want to go shove a whole lot of prawn shells in his letterbox and see how he likes it

-- james

Re: Spam King Lives Large off Others' E-Mail Troub

[mpe]

Granted this guy is in a shady business, but still it's perfectly legal. You get spam mail be ordinary mail too and you pay for the delivery too (your tax money makes the USPS go!). So why don't you complain about it, too?

If someone sends stuff through the post they have to pay for the paper, envelopes, printing and postage (possibly two lots of postage if they include a reply paid envelope). They have some financial incentive to only send the stuff to people who want and who can make use of the offer.
Email spammers cost the recipients money and frequently misuse other people's computers in order to send the stuff in the first place. Since there is little cost to the sender they don't much care about who the send it to. Including sending stuff to people who couldn't buy their product even if they wanted to, assuming them can even read the language used.

SPAMMERS are inconsiderate neighbours

[QuietYou]

I was living in an apartment complex while I was attending University, and I got on my neighbours last nerve a few times by playing music too loud in my apartment. A couple of times I got a visit from the local Police, kindly informing me that I was disturbing the peace. They had every right to get angry with me. I was disrupting their lives, in one way or another.

Sharing the Internet with SPAMMERS is a lot like living next door to an inconsiderate neighbour. Sure SPAM is "commercial", but just because something is commercial doesn't make it ok. Would it have been ok for me to blast commercial messages from my stereo into my neighbours apartments? I think not. And just because SPAM can be blocked if you don't want it doesn't make it ok either. My neighbours could have worn ear plugs to block out the sound, but they shouldn't have to.

I wonder how Alan Ralsky would feel if a few inconsiderate neighbours moved in next door to him.

The real problem is

[tincho_uy]

that spam actually works... If scumbags like this can make millons it's because there are enough clueless users that actually buy the shit they advertise.

If hotmail, yahoo and the likes started using a more agressive filtering default policy (bayesian filters, and the like), and most mail clients had this kind of filters on, it's almost certain that the success rate of spam would go down.

As a side note... This guy being a known spammer, and spam being illegal in the states...Why the heck doesn't somebody put him away???

just my 2x10^(-2)$

Re:Open In Case Of Slashdot Effect...

[mpe]

Nice house. I'd like to throw him a housewarming party.

How warm?

Re:The problem is

[melonman]

Exactly, and it is the end user who is paying him, so let's charge the end user who clicks on links in spams. If the response rate is 1in 400, charge them for, say, the cost of delivering 500 spams. I reckon most people would only have to pay once...

Has anyone ever received European spam?

As an Englishman with a Hotmail address, it has always annoyed me that all of the spam is advertising American companies.

Of course, all spam is annoying regardless of its source.

However, is this an American problem, or does anyone ever get any remortgaging/sex offers from Europe?

Re:Has anyone ever received European spam?

[dvdeug]

I assume all those Spanish and French emails that bogofilter trashes without reading are from Europe. One of the first spams I got was for a Russian carpet cleaning company.

USPS

[MacAndrew]

Actually, there may be a bit of a tax in the sense that first-class subsidizes bulk rate. The USPS is only quasi-independent politically (they're not an agency, nor are they private) and has been much more solicitous of the bulk mailerts "needs" when price-hike time rolls around. Or such is my impression. I don't think bulk mail is a money-loser, but possibly not as profitable as it could be. USPS would certainly hate to lose bulk mail, and they promote the heck out of it if you look at their materials, the ones they don't put out at the local P.O.

But otherwise, carry on!

Re:USPS

[MacAndrew]

FWIW, they break down every class and subclass of mail by what it costs. First-class includes unsorted, presorted by ZIP, presorted by ZIP+4, barcoded, and on and on, with a different price for each. A lot of junk mail is first-class, but discounted. The postage at each level is supposed to reflect the actual cost, so the added work of unsorted 1st class really is paid for by the stamp. The bulk discounts from there are very deep, 50% or more. A handwritten letter has got to be a money-loser, but so also must 3,000 pounds of presorted barcoded computer-misrouted bulk mail.

Then there's the true junk, unreturnable 3rd class bulk mail parakeet cage liner. Very very cheap, and heavily marketed by the USPS.

There is actually a federal statute forbidding the USPS from subsidizing one type of mail with another, because of private industry fears that the USPS would use its monopoly power over letters to subsidize unprofitable ventures into package delivery, overnight, etc. I'm not sure how this works when USPS has a monopoly over both kinds of service, as it does for first through third class junk, er, bulk.

As to who says who subsidizes whom, my quick Google (try "'bulk mail' subsidize") found almost everyone believing bulk got the break; only the bulk people said 1st class wasn't pulling its weight. I didn't feel like figuring out who's right -- perhaps neither side is right -- but I feel very suspicious of a situation where half the mail is first class by a variety of users, the other half used by direct mailers with a very organized lobby.

There are more subtle ways to discriminate than price, too, like support services the USPS provides bulk mailer, and decisions such as whether to cut Saturday service. Perhaps most importantly, I have to be skeptical of the USPS's desire to address people's concern with junk when it provides over half of their revenue and growing as email makes its inroads. That might be worst discrimination of all, as government institution supposedly dedicated to its citizens might choose self-preservation over reducing litter, downsizing, and increasing unemployment.

This all sounds kind of tedious, OK it is, but this is ALSO a multibillion-dollar public corporation! At some point in the next 10-20 years I imagine this will come to a head. If you find the "perfect study" of this online, let me know. The Cato study I linked elsewhere here is saturated with libertarian politics, which could be a good thing but makes me question their objectivity given their overt agenda to eviscerate the PO.

Re:Smart bomb anyone?

[wolf-]

What???? Thats NOT the Chinese Embassy???

Yes, it's a dupe

[tmark]

What I don't understand is, there's a small # of /. editors, posting a small # of stories in any given 3- or 4-day span. How is it possible that so many stories get reposted ? In other words, how is it possible that editors are so frequently unaware of what gets posted ?

Windows Messaging Service....

[kevlar]

When I am dialed up to XO Communications, I receive 1-2 pop-ups a day via Windows Messaging Service. The solution is to turn it off, since its fairly useless anyways.

Re: Spam King Lives Large off Others' E-Mail Troub

[Christopher_G_Lewis]

Very simple. One act is against federal law, the other act is not.

It's a Good Thing(tm) when the FBI/Police are allowed to only enforce laws that exist.

What we have to do is change the laws. Write (spam :-) your congress person. Call them. Do anything.

During the recent campaign/election I had the opportunity to talk with a couple of candidates. I made sure that I understood their stance on my current pet peeves (H1B, DMCA, Copyrights), and voted accordingly. I also informed them as to *why* I was voting the way I was.

Might not do anything.

Might change the world...

Is there any reason to run messenger?

[leereyno]

With all of the instant messaging tools available out there, is there any reason to run the messenger service to begin with?

This is why I really don't understand what the big deal is about the messenger spam. Just turn the damned thing off.

The same thing goes for spam from the 3rd world. I don't know anybody in China, Rangoon, Nigeria, so I see no reason to accept e-mail from these places. In fact, I would be willing to make the argument that the best way to prevent spam is to ONLY accept email from networks owned by companies that strictly forbid spam. If everyone were to do this, the market for spam hosted on legitimate servers would essentially dry up. That doesn't solve the problem of crackers breaking into systems and setting up spam-relays, but then that problem will only be solved by the owners of the boxes being competent and taking responsibility for securing and updating their systems. If people were keeping an eye on security holes and being vigilant about closing them off, most of the cracker activity online would cease to exist. Lets just see some "1337 d00d" try and break into a system that has been locked down properly and kept up-to-date.

Lee

Re:Is there any reason to run messenger?

[jdreed1024]

With all of the instant messaging tools available out there, is there any reason to run the messenger service to begin with?

Uh, that's not what Windows Messenger Service is.

It's a service that allows windows computers to talk to each other. It's primarily for messages like "Load new tape" or "UPS on Battery Power" or "File Server going down" that are sent by automated services/daemons on other windows machines. However, MS included the functionality for a person to send messages by hand, for example, a sysadmin can send "Printer outage this afternoon" to the entire domain. It wasn't designed with spammers in mind. It's been around since NT 4.0 at least....

Yet another reason why we need a "-2, Just Plain Wrong" moderation.

Someone needs to step up to the plate

[defile]

OK, clearly people need to start dying over this if we want spam to stop. One of you in the audience has to be an ex-marine with a stockpile of guns. Everyone knows that murderers are only caught if they want to be caught. Pick the top 3 spammers and go out and kill them.

In a trust-metric based world, spammers would be considered so disgusting that you would actually gain karma by killing them.

Lets see how quickly new spammers take their place when spamming runs the risk of having someone explode your head over it.

That or write "MAKE MONEY FAST" on a cinder block and drop it in his mailbox.

Re:Q: Hidden Code in Spam?

[Darren+Winsper]

I do love Evolution, which defaults to not showing images...

Open relays on Windows Messaging service?

[phorm]

One of the ways SPAM manages to propogate so readily is the fact that it is often bounced off systems with open relays. This is done unknown to many of the remote sysadmins, who either don't know or don't really care about their open relays. "I've gone overseas," he said. "I now send most of my mail from other countries. And that's a shame. I pay a fortune to providers to do this... This article does indicate that there are a certain amount of foreign ISP's willing to allow the spamcrap through though, some in Canada no less (which means me, as a Canadian, very unhappy).

Is there an equivilent "open relay" for Windows Messaging Service? If not, addresses could probably be much easier to block via IP, as they would have to be broadcast by "willing" recipients (or those trojan infected, etc). As above, I suppose some scummy ISPS would be willing to host the infectious service, but hopefully they wouldn't be as hard to blacklist as the fluxuous number of open relays?

"Stealth spam" = trojan

[phorm]

Does this go on the client machine? This the only way I could think of that this would work. In such case, sounds like a trojan to me, and I'm fairly sure the Kazaa people already figured this one out...

Ralsky, meanwhile, is looking at new technology. Recently he's been talking to two computer programmers in Romania who have developed what could be called stealth spam.

It is intricate computer software, said Ralsky, that can detect computers that are online and then be programmed to flash them a pop-up ad, much like the kind that display whenever a particular Web site is opened.

"This is even better," he said. "You don't have to be on a Web site at all. You can just have your computer on, connected to the Internet, reading e-mail or just idling and, bam, this program detects your presence and up pops the message on your screen, past firewalls, past anti-spam programs, past anything.

So which one?

[tacokill]

....and which version of "morality" do you suggest we use? Southern Babtists? Raging Liberals? Staunch Conservatives?

You see, therein lies the rub. Defining what is moral and what is not is a subjective guess -- at best.

Re: Spam King Lives Large off Others' E-Mail Troub

[SablKnight]

Write (spam :-) your congress person.

Since congresscritters tend to do things for their own benefit most of the time, maybe we could make things more personal. Grab their e-mail addresses (the public ones are probably OK, private ones better but more shady) and include them in your signature when you post to newsgroups, e-mail lists, what-have-you. Something innocent, like:

I participate in the legal system, you should too!
E-mail your representatives! Mine are:
Sen. Bribetaker: bribetaker@senate.gov.fake
Sen. Moneybags: moneybags@senate.gov.fake
Rep. B.S.Artiste: artiste@congress.gov.fake

or whatever. Then post furiously in public forums, let the address grabbers pick up on the addresses, and wait until pure annoyance causes anti-spam legislation.

-SablKnight

Re:why blame him...

[Scaba]

So rather than blame this guy for finding a nasty niche market. Why not go after the companies that are paying him. If you ever get spam from him/them/whoever, just make a note to not buy things from a company that uses such an annoying form of advertising.

I think most people already don't buy things from these companies, which is why said companies need to resort to spam - to weed out the few suckers who will buy.

OT: Your sig

[Amazing+Quantum+Man]

Will the Congress show the same headlong rush when it comes time to take the blame for what happens?

Yep, but a headlong rush away from whatever it is.

Is there a bounty on this guy's head yet?

[Rai]

I'll pitch in.

Re:no sex?

[Dimensio]

Incest? There's reports that he's been involved in child pornography.

The Chilling Realization

[duck_prime]

that spam actually works... If scumbags like this can make millons it's because there are enough clueless users that actually buy the shit they advertise.

There's been a lot of talk here lately, sneering at media companies with "outdated business models". Well guess what folks:

I think we have found out what the updated business model is. Whoops.

NANE Rules

[Martin+S.]

Sounds like a legend in his own mind or perhaps his victims. Never forget the Net.Admin.Net-abuse.Email rules :

NANE Rules
Rule #0: Spam is theft.
Rule #1: Spammers lie.
Sharp's Corollary: Spammers attempt to re-define "spamming" as that which they do not do.
Rule #2: If a spammer seems to be telling the truth, see Rule #1.
Crissman's Corollary: A spammer, when caught, blames his victims.
Rule #3: Spammers are stupid.
Krueger's Corollary: Spammer lies are really stupid.
Pickett's Commentary: Spammer lies are boring.
Russell's Corollary: Never underestimate the stupidity of spammers.
Spinosa's Corollary: Spammers assume everybody is more stupid than themselves.


news.admin.net-abuse.email Rules

Now reread the original article, amazing how similar it sounds to the last get rich scheme you encountered. [See #2]

That is because it is in order for their dodge pyramid schemes to work these junk emails must convince both the advertising companies & their own pyramid's lower tiers that it 'works' and the market for spam is increasing. It is not it is just steadily stealing more and more bandwidth the cost of which is shared out by legitimate email users. 96% of the email received at one of my drop accounts is junk email; 3% not, that means we pay 32 times (yes times/not percent) more than we should for email.

Angry ? You should get even not angry, don't rant and rave here: tell *everybody* you know UCE dirty little secret.

Ralsky's Personal Information

[valmont]

Alan Murray Ralsky, a complete asshole, 57 years old according to the article, based on publicly-available records.

While the above information is marginally interesting to bring business to his local pizza, flower, dildo delivery guys, what i'd really like to know is:

• Any class C of ip addresses assigned to this nice T1 line he's installing at his home.
• the fucker's own email address

MOD PARENT UP

[valmont]

i do think it *is* him. His middle name is Murray. Alan Murray Ralsky as i've also found him on another listing.

Re:USPS - add'l data

[MacAndrew]

The catalog people say USPS discriminates against bulk mail -- but see a bright future, as bulk mail becomes a larger fraction of all mailings, their muscle will increase. Yippee.

There are lots of sources arguing that first-class subsidizes bail; assuming everyone is honest, the difference may a question of one's accounting practices. Remember Enron?

Cato has an interesting and, unsurprisingly, highly critical profile of USPS going back to the 18th century.

One note: Americans like to savage their postal system, but many don't know how cheap their first-class stamps are relative to many or most other nations, especially consider you pay one rate from one end to the other of a physically large country. Also, the furor over each penny-or-so price increase (and I'm not kidding, at least they always find someone to fulminate on the news) generally ignores the effects of inflation that erode the real price.

They're not perfect, but they're not that bad, either. There is a long list of other governmental functions I would criticize more harshly, anyway.

But no, I don't like junk mail. Be sure to sign up for the Direct Marketing Association's "Mail Preference Service" -- I think it helps, I hope.

Re:Could someone please confirm...

[valmont]

heheh great post :) this is why i love /,

now, could someone figure out what his e-mail address is *and* any and all ip addresses routed to the nice T1 connections going to his house?

Re:Could someone please confirm...

[AndroidCat]

Nah, that's not the URL you want. Try this one. :^)

Re:Could someone please confirm...

[CSG_SurferDude]

Has anyone else confirmed this address?

Wouldn't it be horrible if somebody sent snail mail to all His Neighbors on Minnow... telling them what their new neighbor does for a living?

HTML link

[RatBastard]

He's using HTML tags to link to an image on a server. You can protect yourself from this in two ways:

1. Use an email program that will let you turn off remote links when rendering HTML
2. Look through the HTML of the email and add any servers refenced therein into your HOSTS file with an address of 127.0.0.1. This will stop your computer from EVER reaching that computer.
   This can also be used to protect you from Goatse.CX, Comp-U-Geek, Rotton.Com, and other material you don't want to see.

Re:Dont't just mail him a catalog

[Martin+S.]

Send him a nice hand written note

A better idea if everybody send him an invoice for mail server usage and bandwidth, keep it reasonable amount, and when he does not pay register a bad debt against him. This could work best if done out of his juridiction.

Obvious Sign Spam Doesn't Work

[Guppy06]

I've come to the conclusion that the advertising mediums that you see advertised are the ones that don't work. For example, a billboard or a mall map that says "You too can rent this space!" are obviously examples of advertising mediums that don't work (the "Rent this space!" ad is obviously not working because it's still there). Even ClearChannel is trying to fill up radio advertising time slots (that they obviously weren't able to sell) with "Advertise with us!" ads.

With that being said, how many of us have gotten e-mails telling us about the wonders of spamming?

Re:Obvious Sign Spam Doesn't Work

[Micah]

Interesting but flawed analogy. Bilboards and radio are mediums with limited space. One would only put an "advertise here" note in the ad space if they weren't selling enough to fill the space. The potential supply of spam is pretty much unlimited, so it doesn't "take any space" for them to send the ads.

hmm, there's bandwidth and server time I guess, but they probably have far more of that than they need for their paying "customers".

windows

[_ph1ux_]

I actually was getting a few (three total) SMB windows popup spams on a vanilla XP box i ahd running. I killed the service pronto.

This tactic made me so angry that i'd probably be in shackles now had that spammer been within any damagable distance at the time.

You are confused

[0xA]

The spam wasn't happening because of a hole in messenger. That's exactly how the thing is supposed to work, it's just mostly useless outside of a network.

Insurance rates

[deanpole]

I wonder if his homeowners' insurance provider knows how hated he is, and whether that would affect his rates?

Another Idea...

[kcb93x]

Know all those 'free info' mailers? Fill some out in his name, mail 'em in...Let him get spammed the REAL way, and then they'll share the info with other '3rd parties'

I used to be against the dealth penalty

[Bouncings]

And then I read this story. :)

And your problem with this is?

[alizard]

Interesting to see that even a spammer can have friends. I consider your choice of associates... unfortunate at best, and if this person is a business associate of yours as well as a friend, you're likely to be a target for whatever action is taken, from hammering his servers on upwards.

Personally, I regard a major-league spammer as simply a declared enemy of humanity, making his income across deliberate harassment of people en masse. I see no moral problem against people striking back against them by any means necessary. They're at war with the rest of us.

Apparently I'm not the only person who thinks so, that news article with how-to info on locating its subject was checked at least by an editor before it got printed and in this case, probably all the way up the newspaper hierarchy and by legal counsel as well. They obviously didn't have a problem with the content, what's yours?

If anything unpleasant happens to one, I'd consider throwing a party to celebrate, and I think there's be celebrations around the world. I wouldn't participate in violence against one, but it's quite possible I'd put in a few bucks towards the legal defense fund of anyone who got caught doing so.

If he actually has a family... it's called collateral damage. Of course, if they're old enough to know what he does for a living, I'm a lot less sympathetic. Usama bin Laden has a family, too. Does he get sympathy points over it? Only from the weak-minded.

SPAM as terrorist communication?

[alizard]

Sure he would be shut down PDQ if GW was convinced that spam is the way terrorists keep in touch. How do you know terrorists don't keep in touch that way?

We have a medium where the sender is explicitly trying his best to prevent the origin of his communications from being traced, where the sender is trying to bypass firewalls and content filters wherever possible, and with mailing lists in the millions.

We have senders who by definition have no personal ethics and presumably have no problem with payment via grocery bags full of $100 bills for content ranging from scans to kiddie porn.

Let's say you're Abdul "Joe' Sixpack wanting to communicate to your worldwide network. Go find Alan, tell him to send your message and add this disk full of names to the list.

As for content, it has to look like ... spam. Names, product names, telephones, or those random alphanumeric strings could be used to convey codebook type content, and I've even seen multiline strings in these e-mails... perhaps these ARE crypto content.

I was joking when I started this. I'm not kidding anymore, this is a very real possibility.

whoa this is good

[Micah]

OT to this particular spammer, but I just got a spam selling McAfee crap online. The order form says it's secure, but nowhere does it go to anything https! And of course it asks for a credit card number.

How can we bust the crap out of these retards?

For one thing, I filled out their form with "CUT THE SPAM YOU BLITHERING RETARDS" as my name, and "dslkfjsdlkafj" type data in the other fields, and 4111 1111 1111 1111 for the credit card #. And the hit submit repeatedly. :)

www.wholesale-software.com is the offender.

Re:whoa this is good

[Micah]

...getting tired of doing it manually...

You know, this is the kind of thing that someone needs to write a little Perl program to do. Should be easy with the LWP::UserAgent (or whatever it's called) module. Just feed it a form URL, have it get all the fields and fill them with random trash, submit repeatedly, and walk away for a few hours. :)

Re:Human Deletion is the permanant solution

[hhknighter]

I agree
Though I must say that is only easing the pain rather than curing it. It all depends on how people will look at it. I guess I can think of it as a bike. You can still ride it without the seat and have the point sharp metal up your rear, but it still works.
Some people will stand up and ride in order to continue their journey, some will get a new seat. And some simply get a new bike.

Falun Gong Ploy Worked!

[herbierobinson]

Did you notice the thing about one of his Chinese "hosts" getting raided on suspicion of Falon Gong activity.

I remember when somebody on Slashdot suggested mentioning the Falun Gong in spam complaints about Chinese spammers. The idea would be that it would harrass the spammer AND tie up the Chinese censors in knots. It apparently worked...

Anybody know of any other organizations the Chinese secret service considers subversive?

I'll bet sending encryted data to the Chinese spammers would have a really cool effect, too.

Another confirmed spammer address

[frankie]

For /.'ers in the Baltimore-Washington corridor:

Maryland Internet Marketing LLC, George Alan Moore Jr, 300 Twin Oaks Rd, Linthicum MD, 21090-2154, 877-655-3438, 410-963-8226.

His domains include softwareincorporated.com and ultimatediets.com. He usually sells McAfee VirusScan. If he's spammed you since October, you can sue.

Re:Dont't just mail him a catalog

[Eggplant62]

Send him a nice hand written note

A better idea if everybody send him an invoice for mail server usage and bandwidth, keep it reasonable amount, and when he does not pay register a bad debt against him. This could work best if done out of his juridiction.

From reading his rapsheet on spamhaus.org's ROKSO database, I don't think Big Al would give a fudge about whether or not he pays you, regardless if he had a court order to do so or not. Remember, he's not going to blink at handing out quarters, he's got so damned much money.
What we need to find out are his ASN numbers so routers can be programmed to ignore all traffic from those ASNs. Here's wishing.