Slashdot Mirror
From Artist To Spam-Hunter
I am Kobayashi writes "Wired has a story about Andy Markley, a graphic artists, whose business domain name was spoofed by infamous spammer Eddy Marin and used to spam thousands of people. After the incident recurred at a new ISP, and at the risk of his business and sanity, Markley fought back. He tracked down Marin through several spoofed email addresses and several hi-jacked servers, and eventually was successful in getting Marin's current ISP to shut down his account. Too bad he was a graphic artist and not a professional bounty hunter...."
Spamming is such a dirty business that most spammers will commit some illegality somewhere. Their character is rarely that of a saint. And most ISPs will do anything to keep a spammer off of their bandwidth. So if you go after a spammer, there will probably be some dirt to smear him with somewhere.
If you want to do the same thing as this guy, try using SpamCop. Paste the entire email (with headers, duh) there, and it will backtrack the message to where it originated. It will tell you which company it came from, which one is being advertised, etc. For the especially lazy, it will also allow you to send a carbon-copy form letter to all parties involved. Best of all, it's free. Consider donating though, it's worth it.
Again, working at an ISP, we cannot dictate what a user can or should not receive. He should have installed filters.
I think he was having email spoofed to look as though it were coming FROM him, so that people were bitching about him sending it, when he wasn't. I believe this is referred to as a Joe Job.
I assume the grandparent is referring to the ISP providing the spammer with his service, not the ISPs providing the intermediate jumps. I'm pretty sure any ISP would disconnect anyone who it can be proved has been spamming.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
Not necessarily. Most web hosting companies that I have seen will give you X (or unlimited) number of e-mail accounts for your domain. They also have the option of creating a "default" account, where all e-mail sent to the domain goes, if it didn't end up in one of the mailboxes that you explicetely created. This can be useful, since you can just give out random account names at your domain on a whim, and know that all of the e-mail sent there will end up in the same place. It also acts as a backstop to prevent some customer of yours having their e-mail bounce because they got the account name wrong. No e-mail to your domain will ever bounce. It also means you don't have to set up all the default e-mail addresses that people take for granted as being active in a domain (root, webmaster, postmaster, abuse, etc.)
The downside of this is that if a spammer spoofs a totally random e-mail address within the victim's domain, the bounce messages and pissed off replies will end up in one big heap in the victim's default e-mail account. I suspect that's what happened in this case, because there was no evidence that the spammer was pissed at the guy to begin with.
Default e-mail is also a big pain in the ass when a spammer tries a dictionary attack on a domain in order to find valid e-mail addresses. That's when the spammer sends e-mail to a@yourdomain.com, aa@yourdomain,com, aaa@yourdomain.com, ad nauseum. If you have a default e-mail address, *all* of these spams will be delivered. Say goodbye to your disk quota!
- Bayesian filters (or similar) on the SMTP servers, analyzing and SPAM-rating e-mail on a line-by-line basis, as it is inbound to the server.
- Packet-by-packet connection throttling of all connections to the SMTP server, based on the current SPAM-rating of the open connection.
All mail will get through. There are no false-positive or false-negative issues to deal with. There are no freedom-of-speech issues to deal with. But SPAM works only because of VOLUME and this will drastically reduce the volume of SPAM that a server can send, making spamming unprofitable.Not my idea -- someone else suggested the scheme a while back. I wish I could remember/locate a reference.
WCG.net, and told the tech support staff what had been happening. Within a few hours, Marin's account had been canceled.
/24s. Then they feign this concern by "shinning" on those who complain about their dubious customers. Why don't someone ask them about Wholesalebandwidth.com/Optigate?
c efile=1114
Baloney! It is likely that they told Marin to change the domain name before Markley sues and WCG loses their big bonus blood money.
But WCG sounded sincerely surprised to find out the infamous Eddy Marin was one of their customers."
Rule #1! Williams Communications Group is notorious for continuously providing bandwidth to spammers with dirty
Anyone who wants to know about Marin and his scum operation can see it on Spamhaus.org:
http://www.spamhaus.org/rokso/search.lasso?eviden
!@#$% whole-grain cereal. When I want fiber, I eat some wicker furniture. - G. Carlin
"Can you sue for more than your actual costs, to account for the risk you took that you'd be unsuccessful in tracking them down (hence your time/money would be gone with no possibility of being repaid)?"
I Am Not A Lawyer, but I do work in a collection agency.
I believe the short answer is, no. You will never get paid, or receive funds for the actual RISK of your actions to track someone down and receive your due finds. That is part of the situation you are in. As an example, one client will never sue someone for anything under 5k. Period. That's their line in the sand. They feel its not worth the risk. On the other hand, we have one case where the amount is 2 million, and the whole situation has turned into the point where the client wants to get the person, for whatever costs will become.
In short, collections is a giant game of poker with the bluffing and calling to see what you can get out of someone. Is that cruel? Probably. However, that is the attitute of many clients who see it as their just rights to receive their due moneys.
The actual risk taken in the process is never a consideration of the Judge. It would be a consideration of the client/plaintiff/person due their moneys. But it is not a legal fact in the case against someone.
-Very much so needing to remain an AC
No one does spam filtering at routers.
There are filters and blocklists, but they have nothing to do with
routers. Long ago particularly egregious spammers were blackholed at the
router level, but that hasn't happened for years.
No ISP can stop all spam, but given enough resources we can stop most
of it. The problem is usually somewhat like you allude to, that there
is a certain set of people with an absolute horror of a non-spam
message being bounced. They claim "loss of email", and thereupon close
their ears.
But there is a more insidious foe, the scan-and-delete error.
Most admins today have two basic ways to stop spam -- blocking and user-
based filtering. Blocking rejects spam detected (via filter or
blocklist) and puts the onus on the sender to re-establish the
communication. User-based filtering puts the onus on the recipient to
review their spam folder and look for "false positives".
And there are three ways to play your two tools.
1. Little or weak filtering or blocking means communications are lost as
people have scan-and-delete errors due to battle fatigue from their
daily fight with spam in their mailbox. Much legitimate email is
lost, and it is lost and *neither party knows it was never read*.
This collateral damage is spread over every part of the net,
spam-friendly or no.
2. Aggressive filtering and tagging for dropping in the user's "spam"
folder means that legitimate communications are tagged as false-
positives. People usually don't scan their spam folders carefully,
because such a high percentage is spam. Again, legitimate email is
lost and *neither party knows it was never read*. This collateral
damage is spread over every part of the net, spam-friendly or no.
3. Aggressive rejection of email via blocklisting causes some legitimate
email to be rejected. However, that collateral damage is limited to
spam-friendly parts of the Internet. The sender knows full well it
was not read and can re-send the message via another channel if it is
important. This knowledge also allows them to take action to correct
blocking errors; and heightens awareness of who is not doing their
part to fight spam.
To me, selecting #3 is a no-brainer. When legitimate email gets lost,
the sender knows it was not received. And it is almost all lost from
networks participating in the massive denial of service attack on the
Internet at large that is spam.
AOL, for example, does a simply outstanding job of making sure spam is
not sourced from their network. They don't allow spam hosting of any
kind. I *never* want to lose mail from them. Same with Earthlink, MSN,
and Hotmail. They deserve that consideration due to their effort. If my
users lose mail from them due to scan and delete errors, I have not done
my job. I would much rather have them lose email from the people who pay
the spam-friendly providers. (And no, folks, those fake hotmail.com
addresses in the From line don't mean they source spam.)
You can do filtering at the MTA level too with rejections, but I don't
do that except with filter settings that have a near-zero false-
positive rate.
The spammer was forging mail from one of my domains. Since the domain name was a registered trademark, I had some extra leverage. ISPs have a "safe harbor" for E-mail content, but not for trademark infringements.
I ignored where the mail was coming from, and concentrated on where the money went when you placed an order. The spammer had two phony "billing companies", with phony addresses. Accepting credit cards without providing a valid business name is illegal in many states, so, by sending appropriate letters to the ISPs that hosted his billing sites, I was able to turn off his income stream. The sites reappeared on other ISPs, but with some work, I was able to get his domain registrar to lock some of his domains.
This is an effective tactic. If you file an "incorrect whois data" complaint with the Internic, and the registrar can't contact the domain owner, the domain goes to "locked" state. Then, if you get the hosting company to dump them, they can't move the site. In this case, the spammer operated his own DNS servers (triply redundant, on different ISPs), so I had to get all of them kicked off various ISPs.
By now, I'd had this guy kicked off ISPs from Dallas to London to Sao Paulo. This was made easier by the fact that he was paying for much, if not all, of his hosting with stolen credit card numbers. Since his porno sites generated credit card numbers, he could keep signing up for new hosting accounts with his customer's credit cards. That doesn't work once the ISP knows who to look for.
Finally, the guy retreated to his home ISP in St. Petersburg, Russia, where he apparently felt safe. That took a while to crack. I found out that the upstream provider used by the small St. Petersburg ISP was a larger telecom company in Moscow. That company was in the process of doing an initial public offering on NASDAQ. I talked to their investment people in New York, and eventually received a call from the Russian telecom's CEO. It turned out that we had some friends in common, and that he knew about the small St. Petersburg ISP as a known problem.
With that connection, I had some discussions with the St. Petersburg ISP, which kicked off the spammer. He came back with new accounts the next day. I got those accounts closed. This went on for several weeks. Finally, after some additional prodding, the St. Petersburg ISP shut the guy down and kept him shut down.
It's been months now, and the spammer's content is nowhere that Google can find it, so he seems to be out of business.
The key to dealing with spammers is to follow the money. While dealing with this problem, I talked to bankers, the people who developed his billing system, and a company to which he'd outsourced web design. Eventually, a picture of the spammer emerged. This was basically a one or two person operation devoted to stealing credit card numbers. Once I knew that, getting cooperation in shutting the guy down was reasonably easy.
Trademarking your web site name gives you some additional legal options, and is definitely worth the $450 or so it costs. When you raise a trademark issue, the problem escalates to the ISP's legal department, and you're no longer dealing with the customer service people.
Once you get to the legal people, and fraud is involved, you can point out that the ISP, once informed of the problem, is knowingly aiding and abetting a fraud scheme. This usually results in quick action.
It's always useful to check business license and corporate filing data. If you find a Whois entry for Phonycorp, Inc. at a Mail Boxes Etc. address, find out whether the company has a business license (where required) and is registered as a corporation in the state. If they don't, they're doing business illegally. So report them to the IRS, the state tax authorities, and the local authorities. ("Hello, City Assessor's Office? I'm trying to locate the offices
When I try following your link, I get redirected to a Japanese casino site that tries to force malware onto me. What's going on here?
The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
The same spammer forged a number of other domains, including mine. I have a page about it at http://www.whitis.com/mypillsrx.htm. There is also another article available at AVN Online.
Eddy Marin, a well known spammer with a history that includes convinctions for cocain dealing, money laundering, and who was involved with pornography, seems to be behind the spam.
In the meantime, his pet lawyer, Mark Felstein, ( check out the cute picture) is suing several people who fight against spam for blacklisting "anonymous members" of his newly created EmarketersAmerica organization, and several anti-spam sites all over are being under DoS attacks.
The spammers are winning because the good guys are playing fair and honest while the spammers have no morals are are making up their own rules.
Have fun
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!