Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dictionary Spammer Fined $55,000 for Spam Attack

Posted by michael on from the small-price-to-pay dept.

Lawrence_Bird writes "In a first, a Japanese district court has ordered a spammer to pay restitution to NTT DoCoMo for abuse of their imode system. 'The damage caused by large amounts of e-mail not reaching their destinations should be covered by the sender,' said the judge. The fine is about $55,000 and was based on an estimated cost to NTT of 1.2 yen per undelivered spam ($0.01) for the 4 million spams that were undeliverable. What is most startling is NTT DoCoMo assertion that of the 950 million emails they receive each day, 880 million are not deliverable!"

11 of 175 comments (clear)

  1. Great by captainclever · · Score: 4, Insightful

    If only there were more rulings like this one, maybe it would make spammers think twice if they knew they could be fined.

    I want to see this guy fined per DELIVERABLE message aswell though.

    --
    Last.fm - join the social music revolution
  2. "880 million" by rf0 · · Score: 4, Informative

    I think that it should be clearer that those 880 million are sent to *non-existant* addresses. The slashdot article makes it looks like that their infrastructure can't cope...

    Rus

    --
    Cheap UK and US VPS
    1. Re:"880 million" by tomhudson · · Score: 3, Interesting
      It was a "dictionary attack". This means trying all sorts of combinations of common names, words, and numbers (cf: /usr/libcrack*). Almost none of them would be deliverable, as there are no subscribers.

      Unfortunately, my cell plan's email addy is my 10-digit phone number+@+my phone company. It's easy for spammers to just send to every possible cellphone number. I would think that they (the cellphone company) would allow you to add either a prefix or suffix to the number, to keep down spam. I guess this is why they don't charge for the first 2500 sms messages received each month - to keep down complaints.

  3. Well... by acehole · · Score: 4, Funny

    They tried to email the judgement to him but for some reason thiscouldbeyou@riches.await.com kept bouncing...

    --
    Be you Admins? nay, we are but lusers!
  4. A great precedent! by Bvardi · · Score: 5, Interesting

    Now if only more countries would do this kind of thing - recognizing that spam has a financial impact on ISPs and on the end consumer, and that especially mass "dictionary" based attacks to randomly find accounts are the internet equivilent of dropping millions of leaflets from an airplane for advertising purposes. (In which case they'd be rightly charged with littering and other offences.)

    Plus they got zapped for undelivered email - avoids the whole "opt in/opt out" argument (difficult to prove always that someone didn't accidentally "opt in" at SOME point and you KNOW the spammer is going to claim that they did) AND it also is likely far more costly than targetted spam attacks. (If you send to a 90 percent valid email list chances are you are sending to a few hundred thousand addresses. You do a dictionary attack you are sending to MILLIONS of addresses... which would you rather see them get charged cash for?)

    It's a good start if you ask me (though of course part of me thinks that locking them in a small room with one angry ferret per 1000 emails would be a good way too... but that might be going too far. Probably. I mean, think of the poor ferrets?)

    Bvardi

    1. Re:A great precedent! by phorm · · Score: 3, Funny

      Probably. I mean, think of the poor ferrets

      How about something more like a reality-TV show? For every 100/1000 spams sent... they spend one day on a deserted island. The island has water... but little food.

      Eventually... we can wait until they turn on each other, or start suffering from malnutrition, whatever.

      Disclaimer: I strongly dislike "reality TV", but I'd buy a dish and PPV just to see a bunch of miserable spammers shipped to some godforsaken remote destination

    2. Re:A great precedent! by override11 · · Score: 3, Insightful

      Thats why I dont understand why ISP's dont get more involved in fighting SPAM, its costing THEM money. You would think that a big backbone like UUNET would spend a chunk of change to create 100% accurate filters and be pro-active on blocking out this bull-crap. It would only benifit them down the road.

      It would even waggle the magic word 'ROI' in front of the exec's, so why isnt it happening yet??

      --
      No I didnt spell check this post...
  5. Re:good by PerryMason · · Score: 3, Informative

    ...as someone who recently had an email server relay raped

    Hmmm. Not to come across too harsh or anything, but you _really_ should test these things. Rather than just assuming that it wasnt "accesible to the open", you should telnet to your mail server and test the possible relay methods, or at the very least, register with abuse.net and let their online tester do the work for you.

    As you have no doubt seen, getting a server off ORBS and the like is really a LOT more hassle than testing in the first place. Additionally; as you say "[i]t's about time people realise that stuff like this has very real consequences..." This works both ways. If you don't secure your systems, they _will_ be taken advantage of, and next time it will be Company X suing you for permitting your mail server to be used in spamming them and not just Company X suing the spammer.

    --
    "I'm tired of all this 'Aren't humanity great' bullshit. We're a virus with shoes" - Bill Hicks
  6. Re:Damn! by $rtbl_this · · Score: 4, Funny

    I think you'll find they're just being blackholed. *rimshot*

    Ew. I really wish I hadn't just used the syllable "rim" in that context.

    --
    "Are you being weird, or sarcastic?" said Emma. I said I didn't know because I get the two feelings mixed up.
  7. It's about time... by hafree · · Score: 3, Interesting

    It's about time someone set a precedent in determining the cost of spam. Not just in terms of denial of service, but also the amount of time it takes people to deal with it.

    Many people don't realize what a hassle spam can be, until you try to put a monetary cost on it. Let's forget about the resources it uses and just look at how much time it consumes to delete... For the sake of using round numbers, let's say it takes someone 5 seconds to identify a message as spam and delete it. That means in an hour they can theoretically delete 720 pieces of spam. I don't know about the rest of you, but I regularly receive about 100 pieces of spam on a typical day. That means that about 2.6% of your paycheck goes towards you deleting spam. For an employee that makes $50k/year, this comes out to approximately 3.5 cents per piece of spam received, or $1277/year...

  8. Say no to excessive "costs" by morcheeba · · Score: 4, Interesting

    I like the verdict and think that the fine is appropriate, but I don't like how it was calculated. Maybe the article misrepresented it, but charging $0.01 per spam seems excessive.

    The article says 880 million undeliverable emails are sent every day. At a penny a piece, that's USD$8.8million / day, or $3.2 billion/year. The company does $42 billion in sales per year, I doubt that they spend 7.6% of their income on spam. Or, for that matter, give me $3b/yr and I'll provide the equipment to totally filter all of their undeliverable mail -- they'll save their shareholders $200 million!.

    I just wish they said "it cost us 1 man-year of work to stop this guy" and cost it that way instead of making up numbers per message. It's this kind of unjustified damage estimate that "cost" sun $80 million of money that was good enough to tell a judge under oath, but too bogus to tell their shareholders. A doubt NTT has a $3.2b line-item on their annual report.

    (and, as others have pointed out, this 880milMsg/day is misaddressed mail - trivial to filter out and it never consume any expensive RF bandwidth)

    --
    HIV Crosses Species Barrier... into Muppets