Slashdot Mirror

← Back to Stories (view on slashdot.org)

From Artist To Spam-Hunter

Posted by timothy on from the bourgeois-distinction dept.

I am Kobayashi writes "Wired has a story about Andy Markley, a graphic artists, whose business domain name was spoofed by infamous spammer Eddy Marin and used to spam thousands of people. After the incident recurred at a new ISP, and at the risk of his business and sanity, Markley fought back. He tracked down Marin through several spoofed email addresses and several hi-jacked servers, and eventually was successful in getting Marin's current ISP to shut down his account. Too bad he was a graphic artist and not a professional bounty hunter...."

11 of 271 comments (clear)

  1. Identity theft by BWJones · · Score: 5, Insightful

    So, this is identity theft. Why cannot spammers be prosecuted for assuming somebody elses "identity" and doing business/making money at the expense of others? This practice is illegal and there must be a legal precedent, yes?

    --
    Visit Jonesblog and say hello.
    1. Re:Identity theft by donnz · · Score: 2, Insightful

      Took the words out of my mouth.

      Why all the new laws required outlawing spam when *all* spam I receive is fraudulent (as is the practice of highjacking my businesses ID for spam)? I have cannot remember the last time I received unsolicited marketing material where email headers and the email itself was not fraudulent.

      This is what our public prosecutors should be chasing down and gaining convictions on - can anyone tell me why they are not?

      --
      -- Free software on every PC on every desk
  2. Re:Amazing story! by metroid+composite · · Score: 2, Insightful
    You know, just because it's only on a small scale doesn't mean it's boring. Heck, RIAA suing a 12-year-old Girl made the newspapers, and I heard about that lawsuit before I knew what RIAA was.

    Besides, such effects seem to snowball in the courts. If smalltime people can shut down one ISP, then they'll shut down another; where there might be only one case this year, a year or two down the road there could be twelve

  3. If SPAM == $$$... by thecampbeln · · Score: 3, Insightful
    ...Then we should get laws that attack the $$$ part of the equation!?

    Although the logistics of such a plan are always complicated, why not author laws that would hit spammers where it really hurts: their financial institutions!? Since you can buy the shit from these bastards, you should be able to determine where the money is going. So make laws that would seize any such moneys that are a direct result of SPAM activity?

    Hell even put the onus on Visa/MC/AmEx so that they are charged with dealing with the financial fallout! Do you think even the idiots who buy shit form SPAM would buy again if they were charged double for their purchase (once from the spammer and again from the credit card company for the penalty)? Sure there are bugs in the plan as is, but stopping SPAM from the technical side is difficult (if not impossible), so lets make it financially infeasible!

    --
    "1984" was ment to be a warning, not a guidebook. You hear that Kim Jong-il!? BushCo?!
  4. nailing the bastards by Stephen+Samuel · · Score: 3, Insightful
    It's not that hard to take down a spammer who causes you problems beyond just sending you unwanted email... I had one friend who had a spammer run a couple hundred thousand emails thru his system (a bug had made it into an open relay). It took one stern call to the ISP hosting the advertised websites to get his hosting and DNS cut off at the knees.

    This is more than just sending off a single email to a scantly watched abuse email.. This means getting hold of a real person and explaining, realistisay, what sort of legal liabilities they might be open to if they continue to support the spammer's actions. (Hacking laws, aiding and abetting, Trademark infringement and vicarious liability) often fit in there.

    If more people would do this, life would get a lot harder for spammers.

    --
    Free Software: Like love, it grows best when given away.
  5. Re:solution to spam by BanjoBob · · Score: 2, Insightful

    100 E-mails a day could hurt some of us that have legitimate businesses that also have a monthly newsletter that requires we send hundreds of E-mails every month. We send each individually and do not bcc or cc the entire list (automated program). So, everything can't be black or white -- on or off. We need to allow legitimate use of mass E-mails while controlling spam at the same time.

    --
    Banjo - The more I know about Windoze, the more I love *nix
  6. I sure care! by Michael+B.+Davis · · Score: 2, Insightful

    I had exactly the same thing happen to me.

    The spam in question was a pharmaceutical firm, and one morning I got just about 50 'undeliverable mail' messages with my email address as the sender. I never got any complaint letters, and it hasn't happened since (that was about Sep 21, 2003 give or take a day).

    I figure I never got the flak because no one ever comes to my site anyway...

    Michael in Toronto

    --
    Cheers, Michael From sunny Toronto
  7. Re:Amazing story! by mckyj57 · · Score: 2, Insightful

    Wow, what a revenge! This has all the exciting hallmarks of the most boring story in the world. He shut down a single ISP account. I'm stunned!

    You think Eddy Marin fools around with a single ISP account like a dialup? I believe WCG had him signed up for a dozen class C networks...encompassing a couple thousand IP addresses.

    If Eddy Marin wants a single account, he just rapes a proxy. He needs the class Cs to do the sinultaneous raping of thousands of them.

    If you are a Windows-head, which it sounds like you may be from your 'tude, he may be raping *your* machine.

  8. Re:How appropriate by Styros · · Score: 2, Insightful
    IANAL. Just to get that out of the way.

    I've been thinking about your "service", and I think it can be legally binding. Similar agreements exist, for example those catch-22 EULAs and the infamous Opt-Out agreements, where if you register you "automatically" get signed up for ads, unless you specifically opt-out. I think you're service stands a chance if you add some statements based on the EULAs and Opt-Out agreements that I've seen:

    • The EULA is in theory binding if you click on the "OK" or "Agree" button. So then, you make an email address that's like "web_service_agree@blah.com" or "i_agree@blah.com", and specify that if anyone sends an email to that email address then they acknowledge that they agree to your web review service. I think those email addresses are clear enough, that it can be substituted for clicking on a button. Instead of clinking on the "I agree" button, they send an email to "I_Agree@blah.com". Close enough, IMHO. That way, they can't say they were tricked.
    • Specify that you reserve the right to waive any fees for using your service. So if any of your friends happen to email that address by mistake, it's in the EULA that you don't have to bill them.
    • Specify that you reserve the right to change the EULA without notice.


    I think you should send out an invoice along with a copy of the agreement and see what happens. I will attempt to write a more "legal" sounding agreement, and do a service like that too. I may like spam after all.
  9. Re:Vicodin, Viagra, LOW COST CLICK HERE by Oddly_Drac · · Score: 2, Insightful

    "Again, working at an ISP, we cannot dictate what a user can or should not receive."

    Horseshit. Go and read your AUP regarding guarantees of service. What you meant to say was, 'If we get caught running false positives it would be embarrassing'.

    "He should have installed filters."

    Of course he should. That would have stopped the joe-job happening.

    What I don't get is why ISPs don't have some method of, say, 'assuming' that someone receiving several hundred bouncebacks is either the victim of a joe-job or actually spamming. What do you think? Reasonable?

    So block the service and drop someone a call. Swallow the emails. Tell the person who's account it was that unfortunately everything got caught in the doohickey superspam frobulator and it's another fine service.

    As someone that works for an ISP, stop wringing your hands and DO something.

    Jesus. This would be like the car industry saying that they couldn't install car alarms because of the inconvienience of people losing the fobs.

    "when flyer distributors come around, does anyone beat their ass or track them down."

    Nope. I tell them I don't want them, and they respect my wishes. If they continue then I find out where the flyers are from and have a word with them...steadily it goes up the chain until it hits law enforcement.

    "Get a filter, and if your ISP doesn't do shit change ISP's."

    Dude, the problem isn't the _end-user_, it's the piss-poor hand-wringing produced by every ISP so far that argues that they're a carrier. It's the ludicrously bad handling of complaints and the carriage of stuff from known 'bad' netblocks. It's about ISPs allowing serial rapid-fire ICMP(8) without even a courtesy call to ask if people are running virus checkers.

    At this moment in time my ISP (Demon/Thus) has disabled ICMP(8) to help calm MSBlaster. It's a bitch, but it's a proactive approach.

    "no one should dictate what someone should or should not receive"

    Don't be an ass. That's the kind of free speech bollocks that the marketers use.

    --
    Oddly Draconis
    Too cynical to live, too stubborn to die.
  10. Re:How appropriate by dustman · · Score: 2, Insightful
    Yeah, these sorts of things always make me wonder.
    Any company or individual, either directly or indirectly, who knowlingly sends unsolicited email to any address associated with this domain, or that sends data which results in a uncontrolled web browser pop up...window
    What if I send them an email, which contains a popup to my website? But, this website is "very secret", and my charge to access it is 1 BILLION DOLLARS (pinky to mouth) per page view.

    I could even include in the email something like "by going here you agree to pay me all of your income forever"

    Until both sides agree to a contract, there is no contract.