Slashdot Mirror
Earthlink Wins Another Spam Award: $16 million
linuxwrangler writes "U.S. District Judge Thomas W. Thrash Jr. awarded Earthlink $16 million and an injunction against Howard Carmack for Carmack's use of Earthlink to deliver spam. Given that Earthlink is still awaiting payment of the $25 million it won against Kahn C. Smith last year, it views the injunction as the bigger of the two wins." A few more of these, and maybe the tide of spam will eb. Maybe. Nah.
Not "eb", but "ebb". "To fall away or back; decline or recede." Ebb.
As my subject line says...I do, but I dont see how anyone other than large corporations can go through the process to actually get a judgement. I mean, I get mostly spam these days, even on an account I made, but never used a single time! Anyway, thats my rant for the day.
Sig- http://www.dreamhost.com/rewards.cgi?ayefly
Does the injunction cover spam on other systems or just Earthlink? I guess I'll go read the article and get back to myself on that one...
are they ever going to see the money from this settlement?
I used to believe that legal remedies couldn't stop things like spam, but I think I was wrong.
The very fact that spam is only a problem when it's on a large scale (don't think about recieving on a large scale, think that the list has to be large...) means, I think, that legal solutions can prevail.
arete
Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
Seeing as how these spammers probably DON'T have millions of dollars in the bank, and even Microsoft was able to negotiate for penalties being only in software, is Earthlink likely to get a truck load of $16M of penile enhancement cream and Nigerian banknotes in compensation?
Wonder if this spammer has any relation to good 'ol John. ;)
Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
"A few more of these, and maybe the tide of spam will eb." Yeah.. and maybe if the RIAA sues the pantaloons off a few more University students, people will be wracked with guilt and delete their collection of MP3's. Maybe. Nah.
This guy used his relative's info for setting up accounts. When Earthlink talked to his 58 year old retired uncle, they figured out what was going on when he mentioned a nephew that works at home w/ computers. (I read the Wall Street Journal. Headline news!)
This guy is way out there
Last year the company was awarded $25 million in damages in a suit against another big junk e-mailer, Kahn C. Smith of Tennessee. Youngblood said the company hasn't collected that award. But the monetary award, Wellborn said, is less of a victory than the injunction.
Nobody will ever collect civil damages from a spammer, because the vast majority of spam does not come from legitimate companies with assets. Most spammers tend to be individuals: low-rent sleazebags with bad credit and a history of illegal or borderline illegal activities. If they actually had millions of dollars they wouldn't stoop to spamming.
The injunction is a good thing because if one of these lowlifes tries spamming again, they can throw him in jail.
the problem of course is that all the spammers will just move overseas, where US law won't hurt them and they are ignored by local government.
They say injunction.
I say injection.
evil adrian
Hitting spammers in their pocket books is the only thing that will stop them. The awards must exceed the amount that they make though spamming.
Earthlink should not allow these spammers not to pay either. They need to take everything the spammer owns. Don't even leave them a bucket to piss into.
The race isn't always to the swift... but that's the way to bet!
That would require AOL to do something.
Carmack and others kept the bulk e-mail flowing through Internet accounts opened with stolen identities and credit card numbers.
Considering this and the fact that he didn't even show up to defend himself in court, why bother obeying the injuction? They don't arrest people for this stuff anymore?
Obviously Earthlink isn't going to get $16 mil out of this. I take it verizon didn't collect on their $6.9 million judgement either.
These rulings are against spammers sending mail through Earthlink's servers, right? Can the same logic be used against American spammers using foreign servers to push mail onto Earthlink (or others) servers?
IANAL...
Seth
Thrash... who could ask for a better name than that! That spammer certainly got a financial "thrashing".
I've looked up our friend Mr. Ralsky on spamhaus and it would seem he's probably not paid anything yet in damages. http://www.usatoday.com/tech/news/techpolicy/2002- 10-29-spam-suit_x.htm
http://www.spamhaus.org/rokso/search.lasso?evidenc efile=1290
Further it would seem he has enough money to hire lawyers to appeal convictions and the other normal legal ramblings which take forever to settle lawsuits. Won't this suit/injuction simply be more of the same?
wait, i have earthlink, do i get a piece of that pie? how many users does earthlink have? 10 milion? good, that's like a buck twenty i should get off my next bill.
Runnin' On Empty
it's harry potter (no joke)
In the courtroom of that famous Native American, Judge HorseFuck.
I have NO idea what that meant.
If Earthlink, and company, have been doing side deals with spammers for years, and some people have the documentation to prove it, why isn't there a class action lawsuit or something. Lately, in the interest of customer appeasement, brand recognition, and some more advertising many companies like Earthlink have been suing spammers, except we all know they'll never get any money. They already got their money from the 'secret deals'. They are now flaunting their 'respectability' and 'anti spamness', and this should be more reason to applaud them for their legitimate efforts and penalize them for their shady dealings.
I'll never understand why people accept apathy. I know the reasons, but they still get on my nerves.
A few more victories and we might be able to see the rest of the Universe a lot sooner than I expected. Black Hole
I assume he means lethal.
Originally, he was buying hosting from several US ISPs, including Rackspace. We asked the ISPs to identify the site owner, as required by law (because he accepts credit cards) and when they found they didn't have good info on him, they killed his accounts. He was using about five ISPs at a time, and had his own DNS server so that he could quickly switch from one ISP to another as he was kicked off. The spam itself went out via open Telnet proxies. Whois info is plausible, but fake.
This seemed like a big-time operator, but over time, a different picture emerged. It became clear that this guy's business isn't porno. It's collecting credit card numbers. The porno sites were very shallow. ISP operators told us they were typically $5/month hosting sites with maybe 1MB of content. Some of the web sites were purchased with bad credit card numbers.
This guy kept coming back, typically buying bottom-level hosting through resellers. He tried a hosting service in Mayalasia and got kicked off. He tried one in Brazil and got kicked off. He tried a "bulk friendly" ISP in the US and got kicked off. Finally, he ended up with everything on a server in St. Petersburg, Russia. It took a few days, but he's been kicked off there, too.
We have some hints of who he is. We've spoken to some people he's dealt with. When we get a solid ID, we'll go after him for trademark infringement.
It's possible to win these things. It's time consuming, but persist. Trace where the money goes, not where the spam comes from. Follow up daily. Half an hour a day keeps the spammers away.
Nah, just get them really really high - pretty soon they'll all be reduced to turning tricks in the park for their next hit.
The WSJ article today goes into some detail about the arduous chase with little pay-off. Earthlink must have some really dedicated anti-spam activists to even try this. Think they are getting big bucks? Hardly. From the WSJ:
And it involves a lot of grunt work per spammer. How much is your time worth? It's like "The Cuckoo's Egg" story again. For just this one guy, for example:
Unless we start seeing some high-profile jail time, there won't be much of a victory.
I can only think of a few crimes that merit the death penalty, and spamming is one of them.
Other crimes that definitely merit death include:
-- Serving popup ads
-- Peeing in the alley behind my apartment building (dogs get clemency)
-- Sending emails without subject lines
Knoppix, motherfucker.
San Francisco has no public urination laws.
I piss on everything! Hope you don't live here
The WSJ article said he'd used 350 stolen identities and credit cards to set up accounts. We've got the laws we need to put people in jail for credit card fraud -- so why is he at home avoiding phone calls?
If voting changed anything, they'd make it illegal -- Jello Biafra
Without knowing what he charged his customers, his fine doesn't seem all that large.
I think it's about time ISP's started charging for each e-mail both sent and received, somewhat like stamps. Something tells me the elasticity looks very vertical in this market and a small cost will do wonders for reducing spam.
Wait, what's this about side deals? Are you talking reality here or conspiracy theories? Obviously shady dealings happen in the corporate world all the time, but that doesn't mean we can assume w/o solid evidence.
There are only 10 types of people: those who understand decimal, those who don't, and, uh, 8 other types I forget.
What's wrong with e-mails without a subject?
I'm starting to believe that the SPAM problem is more of an educational issue now. I've used two different programs that have been highly effective against SPAM (spamnet and POPFile). I use POPFile exclusively now, and I've almost forgotten what SPAM is. Yes, it's still a major problem for users out there (especially those using web-based clients), but there is highly effective technology out there to counter it. We don't need to launch costly and ungainly legal offensives against spammers - we already have software that can render them irrelevant.
I noted earlier this asshole used his uncle's info in setting up Earthlink accounts. He also used his mother's name and his mentally-handicapped brother's name. These mistakes and his persistence in using Earthlink as his only ISP cost him quite a bit.
This guy is way out there
The moneys should go to the victims of SPAM. Earthlink should take the 16 million dollar prize, divite it by it's members or whatever, and then give cash to the people who hate SPAM.
I suggest you read Slashdot
Speaking from a front line position in certain corporations *coughs* phone monkey *coughs* in no way represents any corporations opinion (just what I see at the job)
I'd say besides connection issues...
Spam and pop ups tend to be the most irritating thing about the internet to those unfamiliar with it in general... I'm quite sure it's caused plenty of customers to cancel regardless of quality of service of the connection or the quality of customer service of any company...
Not only the cancelation but the support of the end user with these issues also costs money. Running 24/7 tech support with MSN, Earthlink, AOL or any major ISP...
1800 systems don't come cheap. Money is measured in minutes.
When 50% of your calls are due to spam and pop ups... With the rest as connection issues... If somehow you can kill the reason that the end user has to call in you already saved yourself a ton of money.
Of course I've talked with people who wanted to cancel their internet because they saw a banner ad saying "You are broad casting you IP!!"
Explaining the nature of pop up ads to the user is one thing, but when they are highjacked by Xupiter, Newdotnet, or "insert your spyware of the week" it's hard to understand from their end... Not to mention those same programs will cause IE to DIE! on say Windows computer if the program itself dies. (I'd say Newdotnet is horrible for that if it eats your wsock32.dll in win98... and embedds itself all over the registry... no web pages for you...)
Heck if I know how it gets on their computers.
"Do you have Kazaa on your computer?"
Usually the answer is "yes"
Personally, I'd like to see a few ISP companies go after these Spyware companies... Sure the end user can't sue because they agreed to a EULA but it often costs their ISP large sums money in terms of support costs...
the only way i can see spammers making money is if people actually click on the ads and genuinly purchase the items they are offering, if people stopped doing this then the effort to send out 10,000 emails when only 5 people might click would seem a waste of time. and i still have no idea how they can get email accounts that have only just been created with my ISP, that have never been used before.. especially since my isp says they don't condone spamming!!! damnit. now i'm just angry.
First, nothing begins if not opening
This is why I host my own e-mail server. It is FAR easyer to block unwanted spam than to have no control of my ISPs based e-mail account. SPAM has to be rejected at the mail server, accepting the e-mail and then filtering it out with your e-mail client does no good at all. It will be interesting to see if any of these SPAMers ever pay up.
Maybe when hell freezes over SPAMers will finally catch a clue...nahhh, I doubt it..
"I bow to no man" - Riddick
You're a loose cannon! You're off the case. I want your gun and your badge.
I'm just putting the finishing touches to my sure fire way of avoiding court fines, something that I am willing to share for a mere £100. Could all slashdotters please help me in this noble enterprise by sending me the email addresses of all the spammers that they know.
>Actually your right...
:-)
You're!
>the nazi's do serve a purpose
The Nazis!
>There purpose
Their!
Couldn't they bend 'spam' into a legally actionable offense by calling it 'terrorism'?
I know the idea of a site that sells penis enlarging devices and offers college degrees for $19.95, terrorizes me.
It's both a matter of principle and spam does have a financial and quality of service impact on companies and consumers.
In order to dodge spam, companies/consumers have to either spend the time manually deleting spam or put out the money to buy software to filter spam. In both these cases, spam still eats bandwidth.
Companies also have to be careful (i.e., spend time/money) that software filters do not delete legitimate email, as this could potentially have a severe imapact on their business dealings, service record, etc.
Finally, the burden of spam should fall on those responsible for it, not those that are "victimized" by it. So let's still nail the spammers.
I'm wondering how does he size up against the "top 180 responsible for 90% of all spam". Apparently, he is not in the ROKSO list.
You heard me. No more.
Hey, I'm serious here.
pfft
You're missing an important point. Even if you don't see your spam anymore, you're still paying for it. Spam is a major part of your bandwidth bill - why are you and I paying for their actions?
The problem with this argument is that even if we all ran Bayesian Filters and blocked 99.9% of all spam messages from hitting our inboxes there would still be billions of messages going back an forth between mail servers before they are caught by the filters. This is a major drag on Internet bandwidth even if all of us never actually saw another spam in our inboxes ever again. These people who abuse their network privileges and degrade the network for the rest of us should be caught and punished for their behavior. Another thing that would really help is for slashdot people to advocate proper mail server configuration, including disallowing open relays, and education of all of the part-time mail sysadmins out there who perpetuate the problem with their own ineptness. There are groups already trying to do these things and it is helping, but it will take much more work on the part of mail admins and users to shut the spammers down for good.
What's most interesting about this case is that it proves once again, international, federal, state and other law enforcement authorities are incompetent and ineffective. This guy broke various laws but the only way to get him was to pursue justice in civil court?
We have never needed tougher anti-spam laws... We've only needed a justice system that can get off its butt, stop chasing people in white vans, and prosecute criminals who break the law.
Remember this the next time your DA and other LEO figures come up for election. Most spammers break numerous existing laws that have nothing to do with the concept of freedom of expression which they perversely use as a smokescreen. In the case of this guy, he used stolen credit card numbers and fake identities, in addition to breaking into unauthorized computer systems.
Let that be a lesson to you spammers! If you get caught, you might have to declare bankruptcy! But you obviously don't have to worry about serving any jail time for credit card fraud or computer breakins.
What a joke. The government can spend $52 Million bucks to find out if Bill Clinton got a blowjob, but can't go after these spamming sleazebags who are polluting the Internet and breaking actual laws?
What if the ISPs sued the backbone providers? They have money. Aren't they responsible in some way? Think about it:
If you get a telephone line and when you answer the phone all you get is static, so that maybe 70% of the phone conversation can be heard, should you be paying for this extra noise that is inhibiting your ability to get appropriate utilization based on what you're paying for?
They say that 40% or more of data travelling across the Internet nowadays is rogue data, neither solicited, nor welcome. Why should ISPs and their customers pay for more bandwidth than they really need because the backbones won't get involved and stop this noise?
Most of us know, as soon as you go live on the net; as soon as you have an IP, you have unwanted traffic, port scanners, random smtp gateways hammering your system, unsecured infected Microsoft systems propagating viruses, etc. Is this what we're paying for?
If you ordered a telephone line and half the time it rang with people calling you didn't know or invite, offering you scams and offensive solicitations, the phone company would do something about it. It's not as big a deal with end users because they're not paying based on bandwidth, but certainly their ISPs who are might have a decent case to push the backbone providers to not turn the other way when they clearly know a sizeable percentage of their pipes are filled with uninvited "noise". For example, Sprint's historical policy has not been to get involved in DOS attacks unless their customer's pipe is saturated. So you can be attacked as long as there is no bandwidth left, and only then will they intervene. Imagine if this policy applied to other important utilities? You can't put your garbage out until you have a certain amount; you can't get your electricity restored until a certain percentage of your city is dark. This is BS. I say, let's start holding the backbone providers liable for hooking us up to internet pipes that are chock full of data that we didn't invite, costing everyone money and reducing everyone's security, privacy and performance.
Yes, I know this is a much more complicated issue, but you cannot deny there is a substantive conflict of interest here between the backbones, which profit off spam, and everybody else who suffers because of it.
Oh, but I always wanted a PhD in Comparative Cosmology! Only $19.95! Impress your low-brow friends!
Why not go after these people for real crimes and send them to the slammer, confiscate their equipment, and all that other stuff the FBI loves to do? Also gotta figure if these guys are making any money, their probably violating some IRS law, so send more feds after them.
Bah... until judges and politicans actually grow up around this stuff, or have to answer their own emails, they'll never pursue it.
I bet when Bill Gates kids start getting spam, we'll see some radical solutions.
I own a company that places public internet machines around minnesota.
In one location their was this couple that would come in everyday. They would browse the web and sign up for everything and anything they could find that was free.
Finally one day I told them one day they won't recive anything that they ordered because they were all scams. Everything from cook books to free tshirts. They told me they didnt care because they just loved the idea of trying to win free stuff, or have mail sent to them to read.
Side note: I checked their email account that was disabled and it had 600megs of emails over 6 months.
I deleted my sig years ago.
You'd think with all the great games he's made, he wouldn't have to resort to this.
--Rick "If it isn't broken, take it apart and find out why."
It shouldn't be too hard to get his address - doing a lawsuit in small claims is probably enough to get SWBell to cough up the address of that DSL line. And you should be able to come up with an excuse to sue him. You might be able to get the SWBell security folks after him, but more likely they'd just cancel the account and it'd be protected by their privacy policies.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Don't you want a larger penis? Sure we all do.... Here at ICS, not only do we work to give you a high school education, we also do penis enlargement, hair re-growth, hair removal, and you earn money via nigerian banking scams. I'm Sally Struthers.
Shoot me the if I ever get Sally Struthers spam.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
A couple of months ago she came and talked to me about how to set up a bulk email thing and I thought I'd succeeded in persuading her that it was a seriously bad idea and she shouldn't do it. Apparently I hadn't; last night she told me she'd started sending bulk UCE.
This isn't someone whom I'd describe as sleazy, and it isn't someone who's stupid. It's someone who is desperate. I think you will find a lot of spammers are.
The problem can be tackled, it seems to me, at two levels. Yes, if there's legislation (particularly if it has real teeth) then peopel will get a good clue that this is not a good thing to do. But it also needs there to be a professional ethic among systems and network administrators that we will not allow the infrastructure we control to be used for this sort of thing, and that we will kick offenders off and cancel accounts; and that if our management say different we will refuse to work for them - a sort of hypocratic oath for geeks.
I'm old enough to remember when discussions on Slashdot were well informed.
If indeed 99.9% of spam was stopped, the whole spamming business would end and spammers would go back to whatever they were doing before.
Hello,
i ginating source, IP, Time/date
I represent a marketing firm that, due to overwhelming
email campaign results, have access to millions of opt-in
subscribers for online newsletters and offers.
Most Databases Contain: first,last,address,city,
state,zip,DOB,Gender,or
stamp
If interested, please let me know what category of
interest you have, and i'll let you know what
currently available assets we have with a quote.
Thank You
Adam Weiss
Independent Rep
877-570-4483
The people who will block the 99.9% percent are not the spammer's customers. Spammer's don't mind a .005% response rate, and are the kind of people who actually buy from spammers going to adopt filtering? (We can't really force them to, can we?)
One line blog. I hear that they're called Twitters now.
'Animats' - can you drop me an email about your spam hunt? I work for a British magazine and I'd like to do a story. It's ian.harris@futurenet.co.uk, or +44 1225 822818
Open relays aren't the problem that they were a few years ago. These days, spammers mainly use open proxies these days. (Which hides the traceback past the proxy.) The high volume spammers seem to buy their proxy access, but quite a few scan for open proxies on DSL lines to do their dirty. (A number of people install something like AnalogX to allow junior to share the DSL connection, and share it with the rest of the world too.)
There's a jerk in 199.183.* space (rasserver Florida) who scans 8888, 8080, 8000, 6588, 4480, 3128, 1182, 443 and 80 every week or two. One day I'm going to leave a trap on one of those ports.
One line blog. I hear that they're called Twitters now.
Kind of funny how this was published just yesterday...
fsck -u
How do those spammers know I have a small penis anyways?
Why don't those in charge, like the IETF or whomever, just frickin' rewrite the Simple Mail Transfer Protocol and GET IT OVER WITH.
"Another thing that would really help is for slashdot people to advocate proper mail server configuration, including disallowing open relays, and education of all of the part-time mail sysadmins out there who perpetuate the problem with their own ineptness."
There's some merit in what you say - it's better to try to educate inept sysadmins than to just sit back and complain about them. But there's an entirely different path available to attack the open rely problem and that path doesn't depend on educating the inept. Instead it's educating the ept, which is about as hard.
For both open relays and open proxies the problem is that they exist AND are easily discovered. If a spammer makes a test for open relay or for open proxy the results are over 99.999% accurate. The spammer has no difficulty at all while that is true.
Salt the stock of open relays and open proxies (as determined by the types of tests the spammers now do) with fakes and the situation is very different. Then the spammer could just as easily be sending his abuse-path spam to a system controlled by someone who knows the score as he is to be sending it to a system run by a bumbling sysop (so the more bumbling management you can fake for the false abusable system the better you do.) In addition running the fake is very easy - take any standard MTA and make it accept relay email but deliver nothing and you have a trap. When you want you can force delivery of one of the test messages that comes in - then you deceive the spammer and you also know which spam is associated with that test message source (if it's fixed) and destination. Windows users can run Jackpot, which pretty well automates the whole thing: http://jackpot.uk.net. Run Jackpot in its default configuraiton a while and just trap tests. when you're ready configure it to relay and turn off relay as soon as one test message has been delivered.
The same approach works for open proxies: fake an open proxy and the spammer will try to send spam through it. with open proxies you've got a better chance that the spammer made his contact form his own IP (some spammers even test for open relay through open proxies. Some still test from their own IPs.)
When you do this you become the person in charge. The limits of what you can accomplish haven't even been established yet. Additionally, this isn't the only approach that can be taken against spammer abuse. ISPs with abused open proxies should find it very easy to trace the abuse back to the source. If the ISP would intercept proxy packets from identified spammer IPs then the spammer suddenly loses all power over all the open proxies in that ISP's entire space.
There's still more - that's enough for now.
when a mail is recieved check the mail server it comes from
if it is one of the mail exchangers for the domain of the from address allow it
if it matches a list of allowed servers for the the from address allow it
otherwise send back a message to the from address with a activation code which they can use to get that mailserver allowed to send mail from thier e-mail address
this will be a lot of work for the mailserver but cpu time is a lot cheaper than human time
the only issue here is ligitimate mailing lists i expect that there would have to be a way for users to add servers which could send to thier adress unrestricted
I had been doing the mailings for our legitimate (customers/registrants with opt-in/opt-out ability) bulk emailings, and so I was the natural go-to guy when someone fairly high up in the company was going to buy a bunch of addresses. I said something like "Isn't that against the law?". They responded that we would be using a real return address, not like the spammers, etc. "That doesn't make it any less unsolicited," I replied. That was the last that I heard about it.
Like the friend you were talking about, the company was only resorting to this out of desperation (we had our fourth round of layoffs shortly after that, and I was one of the 50% that got the axe, although I'm fairly sure it was not in retaliation). Like the "hippocratic oath" idea you were talking about, it was the moral stance of one individual that stopped it.
I have no idea if what I did would work elsewhere, but there is a very useful nugget in here if you are in the same situation--"Isn't tat illegal?" is a response that is hard to respond to. Instead of you being the bad guy for not doing what you are asked, they are the bad guy for asking you to do something illegal. Not that it is risk-free--some people would probably happily fire you. But if they fire you for not doing something illegal you have recourse for that, too, at least in some states.
Liberty uber alles.
Tell her about AOL's and EarthLink's legal awards. Others suing spammers as well, including Microsoft.
I'll see your senator, and I'll raise you two judges.
That's what I say. My main email account has never had a single piece if spam in over four years. While I do get spam on my hotmail account (and expect it) I have set the filtering to extreme and created white lists. I maintain the white lists whenever I sign up for a service that I want correspondence from. How hard is that? Spend a little time and due diligence on my part and viola! No problem.
Ahem. You weren't even going for FP, just the far lesser TP, and yet still...
YOU FAIL IT!
Go back to sucking cocks instead of posting 'em, tosser.
Seeing articles about these people actively combatting the very sources of SPAM just warms my heart. Hell, I'd pay double for that kind of service.
I've been on Earthlink since sometime in August or September and have had no problems at all. (I must say that the TimeWarner installer-guy was way cool, too. He didn't much favor TimeWarner but he knew what he was doing, for sure. He had even heard of the Gateway/AOL "Touchpad" that I had worked on for Transmeta! This guy was on the ball.)
Jeez, do they have a "Donate to Earthlink" site? How 'bout a "tip my install guy" link? Hey, now that sort of thing would be sure to improve service, don't you think?
Please read the FAQ before you post - http://www.spamfaq.net/
BTW, your sighting has been reported already, see Google groups
VKh
So she turned to a life of crime and sleazery after losing a juicy gubbment contract? Wah. She sounds like a one-shot Batman villian -- a couple of bad days and suddenly she's a masked vigilante.
I've been on the skids too. Putting that kind of time and effort into FINDING A JOB was much more satisfying than hitting up my tech-buds as accomplices to degrading the Internet yet another notch. Well done, Obi-Wan, your failed teachings have brought another soul to the Dark Side.
Thanks for putting a human face on the issue and all, but really.
GMFTatsujin
Spam is a major part of your bandwidth bill
I call bullshit. I would venture that the bandwidth used by downloading movies and music (oops, sorry, I meant "previewing"), combined with surfing and gaming bandwith FAR, FAR outweighs a few hundred kilobytes of unwanted spam.
Spam sucks, but let's not make things up here, guys. Keep things in perspective. No need to lie.
Like woodworking? Build your own picture frames.
I recently started receiving a much larger volume of spam then usual from Yahoo! so I fired off another email to abuse@yahoo.com with the appropriate information or so I thought.
Yahoo! promptly replied to me inquiry and said that they had reviewed the email in question and that someone had forged the email header so it looked like it came from Yahoo! and there was nothing they could do... but then later on in the same email Yahoo! that stated they track down people who abuse Yahoo! email including forgeries... so why not this one...
So what is a poor spam wallowing fool to do!
I think eliminating FREE email could go along way in curbing this problem. IMHO
the solution of cours is that you invade the axis of evil sheltering spammers and other terrorists and bring the US law to hurt them.
Yesterday Afghanistan, today Iraq, tomorrow the world.
As long as spammers are paid, they'll find new
tricks, much like pushers do with addicted people. Hit the company paying them, make a list of companies using spam as advertising method, destroy their "public image" by pointing out the truth, they're filling you email inbox with tons of useless message you'll never read anyway and wasting precious internet resources that may lead to an increase of ISP subscription costs.
Doesn't it bring to mind the image of a fat teenaged jackoff when you hear people call it "porno" instead of porn?
Porn is such a more elegant word, you can kind of get a manly growl saying it "pooorrrrrn". But the word "porno" reduces you to a high-pitched, whiny, barely pubescent sound.
Real men look at porn.
Dorky boys say "Hey guys, look, I've got some porno and a new D&D video game." If you're going to beat off several times a day, at least change the sheets once a week. Otherwise you end up with a smell in your room that you don't notice, but everybody else does. Especially your mother. It's really disgusting.
someone in FLA please hurt them really bad. thanks.
When I used dialup and had an Earthlink email address, I regularly received spam from Earthlink advertising great deals on printers and other stuff I didn't want. The usenet groups dealing with Earthlink were full of complaints about this spam, but they never responded. So what do you do when your own ISP insists on spamming you?
Ok, here's a neat project for the self proclaimed spam hater - and I know that at least 80% of ./ people are capable of doing this...
Develop a Honeypot mail gateway program desiged to suck in a spammer into using it. Then, gather all kinds of goodies on the spammer. And obviously don't pass the mail.
Make it easy to use and install on Linux, WinBlows, BSD. Make these proxies smart enough to be "fingerprinted" as a "good score" for spammers.
I know a number of people doing this already, but I'm talking about putthing this out on a massive scale.
Unfortunately, that won't help the bandwidth problem, but it WOULD somewhat dilute the spammer's proxy resource, plus these fake proxies can also have some good tracing features.
Maybe Sun should switch to going after spammers, because suing MS doesnt seem to be going so well for them.
Manipulate the moderator system! Mod someone as "overrated" today.
I have a friend who was doing freelance web development, he was hired by someone sleezy a while back, eventually it came out it involved spam. I gave him shit about working for a spammer, but above that, what are we supposed to do?
The IT community in general isn't an elite social club, that's what made us unique and powerful in the first place, we are a loose collabration of people with common interest. We disdain elitist clubs and the accompanying politics on the whole. We respect knowledge and skill, not political gyrations to sleeze your way into the "in" crowd.
So, with such an amphorus social structure, how would such an ethical structure be imposed?
I've had enough abrasive sigs. Kittens are cute and fuzzy.
WOULD YOU FAFFGOTS STOP IMNING ME!?!!!
god dman dont you loosers have anything better to do
Sure. I know murder is illegal. But, it seems to work in many spots throughout the world. In fact, if anyone read the WSJ yesterday, vigilante squads in a poor Rio neighborhood has eliminated crime, as compared to slums surrounding it. And the people love it and accept it. I say we do the same with spammers. Find them. Make them disappear w/o a trace. Buh bye, now!
It's someone who is desperate.
Much - if not most - property crime is committed by people who are desperate. That doesn't make it right. In a first world country there is always another choice - even if it's getting a job packing groceries, waiting tables or flipping burgers, or evIt's someone who is desperate.en collecting unemployment benefits.
To put it another way, it's easy to be honest when you're doing well while being honest. It's the choices you make when things get tough or there is an opportunity to do better by being dishonest that make the difference between who is sleazy/amoral/unreasonable and somebody who is honest/moral/reasonable.
Your "friend" merely had no prior reason to demonstrate that she was sleazy, amoral and unreasonable.
Sometimes I think my undergraduate degree is worth about $19.95. This is why I'm getting another worthless degree now. But at least this time they pay me to go to school.
Well for WinBlows there's already Jackpot: http://jackpot.uk.net. It works pretty well.
For Linux, sendmail can be used as a honeypot, if the Linux system isn't already running sendmail (I think the best honeypots are systems with no real email function, where that means email using incoming port 25).
What you propose would be a great beginning project for a programming class that's up to the point of doing network programming. Give them the SMTP spec and tell them to create something that looks like an MTA but isn't.
There's also been a Perl version of a honeypot posted to NANAE maybe over a year ago. the author saids there was a second, better version but I don't know anything after that. Really it isn't that hard, particularly if you just create an abuse email grabber. The author of Jackpot added in code to deliver detected spammer test messages and when the author did that he simply incorporated another person's MX lookup - he didn't try to reinvent that.
There are 43145 recipients so far for the current spam run. The only network traffic is the spam coming in - there's a total of just 70 messages for all this spam. If the messages went out there'd be a whale of a lot more network traffic - the spam would go to quite a few different ISPs. So I burn some incoming network bandwidth in order to cause the spammer difficulty.
Another good project would be open proxy honeypots. One important thing about those is that if a spammer is hiding his own IP by going through a chain of open proxies then some open proxy is first in that chain. If that's a honeypot the spammer has given himself away to that honeypot. It should be obvious, too, that more effort in seeking out proxy logs would also give ammunition against the spammers.
My honeypot (the one that so far has 43,145 recipients) is a standard (but old and obsolete) MTA with the output mail queue stopped (it's a VMS system.) I manually forced delivery of a relay test yesterday - that's why the spam started. Almost anyone with a good working knowledge of some MTA can do something similar.
(How "old and obsolete"? It doesn't know EHLO.)
Yesterday's (5/7/2003) eddition, front page. Any reasonably equiped library should have it. I don't read their online version so I don't have a URL.
If they don't, then they shouldn't have sued in the first place.
Earthlink was spending money on bandwidth from when the spammer first started, so they may get a net win even without collecting.
There should also be some deterrent effect on other spammers.
One of his clients stated that on a supposed run of millions of pieces of spam there were 36 orders returned. At 10 dollars each, the spammer got $360 from the client selling HGH.
Geez, people ...
I DROPPED Earthlink like a hot turd precisely because THEY WERE SPAMMING ME and wouldn't stop. They don't call it "spam" (of course). They call it a "special offer" (or some such nonsense). Point of fact -- They can e-mail me my bill and any announcement directly impacting my account. ANYTHING ELSE IS SPAM.
It kills me that these bastards are claiming to be SPAM BUSTERS and getting away with it. Check ANY UseNet spam-busting group to get the straight dope on Earthlink.
Scare her away.
Call her from a public phone.
Mask your voice.
Tell her that you got a UCE from her.
Tell her that you tracked her down.
Tell her that you know where she lives.
Give her a detail or two so she'll believe this is serious.
Tell her that if you get another UCE from her, you'll come to her place and her.
And her parents.
And her cat too.
Hang up.
In the end, you'll be doing her a favor.
I owe my enormous penis, large breasts, million dollar bank account, eternal youth, repaired credit, unbeatable mortgage rates, escapades with horny house wives and increased sex drive to these guys. I really hate to see them lose in court.
I apologize for not responding to all of the excellent responses in a more timely fashion, but I am currently switching companies and moving my residence so I have been somewhat distracted. I was pleased with some of the suggestions of the responders and intrigued by some of the solutions that have been cobbled together by able administrators using existing tools. The question I would like to propose to the honeypot and the jackpot users is this:
What do you plan to do with the e-mails or IP addresses that you log in your trap?
The spammers probably do not care if you catch them red-handed if there is no threat of serious punishment (fine or imprisonment); they will simply switch ISPs and resume their spamming activities. Let me be clear, I believe that honey pots are valuable for understanding the tactics used by spammers and for raising the barrier of entry (limiting the number of small time operators).
In response to the post concerning filtering effectiveness and spam deterrence:
I question the notion that spammers would be stopped simply by extremely low return rates. In fact, I have heard that a response rate of approximately 1/10 of 1% is considered a resounding success by these spammers. It is also widely known that large volume spammers employ software tools written by secretive foreign companies that only accept payment in bank wire transfers (BTW: any software developer that would work for these companies really has joined the dark side). Thus, it is difficult for me to see why a low success and response rate per message would be a deterrent. The spammers will simply up the number of messages to compensate for the lower response rates and thus aggravate the aforementioned bandwidth problem.
Thank you all for taking the time to respond.
What's her email address, name and street address?
Life is too short to proofread.