Slashdot Mirror

← Back to Stories (view on slashdot.org)

SPAM - A Different Kind of Identity Theft?

Posted by Cliff on from the remember-to-consult-REAL-legal-representation dept.

bmooney28 asks: "After maintaining a single permanent email address through 8 years and five ISP's (via a forwarding service), I lost it all in a day. My first sign of trouble came when I found a message undeliverable email in my inbox containing hundreds of failed email addresses. Apparently, my email address had been pasted as the return address in a mass mailing similar to this one sent to hundreds of random recipients. This process repeated a few times over the next day or so, effectively blacklisting my email address on various master lists and adding my address to thousands of random address books (virus magnets). In the past, I have had a great deal of luck fighting off SPAM and other unwanted email via throwaway email addresses and preemptive email filtering. Now, the email address that I use to communicate with friends, former students, and coworkers around the world is useless. Have any of you ever found yourself in a similar situation? Are there any legal steps that I could take against this company?"

12 of 101 comments (clear)

  1. that stinks by gaminRey · · Score: 4, Interesting

    Wow, that really stinks. I have personally used similar solutions to the spam problem. In the future I would suggest using different aliases for friends, business contacts, web forms, etcs; and then keep the main POP account secret, that way the SPAM people shouldn't ever get the real address, and if something like this happens again to one of the front addresses, you can just drop it without losing all of them.

    --
    j.goforth
  2. It's a losing cause by kawika · · Score: 4, Informative

    For several years I have been using spam-magnet accounts like hotmail.com and yahoo.com. I feel like Elaine in that episode of Seinfeld when she finds out her favorite form of birth control (The Sponge) is being taken off the market. She hoards all she can find and then has to decide if every guy she meets is "spongeworthy". That's what we are all trying to do with our email accounts, trying to decide who to give the primo ones and who gets the seldom-checked Hotmail address.

    Due to some friends getting Klez, my "good" emails have leaked out and are receiving spam. So no matter what you do the email shell game is not a complete strategy for spam management.

    In your case I think that address is so worthless at this point that you're going to have to give up on it. Put a vacation message on it and move on.

  3. legal steps by zarqman · · Score: 5, Informative
    if you can identify who the spammer is and if they are in the same country as you are, then you certainly can sue. whether you can collect of course, is a different matter. but, things that are likely to help: document, document, document. seriously. you can probably approach this two ways: a criminal basis, fraud, and a civil basis, personal loss.

    for fraud, you'll likely need the assistance of a public prosecutor. if they are cool with that, you're in luck. if they aren't, there's not much you can do. you will have to somehow show ill-intent on the basis of committing the fraud. honestly, not too difficult, but given the courts in your jurisdiction, you never know. jurisdiction differences between you and the spammer may make this difficult.

    for personal loss, jurisdiction can be worked with (if, as mentioned above, in the same country), although it could get expensive to pursue. documentation becomes really big here as you'll have to prove loss. document the time you spend contacting people to let them know of your new address. write a journal and document your 'pain and suffering' having to go through this. keep all server logs, measure for bandwidth and storage use (not totally sure what to do with it, but maybe someone else creative here will help), and anything else you can think of. if it requires long distance calls, document that. etc. then find a lawyer who will take it and see what happens. then again, contact a lawyer in your jurisdiction first, as the usual /. rules apply: few here are lawyers (i'm not) and none are _your_ lawyer.

    good luck. i certainly feel for you. this bites.

    --
    geek friendly VPS's and free API enabled DNS : zerigo.com
  4. Come and si the violence inherit in teh system! by Xunker · · Score: 5, Interesting

    While not and answer to your question, I feel this incident exposes a major problem with the way many MTAs are architected.

    I cannot send mail to AOL users. Why? Because I'm in their spam filter. Why? Because of Kleez. AS you may know, it extracts address from your IE cache and sends mail using one of those addresses it find. Well, mine was used a bunch of times to send the virus to AOLers.

    AOLs mail server didn't bother to read the headers -- instead, it does wqhat no server should do, trust the "From:" header. Had their MTA parsed the "Received By" logs, it would find that it wasn't sent by me. Instead, whoever wrote it took the easy way out and decided to always believe the From: header and as such I'm now unable to send mail to AOL.

    Not like I mind.

    --
    Hilary Rosen's speech was about her love of money and her desire to roll around naked in a pile of money.
  5. Habeas.com headers to assert you're not spamming by manastungare · · Score: 5, Informative

    Check out Habeas for adding headers to your email that certify you're not sending spam. Habeas' license policy restrict spammers from using them, thus spam filters allow emails Habeas headers through without problems. Let's hope it works! :)

  6. Real identity your email address by waytoomuchcoffee · · Score: 4, Interesting

    I have worried about this stuff for a long time. First, as so many have stated already, "get a new email address." Really no way around that, your old one is *dead*.

    So what to do about the future? I guess you have to assume that every email address can eventually be nuked, and get used to sending out new email address notifications to everyone. Another reason I see digital signing becoming a necessity in the future -- else what is to stop a trojan hijacking your email address and sending out fake change of address messages?

    More and more it's heading to the point where your *real identity* has nothing to do with your email address, but rather with your PGP key.

  7. Re:2 ways to deal with this by jhunsake · · Score: 5, Insightful

    I don't see 1) and 2) as mutually exclusive actions.

  8. Re:Real identity your email address by JohnFluxx · · Score: 4, Interesting

    Hmm, now that's an idea..

    Could it be done so that when you hit reply, you contact one of the pgp keyservers and get back the prefered email address.

    That way, when you change your email, all you have to do is change the prefered email address on the keyservers.

  9. as a CA resident by drDugan · · Score: 4, Interesting

    once I cross the "you pissed me off, spammer" line...

    I usually send a nastygram back to all the email addresses I can find, their funders & investors, board members, customers, employees, etc. all in the TO: field:

    I say I will never do business with them, will tell my friends not to do business with them, and purposefully seek out their competitors when I next need their product.

    I tell them that this is formal notification to not contact me again commercially, and list the email addresses that they must remove.

    Then I tell them I will sue them under CA law (http://www.spamlaws.com/state/ca1.html) if they don't comply.

  10. This is 'Collateral Spam' by Joel+Rowbottom · · Score: 4, Informative
    The technique you're describing is known as 'collateral spam'.

    I'm the Head Geek (ok, CTO) of the company which runs domains such as UK.com, UK.net, US.com, etc. Among our 'portfolio' we have the name NO.com.

    Now, admit it, how many times have you typed 'no@no.com' into a reply-to field, or a web-form? Those bounces come to us, and yes, they're hellish to deal with - it's pretty much rendered the whole domain useless for email, never mind one single address, because we have to bounce or filter the 'bad' addresses. It's a Wile E Coyote Acme-branded magnet for spam.

    You don't say which locale you're in, but the European Commission made this a criminal act - I was at the consultation with members of the ISP industry, and cited the collateral spam problem as a form of DoS - never mind the identity theft.

    If you want to take legal action, this is probably the way forward, but if I were you I'd just let it go - it'll be expensive, and probably greenfield legal territory anyway.

    (IANAL, blah).

    --
    Smegma.
    1. Re:This is 'Collateral Spam' by tdemark · · Score: 4, Insightful

      Actually, I use some_string@example.com just to prevent this sort of thing.

      Since example.com is not available for registration, no one gets hurt.

  11. Re:Habeas.com headers to assert you're not spammin by Spoing · · Score: 4, Funny
    Habeas' license policy restrict spammers from using them, thus spam filters allow emails Habeas headers through without problems.

    It's a good thing that spammers are ethical!

    --
    A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.