Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dictionary Spammer Fined $55,000 for Spam Attack

Posted by michael on from the small-price-to-pay dept.

Lawrence_Bird writes "In a first, a Japanese district court has ordered a spammer to pay restitution to NTT DoCoMo for abuse of their imode system. 'The damage caused by large amounts of e-mail not reaching their destinations should be covered by the sender,' said the judge. The fine is about $55,000 and was based on an estimated cost to NTT of 1.2 yen per undelivered spam ($0.01) for the 4 million spams that were undeliverable. What is most startling is NTT DoCoMo assertion that of the 950 million emails they receive each day, 880 million are not deliverable!"

6 of 175 comments (clear)

  1. A great precedent! by Bvardi · · Score: 5, Interesting

    Now if only more countries would do this kind of thing - recognizing that spam has a financial impact on ISPs and on the end consumer, and that especially mass "dictionary" based attacks to randomly find accounts are the internet equivilent of dropping millions of leaflets from an airplane for advertising purposes. (In which case they'd be rightly charged with littering and other offences.)

    Plus they got zapped for undelivered email - avoids the whole "opt in/opt out" argument (difficult to prove always that someone didn't accidentally "opt in" at SOME point and you KNOW the spammer is going to claim that they did) AND it also is likely far more costly than targetted spam attacks. (If you send to a 90 percent valid email list chances are you are sending to a few hundred thousand addresses. You do a dictionary attack you are sending to MILLIONS of addresses... which would you rather see them get charged cash for?)

    It's a good start if you ask me (though of course part of me thinks that locking them in a small room with one angry ferret per 1000 emails would be a good way too... but that might be going too far. Probably. I mean, think of the poor ferrets?)

    Bvardi

  2. Not deliverable? How about, not readable! by dsplat · · Score: 2, Interesting

    Of the dozens of spam messages I get every day, at least 20% of them are unreadable. I'm not counting the ones that are in languages that I don't know. I'm talking about the ones that are sent in an encoding that isn't properly reflected in the headers. Then there are the ones that are in such poorly formatted HTML that they just won't display.

    --
    The net will not be what we demand, but what we make it. Build it well.
  3. It's about time... by hafree · · Score: 3, Interesting

    It's about time someone set a precedent in determining the cost of spam. Not just in terms of denial of service, but also the amount of time it takes people to deal with it.

    Many people don't realize what a hassle spam can be, until you try to put a monetary cost on it. Let's forget about the resources it uses and just look at how much time it consumes to delete... For the sake of using round numbers, let's say it takes someone 5 seconds to identify a message as spam and delete it. That means in an hour they can theoretically delete 720 pieces of spam. I don't know about the rest of you, but I regularly receive about 100 pieces of spam on a typical day. That means that about 2.6% of your paycheck goes towards you deleting spam. For an employee that makes $50k/year, this comes out to approximately 3.5 cents per piece of spam received, or $1277/year...

  4. Dealing with dictionary attacks by andy@petdance.com · · Score: 2, Interesting

    If their mail servers are swamped with 880,000,000 emails daily from dictionary attack, I'd think the easiest solution would be to throttle the mail servers. "Oh, I got an invalid recipient, I'll pause 5 seconds before I respond." (Adjust 5 seconds to whatever makes most sense) For most legit users, that shouldn't be a problem. For the spammers, it means they can make at most 17280 attempts per day per MTA.

  5. Say no to excessive "costs" by morcheeba · · Score: 4, Interesting

    I like the verdict and think that the fine is appropriate, but I don't like how it was calculated. Maybe the article misrepresented it, but charging $0.01 per spam seems excessive.

    The article says 880 million undeliverable emails are sent every day. At a penny a piece, that's USD$8.8million / day, or $3.2 billion/year. The company does $42 billion in sales per year, I doubt that they spend 7.6% of their income on spam. Or, for that matter, give me $3b/yr and I'll provide the equipment to totally filter all of their undeliverable mail -- they'll save their shareholders $200 million!.

    I just wish they said "it cost us 1 man-year of work to stop this guy" and cost it that way instead of making up numbers per message. It's this kind of unjustified damage estimate that "cost" sun $80 million of money that was good enough to tell a judge under oath, but too bogus to tell their shareholders. A doubt NTT has a $3.2b line-item on their annual report.

    (and, as others have pointed out, this 880milMsg/day is misaddressed mail - trivial to filter out and it never consume any expensive RF bandwidth)

    --
    HIV Crosses Species Barrier... into Muppets
  6. Re:"880 million" by tomhudson · · Score: 3, Interesting
    It was a "dictionary attack". This means trying all sorts of combinations of common names, words, and numbers (cf: /usr/libcrack*). Almost none of them would be deliverable, as there are no subscribers.

    Unfortunately, my cell plan's email addy is my 10-digit phone number+@+my phone company. It's easy for spammers to just send to every possible cellphone number. I would think that they (the cellphone company) would allow you to add either a prefix or suffix to the number, to keep down spam. I guess this is why they don't charge for the first 2500 sms messages received each month - to keep down complaints.