From Artist To Spam-Hunter

I am Kobayashi writes "Wired has a story about Andy Markley, a graphic artists, whose business domain name was spoofed by infamous spammer Eddy Marin and used to spam thousands of people. After the incident recurred at a new ISP, and at the risk of his business and sanity, Markley fought back. He tracked down Marin through several spoofed email addresses and several hi-jacked servers, and eventually was successful in getting Marin's current ISP to shut down his account. Too bad he was a graphic artist and not a professional bounty hunter...."

glad for one positive hit

[SHEENmaster]

Get 10,000,000 more of these guys and major domains will start accepting mail from innocent bystandards like me that are unlucky enough to be on small subnets again.

Re:glad for one positive hit

[ender-iii]

10,000,000 ?!

What we need here is a new empire with army of cloned bounty hunters... or something!

Re:glad for one positive hit

[3872]

WTF is an innocent bystandard?

Spamming

[Henry+V+.009]

Spamming is such a dirty business that most spammers will commit some illegality somewhere. Their character is rarely that of a saint. And most ISPs will do anything to keep a spammer off of their bandwidth. So if you go after a spammer, there will probably be some dirt to smear him with somewhere.

Re:Spamming

[Chris+Burkhardt]

> Their character is rarely that of a saint.

Maybe not, but I've seen spam from monks selling laser toner.

Seriously, someone should tell the monks that spamming is not good.

Re:i can't wait...

[knowles420]

or, for that matter, hilarious [insert any artist] jokes as well.

The Spam Hunter - Crikey!

[Kenja]

Here we see the Spammer in his native environment, lets pull his network connection and see if we can get him rialed up. Crikey, look at em dial tech support!

Re:The Spam Hunter - Crikey!

[k12linux]

Kenja earns the much coveted: (Score:6, Funny)

what the...

hey, how comes your 'I, for one, welcome...' is rated +2 as funny, while mine always get -1 as troll?

That's unfair!!

-snif-

Not surprising that his previous ISP did nothing..

[Dimensio]

Verio is notoriously spam- and crime-friendly. So much so that I wouldn't be surprised if their management sold their children out to child pornography websites.

As for convicted coke dealer Eddy Marin, he deserves horrible and painful death for his actions. It's sad that no one has taken him out yet.

Amazing story!

[antic]

Wow, what a revenge! This has all the exciting hallmarks of the most boring story in the world. He shut down a single ISP account. I'm stunned!

I hope the author isn't holding out for a script-writing deal for anything starring Chuck Norris or Lorenzo Lamas. It's hardly going to get rapped about by Dre, is it?

From Artist to Spam-Hunter to zzz...

Re:Amazing story!

[Lshmael]

So Chuck Norris, Lorenzo Lamas, and Dr. Dre are what is important in this world?

Besides, how many spammers have you stopped lately, eh?

Re:Amazing story!

[metroid+composite]

You know, just because it's only on a small scale doesn't mean it's boring. Heck, RIAA suing a 12-year-old Girl made the newspapers, and I heard about that lawsuit before I knew what RIAA was.

Besides, such effects seem to snowball in the courts. If smalltime people can shut down one ISP, then they'll shut down another; where there might be only one case this year, a year or two down the road there could be twelve

Re:Amazing story!

[sharkey]

I hope the author isn't holding out for a script-writing deal for anything starring Chuck Norris or Lorenzo Lamas.

No, but it seems to be prime material for Kevin Costner's next magnum.

Re:Amazing story!

[Gurudev+Das]

I once fell in a similar predicament. Identity theft by spammers is not a unique occurance. It is the primary mode by which spammers can hide their own identity against backlashes (a.k.a. replies to their spam).

Re:Amazing story!

[EvilAlien]

No, his point is that they are two barely-actors, Chuck being long past his prime and reduced to crappy TV shows, and Lamas being a B-movie flunky at best.

I've been responsible for a hell of a lot more than 1 spammer losing their Internet connections, it never occured to me to put out a press release. This is none news... I give it a 1 out of 5. Now had it involved SCO, I would have gone with 3 out of 5, because I just love reading about SCO and their wacky antics... now thats a good topic for a movie, maybe we can get Governor Schwarzenegger as Linus Torvalds and Gary Shandling as Darrrrrrllll Mc Bride.

Re:Amazing story!

[red+floyd]

Gary Shandling as Darrrrrrllll Mc Bride.

Does Darl have hair? I can just picture Shandling as McBride saying, "How's My Hair"?

Re:Amazing story!

[alib001]

Not...

The Postman: part deux
The ham's got spam!

Re:Amazing story!

[mckyj57]

Wow, what a revenge! This has all the exciting hallmarks of the most boring story in the world. He shut down a single ISP account. I'm stunned!

You think Eddy Marin fools around with a single ISP account like a dialup? I believe WCG had him signed up for a dozen class C networks...encompassing a couple thousand IP addresses.

If Eddy Marin wants a single account, he just rapes a proxy. He needs the class Cs to do the sinultaneous raping of thousands of them.

If you are a Windows-head, which it sounds like you may be from your 'tude, he may be raping *your* machine.

Re:Amazing story!

[nyquility]

Sounds like the South Central Linux User Group is rumbling in the jungle...

Re:Amazing story!

[Eat+My+Turds+Guy]

Well, why don't you tell us something exciting? Oh right. I forgot. Well better luck next time, jizz-gobbler.

Re:Amazing story!

[1u3hr]

Besides, how many spammers have you stopped lately, eh?

I think the point is that the spammer wasn't "stopped", he just lost one ISP account. Spammers churn through these at a great rate anyway. Has he stopped or even slowed down? Did he even notice that he'd been "hunted down"? (I was expecting/hoping that he'd turned up on the spammer's door with a bailiff or maybe a shotgun.) Was he fined one cent for impersonating the poor artist and costing him thousands of dollars in lost time and business and damage to his reputation?

If Marin had sued the bastard for any of these crimes I'd be impressed and it might have some effect.

Re:Amazing story!

[Berzelius]

... and I heard about that lawsuit before I knew what RIAA was.

Where have you been for the last 5 years?

Re:Amazing story!

[arkanes]

You know that paragon of Open Source development methodology, sendmail? The one thats responsible for the massive proliferation of proxies on old and poorly administed mail servers all over the world? Remember what OS that runs on.

Re:Amazing story!

[dipipanone]

This has all the exciting hallmarks of the most boring story in the world.

And not only did you read i6, but you're actually participating in a fairly lengthy discussion about it.

And the fact that your comment has been modded up as funny all goes to show that its a real slow news day on Slashdot today.

Re:Amazing story!

[instanto]

He was probably on that l33t network Kazaa?

"[DSL]RIAA (1.4TB )"

Re:Amazing story!

[inquisitor]

Old sendmails do open relays, not open proxies, and there are way less old sendmails now - most of them had bought a Sun, left it on its infamous SMI-SVR4 default configuration, and stuck it in a corner. These people have mostly gone to Microsoft Exchange, which was a default open relay for way longer than sendmail was.

Proxies aren't just a Windows problem (there's a lot of badly configured squids) but with idiotic, "user-friendly" default-open-without-logging stuff like AnalogX out there, it's pretty much one. It's not Microsoft's fault that AnalogX make godawful software either.

Re:Amazing story!

[Digital11]

Hey, just in case you hadn't noticed... Marin was the spammer, not the victim.

Re:Amazing story!

[darien]

And not only did you read i6...

I'm used to people on Slashdot saying they prefer k5, but this just sounds like one-upmanship...

Re:Amazing story!

[slappyjack]

...prime material for Kevin Costner's next magnum.

Lets just hope Andy Markley doesn't have an accent that Costner will have to hold [or not] for the entire film.

SpamCop will help with backtracking headers

[Spazholio]

If you want to do the same thing as this guy, try using SpamCop. Paste the entire email (with headers, duh) there, and it will backtrack the message to where it originated. It will tell you which company it came from, which one is being advertised, etc. For the especially lazy, it will also allow you to send a carbon-copy form letter to all parties involved. Best of all, it's free. Consider donating though, it's worth it.

Re:SpamCop will help with backtracking headers

[Phroggy]

I completely agree.

Actually, if you're considering donating, you should consider signing up for their paid service. For $3/month, you get just about all the e-mail features you could want, and on top of that, you can submit spam reports much more easily.

Re:SpamCop will help with backtracking headers

[ScrewMaster]

What has your experience with SpamCop's system been? Does their filtering work well? For $30/year I may try them out: I like the fact that they support IMAP and can process mail from external domains. Impressive.

Re:SpamCop will help with backtracking headers

[stilwebm]

OK, enough of these wise-guy posts saying "I've cancelled spammer's ISP accounts before too" and "he could have just used SpamCop." First of all, if you are at all familiar with spam operations, you would know that spammers do not use mail servers hosted on their own network 95% of the time. Second, if you RTFA, you would see that was exactly the case. The article clearly states that he "painstakingly worked his way through a half-dozen hijacked servers."

These were likely servers that had been compromised or accidentaly misconfigued and turned in to open proxies. Spammers use dozens of these per mailing. However, they have to send the spam to these hijacked servers from somewhere. Much of the time these are home users on cable modems or DSL, so this isn't always easy. There is no trace of the actual origin in the headers, just the proxy or relay. The ISP shuts down their connection and the spammer moves on. The hijacked server often has no record of the actual origin of the mail, or upon being cleaned, the records are cleaned. In this case, the victim was able to find where the proxies were getting the original messages from. This isn't as simple as submitting to SpamCop.

Re:SpamCop will help with backtracking headers

[elsegundo]

I've been using spamcop's webmail for personal email for about a year and a half. I'm pretty satisfied with it. Once every few months a spam gets through the cracks, and I cut and paste the message source into their spam reporting form, and it sends emails to the ISPs. They also give you the option of using spamassasin in addition to their blacklist.

Re:SpamCop will help with backtracking headers

[Phroggy]

What has your experience with SpamCop's system been?

Nothing but good things to say about them, and I've been on the other end too - I've worked in the abuse department at an ISP, and the vast majority of our spam complaints came from SpamCop. They put all the most important info in the subject line and the reports are all formatted consistently, making it very easy to deal with them. We were understaffed for awhile, so the SpamCop reports were the ones I dealt with first, because I could get them out of the way faster.

I also use the service myself. There have been some occasional glitches, which have almost entirely been due to denial of service attacks. These glitches have not caused me to lose mail, but DDoS attacks have caused mail to be delayed on occasion - normally it's delivered in seconds, but I've seen it take a day or so.

The way I have it set up, mail to my domain is forwarded to my SpamCop account, and anything that doesn't get stopped by their filter is forwarded on to my server at home. If I have any problems with my server at home, I can disable the forwarding and use SpamCop's webmail temporarily.

Depending on how you have things set up, if SpamCop thinks something doesn't look right, it is possible to report yourself to your own ISP's abuse department. They don't like that much. When submitting a complaint, be sure to review the list of addresses the complaint will be sent to before sending it.

Re:SpamCop will help with backtracking headers

You are correct. However, it's still very important to shut down the intermediary idiots who are either too stupid or too lazy to run a mail server that won't allow spam to be bounced off it.

For every Eddy Marin, there are a thousand asshats running open SMTP relays for him to hijack, and I'd like to see them shut down or kicked off just about as bad as I want to see the spammers themselves get it in the gut.

Re:SpamCop will help with backtracking headers

[delcielo]

This is what I find the most irritating aspect of trying to track down spammers.

The people who are running open relays are either not knowledgeable enough, or motivated enough to respond to my requests for log entries or information regarding messages sent through their relay. Most of them even act offended when I try to politely inform them that they're being abused.

You can call their ISP; but if they are of any size, you generally get ignored.

And the sheer number of them is disheartening.

Re:SpamCop will help with backtracking headers

[sbeitzel]

On the other hand, there is the occasional person who'd appreciate knowing how to stem the tide. On my home machine, I had junkbuster running but allowing connections from anywhere, so that I didn't have to maintain many blocklists -- but it turns out that that's a big spam loophole.

For months, that machine was listed as being a spam relay, but every relay tester I found reported that no, the host was fine. Finally, somebody (I forget which blacklist it was) added a junkbuster test to their relay tester, and I found out how spam was getting out through my machine. I then plugged that hole.

It's way more helpful to offer links or information on "how to harden your server against spammers" than it is to bitch about open relays. I certainly appreciated the information -- and as soon as I got it, I fixed the problem. The same must be true for other people (although probably not all).

Professional Bounty Hunter

[nacturation]

Qualified candidates must be professional bounty hunters with verifiable experience and verifiable references.

Yes, my name is Boba Fett and I worked for a Hut called Jabba -- this was a long time ago and in a remote galaxy. During my tenure with Jabba, I successfully tracked and captured Han Solo, wanted for failure to pay back a sizable loan.

I'm fully familiar with the use of various weaponry, grappling hooks, and personal rocket packs. I have also done consulting work for Mr. Vader, a well known businessman who spearheaded the creation of a large spherical space station.

References available upon request.

Re:Professional Bounty Hunter

[NanoGator]

"I'm fully familiar with the use of various weaponry, grappling hooks, and personal rocket packs. I have also done consulting work for Mr. Vader, a well known businessman who spearheaded the creation of a large spherical space station.

References available upon request."

Professional Weaknesses:

- Once knocked into a Sarlacc Pit by a blind man.

Identity theft

[BWJones]

So, this is identity theft. Why cannot spammers be prosecuted for assuming somebody elses "identity" and doing business/making money at the expense of others? This practice is illegal and there must be a legal precedent, yes?

Re:Identity theft

[donnz]

Took the words out of my mouth.

Why all the new laws required outlawing spam when *all* spam I receive is fraudulent (as is the practice of highjacking my businesses ID for spam)? I have cannot remember the last time I received unsolicited marketing material where email headers and the email itself was not fraudulent.

This is what our public prosecutors should be chasing down and gaining convictions on - can anyone tell me why they are not?

Re:Identity theft

[ScrewMaster]

Successful prosecution of coke dealers, murderers and rapists is better material for career advancement than putting a spammer in the slammer, I'm afraid. The mere existence of a law does not imply actual enforcement.

Re:Identity theft

[donnz]

Ok, point taken. But why bother creating anti-spammer laws that probably aren't needed and won't be enforced? Maybe the odd sucker vote or two.

Re:Identity theft

[k12linux]

I have cannot remember the last time I received unsolicited marketing material where email headers and the email itself was not fraudulent.

Just today I got an e-mail for a service I actually could have used. But as is my policy, I wrote back that I would have liked to discuss thier product, as it appears to meet a current need. Then I said that I could not, however, do business with a company who chose to use spam to advertise.

Very quickly I got a reply stating "if it was spam would I have time to reply" and that I should "cool down" and then get back to them. That prompted a close look at the mail logs and headers of the initial message.

Ok, finally to the "fraudulent" part:
My next reply asked what type of legitimate "non-spam" e-mail has a forged source server name that is the same as my mail server (including domain.) And why, if it was not spam did the logs have a string of e-mails from his domain to a list of users which looked something like cabrams cadams cbernstein chinkle chobledorf... an alphabetical list of our user's e-mail addresses. And why, if these "non-spam" messages were not just a blanket spam, did the list include e-mail addresses that exist only on one of our web pages and never existed on our mail server? And by they way, "we still will never be doing business with your company."

So (SURPRISE) that the guy wasn't overly worried about ethics when he replied to my first message.

Never did hear back after that 2nd message.. bu then again mail from thier domain is blocked now.

I hope he doesn't bite me!

[aaron_ds]

.. literally foaming at the mouth," Markley set out to track the spammer down.
And I'm literally laughing at the rabidness of prolific spamers.

so disappointed

[WormholeFiend]

i expected a "and he torched the spammer's luxurious mansion in revenge" kind of ending... :(

How appropriate

[Gunfighter]

After seeing what looks like a solid plan for spam, I decided to change my business model today. You can read all about it here.

Finally, something to fill in the ????? in my

1. Linux
2. ?????
3. Profit!!

business plan. Now I don't have to hide my email address(es) anymore!

Re:How appropriate

[AntiOrganic]

I hope this is satire. This is silly (stupid?) and would be akin to me having a site policy at the bottom of my website that says "LOL IF U VISIT THIS SITE U OWE ME 5HUNDRED BUX."

If a user does not consciously agree to a contract, it is not binding. Period.

Re:How appropriate

[Gunfighter]

Yes... definitely a little satire in it. Even my wife asked me if I really planned on sending out invoices. For the record: I do. If I don't keep a record of it, I can't write it off as a business loss on taxes ;)

Also for the record: I've never received any spam at that domain, and this really was changed just today. So while it is meant to invoke laughter, I do intend to do it. After all, it's much cheaper than the alternative: $25,000 per unsolicited commercial email under Commonwealth of Virginia law.

Re:How appropriate

[Duckman5]

I've been thinking about doing something like that with my car. I live on campus at my university and park my car in the dorm parking lot. Whenever i decide to go out on the weekend, i find these stupid ads placed on my car. The problem is that they are coated in wax that melts and sticks to my windshield. The only way to get them off is with a scraper. I'm thinking $100 per day for a minimum of 15 days or so is appropriate.

Re:How appropriate

[parkanoid]

This agreement is just as binding as shrinkwrap licenses, or the Verisign SiteFinder EULA.

The page linked above may seem silly, but a sufficient number of them posted across respected domains may throw a curveball into any EULA case.

Re:How appropriate

[Styros]

IANAL. Just to get that out of the way.

I've been thinking about your "service", and I think it can be legally binding. Similar agreements exist, for example those catch-22 EULAs and the infamous Opt-Out agreements, where if you register you "automatically" get signed up for ads, unless you specifically opt-out. I think you're service stands a chance if you add some statements based on the EULAs and Opt-Out agreements that I've seen:

• The EULA is in theory binding if you click on the "OK" or "Agree" button. So then, you make an email address that's like "web_service_agree@blah.com" or "i_agree@blah.com", and specify that if anyone sends an email to that email address then they acknowledge that they agree to your web review service. I think those email addresses are clear enough, that it can be substituted for clicking on a button. Instead of clinking on the "I agree" button, they send an email to "I_Agree@blah.com". Close enough, IMHO. That way, they can't say they were tricked.
  
• Specify that you reserve the right to waive any fees for using your service. So if any of your friends happen to email that address by mistake, it's in the EULA that you don't have to bill them.
  
• Specify that you reserve the right to change the EULA without notice.
  

I think you should send out an invoice along with a copy of the agreement and see what happens. I will attempt to write a more "legal" sounding agreement, and do a service like that too. I may like spam after all.

Re:How appropriate

[dustman]

Yeah, these sorts of things always make me wonder.

Any company or individual, either directly or indirectly, who knowlingly sends unsolicited email to any address associated with this domain, or that sends data which results in a uncontrolled web browser pop up...window

What if I send them an email, which contains a popup to my website? But, this website is "very secret", and my charge to access it is 1 BILLION DOLLARS (pinky to mouth) per page view.

I could even include in the email something like "by going here you agree to pay me all of your income forever"

Until both sides agree to a contract, there is no contract.

Re:How appropriate

[slappyjack]

I will attempt to write a more "legal" sounding agreement, and do a service like that too. I may like spam after all.

I know this is a "me too!" post, but you may wanna make sure we can all get our hands on it. I know I'd like to get a copy of it on my contact page, with a rider stating that I have the option of charging ANYONE for the time taken to read their email, with the option of waving the fee.

Then, of course, it'll only take one Judge who still has manual typwriter to declare them all moot.

Trimmin' the spam

[Michael+Ross]

Too bad he was a graphic artist and not a professional bounty hunter....

Or a maniac with a sharp butcher's knife... ;)

Re:Trimmin' the spam

[jamesh]

Or a maniac with a dull & rusty butcher's knife...

Re:Trimmin' the spam

[Ryokos_boytoy]

No, a propane torch and coat hanger

Re:Trimmin' the spam

[instanto]

A spoon and a pack of ice cubes shuld do the trick.

Vicodin, Viagra, LOW COST CLICK HERE

[segment]

Working for an ISP I can't begin to tell you the nightmares I hear day in and out... Anyway many wonder (our users) why we don't eliminate the receiving of spam, and the fact is, some etards actually don't mind getting it, I'm assuming this is like the nicer spam, (clothing, etc) Vicodin, Viagra, etc, blow. Blocking spam from coming in can be quite tricky when it's spoofed for the average layperson, but the headers always help. On one of my personal domains I have procmail scripted to just ipf block in on all from assholes to any port 25 which helps alot. When that gets out of hand then I ipf block in on all from asshole/17 to start all the way up to their class A's.

The scam almost cost Markley his business, his reputation, his website and his sanity. His Internet service provider wouldn't help him, despite the fact that his computer and his e-mail account were being overwhelmed by an avalanche of spam-spew that made it impossible to do business or even collect his personal e-mail.

Again, working at an ISP, we cannot dictate what a user can or should not receive. He should have installed filters. Now I know I will get flamed for saying this, but when flyer distributors come around, does anyone beat their ass or track them down. Now I know that there is a difference in volume, which is why if I had one million fscktards throwing flyers at my house, I would let loose the rottweiler. Get a filter, and if your ISP doesn't do shit change ISP's. Any ISP however will not filter spam from coming into their networks because for one, no one should dictate what someone should or should not receive. My two Lincolns

Re:Vicodin, Viagra, LOW COST CLICK HERE

[Spazholio]

Again, working at an ISP, we cannot dictate what a user can or should not receive. He should have installed filters.

I think he was having email spoofed to look as though it were coming FROM him, so that people were bitching about him sending it, when he wasn't. I believe this is referred to as a Joe Job.

Re:Vicodin, Viagra, LOW COST CLICK HERE

[jcr]

Now I know I will get flamed for saying this, but when flyer distributors come around, does anyone beat their ass or track them down.

No, but that's an idea worth considering..

-jcr

Re:Vicodin, Viagra, LOW COST CLICK HERE

[segment]

I think he was having email spoofed to look as though it were coming FROM him

Microsoft viruses do the same thing. ISP's can stop spoofs from coming out of their networks though...

Re:Vicodin, Viagra, LOW COST CLICK HERE

[Croaker]

Not necessarily. Most web hosting companies that I have seen will give you X (or unlimited) number of e-mail accounts for your domain. They also have the option of creating a "default" account, where all e-mail sent to the domain goes, if it didn't end up in one of the mailboxes that you explicetely created. This can be useful, since you can just give out random account names at your domain on a whim, and know that all of the e-mail sent there will end up in the same place. It also acts as a backstop to prevent some customer of yours having their e-mail bounce because they got the account name wrong. No e-mail to your domain will ever bounce. It also means you don't have to set up all the default e-mail addresses that people take for granted as being active in a domain (root, webmaster, postmaster, abuse, etc.)

The downside of this is that if a spammer spoofs a totally random e-mail address within the victim's domain, the bounce messages and pissed off replies will end up in one big heap in the victim's default e-mail account. I suspect that's what happened in this case, because there was no evidence that the spammer was pissed at the guy to begin with.

Default e-mail is also a big pain in the ass when a spammer tries a dictionary attack on a domain in order to find valid e-mail addresses. That's when the spammer sends e-mail to a@yourdomain.com, aa@yourdomain,com, aaa@yourdomain.com, ad nauseum. If you have a default e-mail address, *all* of these spams will be delivered. Say goodbye to your disk quota!

Re:Vicodin, Viagra, LOW COST CLICK HERE

[ScrewMaster]

My ISP doesn't filter (so far as I'm aware) but the hosting service I use for my primary domain does. I'm not sure what technology or service they use (as you would expect, they're rather close-mouthed about it) but it does work well, cuts my spam by probably fifty percent. My own mail server then runs spam checks using several available RBLs, and that gets rid of most of the rest of it. Fortunately, the host service keeps all filtered mail in a separate Spam folder which I scan on occasion just to see if anything slipped by.

Re:Vicodin, Viagra, LOW COST CLICK HERE

[number11]

Any ISP however will not filter spam from coming into their networks because for one, no one should dictate what someone should or should not receive.

My ISP has most mail routed through a third-party filter service before it is delivered to mailboxes. Users can review/retrieve blocked mail and adjust the aggressiveness of the filter, black- or white-list addresses or domains, or turn it off. On my account with default settings, it stops about 200 spam/day plus another 50-100 worms, while letting 5 or 6 through, with essentially zero false positives. Look into it, your users will love it, my ISP says it's cheaper to contract the work out than to do it themselves.

Re:Vicodin, Viagra, LOW COST CLICK HERE

[Oddly_Drac]

"Again, working at an ISP, we cannot dictate what a user can or should not receive."

Horseshit. Go and read your AUP regarding guarantees of service. What you meant to say was, 'If we get caught running false positives it would be embarrassing'.

"He should have installed filters."

Of course he should. That would have stopped the joe-job happening.

What I don't get is why ISPs don't have some method of, say, 'assuming' that someone receiving several hundred bouncebacks is either the victim of a joe-job or actually spamming. What do you think? Reasonable?

So block the service and drop someone a call. Swallow the emails. Tell the person who's account it was that unfortunately everything got caught in the doohickey superspam frobulator and it's another fine service.

As someone that works for an ISP, stop wringing your hands and DO something.

Jesus. This would be like the car industry saying that they couldn't install car alarms because of the inconvienience of people losing the fobs.

"when flyer distributors come around, does anyone beat their ass or track them down."

Nope. I tell them I don't want them, and they respect my wishes. If they continue then I find out where the flyers are from and have a word with them...steadily it goes up the chain until it hits law enforcement.

"Get a filter, and if your ISP doesn't do shit change ISP's."

Dude, the problem isn't the _end-user_, it's the piss-poor hand-wringing produced by every ISP so far that argues that they're a carrier. It's the ludicrously bad handling of complaints and the carriage of stuff from known 'bad' netblocks. It's about ISPs allowing serial rapid-fire ICMP(8) without even a courtesy call to ask if people are running virus checkers.

At this moment in time my ISP (Demon/Thus) has disabled ICMP(8) to help calm MSBlaster. It's a bitch, but it's a proactive approach.

"no one should dictate what someone should or should not receive"

Don't be an ass. That's the kind of free speech bollocks that the marketers use.

Re:Vicodin, Viagra, LOW COST CLICK HERE

[JuggleGeek]

"He should have installed filters."

Of course he should. That would have stopped the joe-job happening.

Say what? If I filter my mail, how does that in *any way* protect me from some asshole forging my email address in the From line of the spam he is sending? I'm not involved. I'm not sending the spam. I could create a filter so that when the bounces come in, they go to a folder where I don't have to look at them, or I could delete them. But it doesn't stop the joe-job, and it doesn't stop the bounces - it just filters them.

Re:Vicodin, Viagra, LOW COST CLICK HERE

[Oddly_Drac]

"Say what? If I filter my mail, how does that in *any way* protect me from some asshole..."

They say that sarcasm is the lowest form of humour, but I like to start low and work my way up to satire, metaphor and allusion when I know my audience is breathing from the nose.

So to make it really obvious, filters wouldn't have helped and the original poster tried to pin the blame on the user for a joe-job.

Thanks for your input.

Wrong

[segment]

And most ISPs will do anything to keep a spammer off of their bandwidth

Most can't do anything about it coming into their networks. Going out yes, but coming in, there is nothing that can be done unless every single customer agrees that spam should not reach their mailbox. See in order to add those kinds of rules to a router, it has to correspond to all. No ISP is going to update multitudes of routers to add one rule for one person.

Re:Wrong

[LordLucless]

I assume the grandparent is referring to the ISP providing the spammer with his service, not the ISPs providing the intermediate jumps. I'm pretty sure any ISP would disconnect anyone who it can be proved has been spamming.

Re:Wrong

[Agent+R]

Actually, you don't need to put the rules in to the router. Just add the rules to the mailserver by using a service like Spamhaus or Spamcop to either tag or dev/null coming in. (For guys like Marin who leases out complete /24s, one does not have to worry too much about false positives.)

Governments Should Track Down Spammers

[thinkerdreamer]

It would be great if governments like the U. S. gave 15 million dollars to a new force to track down spammers. The penalty for spamming is now 5 years in federal jail. 50 million people signed up for the national no-call list. I bet millions would back such a SPAM squad. It is too bad the government doesn't seem to care.

Re:Governments Should Track Down Spammers

[maelstrom]

Dude the government is us! If enough people care, you will see the law go through congress like nothing else. No congress person is going to go against 50 million Americans, no matter what. There are not enough special interests in the world for them to even think about it.

If enough people want it, sometimes Congress actually responds to the needs of the people, pretty neat idea huh? :)

Re:Governments Should Track Down Spammers

>The penalty for spamming is now 5 years in federal jail. 50 million people signed up for the national no-call list

Not really, Telemarketing firms will just close down facilities in the US and set up shop overseas where the do-not-call list cannot be enforced. I give the do not call list 6 months before it fails.

By signing up for the do-not-call list you have all but guarenteed to receive a swarm of telemarketers operating overseas. It will work just like the spam "opt-out" lists. Signing up for a opt-out is guarenteed to double the amount of spam you receive.

If SPAM == $$$...

[thecampbeln]

...Then we should get laws that attack the $$$ part of the equation!?

Although the logistics of such a plan are always complicated, why not author laws that would hit spammers where it really hurts: their financial institutions!? Since you can buy the shit from these bastards, you should be able to determine where the money is going. So make laws that would seize any such moneys that are a direct result of SPAM activity?

Hell even put the onus on Visa/MC/AmEx so that they are charged with dealing with the financial fallout! Do you think even the idiots who buy shit form SPAM would buy again if they were charged double for their purchase (once from the spammer and again from the credit card company for the penalty)? Sure there are bugs in the plan as is, but stopping SPAM from the technical side is difficult (if not impossible), so lets make it financially infeasible!

Re:If SPAM == $$$...

[Chatmag]

CNN has an article regarding drugs shipped into the US from overseas, saying that approx. 90% of them were dangerous, that is, not up to FDA standards. I wonder how much of that is bought from a spam email, and how can people be so stupid.

If people only buy once and get burned, then in order for spammers to make any kind of profit, the amount of spam sent must be in the millions of emails a day. Another post suggested a maximum of sending 100 emails a day, a more realistic figure would be no more than 10,000 a day, anything over that, and it's more sensible to go with one of the reputable list server companies. I can't see any legitimate need for a home user to send out that many emails a day.

Legal question

[Michael+Woodhams]

A scenario: Someone damages you, but it is hard to figure out who it was. You spend money and/or time and track them down. You succeed, and sue them.

Can you include the cost of tracking them down in the damages you are suing for?

Can you sue for more than your actual costs, to account for the risk you took that you'd be unsuccessful in tracking them down (hence your time/money would be gone with no possibility of being repaid)?

Re:Legal question

[Maserati]

If you document every minute and every dime spent in agonizing detail, document your hourly rate and present it succinctly to the judge, you just might get it. Suing for costs and damages is done, although I suspect you usually only get your full costs award if the judge thinks the defendant is going to try to skip on the payment anyway.

Re:Legal question

[jenkin+sear]

Congress can issue letters of marque and reprisal in this situation- (it's actually in the constitution, intended to authorize privateers to go after pirates from other countries overseas to recover stolen property).

If we can get some of those issued, we could go after spammers and steal their stuff- take their servers and set fire to their mobile homes. (And keelhaul the bastards).

Re:Legal question

"Can you sue for more than your actual costs, to account for the risk you took that you'd be unsuccessful in tracking them down (hence your time/money would be gone with no possibility of being repaid)?"

I Am Not A Lawyer, but I do work in a collection agency.

I believe the short answer is, no. You will never get paid, or receive funds for the actual RISK of your actions to track someone down and receive your due finds. That is part of the situation you are in. As an example, one client will never sue someone for anything under 5k. Period. That's their line in the sand. They feel its not worth the risk. On the other hand, we have one case where the amount is 2 million, and the whole situation has turned into the point where the client wants to get the person, for whatever costs will become.

In short, collections is a giant game of poker with the bluffing and calling to see what you can get out of someone. Is that cruel? Probably. However, that is the attitute of many clients who see it as their just rights to receive their due moneys.

The actual risk taken in the process is never a consideration of the Judge. It would be a consideration of the client/plaintiff/person due their moneys. But it is not a legal fact in the case against someone.

-Very much so needing to remain an AC

Re:Legal question

[Mr.+X]

Letters of marque and reprisal are illegal under international treaty.

Re:Legal question

[jenkin+sear]

Supremes in Reid v. Covert (1957): "[N]o agreement with a foreign nation can confer power on the [federal government] which is free from the restraints of the Constitution"

How to track faked messages to a source.

[donsaklad]

How might people who receive faked messages track the messages to a source with minimal effort?...

Re:How to track faked messages to a source.

[the_mad_poster]

Have fun

Minor correction

[HangingChad]

Too bad he was a graphic artist and not a professional bounty hunter....

Or a very large homosexual rapist. Let's see him spam his way out of that.

nailing the bastards

[Stephen+Samuel]

It's not that hard to take down a spammer who causes you problems beyond just sending you unwanted email... I had one friend who had a spammer run a couple hundred thousand emails thru his system (a bug had made it into an open relay). It took one stern call to the ISP hosting the advertised websites to get his hosting and DNS cut off at the knees.

This is more than just sending off a single email to a scantly watched abuse email.. This means getting hold of a real person and explaining, realistisay, what sort of legal liabilities they might be open to if they continue to support the spammer's actions. (Hacking laws, aiding and abetting, Trademark infringement and vicarious liability) often fit in there.

If more people would do this, life would get a lot harder for spammers.

Boba Fett -- Dead or Alive?

[handy_vandal]

Of course, [Boba Fett] died in the belly of the almighty sarlaac.

Are you sure? As I recall, the fate of those trapped inside the almighty sarlaac was to be slowly digested over many years ....

Re:Boba Fett -- Dead or Alive?

[Sage+Gaspar]

Nerd alert! Ah, but you must be unaware of the weaponry he used to escape, at great personal injury, and the scrap scrounging bounty hunter Dengar who collected him half-dead from the deserts of Tatooine to eventually resuccitate him. Common mistake.

Re:Boba Fett -- Dead or Alive?

[handy_vandal]

Nerd alert!

Guilty as charged, but not so nerdy as I'd like -- I vaguely recall that the period of digestion was "a thousand years" ... but hell, that would mean that the almighty sarlaac somehow sustains the victim's life far beyond the normal lifespan. True fiction, or a figment of my imagination?

Ah, but you must be unaware of the weaponry he used to escape, at great personal injury, and the scrap scrounging bounty hunter Dengar who collected him half-dead from the deserts of Tatooine to eventually resuccitate him.

Umm, yeah ... I was unaware of that stuff. But now I'm up to speed, and feeling truly nerdy again.

Makes me feel lazy!

[omarius]

Considering I'm actually an IT professional--I get "Returnend mail: user unknown" bounces from SPAM labelled as being from my email address (omaratallwrongdotcom) all the time.

While spam is certainly all wrong, I don't appreciate it much... I guess I just haven't unappreciated it enough to get off my lazy butt and do something about it.

Re:Makes me feel lazy!

[momerath2003]

I get "Returnend mail: user unknown" bounces from SPAM labelled as being from my email address (omaratallwrongdotcom) all the time.

Who I really feel sorry for is the people who own the domain names "yourmom.com" and "yourmother.com."

Because, really. How many of us have used that as a spam email address when signing up for, say, RealOne?

Re:solution to spam

[Chris+Burkhardt]

And it wouldn't even have to be as low as 100... 1,000 or 10,000 would seriously cut down spam without affecting innocent users.

I've done that many times

I'd never advertise who I am or take any credit. I get enough retaliation from spammers as it is.

He has no idea, he is a marked man now. Very naive to take public credit.

Re:solution to spam

[Chatmag]

"limited to say 100 e-mails a day" I assume you mean sending no more than 100 emails a day. Not a bad idea, until some liberal judge decides you're infringing on peoples "free speech" rights, such as the recent decision by a Federal Judge in Denver regarding the Do Not Call List.

Re:solution to spam

[Deanasc]

So human resources at a >100 employee business can't send a quick message to every employee? At some point there will be a legitimate reason to send out multiple messages. A law like that would basically kill off telecommuting.

Re:solution to spam

[driftingwalrus]

I'm really surprised this was modded up. There are millions of people for whom that number is either too high, or too low. And that is true for all integer values of x! Not only would it be profoundly ineffective, it would also be practically impossible to enforce.

Re:solution to spam

[BanjoBob]

100 E-mails a day could hurt some of us that have legitimate businesses that also have a monthly newsletter that requires we send hundreds of E-mails every month. We send each individually and do not bcc or cc the entire list (automated program). So, everything can't be black or white -- on or off. We need to allow legitimate use of mass E-mails while controlling spam at the same time.

Re:solution to spam

[LordLucless]

How on earth would this system be done, technically? I mean, ok, if the spammers were sending mail through their ISPs SMTP server, it could be done.

However, most spammers seem to rely on open relays to send spam through. So unless the ISPs monitor all port 25 traffic, and parse it to determine the number of emails, there's no way they could block it. Not to mention I'd leave any ISP that did this as soon as I'd stopped swearing at them. And of course, encrypting the traffic between the spammer and the relay (like SSHing into a rooted box before spamming) would nullify this technique anyway.

anonymously

[SHEENmaster]

or you could assume I meant something clever involving the following of open SMTP standards that don't descriminate on namespace but rather by server usage or proofreading habits.

Re:solution to spam

[jorlando]

That is internal mail. You don't count that... and if a person sends a complain about his employer sending email... well, that moron won't keep his position for much time...

Re:solution to spam

[NanoGator]

"Very simple. EVERY single ISP should be REQUIRED by law to implement a system where each user is limited to say 100 e-mails a day. This would stop much of the spam."

Um no, it wouldn't. Just build a mailserver and put it on your home account.

I sure care!

[Michael+B.+Davis]

I had exactly the same thing happen to me.

The spam in question was a pharmaceutical firm, and one morning I got just about 50 'undeliverable mail' messages with my email address as the sender. I never got any complaint letters, and it hasn't happened since (that was about Sep 21, 2003 give or take a day).

I figure I never got the flak because no one ever comes to my site anyway...

Michael in Toronto

Re:I sure care!

[oneishy]

Consider your self extremely lucky.

I started receiving bounced emails in my inbox on September 20th, and on the 27th it picked up to where i am receiving 400+/bounces a day.

A joe job is more difficult than normal spam to track down. Normally you look at the headers and you know where it came from. With bounced email, the headers show where the bounce came from, and few bounced emails show the full original headers. If you are lucky enough to get full headers in the bounced message, you still only get as far as an open relay or such if the spammer is good. As the article mentions, the artist tracked the spammer down through several originating (hi-jacked) servers to the 'real source'! Kudos to Andy, he's done what I have not been able to do.... yet.

Re:I sure care!

[arkanes]

50 is nothing :P I managed to screw up my mail server once, and it was discovered and immediatly used for about 24 hours before I noticed and fixed it. In that 24 hours they managed to send out thousands of spams (I'm not sure exactly how much, but the logfile was hundreds of megabytes), and I continued to get bounces, annoying replies, and especially probes from other spammers for months afterward.

The probes were the most annoying - even after securing the server, I had at least 3 spam runs attempted.

Re:I sure care!

[JuggleGeek]

The timing sounds about the same. Did the subject line in the spam say "Want to relieve your pain?"? Or did the spam try to convince people to visit http://69.60.4.240/ with a web-bugged picture stored at bubb-rubb.biz? If so, then the spams which bounced to you were for the same spammer, mypillsrx.com, as spammed Andy and myself.

Details at the URL below.
http://www.whitis.com/mypillsrx.htm

Re:Not surprising that his previous ISP did nothin

[Snake_Plisken]

How is someone advocating someone's death modded up as interesting? I'm not sure who is more disturbed in this case.

Let's not be too hasty

[el_munkie]

There's nothing wrong with dealing coke.

Spamming, on the other hand....

Re:Let's not be too hasty

[VanillaCoke420]

Only if it's diet coke.

Re:solution to spam

[LordLucless]

Grandparent is talking about telecommuters - so, no, it wouldn't be internal mail.

Another vote for "SUE HIM"

[ChangeOnInstall]

IANAL, but if this guy has as much evidence as he claims to against this spammer, he needs to sue the spammer. The spammer is knowingly committing an act that he knows will cause damage to the business that he is effectively "impersonating". He is doing it to turn a profit from an illegal activity. If proof of this act is available, the victim here could be looking at a pretty stout judgement. If this guy made $750,000 spamming people last year, there's a good chance he'll be able to find an attorney who will pursue this on a contingency basis.

And IIRC, I'm pretty certain the victim can sue the spammer from his home state (especially nice since the spammer is on the opposite end of the country).

Re:Another vote for "SUE HIM"

[zambuka]

this guy made $750,000 spamming people last year,...

Makes you wonder about the quality of some parts of the gene pool, a bit of pro-active darwinism might just help here, or maybe he is already doing his part for humanity and selling dodgy drugs that render the idiots who buy these products sterile.

But seriously I have started to think that a spamming business is the perfect way to launder money in a big way. A few thousand bogus orders for a handful of expensive bogus products and voila instant profit.

Using things like money orders and faked customer addresses or temporary po boxes you could probably get quite a lot of untraceable money. If you do get audited you could just say that maybe the customer was too embarassed about purchasing your "penis xtender 2002" to use his own address. With $750,000 a quarter you could afford the lawyers to make it convincing enough to get through all but the deepest audit. the only thing you gotta remember is to have a product to actually sell, this way you get the added benifit of a little extra cash from the gullible.

oh well, good luck to anyone else trying to shut down the scum of the internet.

Hardcore Revenge on a Spammer

[dmaxwell]

Check this out.

Re:Hardcore Revenge on a Spammer

[randyest]

This is a great story which I genuinely enjoyed reading. I laughed out loud more than once.

That said, please be very careful if you choose to follow the "Let's Get Brutal" link provided at the end of the linked site. Do yourself a favor and resist all temptation to click on the "Rodona Garst Breast Size" link there, as it is only a little less offensive than goatse.cx.

You have been warned.

Better: require crypto authentication of all email

[meldroc]

This would cause too many problems for legitimate people.

My solution would be mandatory authentication. Require all mail relays & servers to create and use a cryptographic key and register it on a P2P authentication network. Plenty of signature algorithms are available for such purposes, read Applied Cryptography to learn more. That key is used to sign all emails coming from or being relayed through that system. All emails must be signed by the originating system, and any other systems it passes through, making a cryptographic trail of bread crumbs back to the sender. Any emails without a signature, or with an invalid signature are silently bit-bucketed, with NO EXCEPTIONS. If ISPs let unsigned or invalid messages through, spammers may be able to get spam through and disguise their origin. The crypto signatures prevent spammers from forging headers or otherwise obfuscating their origin, and any spammer trying to send email through this system will be immediately tracked down and blocked, and their admins contacted with requests for a TOS for the spammer, with threat of blacklisting if the spammer is allowed to continue. In short, it should prevent spammers from forging headers to make the spam appear to be from legitimate systems, thus eliminating stories like this one.

In order to prevent abuse of the P2P authentication network, any member of that network can sign other server's keys, encouraging members to get keys signed by trusted parties (which will naturally emerge). Spammers who constantly change their keys to avoid being blocked would be refused an endorsement by the trusted key signing parties. The trusted signers can be anyone from the US Government to a local ISP who took matters to their own hands and built their own network of trust. If a key signer endorses too many spammers or blacklists too many non-spammers, mail admins are free to stop using that signer and switch to one that's more trustworthy. If a key signer endorsed a key from someone that turns out later to be a spammer, he can issue a signature revocation.

Ideally, the system will ensure that spammers are immediately blacklisted minutes after the first spams are caught, and that that information is propogated quickly enough to enable thousands of mail systems to block emails from that spammer, and that attempts to evade the system are quickly caught. It would enable people to come forward as signing authorities so mailers have a better idea which systems they can trust to stay legit, and it would make sure that incompetent or malicious signers are easily ignored.

Re:So

[ordep]

Technically the mouse is mightier than the mouse.

Solution to SPAM

[Sly+Mongoose]

Only workable solution:

1. Bayesian filters (or similar) on the SMTP servers, analyzing and SPAM-rating e-mail on a line-by-line basis, as it is inbound to the server.
2. Packet-by-packet connection throttling of all connections to the SMTP server, based on the current SPAM-rating of the open connection.

All mail will get through. There are no false-positive or false-negative issues to deal with. There are no freedom-of-speech issues to deal with. But SPAM works only because of VOLUME and this will drastically reduce the volume of SPAM that a server can send, making spamming unprofitable.

Not my idea -- someone else suggested the scheme a while back. I wish I could remember/locate a reference.

Re:solution to spam

[Grimster]

There are days I _write_ and send well over 100 emails, as the owner of a medium sized web hosting company I send lots of email. I also recieve a LOT of email.

I wish I had a simple elegant solution to spam, the challenge/response is somewhat decent for normal users if implemented properly and used properly big IF there. Bayesian filtering is ok but again only if you work at it, plus it doesn't stop the spam taking up our bandwidth, just the end user from seeing it (if they decide to trust the filters).

Using spamcop and open relay blocklists helps some, we also have an inhouse rbl where we add ips that spam us so at least they can't get us again. But this doesn't stop it all, maybe 50% or so I guess.

In any one day our servers get millions of spam messages, and I only host about 12,000 websites, imagine the big guys.

Re:solution to spam

[ScrewMaster]

No, not really. There is no requirement that mail must be sent through an ISP's SMTP server. For example, I run my own mail server, and I send mail direct: completely bypassing my ISP's mail server. This improves performance and eliminates my dependence upon their server ... my mail goes out whether their system is up or not.

Re:solution to spam

[ScrewMaster]

Drop in the bucket. It wouldn't affect spam generated from foreign countries one whit. That's the whole problem ... it's a global phenomenon, which means that the solution will have to be technological, not legal.

I'd be impressed...

[the+pickle]

...but I already did this 371 times inside of a year, back before spam took over the Internet and it was still a solvable problem.

Yawn...

p

Re:solution to spam

[randyest]

Good point.

How about make it possible to send more, but you have to demonstrate a need and ask for the privelege, thereby making your identity much easier to establish should you suddenly start abusing the system a la herbal-viagra-toner-university-diplomas? In any case, there would be, in 99.999% of cases, an upper-limit on the number of emails anyone could ever reasonably need to send in one day, and I'm guessing it would be under 1e6 in almost every case. If you have 10k employees, I don't think anyone would be terribly miffed if you broke that up into two batches of 5k/each over two days. Or one batch at 11:59pm and another at 12:01am if you really have to be fair, such as, oh, I don't know -- when sending out the company scavenger hunt list? :)

Seriously though, don't be so quick to shoot down a fairly-reasonable suggestion that might be workable after a little thinking and tweaking.

Re:solution to spam

[yerricde]

How would this "only 100 outgoing messages per user per 24 hours" rule allow for senders of legitimate solicited bulk mailing lists such as EFF's, Sourceforge's, Bugzilla's, Slashdot's, etc?

Re:solution to spam

[ScrewMaster]

This is from my previous post on the subject, and outlines my plan for eliminating spam, worldwide.

Offer a reward of, say, $50,000 for every bona-fide spammer brought in alive, and double that if he has already assumed room temperature. The beauty of my scheme is that it, like the Internet itself, knows no borders. If someone successfully manages to capture or whack outright a spammer in, say, Nigeria ... no problem. Just give us your email address and we'll PayPal you the money. Don't have Internet? No problem: we'll get you the money. My research indicates that, if my plan were to be implemented on a sufficiently wide scale, we could expect to see the end of Spam by next Friday. Now, fifty to one hundred thousand dollars per spammer may seem excessive, particularly as these people are already intrinsically worthless. However, if you look at the numbers, the worldwide savings that will accrue from not having to accommodate spam will be dramatic, and will far outweigh the actual disposal costs. Furthermore, I am sure that once the ball is rolling, we can count on additional help from our friends and allies around the world. Of course, some of our {ahem} less-enlightened neighbors might object to our putting out what might appear, at first glance, to be a "hit", or contract, on their nationals. But as soon as senior bureaucrats, heads-of-state, industry leaders and their secretaries begin to notice the comparative emptiness of their in-boxes, I firmly believe that they will quickly come 'round to our way of thinking.

Re:solution to spam

[scotch]

Imagine a progression of the type of restriction you think is "not a bad idea":

• limited by law to 110 emails a day
• limited by law to 100 emails a day
• limited by law to 90 emails a day
• limited by law to 80 emails a day
• limited by law to 70 emails a day
• limited by law to 60 emails a day
• limited by law to 50 emails a day
• limited by law to 40 emails a day
• limited by law to 30 emails a day
• limited by law to 20 emails a day
• limited by law to 10 emails a day
• limited by law to 5 emails a day
• limited by law to 4 emails a day
• limited by law to 3 emails a day
• limited by law to 2 emails a day
• limited by law to 1 emails a day
• limited by law to 1 emails a day, reviewd by government

Tell me at what point you agree with this hypothetical "liberal judge" that "free speech" rights are being infringed. Can I call you a fascist without the moderators calling this flamebait?

Re:Obligitory Comment

[randyest]

It really isn't obligatory at all. Really. I swear. In fact, it's highly discouraged nowadays since it's not in the least bit funny anymore.

Only a slashdot poster such as yourself can pound a joke so hard and for so long that even a great Simpsons' line makes me queasy when I read it. But I have to hand it to you -- you, my friend, are clearly the master of pounding it long and hard. But please don't feel obliged in any way.

You can take a rest any time and no one will miss it. Except for possibly your local Kleenex(TM) and/or hand lotion distributors.

Williams Communications Group shining.

[Agent+R]

WCG.net, and told the tech support staff what had been happening. Within a few hours, Marin's account had been canceled.

Baloney! It is likely that they told Marin to change the domain name before Markley sues and WCG loses their big bonus blood money.

But WCG sounded sincerely surprised to find out the infamous Eddy Marin was one of their customers."

Rule #1! Williams Communications Group is notorious for continuously providing bandwidth to spammers with dirty /24s. Then they feign this concern by "shinning" on those who complain about their dubious customers. Why don't someone ask them about Wholesalebandwidth.com/Optigate?

Anyone who wants to know about Marin and his scum operation can see it on Spamhaus.org:
http://www.spamhaus.org/rokso/search.lasso?evidenc efile=1114

Re:Williams Communications Group shining.

[Tackhead]

> > But WCG sounded sincerely surprised to find out the infamous Eddy Marin was one of their customers."
>
> Rule #1! Williams Communications Group is notorious for continuously providing bandwidth to spammers with dirty /24s. Then they feign this concern by "shinning" on those who complain about their dubious customers. Why don't someone ask them about Wholesalebandwidth.com/Optigate?

What I wanna know is how the fuck Marin manages to sign up Fortune 500 companies on a repeated basis. (Well, I also wanna know how he stays out of jail, but that's another story.)

In the past year, I've gotten spam from Daimler-Chrysler - not some fleabag Chrysler dealership in Rat's Bunghole, Floriduh, I mean Daimler-Chrysler Corporate - direct-to-MX from Marin's spam domains.

I've also gotten spams from Martha Stewart Omnimedia. Again, not some huckster selling counterfeit Martha-branded stuff ripped off the back of a truck from the K-Mart bankruptcy, but the real magazine, straight from MSO Corporate.

Others have reported Ford doing business with Eddy Marin, too.

In the first two cases, I received personal, non-form-letter-generated responses from personnel at those companies that this was not a case of forgery or identity theft.

In defense of Chrysler, the person I corresponded with seemed genuinely surprised and concerned. The Martha Stewart drone seemed utterly nonplussed at the realization that he'd been scammed by a convicted coke dealer - and now alleged identity theft and DDoSer - into believing that spamming was a good way to boost his company's already-tarnished reputation.

Re:Williams Communications Group shining.

[Agent+R]

What I wanna know is how the fuck Marin manages to sign up Fortune 500 companies on a repeated basis. (Well, I also wanna know how he stays out of jail, but that's another story.) Two particular reasons why this works..

1.) Rule #1: Spammer's lie. (Marin is a champion at that.)

2.) The marketing departments at these corporations are becoming lazy and do NOT do their homework regarding advertising online. So their ignorance is reflected by their cluelessness.

Besides, I heard that the Big-3 is losing marketshare again. That may be telling us something.

damn

[mantera]

if this guy makes as much money, can people not sue him? i'm surprised no predatory lawyers launched a case against him yet.

Re:Lynch mobs

[Jacer]

I for one welcome our new vigilante overlords! Let's kill us some spammers!

Re:*You* are Wrong

[mckyj57]

No one does spam filtering at routers.

There are filters and blocklists, but they have nothing to do with
routers. Long ago particularly egregious spammers were blackholed at the
router level, but that hasn't happened for years.

No ISP can stop all spam, but given enough resources we can stop most
of it. The problem is usually somewhat like you allude to, that there
is a certain set of people with an absolute horror of a non-spam
message being bounced. They claim "loss of email", and thereupon close
their ears.

But there is a more insidious foe, the scan-and-delete error.

Most admins today have two basic ways to stop spam -- blocking and user-
based filtering. Blocking rejects spam detected (via filter or
blocklist) and puts the onus on the sender to re-establish the
communication. User-based filtering puts the onus on the recipient to
review their spam folder and look for "false positives".

And there are three ways to play your two tools.

1. Little or weak filtering or blocking means communications are lost as
people have scan-and-delete errors due to battle fatigue from their
daily fight with spam in their mailbox. Much legitimate email is
lost, and it is lost and *neither party knows it was never read*.
This collateral damage is spread over every part of the net,
spam-friendly or no.

2. Aggressive filtering and tagging for dropping in the user's "spam"
folder means that legitimate communications are tagged as false-
positives. People usually don't scan their spam folders carefully,
because such a high percentage is spam. Again, legitimate email is
lost and *neither party knows it was never read*. This collateral
damage is spread over every part of the net, spam-friendly or no.

3. Aggressive rejection of email via blocklisting causes some legitimate
email to be rejected. However, that collateral damage is limited to
spam-friendly parts of the Internet. The sender knows full well it
was not read and can re-send the message via another channel if it is
important. This knowledge also allows them to take action to correct
blocking errors; and heightens awareness of who is not doing their
part to fight spam.

To me, selecting #3 is a no-brainer. When legitimate email gets lost,
the sender knows it was not received. And it is almost all lost from
networks participating in the massive denial of service attack on the
Internet at large that is spam.

AOL, for example, does a simply outstanding job of making sure spam is
not sourced from their network. They don't allow spam hosting of any
kind. I *never* want to lose mail from them. Same with Earthlink, MSN,
and Hotmail. They deserve that consideration due to their effort. If my
users lose mail from them due to scan and delete errors, I have not done
my job. I would much rather have them lose email from the people who pay
the spam-friendly providers. (And no, folks, those fake hotmail.com
addresses in the From line don't mean they source spam.)

You can do filtering at the MTA level too with rejections, but I don't
do that except with filter settings that have a near-zero false-
positive rate.

Poor guy...

[betong]

First Noah's Flood of spam, then isolation and even blame, and now his server gets Slashdotted to death ;).

Reverse MX would have solved it..

[FattyBoeBatty]

So what ever happened to that great idea of including RMX records in zone files? It would 100% eliminate spam like this (which accounts for the vast majority). I haven't heard anything frome either qmail or sendmail implementing it.. which sucks.

See, the reason I'm so big on this, is because I consulted at implementing this at Shadango.com (a new, free, filtering service). We started performing reverse lookups and you would NOT believe the filtering success. It was like day and night. So seriously.. try implementing that on your mail servers and see what happens. And if you're just curious and want to see how effective it can be, check out the implementation at Shadango.com

-Fatty

Been there, done that.

I've had this problem, and I've successfully put a major porno spammer out of business, although it took a while.

The spammer was forging mail from one of my domains. Since the domain name was a registered trademark, I had some extra leverage. ISPs have a "safe harbor" for E-mail content, but not for trademark infringements.

I ignored where the mail was coming from, and concentrated on where the money went when you placed an order. The spammer had two phony "billing companies", with phony addresses. Accepting credit cards without providing a valid business name is illegal in many states, so, by sending appropriate letters to the ISPs that hosted his billing sites, I was able to turn off his income stream. The sites reappeared on other ISPs, but with some work, I was able to get his domain registrar to lock some of his domains.

This is an effective tactic. If you file an "incorrect whois data" complaint with the Internic, and the registrar can't contact the domain owner, the domain goes to "locked" state. Then, if you get the hosting company to dump them, they can't move the site. In this case, the spammer operated his own DNS servers (triply redundant, on different ISPs), so I had to get all of them kicked off various ISPs.

By now, I'd had this guy kicked off ISPs from Dallas to London to Sao Paulo. This was made easier by the fact that he was paying for much, if not all, of his hosting with stolen credit card numbers. Since his porno sites generated credit card numbers, he could keep signing up for new hosting accounts with his customer's credit cards. That doesn't work once the ISP knows who to look for.

Finally, the guy retreated to his home ISP in St. Petersburg, Russia, where he apparently felt safe. That took a while to crack. I found out that the upstream provider used by the small St. Petersburg ISP was a larger telecom company in Moscow. That company was in the process of doing an initial public offering on NASDAQ. I talked to their investment people in New York, and eventually received a call from the Russian telecom's CEO. It turned out that we had some friends in common, and that he knew about the small St. Petersburg ISP as a known problem.

With that connection, I had some discussions with the St. Petersburg ISP, which kicked off the spammer. He came back with new accounts the next day. I got those accounts closed. This went on for several weeks. Finally, after some additional prodding, the St. Petersburg ISP shut the guy down and kept him shut down.

It's been months now, and the spammer's content is nowhere that Google can find it, so he seems to be out of business.

The key to dealing with spammers is to follow the money. While dealing with this problem, I talked to bankers, the people who developed his billing system, and a company to which he'd outsourced web design. Eventually, a picture of the spammer emerged. This was basically a one or two person operation devoted to stealing credit card numbers. Once I knew that, getting cooperation in shutting the guy down was reasonably easy.

Trademarking your web site name gives you some additional legal options, and is definitely worth the $450 or so it costs. When you raise a trademark issue, the problem escalates to the ISP's legal department, and you're no longer dealing with the customer service people.

Once you get to the legal people, and fraud is involved, you can point out that the ISP, once informed of the problem, is knowingly aiding and abetting a fraud scheme. This usually results in quick action.

It's always useful to check business license and corporate filing data. If you find a Whois entry for Phonycorp, Inc. at a Mail Boxes Etc. address, find out whether the company has a business license (where required) and is registered as a corporation in the state. If they don't, they're doing business illegally. So report them to the IRS, the state tax authorities, and the local authorities. ("Hello, City Assessor's Office? I'm trying to locate the offices

Re:Been there, done that.

[Excen]

Props to you. Potentially damaging an IPO, especially in this day and age, is a surefire way to get what you want.

Re:Been there, done that.

[hughk]

It is very difficult to do this kind of thing across borders. You were lucky that the Russian company owning the St. Petersburg ISP was seeking a listing in NY. In many cases, this doesn't happen so you have little edge in getting law enforcement involved.

In my case after working for a while in St. Pete, I found that a spammer based in Russia was spoofing using my EMail address (easily obtainable from my business cards). It didn't seem to be coming from my systems and when I could get headers from annoyed victims - it looked like that it was a St. Petersburg based ISP. After that, I was a lot more careful with my EMail address and the problem disappeared.

Re:Been there, done that.

[JohnFred]

Um, this guy in Petersburg seems like a guy I was trying to shut down, too. I was very happy for awhile, when he was stiffed: but the spam is back in even larger volumes and seems to be originating from an ISP in China, and is even better hidden this time.. ..this is an arms race. Mandating digital signature is the only way out.

Re:Been there, done that.

[stilwebm]

These cases are different from just a single occurrence of spam appearing to be from someone else's domain. These are cases where the spammer repetedly used the victim's domain for the from address and possibly the unsubscribe address. A few of these are mostly harmless. When it escalates to a widespread mailing or multiple mailings, all using the domain, it becomes damaging. This is especially true if the victim is a small business (with limited time, bandwidth and/or server space) or is heavily dependent on brand image related to the email address or domain name. In many cases spammers do this to be malicious - someone complained from that domain or email address, so they relentlessly use that domain or email address. If your business depenend on it, yes, it well worth the fight.

Re:Been there, done that.

[Rinikusu]

Indeed, but what about a smaller business that can't afford to go through those lengths? What I'm kinda getting at would be, where's an organization that could do this PROFESSIONALLY for people willing to pay? Think of it as an internet legal strongarm. I would think there would be a demand for a company that specializes in tracking down domain spoofers, contacting the correct people (and after you do it for awhile, you quickly learn who to contact at various ISP's for problems, etc, rather than having to "reinvent" the wheel as we have to do now), getting local authorities involved if there's criminal activity, etc etc, as well as providing a mechanism for "self-policing" member companies. If member A isn't holding up to the group's TOS or Acceptable conduct (for instance, they allow spammers to reside on their network knowingly), the other groups could then collectively pressure that member to yield (you know, backbone issues.. Kinda hard to sell internet service when you piss off Member J who owns your backbone...)

Coke Cover

[_Sprocket_]

As for convicted coke dealer Eddy Marin...

Not that I would dispute the accuracy or honesty of someone who makes a living from such activites as spamming and (apparently) dealing coke... but...

Ya suppose all this money Eddy likes to gush about in interviews comes from an activity other than spamming? Wouldn't spamming make a great way to launder income. Its already a shady, though not entirely illegal business. It wouldn't be too odd to have a customer base that's a litle difficult to trace. And it would explain a solid income without any apparent labor, contacts, or business partners.

(not that this little conspiracy theory has plenty of holes - but hey, that's not the fun of it)

U Don't have..

[infiniphonic]

to be a bounty hunter to hunt and shoot at things.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

This is why...

[Luckboy]

I say Spam Hunters should have baseball bats and frequent flier miles to go with their traditional tools...

Japanese casino site with malware?

[B.D.Mills]

When I try following your link, I get redirected to a Japanese casino site that tries to force malware onto me. What's going on here?

Re:Not surprising that his previous ISP did nothin

How is someone advocating someone's death modded up as interesting?

Because spamming is such an unusual crime; one that our society is still coming to grips with.

What other crimes have the property of a single offense affecting millions of people?

Our society considers murderers among our worst criminals. We measure the crime of murder not just in terms of the suffering caused to the victim, but in terms of the suffering caused to all those affected by the crime.

When we consider the crime of spamming, any attempt to measure or quantify the aggregate suffering caused to all of the people that were directly affected by a particular instance of spamming overwhelms the senses.

How does one deal with a crime that causes suffering to millions of people every time it occurs? What is an appropriate punishment? Given the nature of the crime, it is possible to argue rationally for almost any punishment.

That is why proposals for the execution of spammers is viewed as "Interesting" by some.

Re:*You* are Wrong

[Volmarias]

3. Aggressive rejection of email via blocklisting causes some legitimate email to be rejected. However, that collateral damage is limited to spam-friendly parts of the Internet. The sender knows full well it was not read and can re-send the message via another channel if it is important. This knowledge also allows them to take action to correct blocking errors; and heightens awareness of who is not doing their part to fight spam.

Anyone who reads somethingawful.com knows that this isn't necessarily the nobrainer that you think it is. They had a particular problem where people would be able to sign up for their forum accounts, but they could not be mailed back with the activation because of the SPEWS blacklist determining that the part of the internet SomethingAwful belonged to was Spammerville, USA. This meant that 10-20% of the people who tried to get a forums account couldn't be mailed back, and SomethingAwful could even mail them back to explain why!

Here's a nice link for the angry rantings of Zack "GeistEditor" Parsons on the subject. Yes, we should fight spammers at every turn we get, but the "collatoral damage" means that some people can't even find out why they never get a reply from their girlfriend/grandparents/long lost friend.

Two Problems

[phorm]

a) Unless the actually catch the spammer or trace to the distribution source, how do you tell what is bought from a spammer VS not (there's also legit sources, ebay, etc

b) You may argue fining the company for whom the spam is soliciting a product... but if you look up the term "Joe Job" you'll see why this isn't a great idea either.

Re:Two Problems

[thecampbeln]

Like I said, there are issues with the initial swipe of this solution, but...

1) SPAM would be identified by "them" and once "they" have flagged a financial account as collecting revenue from SPAM, it is frozen/etc. ("them"/"they" being one of the initial problems with this solution).

2) You are right, once this was in effect, a company could use it as a weapon against a competitor. This would have to be solved by:

a) Requiring that the ill-gotten gains from SPAM are refunded no matter what the circumstances (read: not all funds, per say just those generated from SPAM).

b) Even Joe Jobs are traceable, so any competitors that are proven to have caused the SPAM sales would be liable for damages of lost sales (read: the money they refunded because it was generated from SPAM) as well as any additional legal / technical / compensatory damages / etc on top of a fatty fine. Besides... I'm sure a law such as this would help "encourage" companies trading online to better watch their sales trends / figures / etc. So it's possible that some other fraudulent charges could be caught for fear of such a law
For example: When my credit card number was stolen a few years ago, my billing address was in California while the products were being overnighted to Eastern Europe... Gee, anyone think this should have raised a red flag? Especially since the overnighting cost more then the product? But the important thing is that I'm not bitter about it now... nope, not bitter one @#$%@#$ bit... Not a #%^^#$ bit... no... ;)

Re:Two Problems

[phorm]

Interesting note on the credit-card thing, as I've known people to be flagged on similar issues and notified by their CC company. Did fraud-protection backcharge and refund your bill, they should have.

I wonder how easy it is to tag in some fashion the use of stolen CC #'s to fund opening new spam accounts. I suppose if an account was opening in one area by a person living in another, it might raise a red flag.

Re:solution to spam

[Excen]

Well now! All I have to do is successfully send spam from my roommate's computer, whack him, and you will paypal me 100 large to Zurich? Hmmmmm. 100,000 big ones and a double room to my self? I gotta go get a banker and a good lawyer.

Re:Article Compilation Error E303323

[eugene+ts+wong]

For more help, consult a basic 6th grade English text or hit F1 for more options.

Naw. I ususally just press [Ctrl][Alt][Del] to continue.

spam has been around forver

[luther349]

ever sence the first pop up on aol thers has been internet spam now i will admit withen the last 2 years it has gotton worse from spywhere to pop ups to toolbars you cant uninstall without a spyware removing program. relly the goverment relly needs to limint what they can do i mean hell spywhere is just as bad as a virus it steals info and sends it to third partys hell a torjin virus does the same just sends diffrent info. to tell the truth thats part of the reasion i dumped windows for linux lol you dont have any form of spam/spywhere other then email but a simpl spam blocker fixes that to.

Re:spam has been around forver

[doppleganger871]

I just don't use IE for anything but WindozeupDates or company intranet sites. Mozilla for everything else, keeps the pc clean.

Re:solution to spam

[hughk]

I agree, I run a Yahoo! group with about 800 subscribers for our ski club. This works well and people only see newsletters and meeting reminders so not a very high volume. We need the bulk email and like you our subscribers are genuinely 'opt-in'.

SPF, Sender Permitted From

[joostje]

I haven't seen SPF being mentioned yet.

It's a sistem whereby you, the domain-owner, via DNS records, explains what SMTP-servers (their IP adresses) are allowed to send email with your domain in the From: header.

To me it really does look like a way to kill spam, if it were adopted.

Re:SPF, Sender Permitted From

[WuphonsReach]

Or any of the other (3) proposals that I know about...

Last I heard (a month ago?), all of these (4) proposals are still in draft status... which means that if we're really lucky; we might see them implemented in 2005?

Personally, I'm hoping that postfix, sendmail, ect. will build in support for one of the proposals prior to it becoming official.

Kill teh spammers.

[ChickenKillr]

Spammers should be killed, or something. With the size you get with hotmail, its gone in a day :\ Have you seen their prices? its like 36 bucks for 10 megs.. wtf??? ?! ?

Re:Not surprising that his previous ISP did nothin

[Dimensio]

But please, yeah spam is annoying, but death, Marin doesn't deserve that, no one does

I disagree. Marin has demonstrated time and again that he's a parasite, existing solely by stealing from others. My issue with him is about more than just his spamming past, it has to do with stunts like this one, where he's directly caused innocents financial loss through his actions.

Verio Are *STILL* hosting spammers

[JohnFred]

One spam arrived as I was reading this! And they are still abusing whois/dns. Nice, but this guy has managed to do sweet FA

Relevant supporting evidence attached (my account is hosed, anyway..)

News Story.
-----------
http://www.internetnews.com/b us-news/article.php/3 _531911

Spam Headers
--
Return-path:
Received: from punt-3.mail.demon.net by mailstore
for johnc@yagc.demon.co.uk id 1A4cHz-0006dB-Fh;
Wed, 01 Oct 2003 08:25:56 +0000
Received: from [24.128.200.166] (helo=h000ae62be489.ne.client2.attbi.com)
by punt-3.mail.demon.net with smtp id 1A4cHz-0006dB-Fh
for johnc@yagc.demon.co.uk; Wed, 01 Oct 2003 08:24:52 +0000
Received: from lcs.mit.edu [59.95.222.125] by h000ae62be489.ne.client2.attbi.com (Postfix) with ESMTP id EDA4562DFCBD for ; Wed, 01 Oct 2003 09:28:33 +0000
Date: Wed, 01 Oct 2003 09:28:33 +0000
From: Tofikequf
Subject: Johnc Receive your Dip1oma 1965936
To: Johnc
References:
In-Reply-To:
Message-ID:
Reply-To: Jolisojap
Sender: Juleka
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit

Traceroute results
--
3 130.152.80.30 10.121 ms isi-1-lngw2-pos.ln.net [AS226] Los Nettos origin AS
4 198.172.117.161 163.950 ms ge-9-3.a01.lsanca02.us.ra.verio.net [AS2914] Verio
5 129.250.29.136 2.821 ms xe-1-0-0-4.r21.lsanca01.us.bb.verio.net [AS2914] Verio
6 129.250.2.11 6.288 ms p16-7-0-0.r00.lsanca01.us.bb.verio.net [AS2914] Verio
7 129.250.9.210 9.905 ms p4-1.att.lsanca01.us.bb.verio.net [AS2914] Verio
8 12.123.28.130 9.913 ms tbr1-p012201.la2ca.ip.att.net (DNS error)
9 12.122.10.25 13.635 ms tbr2-cl3.sffca.ip.att.net (DNS error)
10 12.122.9.137 12.811 ms tbr1-p012501.sffca.ip.att.net (DNS error)
11 12.122.10.5 54.916 ms tbr1-cl1.cgcil.ip.att.net (DNS error)
12 12.122.10.1 78.542 ms tbr1-cl1.n54ny.ip.att.net (DNS error)
13 12.122.9.130 76.257 ms tbr2-p012501.n54ny.ip.att.net (DNS error)
14 12.122.10.21 81.463 ms tbr1-cl1.cb1ma.ip.att.net (DNS error)
15 12.122.11.194 80.896 ms gbr1-p40.cb1ma.ip.att.net (DNS error)
16 12.123.40.97 80.612 ms gar1-p360.cb1ma.ip.att.net (DNS error)
17 12.125.39.214 81.116 ms DNS error
18 24.91.0.42 81.131 ms bar02-p6-0.wobnhe1.ma.attbb.net
19 24.91.0.154 81.628 ms DNS error
20 24.128.190.57 82.081 ms bar02-p4-0.lwllhe1.ma.attbb.net
21 24.147.0.38 82.124 ms ubr01-p2-0.lwllhe1.ma.attbb.net
22 24.128.200.166 97.001 ms h000ae62be489.ne.client2.attbi.com

From a fellow victim...

[Ryu2]

I'm having the exact same thing happen to my own domain at the moment. Read about my situation here.

In my case, the spams seem to come from all over, from several continents. I'm guessing that those machines got owned through some backdoor or exploit, and they are simultaneously sending those spams. I wonder how all of them are simultaneously using my domain in the "from" header. Is there some central control server for these infected hosts that tell them "use this domain in your forged mails"?

Re:From a fellow victim...

[JuggleGeek]

I tried to visit your site to read about it, but, as they say, "It's dead Jim".

Re:solution to spam

[Oddly_Drac]

"So unless the ISPs monitor all port 25 traffic, and parse it to determine the number of emails"

Why would you need to parse a connection? Look at the origin, compare to the destination.

"And of course, encrypting the traffic between the spammer and the relay (like SSHing into a rooted box before spamming) would nullify this technique anyway."

I'm hoping that you aren't working anywhere critical. Ignore the content, that approach hasn't worked, but simply look at the volume of traffic.

SSH'ing into a rooted box usually isn't necessary and is overkill. I like your use of buzzwords, though. Nice touch.

Re:solution to spam

[LordLucless]

"Why would you need to parse a connection? Look at the origin, compare to the destination."

Um, that is parsing the data being transferred. When you look at a datastream, and analyze it so it forms actual information, that's parsing.

Monitoring volume of traffic may work, but that would mean penalizing people who transfer large attachments too.

SSHing into a rooted box may be overkill, but it's one way I could think of off the top of my head to easily foil any content analysis of a datastream over port 25. I didn't bother trying to find a light, streamlined approach, as I was merely using it as an example of how such as an idea as the original post puts forward could be avoided. As long as it can be avoided, the approach is stupid. ISPs monitoring, filtering or denying the use of port 25 is a stupid way to prevent spam.

To butcher an oft-used quote: Those who trade their ports for a little temporary security do not deserve ports or security, and in the end, will have neither.

Re:solution to spam

[Oddly_Drac]

"ISPs monitoring, filtering or denying the use of port 25 is a stupid way to prevent spam."

Blocking port 25 stops 100% of spam. That's it's overgregarious is the problem.

The main point of this is that if you try to place the burden on the end-users, a huge quantity of which are still not running virus-checkers, have open SMTP relays and confirm their email address as live at every available opportunity, then the squealing will come from that direction. They demand protection from offensive spam, the ISPs shrug, and guess who steps into the gap?

You really want Government moderating this? I certainly don't because as soon as they get involved, it's like watching a monkey rewire a car.

So far the community of technically competant people have completely failed the more clueless users, but they represent a larger block of people who complain louder. ISPs currently have AUPs coming out of their asses to indemnify themselves against anything, so why not do something about the spam problem _aggressively_.

"Monitoring volume of traffic may work, but that would mean penalizing people who transfer large attachments too."

They're already penalized. 10Mb of storage is considered to be 'a' capacity that is limited, but that would be a single datagram stream/connection rather than a blizzard of smaller connections. The thing is that nothing will be perfect, there will always be cracks, but at the moment there is nothing happening that would cut down on the massive amount of traffic that is floating around the infrastructure at the moment.

My best idea so far is to hit, and hit hard, the companies that 'benefit' from spam, but that gets government involved, and so far they aren't doing that well with tracking back the people using open relays, despite netblocks being submitted, having names, etc. etc.

"content analysis of a datastream over port 25."

It would have no effect on downstream transfer between MTAs. Sure, these days it's point-to-point between the destination and source, but then you'd have an IP in the headers. You could even run destination filtering to check the From, return-path and path statements which would cut down on a minority of spam. Hell, that's how I track mine back.

"Those who trade their ports for a little temporary security do not deserve ports or security, and in the end, will have neither."

You consider firewalls bad, then?

Re:solution to spam

[scambaiter]

I already had an idea quite like this after reading the story on that spammer from .nz who left the industry after getting harassed because his real identity was made public in some local newspaper... Set up some fund which will pay bounty for accurate and valid information on proven spammers, and set up a directory just like rokso at spamhaus.org. Dont really harass them, just give them the bad feeling that we know who they really are...

Re:solution to spam

[LordLucless]

"Blocking port 25 stops 100% of spam. That's it's overgregarious is the problem."

That is pretty much what I meant. Stupid doesn't necessarily mean ineffective - it can mean inappropriate too.
No, I don't particularly want governments interfering with this. Quite apart from the legendary technical ineptitude of most governments, you'd have problems with the governments of various countries implementing contradictory regulations and such. I think that the best solution for spam is a technical one.

Filtering is ok, but it's a stop-gap measure at best. Even if it got a 100% success rate, it wouldn't stop the bandwidth wastage spam causes. I'm hoping a bunch of smart people are going to come up with a replacement, or enhanced, SMTP that retains enough backwards compatibility to be slowly phased in over time. The only real answer to a technical problem is a technical solution. Regulations and litigation deal with societal problems, not technical ones.

"You consider firewalls bad, then?"

If it's my machines they're protecting, and I can't reconfigure them, damn straight I do. Perhaps I should rephrase that "control of their ports", but that would just mangle the quote even more. The gist comes through, I think.

Re:solution to spam

[Chatmag]

You may of missed my point. I am NOT in favor of some judge making a "free speech" case out of sending spam. But that is what would happen eventually, someone would challenge any limitations on how many emails a person can send.

I agree that any ISP has the right to set limits for home and business users of their services.

Re:solution to spam

[ScrewMaster]

No ... all you have to do is bring him in to the nearest police station and they'll take it from there. It will take some work on the part of the State Department, and a few new laws I'm sure.

SomethingAwful???

[Eggplant62]

Anyone who reads somethingawful.com knows that this isn't necessarily the nobrainer that you think it is. They had a particular problem where people would be able to sign up for their forum accounts, but they could not be mailed back with the activation because of the SPEWS blacklist determining that the part of the internet SomethingAwful belonged to was Spammerville, USA. This meant that 10-20% of the people who tried to get a forums account couldn't be mailed back, and SomethingAwful could even mail them back to explain why!

Here's a nice link for the angry rantings of Zack "GeistEditor" Parsons on the subject. Yes, we should fight spammers at every turn we get, but the "collatoral damage" means that some people can't even find out why they never get a reply from their girlfriend/grandparents/long lost friend.

SomethingAwful is a poor example to use in this case. Zack Parsons, in my own hog-fucking opinion, is a child who doesn't understand the basic functioning of email and blocklists and incited the flooding of newsgroup news.admin.net-abuse.email by his idiot subscribers. We saw Zack on the newsgroup and on the above-mentioned page whining like a little girl about his problems.

Oh fucking well. Hosting with a spam-friendly provider could have been avoided. He could have contacted his hosting provider and gotten things straightened out on his own. Inciting his readers to harrass the spam fighters because he got his panties in a bunch over his mail not getting through was a bad move, and I'd think it would be an embarrassment for him.

SPEWS and the "collateral damage" concept are one of the few things that have gotten providers off their asses to remove spammers from their networks. Just because some kid's little chat site gets their mail blocked is no reason for the site's readers to act just like spammers, and probably resulted in somethingawful's mail being even more widely blocked than it had been when only SPEWS was listing it.

Re:solution to spam

[Curunir_wolf]

I guess you never send mail to AOL Earthlink, or Mindspring then. Here's Earthlink's response to why they bounce all of the mail from my mailserver:

Hello,

The reason that your mail bounced back is because it appears
to have attempted to pass directly from an IP address range
believed to be dynamically assigned (such as cable, dialup
or ADSL) to the EarthLink/MindSpring network), without first
routing through an appropriate (static) SMTP server. This
is known as "Direct to MX mailing", and is a technique used
by spammers to bypass spam control mechanisms established by
ISPs.

To prevent these errors, all you need to do is route your
outbound mail through your ISP's provided SMTP server (this
is known as "smarthosting"). The following websites will
help to explain the technicalities of what is going on and
how to alter your settings to correct the situation. They
are non-EarthLink resources.

http://pan-am.ca/pdl/
http://www.mail-abuse.org /dul/enduser.htm
http://www.iis.se/Internetdagarn a/idag2000/spam/ma ps/dul.html

If you need help reconfiguring your email client, you should
contact the technical support department for your ISP (if
this is happening at home) or company (if you are at work)
where the problem is originating.

E.G.: If you are an AOL customer, contact AOL, if mail is
bouncing from where you work, contact your IT department
there.

Once you route mail through the supplied servers, your mail
should deliver normally to the EarthLink network.

If we have incorrectly identified your IP addresses as being
dynamically assigned, please write back with the range of IPs
assigned to you and we will adjust our filters accordingly.

Regards,

--
Tom TaTom EarthLink/MindSpring/OneMain Systems Administration
AUP Abuse Team abuse@abuse.earthlink.net
http://www.earthlink.net/about/policies/

Same spammer forged other domains, also.

[JuggleGeek]

The article doesn't mention it, but the spam advertised the website mypillsrx.com, where they claim to sell various prescription drugs. More likely, they just collect your money or credit card number.

The same spammer forged a number of other domains, including mine. I have a page about it at http://www.whitis.com/mypillsrx.htm. There is also another article available at AVN Online.

Eddy Marin, a well known spammer with a history that includes convinctions for cocain dealing, money laundering, and who was involved with pornography, seems to be behind the spam.

In the meantime, his pet lawyer, Mark Felstein, ( check out the cute picture) is suing several people who fight against spam for blacklisting "anonymous members" of his newly created EmarketersAmerica organization, and several anti-spam sites all over are being under DoS attacks.

The spammers are winning because the good guys are playing fair and honest while the spammers have no morals are are making up their own rules.

Re:*You* are Wrong

[JuggleGeek]

Anyone who reads somethingawful.com knows that this isn't necessarily the nobrainer that you think it is

Anybody that knows the whole story knows that somethingawful.com isn't the innocent victim you claim them to be. And anybody who uses groups.google.com to search for somethingawful.com will be able to find that information.

Re:Solution to SPAM

[scrytch]

> Bayesian filters (or similar) on the SMTP servers, analyzing and SPAM-rating e-mail on a line-by-line basis, as it is inbound to the server.

Bayesian filters are but one tool in the arsenal. I have seen them in operation for millions of spam (I work for an antispam company, and no I won't say which), and I can tell you that they're not a silver bullet. Spammers are increasingly padding the message nowadays with text snipped from books, news clippings, etc. Even if it doesn't outright fool the filter, it sure gives it fits. What next has to happen is to get those filters. Another thing going on now is that much spam is contained entirely within an image. Recognizing text out of the image within reasonable CPU time is definitely not an easy problem.

Re:Solution to SPAM

[scrytch]

argh, snipped a sentence off there... Meant to say "what next has to happen is to get those filters to recognize subject matter through semantic analysis, so spam can be determined by the actual content, not by mere word proximities." I understand Apple of all people is working on such a beast.

why???

[snyps]

You really have to wonder why they do this s***. If they are not linking to there own web page then how are they going to sell anything? The only benefit is the nigerian money laundering scandals, those are downright funny, one of the few things that is keeping me sane in this world.

Re:solution to spam

[Oddly_Drac]

"The gist comes through, I think."

To the extent where I'm going to apologise for being a c**t. Sorry.

"The only real answer to a technical problem is a technical solution. Regulations and litigation deal with societal problems, not technical ones."

Spam is a sociological problem in terms of this idea of constantly bugging people to buy stuff. Pretty much every communication method has had to deal with this, but generally you're talking about single bodies that can be asked, cajoled and threatened to stop the transport...fax, phone, mobile...

ISPs made a big fuss about stepping back from the information they carried because of the whole child porn/copywritten content issue, something that came up during the recent senate hearing with the RIAA, and the handwringing that has taken place by them has really gotten my goat. ISPs are the first chokepoint for email entering a subnet...they're in a bloody good position to handle this stuff and personally I'd prefer that this duty wasn't handed over to a Carnivore box because someone was too bloody wet to handle it.

"replacement, or enhanced, SMTP"

Or build a network of trusted SMTP servers with full authentication by using the relay system as is already allowed by SMTP but not used because of the relative difficulty of building a network from the current 'mush' we have.

Hell, I know admins that are firewalling the entire .cn TLD because of the huge number of completely open relays...but how are those open relays connected to the internet? That's the key.

Given that there's some horrendous inroads by spammers into hacking and DDoS attacks to the extent where RBLS are being pushed off the net, spammers should have their access to the internet cut, which means stamping on open relays until they can prove that they're no longer open.

Re:solution to spam

[LordLucless]

Thanks

I think part of the reason people are reluctant to give the ISPs this sort of responsibility is that then that would make the internet analagous to a telco. The strength of the internet is that it is out of the control of companies (although this position is getting more and more tenuous - cf SiteFinder).

But much as I hate to use the term, this is a prime example of the slippery slop. If we refuse to guard ourselves, and appoint guardians, then we no longer control the system, the guardians do. Somebody has to do something about these problems. You can either do it yourself, and retain control, or give it to others, and lose control.

Maybe there's no choice but to lose control. Maybe the internet population in general just cannot exercise eternal vigilance. But that's the only coin that buys freedom.

- Sorry for the melodrama there, but I just can't help myself sometimes. I wonder if anybody else will find their way down to the bottom of this thread. Nice talking to you anyways. -

My hope lies with IPv6

[TexasCowboy23]

I say let the spammers have their fun now. I blame both IPv4 and SMTP. Since IPv6 will (alledgedly) assign a unique address to every computer on the Internet, I'm thinking that it will be far easier to track spammers to their location than it is with IPv4. Of course, SMTP has inherent flaws but it's a very old protocol that was first created when we didn't have to worry about useless messages taking out our MXs. The new motto of the Internet needs to be: "If you build it, they will spam." There is, as of yet, no way to protect mail servers from spam. You can take steps to TRY to protect your poor MX, but I can't imagine what would happen if 250 million spam messages hit my MX all at once.

Identity theft is an entire subject in itself. I say we open DNA banks. Gattica did have a good concept there (using DNA). Sort of like a SSN in your blood. Being a mathematician, I don't believe in 100% -- 99% and maybe even 99.99% -- but not 100%. And if anything, the Internet proves that nothing is 100% full-proof.

Re:Obligitory Comment

[Robmonster]

Plus he spelt Overlords wrong......

Re:Solution to SPAM

[WuphonsReach]

Another thing going on now is that much spam is contained entirely within an image

Does that mean that it's an HTML e-mail, serving up an image from a web server somewhere? (Making it easy to trace back?)

Agreed, Bayesian filtering is but one tool in the arsenal. (Personally, I have a dozen or so white list rules that run on the client prior to putting the rest of the e-mail through a Bayesian filter... The whitelist rules around around 95% accurate, which reduces the amount of work that the Bayesian has to do. (If it gets to the Bayesian filter, 95% positive that it's spam.)

However, we really need to get some sort of reverse DNS system into production so that whitelist rules are more dependable.

Re:solution to spam

[ScrewMaster]

Must be some kind of regional thing ... I regularly send mail to Earthlink accounts, but I don't know anyone on AOL. Unless it's just because my Comcast IP just happens to be in an accepted range. I dunno.

Re:solution to spam

[ScrewMaster]

Dont really harass them, just give them the bad feeling that we know who they really are...

Well, harassment can take many forms ... not all of them illegal.

How about a mail list that is sent out at regular intervals listing the names, addresses, emails and phone numbers of verified spammers. Let the people that receive the list decide what to do about it.

One problem and my solution (part 2)

[thinkerdreamer]

Oh, and you would have to get a lot of coverage in the press to advertise the web site. It would be better on the "First Gov. Site"

One problem and my solution (Part 1)

[thinkerdreamer]

My last article on slashdot got rearranged mysteriously. You are amazingly right. There is only one problem. 50 million people signed up for the no-call list because it was done by the FTC. 50 million people didn't write letters or send e-mails. Figure out how 50 million people could communicate with government easily and you'll solve this problem. This problem is why special interest groups and businesses control congress. Everyone wants an easy way to contact congress. People are lazy. Who wants to form a special interest group? My solution is convincing a congressman to put up on a web site a "Yes" to no SPAM. The "NO" would be left out so spammers couldn't spam it. Clicking on the "Yes" would vote "Yes" to no SPAM. A link would be sent to your e-mail address and clicking on that link would validate your vote. Then put this system on a site like FirstGov and get press coverage in all the newspapers. This would send a message to those interest groups and businesses that control congress. The public can rule them out. This is more of a pure democracy that I've always dreamed of.

Darwin award nominee at least

[bob_calder]

Common guys. How hard is it to figure out:
Eddie Marin ==spam
<|:-(

Darwin award nominee at least.

I promised myself that I would NEVER use html here, but I guess some things are too tempting.
My motto is "POT is US"