Slashdot Mirror
From Artist To Spam-Hunter
I am Kobayashi writes "Wired has a story about Andy Markley, a graphic artists, whose business domain name was spoofed by infamous spammer Eddy Marin and used to spam thousands of people. After the incident recurred at a new ISP, and at the risk of his business and sanity, Markley fought back. He tracked down Marin through several spoofed email addresses and several hi-jacked servers, and eventually was successful in getting Marin's current ISP to shut down his account. Too bad he was a graphic artist and not a professional bounty hunter...."
Get 10,000,000 more of these guys and major domains will start accepting mail from innocent bystandards like me that are unlucky enough to be on small subnets again.
You can't judge a book by the way it wears its hair.
Spamming is such a dirty business that most spammers will commit some illegality somewhere. Their character is rarely that of a saint. And most ISPs will do anything to keep a spammer off of their bandwidth. So if you go after a spammer, there will probably be some dirt to smear him with somewhere.
Here we see the Spammer in his native environment, lets pull his network connection and see if we can get him rialed up. Crikey, look at em dial tech support!
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Verio is notoriously spam- and crime-friendly. So much so that I wouldn't be surprised if their management sold their children out to child pornography websites.
As for convicted coke dealer Eddy Marin, he deserves horrible and painful death for his actions. It's sad that no one has taken him out yet.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
Wow, what a revenge! This has all the exciting hallmarks of the most boring story in the world. He shut down a single ISP account. I'm stunned!
I hope the author isn't holding out for a script-writing deal for anything starring Chuck Norris or Lorenzo Lamas. It's hardly going to get rapped about by Dre, is it?
From Artist to Spam-Hunter to zzz...
'Thats they exact same thing a banana wrench monkey.'
If you want to do the same thing as this guy, try using SpamCop. Paste the entire email (with headers, duh) there, and it will backtrack the message to where it originated. It will tell you which company it came from, which one is being advertised, etc. For the especially lazy, it will also allow you to send a carbon-copy form letter to all parties involved. Best of all, it's free. Consider donating though, it's worth it.
Qualified candidates must be professional bounty hunters with verifiable experience and verifiable references.
Yes, my name is Boba Fett and I worked for a Hut called Jabba -- this was a long time ago and in a remote galaxy. During my tenure with Jabba, I successfully tracked and captured Han Solo, wanted for failure to pay back a sizable loan.
I'm fully familiar with the use of various weaponry, grappling hooks, and personal rocket packs. I have also done consulting work for Mr. Vader, a well known businessman who spearheaded the creation of a large spherical space station.
References available upon request.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
So, this is identity theft. Why cannot spammers be prosecuted for assuming somebody elses "identity" and doing business/making money at the expense of others? This practice is illegal and there must be a legal precedent, yes?
Visit Jonesblog and say hello.
Finally, something to fill in the ????? in my
- Linux
- ?????
- Profit!!
business plan. Now I don't have to hide my email address(es) anymore!-- Stu
/. ID under 2,000. I feel old now.
Most can't do anything about it coming into their networks. Going out yes, but coming in, there is nothing that can be done unless every single customer agrees that spam should not reach their mailbox. See in order to add those kinds of rules to a router, it has to correspond to all. No ISP is going to update multitudes of routers to add one rule for one person.
MoFscker
Although the logistics of such a plan are always complicated, why not author laws that would hit spammers where it really hurts: their financial institutions!? Since you can buy the shit from these bastards, you should be able to determine where the money is going. So make laws that would seize any such moneys that are a direct result of SPAM activity?
Hell even put the onus on Visa/MC/AmEx so that they are charged with dealing with the financial fallout! Do you think even the idiots who buy shit form SPAM would buy again if they were charged double for their purchase (once from the spammer and again from the credit card company for the penalty)? Sure there are bugs in the plan as is, but stopping SPAM from the technical side is difficult (if not impossible), so lets make it financially infeasible!
"1984" was ment to be a warning, not a guidebook. You hear that Kim Jong-il!? BushCo?!
A scenario: Someone damages you, but it is hard to figure out who it was. You spend money and/or time and track them down. You succeed, and sue them.
Can you include the cost of tracking them down in the damages you are suing for?
Can you sue for more than your actual costs, to account for the risk you took that you'd be unsuccessful in tracking them down (hence your time/money would be gone with no possibility of being repaid)?
Quattuor res in hoc mundo sanctae sunt: libri, liberi, libertas et liberalitas.
This is more than just sending off a single email to a scantly watched abuse email.. This means getting hold of a real person and explaining, realistisay, what sort of legal liabilities they might be open to if they continue to support the spammer's actions. (Hacking laws, aiding and abetting, Trademark infringement and vicarious liability) often fit in there.
If more people would do this, life would get a lot harder for spammers.
Free Software: Like love, it grows best when given away.
It really isn't obligatory at all. Really. I swear. In fact, it's highly discouraged nowadays since it's not in the least bit funny anymore.
Only a slashdot poster such as yourself can pound a joke so hard and for so long that even a great Simpsons' line makes me queasy when I read it. But I have to hand it to you -- you, my friend, are clearly the master of pounding it long and hard. But please don't feel obliged in any way.
You can take a rest any time and no one will miss it. Except for possibly your local Kleenex(TM) and/or hand lotion distributors.
everything in moderation
WCG.net, and told the tech support staff what had been happening. Within a few hours, Marin's account had been canceled.
/24s. Then they feign this concern by "shinning" on those who complain about their dubious customers. Why don't someone ask them about Wholesalebandwidth.com/Optigate?
c efile=1114
Baloney! It is likely that they told Marin to change the domain name before Markley sues and WCG loses their big bonus blood money.
But WCG sounded sincerely surprised to find out the infamous Eddy Marin was one of their customers."
Rule #1! Williams Communications Group is notorious for continuously providing bandwidth to spammers with dirty
Anyone who wants to know about Marin and his scum operation can see it on Spamhaus.org:
http://www.spamhaus.org/rokso/search.lasso?eviden
!@#$% whole-grain cereal. When I want fiber, I eat some wicker furniture. - G. Carlin
No one does spam filtering at routers.
There are filters and blocklists, but they have nothing to do with
routers. Long ago particularly egregious spammers were blackholed at the
router level, but that hasn't happened for years.
No ISP can stop all spam, but given enough resources we can stop most
of it. The problem is usually somewhat like you allude to, that there
is a certain set of people with an absolute horror of a non-spam
message being bounced. They claim "loss of email", and thereupon close
their ears.
But there is a more insidious foe, the scan-and-delete error.
Most admins today have two basic ways to stop spam -- blocking and user-
based filtering. Blocking rejects spam detected (via filter or
blocklist) and puts the onus on the sender to re-establish the
communication. User-based filtering puts the onus on the recipient to
review their spam folder and look for "false positives".
And there are three ways to play your two tools.
1. Little or weak filtering or blocking means communications are lost as
people have scan-and-delete errors due to battle fatigue from their
daily fight with spam in their mailbox. Much legitimate email is
lost, and it is lost and *neither party knows it was never read*.
This collateral damage is spread over every part of the net,
spam-friendly or no.
2. Aggressive filtering and tagging for dropping in the user's "spam"
folder means that legitimate communications are tagged as false-
positives. People usually don't scan their spam folders carefully,
because such a high percentage is spam. Again, legitimate email is
lost and *neither party knows it was never read*. This collateral
damage is spread over every part of the net, spam-friendly or no.
3. Aggressive rejection of email via blocklisting causes some legitimate
email to be rejected. However, that collateral damage is limited to
spam-friendly parts of the Internet. The sender knows full well it
was not read and can re-send the message via another channel if it is
important. This knowledge also allows them to take action to correct
blocking errors; and heightens awareness of who is not doing their
part to fight spam.
To me, selecting #3 is a no-brainer. When legitimate email gets lost,
the sender knows it was not received. And it is almost all lost from
networks participating in the massive denial of service attack on the
Internet at large that is spam.
AOL, for example, does a simply outstanding job of making sure spam is
not sourced from their network. They don't allow spam hosting of any
kind. I *never* want to lose mail from them. Same with Earthlink, MSN,
and Hotmail. They deserve that consideration due to their effort. If my
users lose mail from them due to scan and delete errors, I have not done
my job. I would much rather have them lose email from the people who pay
the spam-friendly providers. (And no, folks, those fake hotmail.com
addresses in the From line don't mean they source spam.)
You can do filtering at the MTA level too with rejections, but I don't
do that except with filter settings that have a near-zero false-
positive rate.
So what ever happened to that great idea of including RMX records in zone files? It would 100% eliminate spam like this (which accounts for the vast majority). I haven't heard anything frome either qmail or sendmail implementing it.. which sucks.
See, the reason I'm so big on this, is because I consulted at implementing this at Shadango.com (a new, free, filtering service). We started performing reverse lookups and you would NOT believe the filtering success. It was like day and night. So seriously.. try implementing that on your mail servers and see what happens. And if you're just curious and want to see how effective it can be, check out the implementation at Shadango.com
-Fatty
The spammer was forging mail from one of my domains. Since the domain name was a registered trademark, I had some extra leverage. ISPs have a "safe harbor" for E-mail content, but not for trademark infringements.
I ignored where the mail was coming from, and concentrated on where the money went when you placed an order. The spammer had two phony "billing companies", with phony addresses. Accepting credit cards without providing a valid business name is illegal in many states, so, by sending appropriate letters to the ISPs that hosted his billing sites, I was able to turn off his income stream. The sites reappeared on other ISPs, but with some work, I was able to get his domain registrar to lock some of his domains.
This is an effective tactic. If you file an "incorrect whois data" complaint with the Internic, and the registrar can't contact the domain owner, the domain goes to "locked" state. Then, if you get the hosting company to dump them, they can't move the site. In this case, the spammer operated his own DNS servers (triply redundant, on different ISPs), so I had to get all of them kicked off various ISPs.
By now, I'd had this guy kicked off ISPs from Dallas to London to Sao Paulo. This was made easier by the fact that he was paying for much, if not all, of his hosting with stolen credit card numbers. Since his porno sites generated credit card numbers, he could keep signing up for new hosting accounts with his customer's credit cards. That doesn't work once the ISP knows who to look for.
Finally, the guy retreated to his home ISP in St. Petersburg, Russia, where he apparently felt safe. That took a while to crack. I found out that the upstream provider used by the small St. Petersburg ISP was a larger telecom company in Moscow. That company was in the process of doing an initial public offering on NASDAQ. I talked to their investment people in New York, and eventually received a call from the Russian telecom's CEO. It turned out that we had some friends in common, and that he knew about the small St. Petersburg ISP as a known problem.
With that connection, I had some discussions with the St. Petersburg ISP, which kicked off the spammer. He came back with new accounts the next day. I got those accounts closed. This went on for several weeks. Finally, after some additional prodding, the St. Petersburg ISP shut the guy down and kept him shut down.
It's been months now, and the spammer's content is nowhere that Google can find it, so he seems to be out of business.
The key to dealing with spammers is to follow the money. While dealing with this problem, I talked to bankers, the people who developed his billing system, and a company to which he'd outsourced web design. Eventually, a picture of the spammer emerged. This was basically a one or two person operation devoted to stealing credit card numbers. Once I knew that, getting cooperation in shutting the guy down was reasonably easy.
Trademarking your web site name gives you some additional legal options, and is definitely worth the $450 or so it costs. When you raise a trademark issue, the problem escalates to the ISP's legal department, and you're no longer dealing with the customer service people.
Once you get to the legal people, and fraud is involved, you can point out that the ISP, once informed of the problem, is knowingly aiding and abetting a fraud scheme. This usually results in quick action.
It's always useful to check business license and corporate filing data. If you find a Whois entry for Phonycorp, Inc. at a Mail Boxes Etc. address, find out whether the company has a business license (where required) and is registered as a corporation in the state. If they don't, they're doing business illegally. So report them to the IRS, the state tax authorities, and the local authorities. ("Hello, City Assessor's Office? I'm trying to locate the offices
Not that I would dispute the accuracy or honesty of someone who makes a living from such activites as spamming and (apparently) dealing coke... but...
Ya suppose all this money Eddy likes to gush about in interviews comes from an activity other than spamming? Wouldn't spamming make a great way to launder income. Its already a shady, though not entirely illegal business. It wouldn't be too odd to have a customer base that's a litle difficult to trace. And it would explain a solid income without any apparent labor, contacts, or business partners.
(not that this little conspiracy theory has plenty of holes - but hey, that's not the fun of it)