Slashdot Mirror
In Pursuit Of A Spammer
Kyle writes "Over at DSL Reports, We are currently pursuing a spammer from the West Palm Beach, Florida area. This wouldn't normally be news, but we think Slashdot readers may be interested in just how successful we have been. What's more interesting is that the spammer appears to be posting in the thread."
Not to nit pick,but...
/20 for a $4000 to $10,000, because they are going out of business.
Most big time spammers go right around the "TOS" by becoming an ISP themselves. All you have to do is buy a block of IP's from someone who has them up for sale. Believe me there are plenty of people who will sell you a
Next all you need to do is find a bandwidth provider and you're in business. Most bandwidth providers don't care what you do with your bandwidth as long as it's not illegal. And there isn't a lot of solid case law that spam is illegal. (I know we're all hoping for legislation to come through, but not yet...)
And there you go, no "Terms of Service" to break.
I hate spammers as much as the rest of you, but I really hate zeolots who have no idea how the business even works. The more you know about spammers the easier it will be to combat them.
Maybe I'm just jaded because most of my day is spent blocking this low-lifes.
Here in New Zealand you'll often see mailboxes with "no junk mail" stickers on them. When I worked in retail years ago we made sure our junkmail delivery company avoided stuffing those boxes - it's just not worth the damage to your brand name to upset them.
I am a leaf on the wind
DSL / Broadband reports is not a DSL provider. They are a website devoted to issues surrounding broadband Internet access. While I fail to see any real useful information in the post (or the thread), I also fail to see how this is advertisting. Their site doesn't even contain ads.
Call up your local post office and tell them you want to refuse all fourth class mail.
That will get rid of the majority of your postal problem.
As always, its wise to read the material before commenting. Usenet has several examples of spam that was sent on 6/22/03 whoring antispamcard.com. In addition, they are selling another company's software without permission.
personal speech is protected, commercial speech is not.
This particular spammer is selling another company's software without permission.
Yes, you are. After the messages, we determined they've been sending spam. In the thread are linked a few examples of the spam they sent on 6/22/03. Searching groups.google.com, several pieces of spam can be found from both Heckman and Deckard.
Thusly, the title of the article is In Pursuit of a Spammer. One company has already stated that legal action may be pending. We've only just begun.
If you've read the thread you'll notice one comment is a quoted reply from a business which says they're going to file charges against the spammer. The reason being something to do about the spammer selling their software without a contract or license.
Certainly there is freedom of speech. But commercial speech does not enjoy the same freedom as private or political. There are limitations on all forms, but commercial is the most limited by far.
I registered a domain name with a service that provides email forwarding. (registersite.com)
:) when it got too much spam, i deleted it, and created a new one (spam1)... lather, rinse, repeat.
then, i created an email address (spam0) and use that for all my risky behavior.
also handy side effect, when i change isp, i just update my forwarding address. i have a nice permanent email for myself.
works good!
-ave
...or maybe not.
Someone sent a couple of spam messages to a forum. Apparently they picked the wrong forum because now the whole rat-pack is trying to track down the sender.
Using google, who-is databases, other directories, some luck and some pluck they have unearthed all details of that guy (Name, address, phone number, company he works for, color of his underwear and so on).
Being a rather slow day on Slashdot, it makes it as one of the stories of the day.
First, I am not a lawyer. Nor do I play one on TV.
I don't think advertsing should be either. Certainly the framers never considered advertising as political dissent in need of protection.But protected speech is not necessarily just about dissent, but also about social value. To just pop an example of commercial speech that could also have social value ( depending on your social values, I guess ) from Google: Bigelow vs Virginia (1975), which held that advertising the availability of legal, out of state abortions was considered protected.
Now, back in the day, commercial speech didn't derive any first amendment protection - now it has limited protection, under something called the Central Hudson test. This is a four pronged test that provides guidelines as to where the government can restrict commercial speech, and you can read more about it at abuse.net ( great article ).
The meat of Hudson is in the first prong, which basically rejects the protection of misleading speech. See the above posters' comments about fraud. The other prongs alow the government to interdict if it has substantial interest in the area under discussion.
Astoundingly, much of this transition from non-protected to limited protection can be laid at the feet of consumers, who brought suit to protect their right to receive factual information ( Virginia State Board of Pharmacy vs Virginia Citizens Consumer Council (1976) ).
One god, one market, one truth, one consumer.
Take a look at http://www.spamgourmet.com.
You can make up email addresses on the fly and limit the number of replies to any quantity you like. When the number is exceeded the email is eaten.
It was considerably more than two. The forum moderator deleted most of them within an hour or so after they were posted. Those that remain were left as evidence after someone defending the spammer joined the thread.
1) Someone posted an ad to a forum.
2) Someone on the forum demonstrates his l33t whois and google skills.
3) Lots of fanboys cheer on our hero.
The net effect? Very little.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
Cool! Can I come to your house and exercise my right to kick you in the nuts? Of course, you have the right to block it.
How do you feel about the hundreds of internet worms and script kiddies and failed spam relay attempts that are interfering with the bandwidth you pay for? Is that OK too? Mind if I run an extension cord to the outlet on your patio so I don't have to pay for my own electricity? Of course, you have to right to unplug it, but I'll just come back tomorrow, and the next day, and the next day. And I'll tunnel under your house and tap into the wiring in your basement where you don't see. But you have the right to spend every waking hour trying to stop me from leeching off the stuff you pay for. I hope you don't waste too much time fighting me, though... I need you to go to work and earn money to pay for the stuff that I'm stealing from you, so that I don't have to go to work myself and earn an honest living. Wow, I love your attitude! Maybe I can hook myself up to your water and gas lines, too.
There's cyber-libertarianism, and then there's advocating total lawlessness. When everybody has a "right" to do whatever they want to anybody, that's the same as nobody having any rights at all.
In his comment he claims to be the victim of a DoS attack. Pleading,
--Jimmy has fancy plans; and pants to match.
There were many messages and the moderators of the antispam foum at dslreports/broadband.com have deleted all but a few of them.
/.ers not knowing anything about dsl reports/broadband.com. It's like the consumer reports of xDSL and Cable broadband. There is even offical online realtime tech support provided in some of the ISP forums by the some broadband ISP's . ISPs are rated by the consumer there as well.
I am really having quite a laugh about so many
As you can see I don't care about my karma.
junkbusters.com
or dmaconsumers.org
To get rid of messenger spam, turn off the messenger service. 2000/xp
Start->run->services.msc
right click on messenger->properties
set startup type to disabled, then click stop.
(If the service doesnt stop, you may need to reboot)
Done!
Solution: Don't buy anything you get a spam for.
But you might not know how the spammer gets paid? Again I do know because I used to work for these people. There are three different contracts a client can make with a spammer. First is paying a set amount of money per each email sent, this is very small amount, 1/100 of a cent. So the money to be made for a spammer is in the number of unique email address he/she can send email to. The second contract type is page views. You know the spam with the pretty graphics. Under this contract type, each time you open one of these emails the spammer gets paid. And just how does the spammer know you opened one of his/her email? The images come from the spammer's web servers and logs you image request. It is a little more complicated than that but you get the picture. And last contract type is web traffic to the client's site that results in a sale, again not going into details. Cha-ching, they both get paid.
Before you start whining that you don't buy any thing that was spammed;
1) Someone out there does and you can't stop them.
2) I don't care.
The only other recourse is to try to get the spammer booted off of his up stream provider. The spammer's provider(s) could be some little Podunk ISP or leased lines from the big boys. And the only way to get them booted is to complain to the right people, and no the /. forum is not the place.
How is this done?
Forget about doing whois on any domain or machine names you find in the email headers, they are most likely forged or just plain crap string of characters. Grab the first IP address of the smtp server closest to the origin of the message. Take that IP address and go to www.arin.com and pug it into the (IP) whois search. (ARIN assigns the IP addresss in the US and knows whom they are assigned to.) If the IP address is assigned to a US company it will give who and how to contact them. If the IP address is assigned in another country then the registry will be listed and just follow the link and repeat the (IP) whois search there.
Usually an abuse@the_ip_owners email address is listed. Now you have to do is forward a copy of the spam to that address. If enough people forward email/complain spammers get the boot.
Will you take the blue pill or the red pill?
Summary:
/.'ed), I think.
Dslreports maintains an anti-spam forum, which discusses spam-fighting techniques. A recently registered user, AntiSpamCard, posts to the forum advertising its spam-fighting product, AntiSpamCard. This violates the rules of the forum, so another user, AmeritechTech, looks up the domain registration information (registration service: RegistryFly.com). It is full of false information (mostly na, na, na filled in everywhere). AntiSpamCard claims that false info is RegistryFly's fault. Further investigation leads AmeritechTech to believe AntiSpamCard are, in fact, spammers. The evidence:
- Privacy statement on antispamcard.com states that they have an opt-out policy on receiving info
- Domain listed as unwelcome here and here
From these sites, AmeritechTech discovers that antispamcard.com and putamericatowork.com are both owned by Brad Heckman in Palm Beach, FL. IP address for antispamcard.com seems to be within a block assigned to Crescive, Inc. (not to be confused with some car company), which is also mentioned on antispamcard.com. The host for this block of IPs is traci.net. Traci.net has a strict anti-spam policy. Name servers also appear to be owned by Brad, and hosted by traci.net. Registration of the domain names of the name servers also has na, na, na filled into most fields. Putamericatowork.com turns out to be hosted by aitcom.net, which has a very strict anti-spam policy. AmeritechTech also claims Brad owns spaminsurance.com, but I'm not sure why. IP in the same block (which it is) and identical layouts (can't check, antispamcard.com
After various emails to the various hosting companies, antispamcard.com and spaminsurance.com magically have valid registration information. AmeritechTech also gets an email from Brad from igpbrad@hotmail.com (remember that email) saying the registration info is updated. Antispamcard.com registered to Brad, spaminsurance.com registered to Chad Deckard. Same guy? Associates? Who knows, but there seems to be a link (in later posts, this is contested by "mystery poster" Ry2k, but the link seems pretty strong). Hunting around for Chad Deckard stuff turns up claims on this board that he's associated with a scam to sell Kazaa "Gold", which is really just Kazaa Lite, but with a 9.95 price tag, plus it harvests your email. The site's still up, but I couldn't repeat the behaviour claimed by the message poster (posted back on Sept. 11, 2002) that takes you to infogeneratorpro.com, which seems to be the site registered to Chad. Also conspicuous is that Chad's name shows up on putamericatowork.com, a site owned by Brad (link). Also VERY conspicuous is that Brad emailed from igpbrad@hotmail.com, i.e. InfoGeneratorPro? Maybe a coincidence...
Some more looking uncovers other domains in Chad's name: infogenerator.com, usub.net, and finder-network.com. This is along with spaminsurance.com and infogeneratorpro.com. About this time Ry2k shows up to claim that Kazaa Gold was just a client of Chad's, and when Chad found out what they were doing, the account was eliminated. Ry2k claims to be a former employee of Chad's, and warns the forum of tarnishing the good name of legitimate businesses in their persuit of spammers. I go to bullet mode, as it's getting late, and I'm tired:
- Reverse look-ups on contact info for antispamcard.com produce a fax number registered to infogenerator.com.
- Domain name servers (safeidentity.net) for antispamcard.com has contact info updated to Crescive, Inc.
- Someone points out that RegisarFly.com may be shady, something about "using CNAME for their MX records". Maybe someone can fill me in...
- google groups turns up complaints about spam from
"Now gluttony and exploitation serves eight!" - TV's Frank
Using a CNAME for an MX record is generally frowned upon, since it may not point at a valid A record, or, in fact, an A record it all. CNAMEs can point at any sort of data.
/24 is to CNAME the .in-addr.arpa entries to a zone under the control of the people who have the small allocation, for example.
The recommended way to delegate reverse DNS for blocks smaller than
You're doing it wrong.
"Why is Florida such haven for spammers?"
Answer: nothing prohibiting spam and looser pornography laws than just about any other part of the US. Those seniors need their porn...hmm, this is going in a direction thats beginning to give me the jibblies.
Take my tip, and send all your Florida spam to the state attorney general (ag@oag.state.fl.us). Its appropriate, since a lot of it is fraudulent anyway.