Slashdot Mirror

← Back to Stories (view on slashdot.org)

I, Spammer

Posted by michael on from the hoist-by-own-petard dept.

PCOL writes "The Washington Post is reporting on testimony before the Senate Committee on Commerce, Science and Transportation by Ronald Scelson, an eighth-grade dropout and self-taught computer programmer from Louisiana, who claims that he sends between 120 million and 180 million e-mails every 12 hours, that he can break sophisticated software filters 24 hours after they are deployed, and that he has no choice but to resort to forging the sender information in his bulk e-mail so he can be anonymous and maintain his connection to the Internet. He added that he obtained all his addresses legally and that AOL gladly sold him the company's entire customer directory which Ted Leonsis, vice chairman of AOL, did not deny." It's a tough life. Here's another story about the Senate committee meeting.

17 of 730 comments (clear)

  1. Dang it, there goes my stomach lining... by Saint+Aardvark · · Score: 5, Interesting
    "This is censorship," he said, arguing that both anti-spam vigilantes and Internet providers that filter out spam are depriving people of their right to see their mail.

    Dear God, I hope the committee saw through this pathetic little charade. Last time I checked, I had no oblighation to pay to receive advertising; I had no right to force others to pay the cost of carrying that advertising; I had no right to force others to put up with the deluge of complaints about that advertising.

    And if he's right about AOL selling him their membership list and spamming their members (and AOL VP Leonsis' weasel words about "letting members opting out" does nothing to make me think otherwise), all that means is there are two assholes there instead of one. It doesn't give him any moral high ground.

    But at least there's the proposal for a "federal antispam SWAT team". I'd pay good money to see a live video stream of that take-down.

    --
    Carousel is a lie!
    1. Re:Dang it, there goes my stomach lining... by Dark+Paladin · · Score: 5, Interesting

      For me, the key word is "pay for spam".

      One of the reasons why sending advertisements over the Fax is now illegal (without prior authorization, etc, etc, etc) is because it costs *me* money to recieve *your* ad.

      In the case of bulk snail mail, 100% of the costs (if you don't include me physically picking up the mail, looking at it, and tearing the latest "Want a 0% interest credit card that jumps to 30% later?" envelope as cost) is payed by the sender.

      In the case of a fax, *I* pay the paper, toner, etc. So even at $0.01 per ad, if it wasn't stopped I could wind up paying hundreds/thousands a year for the honor of recieving ads.

      In the case of spam email, I believe that the same conditions apply. While I might not pay directly $0.01 per "spam email sent", I am paying by having my web space taken up (for those with ISP's that limit their mail boxes to 5 - 10 MB). And if my business relies on emails, *your* spam interferes with my ability to do work, thereby costing me money.

      Add in that most spammers forge their address, hijack (or at least use without permission "open relays" (who should be closed anyway, yes, I'm looking at you, China, Korea, and any other country who's causing this problem)) other people's mail servers (thereby costing the mail server money they did not want to spend on bandwidth, storage, processor, etc).

      I should hope that the Senate should make a very simple anti-spam plan:

      If you send an unwanted email as an advertisement, you must have a method of truly getting someone off of the list.

      If you sell the email addresses of your clients, you should be required to state to whom they have been sold so you can opt out *before* you get spam mail.

      There should be a "national opt-out" spam list that all spam senders must check before sending a message.

      Violating these agreements, or sending another message after the user has "opted out" is punishable by a $1000 fine per email sent.

      --
      52 Weeks, 52 Religions with John Hummel
  2. Why do people do this? by blumpy · · Score: 5, Interesting

    Why do people bother with doing crap like this? Just because they can? This guy has the mentality of a script kiddy. Someone find his info and organize a snailmail spam-a-thon.

  3. Slam his customers by st0rmshad0w · · Score: 5, Interesting

    Ok, another spammer, joy, so when are we going to start getting lists of those who HIRE these urchins? I frankly would love to start re-routing all the spam that comes to me BACK to the idiots who hire spammers. Oh, and how about some postal addresses on these spam-buying scumbags too, eh?

  4. Nothing Good Is Going To Come Of This by nemski · · Score: 4, Interesting

    Why do I have this knot in my stomach as Congress prepares legislation to stop spam? Remember when they 'deregulated' the cable industry and all our rates went up? I know it is possible to go from bad to worse, but what is after that?

    --
    Some people have a way with words, others not have way.
  5. He's the Norton SystemWorks guy! by sulli · · Score: 4, Interesting
    Watch for the lawsuit, Mr. Scelson:

    Scelson, who said he does not distribute mail containing pornography, said one of his biggest clients sells a package of anti-virus computer software called Norton SystemWorks at cut-rate prices. Officials at Symantec Inc., which makes the Norton software, said in an interview that although they have not seen the package Scelson's client is selling, other similar offers that they have tracked down have proved to be counterfeit.

    I get 1-2 Norton SystemWorks spams a day. If they're from this fucker, let's hope the Symantec people are able to find out where he lives, and sue him into oblivion.

    --

    sulli
    RTFJ.
  6. Scelson, as all spammers, is a liar by gorbachev · · Score: 4, Interesting

    There is NO way he bought the AOL address information from AOL.

    One thing to keep in mind when talking with spammers is that they always lie. They lie to themselves ("everything I do is legal", "I am forced to hijack open proxies") and they lie to everyone else ("Here's the information you requested").

    The career spammers are, indeed, bold enough to even lie to the US Government, face-to-face. Too bad the US Government is usually totally cluefree when it comes to the spam problem, so these conmen get away with lieing to senators.

    Proletariat of the world, unite to kill spammers. Remember to shoot knees first, so that they can't run away while you slowly torture them to death

    --
    In Soviet Russia, I ruled you
  7. Return to sender! by st0rmshad0w · · Score: 4, Interesting

    I think I have it. If we get the spammer's postal address, and the postal address of those who hired him, maybe we should just print out all the spam we get and sent it to the one who hired him postage due. :)

    As an added bonus use the spammer's postal address as the return address.

  8. Lots of good info here... by johannesg · · Score: 5, Interesting
    "People still buy this stuff," he said, claiming that his clients get a response rate to his e-mail of 1 to 2 percent.

    Let's say 10 million emails per hour (lowest), 1% response rate (lowest), that's 100,000 responses per hour! That means that over the course of a year, we are talking about 876 million responses. Divide that by the 165.75 million internet users in the US, and we learn that each and every one of you respond to him 5 times per year!

    Well, maybe he spams the entire world. I have no idea how many internet users there are in the world, but let's say it is something like one billion. That means everyone responds to him almost yearly! Amazing! Now I only have one question: those responses, are they sales or deaththreats?

  9. Another bad Slashdot analogy by JSkills · · Score: 4, Interesting
    Yes - many people use analogies to make their point on Slashdot - so here's mine.

    People need to guard their email addresses in the same way they practice safe sex. Don't go sticking your email address just any old place ...

    Ok, that was bad. The exceptions are cases where your ISP screws you and sells your name (like those sorry AOL customers had happen to them) or people who use brute force address guessing algorithms.

    Although I think the legislation being considered is a good first step --

    The Burns-Wyden bill would make it illegal for bulk mailers to forge their sending location, have deceptive subject lines or prevent users from removing their names from e-mail lists. Owners of networks would retain the ability to block mail, and the legislation gives Internet providers legal standing to hunt down and sue spammers.

    The committee also heard from Sen. Charles E. Schumer (D-N.Y.), who advocates a nationwide do-not-spam registry similar to a newly created do-not-call telemarketing list, plus an international treaty on spam.

    Nothing really beats good filtering. I put together a server side filtering process using a Mail::Audit. I support several end users who can administrate their mail rules (e.g. block if subject has "viagra" or if sender is spamboy@jizzmop.com, etc.) using a web based interface and MySQL back-end. People can share rules as well. It's working pretty well for everyone. Additionally, Mail::Audit allows you to tap into the RBL which essentially will give you an "unlisted number" - only those you have expilicity granted permission to recieve from can reach you. Sounds extreme, but I get ZERO spam.

  10. Here's an idea. by Greg@RageNet · · Score: 4, Interesting

    Here's a proposal, as it seems like the world is moving closer to 'whitelist' (reject by default) method of spam combatantcy. Perhaps there should be a global whitelist set up, where a user signs up, and must verify their mail address, then the mail address is MD5 hashed and stored in a database. Recipients recieve an email from this sender they simply hash the from address and check to see if the hash exists in the database. If it's present the mail is accepted, if not, rejected. Solves the problem of invalid from addresses always used in spam, as well as solving the problem of preventing data-mining of such a 'whitelist' database by spammers (as it contains only checksums).. And it solves the problem of being able to recieve messages from people you haven't personally explicitly whitelisted; ie. old friends from highschool, aquantances with new email addresses, etc..

    Whaddya think?

    -- Greg

    --
    Slashdot, would a spell-checker for posting be too much to ask? It's not rocket science!
  11. Re:Spamming != bulk mailings by misterpies · · Score: 4, Interesting

    To go wildly offtopic...

    Postage stamps were first introduced in Britain, in 1840. As you say, before then it was the recipient who paid for the mail, not the sender.

    Now in those days that was sensible, since there was no mail system as such anyway. Cash on delivery was the only way you could be fairly sure that the messenger would actually deliver your letter -- since if he didn't, he wouldn't get paid.

    Problem was, people cheated the system. Early hackers, shall we call them, figured out that they didn't need to have their letters actually delivered & paid for to communicate. For instance, if someone wanted the answer to a simple yes-no question (remember, all long-distance communication was by letter then, so this happened a lot), they could set up a code for the response to be communicated by the colour of the envelope. So: messenger arrives with a letter -- but the recipient, having seen the colour of the envelope, says he doesn't want it and refuses to pay.

    Solution: set up a national postal system that people trust, so they're willing to prepay for delivery.

    Of course, 150 years later and US phone companies make the same mistake with cellphones. Charge people to receive calls + caller id -> don't answer, just call back on a land line.

    --
    The author of this post asserts his moral rights.
  12. Even worse than being spammed by cmpalmer · · Score: 4, Interesting

    I've grown used to logging on in the morning, deleting 20-50 spams that made it through my ISP's filter, then reading the 1-10 valid messages.

    Until a few days ago...

    Then I started getting bounced messages showing up in the inbox. First a dozen or so, and now 300+ per day. Some unscrupulous bastard put my e-mail address as the return address on those damned "Penis enlargement" spams and sent out a coupla hundred thousand. All have a different name ("Buffy", "Steve", "Frank", etc.), but all with my e-mail address.

    I've had that address for nearly 10 years, which is the reason I put up with spam on it, but now I'm going to have to kill it all because some moron (the messages originated in China according the to headers) picked my name at random to hide behind.

    --
    -- stream of did I lock the front door consciousness
  13. DMCA by Zed2K · · Score: 5, Interesting

    "He boasted that in 24 hours he could crack sophisticated software filters designed to block spam."

    So isn't that in violation of the DMCA? Or am I stretching it? If he said he could get around them then its different but he specifically said he could crack them.

  14. Blacklist AOL on your mailserver!!! by Medievalist · · Score: 4, Interesting

    After dozens of attempts to get AOL to implement the most rudimentary outgoing filters on their Email system, and getting ZERO response, I have regretfully informed our user base that we will no longer accept any Email emanating from any machine with an AOL.COM IP address.

    They are breaking the rules of the Internet (see: SMTP RFCs) by improperly implementing postmaster@aol.com (see rfc-ignorant .orgfor details) and their mail relays have sent hundreds of viruses into my domain.

    I have asked all AOL users at my site who wish to continue emailing their home addresses from work to get a new service provider and given them two months to do so. I have recommended several small local ISPs to them that I know provide good service and never allow easily detected virii like Yaha, Klez and SoBig to transit their mail hubs.

    We, fellow slashdotters, can use our enormous power as administrators of email hubs to get AOL's attention - since it seems more civilized methods are useless. The social contract of the Internet is simple; play by the rules (i.e. implement the required RFCs) or you are not part of the community.

  15. Re:are you kidding? by DunbarTheInept · · Score: 4, Interesting


    ALso, the USPS is a government sponsored monopoly but it doesn't receive any tax payer dollars. It is self funding.
    Not only that, but it's even older than the government. The post office was concieved under the Articles of Confederation, before the current government under the Constitution. And not only did it pay for itself, but it was once the primary source of revenue to fund the government.

    --

    Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.

  16. has everyone missed the point? by maxpublic · · Score: 5, Interesting

    Do you honestly think Congress gives a good goddamn about spam? Congressman don't have to deal with this shit; their lackeys do.

    This issue isn't about killing spam - it's about using spam as an 'issue' to kill anonymity online. It's yet another attempt by the government to throttle what remains of our privacy, and spam is a very convenient complaint to base this sort of legislation on.

    Thanks but no thanks. I'll take the spam in exchange for privacy. My privacy is far more important than any government attempt to curb unwanted email, especially when it's just a ruse to eliminate what few rights I have left.

    Max

    --
    My god carries a hammer. Your god died nailed to a tree. Any questions?