Slashdot Mirror

← Back to Stories (view on slashdot.org)

From Artist To Spam-Hunter

Posted by timothy on from the bourgeois-distinction dept.

I am Kobayashi writes "Wired has a story about Andy Markley, a graphic artists, whose business domain name was spoofed by infamous spammer Eddy Marin and used to spam thousands of people. After the incident recurred at a new ISP, and at the risk of his business and sanity, Markley fought back. He tracked down Marin through several spoofed email addresses and several hi-jacked servers, and eventually was successful in getting Marin's current ISP to shut down his account. Too bad he was a graphic artist and not a professional bounty hunter...."

14 of 271 comments (clear)

  1. Identity theft by BWJones · · Score: 5, Insightful

    So, this is identity theft. Why cannot spammers be prosecuted for assuming somebody elses "identity" and doing business/making money at the expense of others? This practice is illegal and there must be a legal precedent, yes?

    --
    Visit Jonesblog and say hello.
    1. Re:Identity theft by donnz · · Score: 2, Insightful

      Took the words out of my mouth.

      Why all the new laws required outlawing spam when *all* spam I receive is fraudulent (as is the practice of highjacking my businesses ID for spam)? I have cannot remember the last time I received unsolicited marketing material where email headers and the email itself was not fraudulent.

      This is what our public prosecutors should be chasing down and gaining convictions on - can anyone tell me why they are not?

      --
      -- Free software on every PC on every desk
  2. Re:Amazing story! by metroid+composite · · Score: 2, Insightful
    You know, just because it's only on a small scale doesn't mean it's boring. Heck, RIAA suing a 12-year-old Girl made the newspapers, and I heard about that lawsuit before I knew what RIAA was.

    Besides, such effects seem to snowball in the courts. If smalltime people can shut down one ISP, then they'll shut down another; where there might be only one case this year, a year or two down the road there could be twelve

  3. Vicodin, Viagra, LOW COST CLICK HERE by segment · · Score: 1, Insightful
    Working for an ISP I can't begin to tell you the nightmares I hear day in and out... Anyway many wonder (our users) why we don't eliminate the receiving of spam, and the fact is, some etards actually don't mind getting it, I'm assuming this is like the nicer spam, (clothing, etc) Vicodin, Viagra, etc, blow. Blocking spam from coming in can be quite tricky when it's spoofed for the average layperson, but the headers always help. On one of my personal domains I have procmail scripted to just ipf block in on all from assholes to any port 25 which helps alot. When that gets out of hand then I ipf block in on all from asshole/17 to start all the way up to their class A's.

    The scam almost cost Markley his business, his reputation, his website and his sanity. His Internet service provider wouldn't help him, despite the fact that his computer and his e-mail account were being overwhelmed by an avalanche of spam-spew that made it impossible to do business or even collect his personal e-mail.

    Again, working at an ISP, we cannot dictate what a user can or should not receive. He should have installed filters. Now I know I will get flamed for saying this, but when flyer distributors come around, does anyone beat their ass or track them down. Now I know that there is a difference in volume, which is why if I had one million fscktards throwing flyers at my house, I would let loose the rottweiler. Get a filter, and if your ISP doesn't do shit change ISP's. Any ISP however will not filter spam from coming into their networks because for one, no one should dictate what someone should or should not receive. My two Lincolns

    --
    MoFscker
    1. Re:Vicodin, Viagra, LOW COST CLICK HERE by Oddly_Drac · · Score: 2, Insightful

      "Again, working at an ISP, we cannot dictate what a user can or should not receive."

      Horseshit. Go and read your AUP regarding guarantees of service. What you meant to say was, 'If we get caught running false positives it would be embarrassing'.

      "He should have installed filters."

      Of course he should. That would have stopped the joe-job happening.

      What I don't get is why ISPs don't have some method of, say, 'assuming' that someone receiving several hundred bouncebacks is either the victim of a joe-job or actually spamming. What do you think? Reasonable?

      So block the service and drop someone a call. Swallow the emails. Tell the person who's account it was that unfortunately everything got caught in the doohickey superspam frobulator and it's another fine service.

      As someone that works for an ISP, stop wringing your hands and DO something.

      Jesus. This would be like the car industry saying that they couldn't install car alarms because of the inconvienience of people losing the fobs.

      "when flyer distributors come around, does anyone beat their ass or track them down."

      Nope. I tell them I don't want them, and they respect my wishes. If they continue then I find out where the flyers are from and have a word with them...steadily it goes up the chain until it hits law enforcement.

      "Get a filter, and if your ISP doesn't do shit change ISP's."

      Dude, the problem isn't the _end-user_, it's the piss-poor hand-wringing produced by every ISP so far that argues that they're a carrier. It's the ludicrously bad handling of complaints and the carriage of stuff from known 'bad' netblocks. It's about ISPs allowing serial rapid-fire ICMP(8) without even a courtesy call to ask if people are running virus checkers.

      At this moment in time my ISP (Demon/Thus) has disabled ICMP(8) to help calm MSBlaster. It's a bitch, but it's a proactive approach.

      "no one should dictate what someone should or should not receive"

      Don't be an ass. That's the kind of free speech bollocks that the marketers use.

      --
      Oddly Draconis
      Too cynical to live, too stubborn to die.
  4. If SPAM == $$$... by thecampbeln · · Score: 3, Insightful
    ...Then we should get laws that attack the $$$ part of the equation!?

    Although the logistics of such a plan are always complicated, why not author laws that would hit spammers where it really hurts: their financial institutions!? Since you can buy the shit from these bastards, you should be able to determine where the money is going. So make laws that would seize any such moneys that are a direct result of SPAM activity?

    Hell even put the onus on Visa/MC/AmEx so that they are charged with dealing with the financial fallout! Do you think even the idiots who buy shit form SPAM would buy again if they were charged double for their purchase (once from the spammer and again from the credit card company for the penalty)? Sure there are bugs in the plan as is, but stopping SPAM from the technical side is difficult (if not impossible), so lets make it financially infeasible!

    --
    "1984" was ment to be a warning, not a guidebook. You hear that Kim Jong-il!? BushCo?!
  5. nailing the bastards by Stephen+Samuel · · Score: 3, Insightful
    It's not that hard to take down a spammer who causes you problems beyond just sending you unwanted email... I had one friend who had a spammer run a couple hundred thousand emails thru his system (a bug had made it into an open relay). It took one stern call to the ISP hosting the advertised websites to get his hosting and DNS cut off at the knees.

    This is more than just sending off a single email to a scantly watched abuse email.. This means getting hold of a real person and explaining, realistisay, what sort of legal liabilities they might be open to if they continue to support the spammer's actions. (Hacking laws, aiding and abetting, Trademark infringement and vicarious liability) often fit in there.

    If more people would do this, life would get a lot harder for spammers.

    --
    Free Software: Like love, it grows best when given away.
  6. Re:solution to spam by BanjoBob · · Score: 2, Insightful

    100 E-mails a day could hurt some of us that have legitimate businesses that also have a monthly newsletter that requires we send hundreds of E-mails every month. We send each individually and do not bcc or cc the entire list (automated program). So, everything can't be black or white -- on or off. We need to allow legitimate use of mass E-mails while controlling spam at the same time.

    --
    Banjo - The more I know about Windoze, the more I love *nix
  7. I sure care! by Michael+B.+Davis · · Score: 2, Insightful

    I had exactly the same thing happen to me.

    The spam in question was a pharmaceutical firm, and one morning I got just about 50 'undeliverable mail' messages with my email address as the sender. I never got any complaint letters, and it hasn't happened since (that was about Sep 21, 2003 give or take a day).

    I figure I never got the flak because no one ever comes to my site anyway...

    Michael in Toronto

    --
    Cheers, Michael From sunny Toronto
  8. Re:Amazing story! by mckyj57 · · Score: 2, Insightful

    Wow, what a revenge! This has all the exciting hallmarks of the most boring story in the world. He shut down a single ISP account. I'm stunned!

    You think Eddy Marin fools around with a single ISP account like a dialup? I believe WCG had him signed up for a dozen class C networks...encompassing a couple thousand IP addresses.

    If Eddy Marin wants a single account, he just rapes a proxy. He needs the class Cs to do the sinultaneous raping of thousands of them.

    If you are a Windows-head, which it sounds like you may be from your 'tude, he may be raping *your* machine.

  9. Re:How appropriate by Styros · · Score: 2, Insightful
    IANAL. Just to get that out of the way.

    I've been thinking about your "service", and I think it can be legally binding. Similar agreements exist, for example those catch-22 EULAs and the infamous Opt-Out agreements, where if you register you "automatically" get signed up for ads, unless you specifically opt-out. I think you're service stands a chance if you add some statements based on the EULAs and Opt-Out agreements that I've seen:

    • The EULA is in theory binding if you click on the "OK" or "Agree" button. So then, you make an email address that's like "web_service_agree@blah.com" or "i_agree@blah.com", and specify that if anyone sends an email to that email address then they acknowledge that they agree to your web review service. I think those email addresses are clear enough, that it can be substituted for clicking on a button. Instead of clinking on the "I agree" button, they send an email to "I_Agree@blah.com". Close enough, IMHO. That way, they can't say they were tricked.
    • Specify that you reserve the right to waive any fees for using your service. So if any of your friends happen to email that address by mistake, it's in the EULA that you don't have to bill them.
    • Specify that you reserve the right to change the EULA without notice.


    I think you should send out an invoice along with a copy of the agreement and see what happens. I will attempt to write a more "legal" sounding agreement, and do a service like that too. I may like spam after all.
  10. Re:Not surprising that his previous ISP did nothin by Anonymous Coward · · Score: 1, Insightful

    How is someone advocating someone's death modded up as interesting?

    Because spamming is such an unusual crime; one that our society is still coming to grips with.

    What other crimes have the property of a single offense affecting millions of people?

    Our society considers murderers among our worst criminals. We measure the crime of murder not just in terms of the suffering caused to the victim, but in terms of the suffering caused to all those affected by the crime.

    When we consider the crime of spamming, any attempt to measure or quantify the aggregate suffering caused to all of the people that were directly affected by a particular instance of spamming overwhelms the senses.

    How does one deal with a crime that causes suffering to millions of people every time it occurs? What is an appropriate punishment? Given the nature of the crime, it is possible to argue rationally for almost any punishment.

    That is why proposals for the execution of spammers is viewed as "Interesting" by some.

  11. Re:SpamCop will help with backtracking headers by Anonymous Coward · · Score: 1, Insightful

    You are correct. However, it's still very important to shut down the intermediary idiots who are either too stupid or too lazy to run a mail server that won't allow spam to be bounced off it.

    For every Eddy Marin, there are a thousand asshats running open SMTP relays for him to hijack, and I'd like to see them shut down or kicked off just about as bad as I want to see the spammers themselves get it in the gut.

  12. Re:How appropriate by dustman · · Score: 2, Insightful
    Yeah, these sorts of things always make me wonder.
    Any company or individual, either directly or indirectly, who knowlingly sends unsolicited email to any address associated with this domain, or that sends data which results in a uncontrolled web browser pop up...window
    What if I send them an email, which contains a popup to my website? But, this website is "very secret", and my charge to access it is 1 BILLION DOLLARS (pinky to mouth) per page view.

    I could even include in the email something like "by going here you agree to pay me all of your income forever"

    Until both sides agree to a contract, there is no contract.