Brightmail Denies "White List" Deal With Spammer

ThePretender writes "From the InfoWorld article: 'A spammer's claim to his clients that he had an agreement with anti-spam technology vendor Brightmail to not block his traffic was contradicted by Brightmail officials today.' From the sounds of it, Scott Richter (apparently a notorious spammer) might just be looking for some media attention, he even goes as far saying he has similar agreements with some major ISPs. Ouch! May the drama unfold..."

sure, I believe him

[frovingslosh]

Spammers are always honest, arn't they?

Touchy, aren't they?

From optinrealbig.com front page:

OptinRealBig.com, LLC ("Optin") has been informed that the New York
Attorney General and Microsoft have announced a press conference for
December 18, 2003. Optin has not been informed by either Microsoft nor
the New York Attorney General as to what the purpose of the press
conference is. Through other sources Optin has been informed that the
purpose of the press conference is to announce that a civil complaint
has been filed alleging violations of New York law by numerous
defendants, including Optin and Scott Richter, its President. Optin and
Scott Richter vigorously deny any violations of New York law and ask
that their clients and friends make no decision regarding any liability
on their part until they have the opportunity to respond to any
allegations made against them. Neither Optin nor Scott Richter will
have any further comment regarding this matter until they have had the
opportunity to read and review the Complaint. Any inquiries regarding
this matter should be addressed to Optin's legal counsel, Linda Goodman
(619-233-3535). Ms. Goodman is currently out of the office and will not
be available for comment until December 19, 2003.

Re:Touchy, aren't they?

[DaveAtFraud]

The Rocky Mountain News had this article when when the suits hit. It provides quite a bit more detail and points out that apparently OptInRealBig, Synergy6, and Delta 7 (some of his various DBAs) already use overseas relays to circumvent spam blocks.

The Rocky Mountain News is the more conservative of Denver's two mainstream, treeware newspapers. The Denver Post probably also has coverage.

Re:Touchy, aren't they?

[netsharc]

OptinRealBig? Why did I read that as "Open Real Big"? And why did that put the disturbing image of the goatse guy in my head?

But, to be "goatsed" is definitely something this Scott Richter guy (as well as other spammers) deserves.

Re:Touchy, aren't they?

[pipingguy]

OptinRealBig.com, LLC ("Optin") has been informed that the New York Attorney General and Microsoft have announced a press conference...

Weasel words.

Re:Touchy, aren't they?

It's worth noting that Ms Goodman is the law partner of Scott Richter's lawyers.

The lawyers happen to be headed by Scott Richer's father.

It's such a nice incestuous business...

blah

[schematix]

The name of the spammer in question is Scott Ritcher by the way...not Richert. I've been lucky enough to meet this guy and even stay at his half million dollar house in Westminster Colorado for a week. He's doing pretty well for himself if you count the house, the 3 car garage with a black Lexus SC430 and a matching LX470. But overall i'd have to say him and his company are a bunch of idiots. His so-called "partner" Dustin Parker (it says this in the spamhaus link) is a total idiot . When i worked for him, Dustin was a 16-year old middle school drop out. We smoked a couple blunts together. Complete idiot. Just goes to show it doesn't take intelligence to become successful. Of course Scott is only dragging Dustin along because Scott himself is clueless from a technical standpoint. I dunno what the point of this post was except that Dustin is an idiot and Scott isn't far behind him but Scott's making millions off of other idiots so i guess that says something.

Re:blah

[schematix]

woops...his last name is RichTer not Ritcher.

Re:blah

[Reteo+Varala]

Yup... Just a case of the dyslexic leading the blind... for a fee.

Re:blah

[Clay+Pigeon+-TPF-VS-]

Still smoking the blunts with Parker, I see.

Re:blah

[segment]

that's a myth that it makes you forgetful... hell I've been smoking since.... since .... since....

That's nothing...

I've got a deal with Microsoft and the big AV companies to not do anything about the email virus I'm about to let loose.

Enjoy suckers!!! :)

Re:That's nothing...

[ma++i+ude]

I've got a deal with Microsoft and the big AV companies to not do anything about the email virus I'm about to let loose.

Tell me, does this involve Microsoft's decision not to issue any patches for a month?

Re:That's nothing...

[Anthony+Boyd]

I've got a deal with Microsoft and the big AV companies to not do anything about the email virus I'm about to let loose.

<sarcasm>
And this is different from standard Microsoft policy, how?
</sarcasm>

Why not revise email standards?

[plinius]

The problem is that anyone can create bogus emails, thereby masking their own identity. Well surely there is a technical solution to this, such as abandoning the current mail protocols to prevent people from submitting emails with fake identifying info, or from submitting emails from bogus IPs. But where is there any progress along these lines?

Re:Why not revise email standards?

[operagost]

Every modern SMTP server I know of logs the client's IP and places it in the message. Look at the headers in your email some time.

Received: from imo-r04.mx.aol.com (152.163.225.100)
by orff.operagost.local (V5.1-15Q, OpenVMS V7.3 VAX);
Wed, 17 Dec 2003 21:21:41 -0500
Received: from someluser@aol.com
by imo-r04.mx.aol.com (mail_out_v36_r4.8.) id 2.105.3c03c144 (25508)
for <somebody@operagost.com>; Wed, 17 Dec 2003 21:20:34 -0500 (EST)

The first "received:" is the server who delivered the mail to yours. Normally this is the actual sending server, except in two instances:

You have a forwarding service like Mail.com,

The sender is using an open relay.

In either case, you can still find out the spammer's location by scanning down the "received:" list until you find the first exchange that took place. This guy is apparently a real AOLer as there is no other server in between. It doesn't matter how crafty he is- he can even modify the header of his outgoing emails with some special SMTP client software, but I'll still know what IP delivered the mail to me. It gets more confusing with ass-clowns running open relays, but the info's still there.

Re:Why not revise email standards?

[whoever57]

In either case, you can still find out the spammer's location by scanning down the "received:" list until you find the first exchange that took place

While that used to be true, nowadays a lot of spam is sent via open proxies. In this case, the proxy will not show any other "received" lines, except for the fake "received" lines that the spammer has deliberately inserted in order to divert tracking attempts.

Re:Why not revise email standards?

[Roydd+McWilson]

You know, this might actually work if you extremely limit the unauthenticated e-mail streams rather than dumping them entirely. This would allow legitimate e-mails from new acquaintances while strangling of spam. What I envision is that each server has a maximum e-mail reception rate from various other servers. This is structured (1) to encourage efficient flow, i.e. max_in_rate = max_out_rate, and (2) so that others are given apportionments based on the trust level. So for example servers within the same organization may have unlimited interchange rates (or for a complex network, limited to reflect the true capacity and encourage load balancing), edges between different ISPs may have rates established by contract, and unknown hosts are limited to a rate which allows legitimate e-mail but makes spamming excruciating. In addition to simple rates, other rules could be established about message flow to favor legitimate e-mail. The key benefit of this scheme is that e-mail delivery can be kept reliable: messages are either enqueued or rejected depending on capacity availability; at the same time, no information is given out about whether an e-mail address is valid or not when turning away spam. A potential downside is the huge number of mailhosts which would have to be tracked. However, I think if we set the threshold rate for untrusted servers correctly, we can greatly limit the number of mail servers which we need to track with larger rate allocations. Furthermore, traditional blacklisting can be used to demote servers rather than entirely cut them off, and if a particular mail server sees demand for two-way communication with a blacklisted mail server, it can ease the restrictions. Another possibility is to use a reliable non-real-time dual to QoS at the IP level for routes along which e-mail is sent, if it's possible to use the existing and emerging IPv6 standards and infrastructure for this purpose.

Re:Why not revise email standards?

Dont forget wifi :D

Its a spammers and revengers heaven:D

My fav is modifying .hosts file and redirecting everything to tubgirl.com :D uber revenge :D

Takes them ages to find that one, if at all.

Re:Why not revise email standards?

[Tarqwak]

If you can't kill them then filter them...

One thing that seems consistent lately is that domains what are linked in the spam have been created in less than a month, more likely in the past week.

Do a whois on linked <a href="..." <img src="..." <script src="..." domains, and if (registration date < 1 month) add-to-spamminess(+1);

Yes I know, whois servers aren't meant for this :/

Re:Why not revise email standards?

[schon]

The problem is that anyone can create bogus emails, thereby masking their own identity.

First of all, define "bogus" - is that "anyone can write anything they want" or "anyone can forge headers"?

No, the problem is that there are people who want something for nothing, and don't care who they annoy or steal from to get it.

There is no technical solution to this problem.

Take your perception to it's conclusion: there is a way to prevent spammers from forging headers - then what? How exactly will it stop spam? What's to stop spammers from moving from host to host, just like they do right now? Do we start blacklisting hosts, just like we do right now?

There really is no technical solution to a social problem, and spam is a social problem.

Re:Why not revise email standards?

[Reziac]

Speaking of mail.com, does anyone know of a recent supposed "hacking incident" there, which allegedly exposed their userbase to spammers?

I know a guy who claims this happened. Personally, I think it's more likely he got "partnered" by this free email provider. I do remember when EVERY email from email.com (and several other domains that mail.com owns) were 100% spam.

Comments, anyone?

Re:Why not revise email standards?

[BuckaBooBob]

Actually there is :) Do away with SMTP and use a protocol that is alot more secure..

There will still be spam but if action is taken to make the ability to send email from a domain a lengthy Trustworthy process(By trustworthy I mean a absolute verification of the owners identity) and flag thier email sending certificate with a risk assesment identifier (Unsavory practices lowers your ID and maybe refused depending on the reciving party's threshold) could leave a safe Haven for spammers to be able to spam those who wish to be spammed and maintaining a email service that isn't plaged with spam viable.

Re:Why not revise email standards?

[orkysoft]

Just locally cache the registration dates for all domain names, so you won't need to lookup the same name twice. That should cut down on that overhead dramatically, especially for big mail servers.

Re:Why not revise email standards?

God, that is disgusting (tubgirl.com) ... and they even have the good parts obfuscated...

What will be the result of the Anti-Spam Law ?

Well, glad you asked. The result of the Anti-Spam law will be more American jobs moving over seas or to disreputable neighbors.

Think about it. Once those jobs move over seas America will have even less power to constrain the pread of spam.

There ya go Slashbots.

Re:What will be the result of the Anti-Spam Law ?

[fmaxwell]

The result of the Anti-Spam law will be more American jobs moving over seas or to disreputable neighbors.

That's like complaining that laws against kiddie porn mean that Americans are missing out on working in the lucrative kiddie porn industry.

Think about it. Once those jobs move over seas America will have even less power to constrain the pread of spam.

Once they go overseas, e-mail providers can just put country blocks in place (see blackholes.us) and the problem is solved. If those countries want to join in our reindeer games, then they can crack down on the spammers and the blocks will go away.

Re:What will be the result of the Anti-Spam Law ?

[fermion]

So more jobs leave the US, fewer of us have good jobs and the expendable income that accompanies said jobs, so we become less of a target for Spammers. As many have said, Spamming is profitable because consumers buy the products. No US consumers, no reason to spam the US. Market dies, so the product dies. Spam problem solved. I fail to see a downside to this.

Re:What will be the result of the Anti-Spam Law ?

[Penguinshit]

The same logic is applied to the War on Drugs. No drug users = no drug problem.

However, drug users are addicted to intoxication (particular substance notwithstanding) and spam customers are just plain gullible fools (of which there are legion; just ask the Republican Party)

The downside is that wishing upon a star won't help.. neither will (further) bankrupting the US economy.

Re:What will be the result of the Anti-Spam Law ?

[pipingguy]

Once they go overseas, e-mail providers can just put country blocks in place (see blackholes.us) and the problem is solved. If those countries want to join in our reindeer games, then they can crack down on the spammers and the blocks will go away.

Well said. Don't play by our rules? Fu** off, we're not listening. Let's see what happens then.

Re:What will be the result of the Anti-Spam Law ?

[LostCluster]

As long as spam equates to sales, people who get duped into "updating their account numbers" or people willing to help a deposed Nigirian offical launder money, there will always be spam. It costs so little, it'll just take a few fools make a profit.

Re:What will be the result of the Anti-Spam Law ?

I suppose no one has realized that the US is the number one spam nation in the world. The country we should be blocking is the US.

Re:What will be the result of the Anti-Spam Law ?

[fmaxwell]

I suppose no one has realized that the US is the number one spam nation in the world. The country we should be blocking is the US.

Actually, that's not true. The majority of spam is sent through other countries. I've got plenty of logs to support that contention from my domain anti-spam.org. While the majority of spammers might live here in the U.S., they usually go offshore for their e-mail delivery and website hosting.

Re:What will be the result of the Anti-Spam Law ?

[qeveren]

That's like complaining that laws against kiddie porn mean that Americans are missing out on working in the lucrative kiddie porn industry.

You're right! We need to change those laws! Whatever happened to capitalism??

I'm kidding, I'm kidding, geeeez... :)

Re:What will be the result of the Anti-Spam Law ?

Capitalism only works well with government involvement anyway...

spammer fraud?

[belmolis]

If it's true that Brightmail made no special deal with him, it looks like he could be prosecuted for consumer fraud as well as spamming. Indeed, his clients could presumably sue him too. If Brightmail did make a special deal with him, assuming that they advertise that they block spam, then they comitted consumer fraud. Somebody's in trouble here one way or the other.

Re:spammer fraud?

[MntlChaos]

do spammers really care about what laws they break? After all, they only use willing worm-infected computes, right?

Re:spammer fraud?

[pen]

They don't care about breaking laws, but they do care about getting caught and convicted.

Re:spammer fraud?

[rhizome]

Sure! It's possible that he could be sued for trade libel, similar to what SUSE received their injunction against SCO in Germany for.

They both must be right, would either one lie?

[0mni]

Corporate officials are not all the much more trustworthy, unless I see hard evidence either way this becomes a mute point. All goes down too who you trust more, companies out to get your money or individuals out to get your money. Best way to stop them getting it is to not have any money, which is working out just fine for me.

Re:They both must be right, would either one lie?

[mr+i+want+to+go+home]

Agreed! Just how trustworthy does anyone think AOL is?

From the Reuter's article linked to in the story..

"Scott Richter, a bulk e-mailer who ranks No. 3 on Spamhaus's list, told Reuters he was not worried by the arrest because he said he does not break any laws.

"I'm happy to see law enforcement cracking down on people who use false headers and I wish they could get all of them," Richter said. He added that he sends large amounts of commercial e-mail but does not disguise routing information and takes pains to comply with Internet providers' policies.

"I was just at AOL's office a month ago," Richter said.

AOL officials declined to comment on their relationship with Richter or say whether he had visited their offices. "We are aware that he follows the legal developments (of anti-spam laws) very closely," AOL Assistant General Counsel Charles Curran said."

What do you do when you know you've screwed up, but can't say so?

Decline to comment of course!

Re:They both must be right, would either one lie?

[tzanger]

Moot point, not mute point... That's right up there with "all intensive purposes" -- not blasting you, just trying to help you not look like an idiot in the future. :-)

Re:They both must be right, would either one lie?

[Spoing]

"Scott Richter, a bulk e-mailer who ranks No. 3 on Spamhaus's list, told Reuters he was not worried by the arrest because he said he does not break any laws. ... "I was just at AOL's office a month ago," Richter said.

Maybe he's lying or delusional? Remember, anyone can go to AOL's offices (jump in plane to Virginia, get in a car, drive, walk up -- tada!); it doesn't mean he has any business dealings with AOL corporation.

Address

[I_am_Rambi]

Seems like his address can be found here

Scott Richter
1333 w 120th Ave suite 101
Westminster CO 80234
Srich10195@AOL.COM
303-5509828

OR

Richter, Scott srich10195@al.com
SaveRealBig
p.o.box 21316
denver, co 80221
usa
303-428-3600

Re:Address

[AnnCoulterTroll]

srich10195@al.com

Does he work for this Alabama news site? If not, why does he have an email address in their domain?

Re:Address

Richter, Scott srich10195@al.com

That should probably read:

Richter, Scott srich10195@AOL.com

al.com is something completely different.

Re:Address

[MuckSavage]

For some reason, I get a bad feeling with someone like that living so close to me. Makes my hometown look bad.

However, we could organize a "field trip".

Re:Address

[cmowire]

I've often felt that. For a short span of time, there was a spammer operating a few miles from me.

I'd probably manage to get myself arrested for either trespassing, assault, or perhaps something more sinister if I did pay them a visit, tho.

Re:Address

[MuckSavage]

I wouldn't do anything stupid, mind you. I'm not going to jail for that fucko.

But a lot of "passive" justice can be done. You just have to be creative. ;)

Re:Address

[erveek]

You could always argue that he could opt out of your valuable subscription paper-bag-full-of-flaming-dogshit service at any time.

Re:Address

[cmowire]

The problem is that I'm too evil to really do good passive justice. ;)

Re:Address

[Kris_J]

How about a sign on a stick that reads "The person inside this building thinks your 12 year old daughter needs a bigger penis"?

Re:Address

[sahrss]

I live really close too. Shoot me an email and maybe we can arrange something ;)

sahrs(a)yahoo(d)com

Does it matter...

[AnnCoulterTroll]

Even if he did have an agreement with a private corporation (which it appears he did not), it wouldn't matter if he broke the law, correct?

From the Article

[alphonso_bedoya]

Francois Lavaste, Brightmail VP of Marketing, said in a statement provided the GripeLog, "I have personally verified, with the assistance of male members of my department, the ineffectiveness of products advertised by Mr. Richter." Other Brightmail executives were spending the holidays in Nigeria and were unavailable for comment.

Re:From the Article

[ChoGGi]

"I have personally verified, with the assistance of male members of my department"
does this sound to you as if they were testing a certain enlargement product that they had received in their mail

Re:From the Article

[NoodleSlayer]

Sounds like breast enlargement pills if you ask me ;-)

Re:From the Article

[rhizome]

You've got a firm grasp of the obvious!

Re:From the Article

Captain Obvious to the Rescue!

Actually, He is being honest

I have written several times of a major spamming operation that is using major ISPs. This is the guy who has been paying MSN > 1Million / month (apparently, also, Yahoo and AOL, but I do not know what the amount or deal is there). MSN then was getting greedy and raised it to > 5Million. From what I understand several of the other spammers kept the deal, but this guy approached another major DSL company and offered 2Million / month. The interesting thing is that he wants IPs and bandwidth. The major companies do not try to shut down insecure servers becuase they locate them and then simply use those IPs. Later they can blame the client.
Most of the spam that everybody thinks is coming from overseas is not. It is here, but the large ISPs are willing to hide it for a large price.

Re:Actually, He is being honest

[Technician]

I check the headers. Somewhere the link of IP address breaks down. The last one or two servers are false most of the time. However the last valid server indicates the IP where it really received the packets from. I do find most of my false header mail is from overseas. However some of it is from the US with a false entry indicating .nl or .ru. I don't speak Russan and I have no relatives in the Netherlands, so any mail claiming to come from there is auto-deleted by my filter. I found most of the from the US really, but claiming .nl or .ru is simply a virus running from one of the client machines of one of the major DSL or Cable providers. Norton usualy filters any of these before the header filter gets them since virus scanning is first.

It's amazing how many people run unpatched boxes on broadband with neither a router or AV software.

With what I know now, I wouldn't consider running a Windows box on a broadband modem without a router AND AV software. Change the gateway address to someting other than 192.168.1.1 or 192.168.0.1. Lots of machines configured the same make easy targets for exploitation. Make changes to reduce the number of easly infected machines.

Re:Actually, He is being honest

I do find most of my false header mail is from overseas.

Actually, it is not. The validity of this counts on the backbone being honest. It is not. From what I learned, MSN will allow the spammers to use the IPs of their customers. But obviosly, if used to heavily, it would be bad. So thay play with Local servers/routers to make it appear to be from overseas.

When you think about it, it is brilliant. The overseas links would be horrible expensive. So instead use modified local servers.

Re:Actually, He is being honest

[Spoing]

1. 1. I do find most of my false header mail is from overseas.

   Actually, it is not. The validity of this counts on the backbone being honest. It is not. From what I learned, MSN will allow the spammers to use the IPs of their customers. But obviosly, if used to heavily, it would be bad. So thay play with Local servers/routers to make it appear to be from overseas.

   When you think about it, it is brilliant. The overseas links would be horrible expensive. So instead use modified local servers.

If you've got proof, that would make a hell of a front-page story for any news magazine.

Re:Actually, He is being honest

[happystink]

But there is so little meat to these anonymous claims that they are probably just trying to spread some always-welcome-here anti-microsoft FUD around.

Re:Actually, He is being honest

I was at the other ISP doing business when the offer came through (to a VP), but I can not show anything due to NDA and other contractual arrangements. Perhaps in about 1 year, but at this minute, no.

One thing to think about is the spammer who was getting addresses from AOL and AOL did not deny it (to their credit; I have no doubt that MSN would deny all even if all the spammers came forth, showed the contracts, the code, and the operation).

I am in hopes that Richter is force to give up more info during a trial. BTW, my understanding that MS gave him up because he did not relist at the higher prices, but was trying to do an endrun. What he did not realize is that the ISP was more of a partner than has been let on.

Re:Actually, He is being honest

This has never been about MS. It has been about a spammer. While I know that MSN was selling it, I was told so was Yahoo and AOL. I would guess that the same is true of TCI/ATT/Comcast, Cox, etc and the all CLECS doing dsl.

Re:Actually, He is being honest

[JuggleGeek]

Some sort of actual evidence, instead of the word of an AC, would be useful here.

Sure it's possible

[mindstrm]

But you need to realize is that the reason email works, on the global scale it does, is precisely because of that lack of authentication, and it's decentralized, open nature.

I'm not saying "it's impossible"... it's certainly not.. but the more layers of authentication, and the beurocracies needed to manage them, the less workably any system becomes.

RICHTER

[oobar]

His name is Richter, not Richert, which is clearly indicated in the links provided.

Michael, by definition you cannot call yourself an editor unless you actually edit the stories.

the irony

[Heartz]

Am I the only one that sees the irony of this whole submission to slashdot because it was a post about a spammer pretending to have white list access and submitted by a pretender?

The spammer rules

[cluge]

With variation from time to time, the rules that ALWAYS applies to spammers are[From news.admin.net-abuse.email]:

Rule #1: Spammers lie.
[(Proposed) Sharp's Corollary: Spammers attempt to re-define "spamming" as that which they do not do.]

Rule #2: If a spammer seems to be telling the truth, see Rule #1.
Chrissman's Corollary: A spammer, when caught, blames his victims.

Rule #3: Spammers are stupid.
Krueger's Corollary: Spammer lies are really stupid. Pickett's Commentary: Spammer lies are boring. Russell's Corollary: Never underestimate the stupidity of spammers.

I say see rule #1 when listening to a spammer.

AngryPeopleRule

Re:The spammer rules

[mr+i+want+to+go+home]

"I was just at AOL's office a month ago," Richter said.

AOL officials declined to comment on their relationship with Richter or say whether he had visited their offices

Never underestimate the stupidity of corporate greed either. Come on, this guy sends his spam from somewhere .

Re:The spammer rules

So you say he was taken up on a CONFIDENTIAL BUSINESS PROPOSITION?

--
Maecenas ac nibh. Aliquam pharetra.

Re:The spammer rules

[beebware]

AOL officials declined to comment on their relationship with Richter

This is this bit that worries me - they are confirming they DO have a relationship with Richter. Plus, if you think about it, would they decline to comment on something that doesn't exist?

Re:The spammer rules

[greenrd]

Simple explanation. In order to actually find out this, the PR rep might need to talk to a lot of people at AOL (it's a big company) to find out if anyone had formed any "business relationship" with Richter. Is it worth the PR rep's time to do this? No.

Re:The spammer rules

[elemental23]

Rule #3: Spammers are stupid.

That right there is part of the problem. The truth is, spammers aren't stupid. Sure, a lot of them certainly are, but not all of them.

See the Sobig virus, for example: Write a virus that will install a proxy server on infected machines and spam through them with impunity, knowing that the proxy server will appear to be the point of origination. If no one can trace it back to the spammer's actual network connection, he doesn't have to worry about his ISP ever finding out. See also the story a few months back about web proxies on infected Windows machines; DNS is updated so the spamvertised domain resolves to the infected machine which then proxies the traffic to the actual web site, so the spammers don't lose their web hosting accounts either. Quite frankly, that's brilliant.

Now don't get me wrong, I'm not saying any of this is good. I spend eight hours a day five days a week dealing with spam in my job in a large ISP's abuse department. I've seen a lot of the tricks spammers use, and the people coming up with some of them aren't stupid.

Is this an attempt to hold customers?

[Chatmag]

*'A spammer's claim to his clients...*

I think that's the key phrase here. Apparently Scott is losing customers, and in order to retain them, or gain new ones, he has to tell clients he is "whitelisted". What reputable business would want to pay an email broadcast company, when that company is blocklisted. He couldn't possibly think to use this as a defence, saying that if Brightmail whitelists him, he must not be a spammer. But then again, from what I've seen regarding him, I wouldn't be surprised.

As far as I'm concerned, any business that uses Optin is just as sleazy as Scott.

Re:Is this an attempt to hold customers?

[LostCluster]

He's likely trying to spin some statement that says "If you really are doing opt-in e-mail, we'd never block you," from Brightmail into a promise that they won't blacklist him... doesn't quite work that way in his case.

Buzzzzzz.....Wrong

[www.sorehands.com]

Even if spammers move their servers overseas, the people running the business here can be sued. Even if the spammer is completely overseas, they can still be sued. If a US company hires a spammer to spam, the US company can be sued.

Proving a negative...

[LostCluster]

The biggest problem with the "I didn't opt in!" complaints is that spammers have gotten better and better at submerging the opt-in indication to a yes-defaulted checkbox within all sorts of websites and software. Once you have slipped up and comprimised your e-mail address this way, you've basically given that publisher permission to spam you and share your address with any other spammers they want to "partner" with.

Therefore, anti-spam laws will always have a hole that a truck can be driven through. Since proving that you've never accidently tripped over a "universal opt-in" is nearly impossible to do, successful prosecutions will be tough.

The only way we're ever going to fully kill spam is to abandon SMTP and get a better way to verify that e-mail really came from the claimed sender and leaves a valid return address...

Re:Proving a negative...

[JudgeFurious]

Agreed and good points all. I think you underestimate the size of the hole in anti-spam laws though. It's closer to the size an aircraft carrier can be U-turned through.

Aside from that one small point, perfect.

SMTP has got to go. It was great while it lasted but obviously the human race, or some small percentage of it is incapable of not screwing something sweet like this up. We need something that can literally put an end to this before it begins.

Re:Proving a negative...

[fireboy1919]

Or we could make opt-in harder.

We could have an authority that you pick a username and password for, and a list of e-mail addresses, and then allow you to make records with three data items:
1) Key itself
2) Company
3) The e-mail address used

If there is only one such authority, and each e-mail address can only be registered once, then spammers would be forced to illegal action. Companies wouldn't be allowed to sell e-mail addresses, because only they would have the right to use them, NOT whoever they would sell them to.

Of course, spammers could register and then opt in other people's addresses, but that would obviously be equally illegal and actually easy to prove.

Re:Proving a negative...

[Tim+C]

That's one of the reasons why the EU recently (last few months) introduced legislation requiring all such things to be opt-out, and to default to that. If an EU company pulls that sort of shit on me, they're in trouble.

Of course, the problems are

a) I only get spam to an address that was harvested off the web, and occasionally "webmaster" or "sales" at my domain; and

b) none of the spam I get comes from the EU or EU-based companies. It's all sent by or on behalf of US companies.

Thankfully, I don't get spam to any address I care about, and as soon as I get round to hosting my domain myself, I'll bounce everything to that one address. I only get a couple of dozen per week, though.

The only way we're ever going to fully kill spam is to abandon SMTP and get a better way to verify that e-mail really came from the claimed sender and leaves a valid return address...

But we have verifiable contact details now! All spam is advertising a product, right? So we have a website, or a phone number or address - if you want to complain to/about the company, you already can!

Maybe I'm being slow (I've not had my morning coffee yet ;-) ), but I'm not sure what difference requiring another means of contacting them would make.

Re:Proving a negative...

[Yottabyte84]

sneakemail and spamgourmet are two services that let you do this sort of thing. Sneakemail creates addresses that are good until deleted, spamgourmet lets you create sddresses that are only good for x number of emails (where x is up to 20). I use both, and only get spam from spammers that have managed to guess my email address.

Re:Proving a negative...

[theCoder]

SMTP has got to go.

Feel free to stop using it at anytime. Go use your better solution. I'll be glad to join you when I see it works. But just saying that "SMTP has got to go" isn't helping anyone.

Honestly, there's already a 100% full proof solution to spam that no one wants to use -- sign ALL your email with your PGP (or gpp) key. Once everyone starts doing that, then you can start rejecting email (or assigning it a higher spam rating) that isn't signed. At the very least, it makes spammers spend CPU time signing messages (somewhat like HashCash). It would also severely limit Joe jobs (sending spam using another's email address as the From address). Of course, no one does this -- they'd much rather waste everyone's time bitching about how bad SMTP is (even though it's doing *exactly* what it was meant to do) or otherwise breaking email (blocking whole blocks of IPs, using challenge/response, etc).

Re:Proving a negative...

But we have verifiable contact details now! All spam is advertising a product, right? So we have a website, or a phone number or address - if you want to complain to/about the company, you already can!

Many of the "make penis fast" jokers are using web servers in China (and good luck getting info out if them, Brazil (ditto), with credit card merchant accounts from Tongo, Balize, or other countries, using a fufilment center that only has bogus contact info.

About the only one that's reachable is the fufillment center (the guys that actually pack up and ship the product), and them only if they are whitehats. If they just want to make a buck, forget them too.

So you can go the whole chain and never get any info at all that you can use, even with a court order.

Thankfully, all spammers are stupid and can't keep their mouths shut. They almost always manage to out themselves, and if they don't, some people that are doing the dirty work will tell you off the record. The only exception known at this time is Gavin Stubberfield, whose real name appears to be Jason Jaynes, I think.

For a while, open proxy honeypots were doing well, but the spammers are now using hacked machines to control their open proxy scanners and open proxy zombie masters. Spam fighters have moved on to a more effective technique, but we won't discuss that until the spammers catch on to that one.

Re:Proving a negative...

[JudgeFurious]

Mayne you make it back to this post and maybe you don't but I just got back to take a look at it and of course just saying "SMTP has got to go" doesn't solve anything.

I'm not a programmer and I don't have a "better solution" waiting in the wings to spring on the world. I can see that the present way of doing this has been compromised and that it won't be much longer before something better will be needed.

You can spot a bad actor without being an actor (good or otherwise). It doesn't take someone who has a deep understanding of SMTP to see that email as we know it is in trouble either.

email is good stuff but a bunch of assholes have found it fairly easy to turn it into as much of a problem as it is a benefit. This thing you speak of, signing all of your email with a key, sounds interesting. Can it be made mandatory? Leaving this as something that everyone must "agree" to do isn't going to make any difference.

I'm not a terribly knowledgable person in this area but I think that it's kind of obvious that the eventual solution to this is going to be an SMTP2 or something along those lines and that it will (in time) be either that or email becomes a fragmented mess (as you alude to wherein people block whole blocks of IP addresses).

SMTP is doing exactly what it was meant to do. Fine. Good for SMTP and we're all proud of it. The landscape has changed though and what SMTP was meant to do has been corrupted into something it was never intended to do. SMTP changes to correct this abuse or eventually gets replaced with something that does will be the answer to that.

By saying "SMTP has got to go" I'm not saying it's broken or bad or that it's done something wrong. People have done something wrong with it and it's got to be rethought to stop this from happening in the future.

A note on Brightmail

[pw700z]

Part of the reason to toss the name 'brightmail' around is because their product is awesome at stopping spam. The spammer is probably just trying to undermine brightmail's credibility.

Re:A note on Brightmail

[balamw]

Brightmail? Awesome? Not for me it ain't, at least not right now. My ISP (AT&T Worldnet) uses it and it is letting through sooo much obvious spam recently that I'm beginning to think the spammers must have figured out a way around Brightmail's rules.

FWIW, both Yahoo! and the new Hotmail filters are performing much better than brightmail for me now

Regardless, I download all my mail through a SpamAssassin POP3 proxy, which just plain knocks em dead.

Balam

Re:A note on Brightmail

Our company considered brightmail. *PHEW* really expensive. We went with http://www.mail-frontier.net instead and it's been performing great.

Re:A note on Brightmail

[jrumney]

FWIW, Spam Assassin seems to have been less effective for the last month or so. Redirecting mails with a score of 5 to the Trash used to catch most spam, but lately it is all coming through with a score of 2 or 3 (as does the occassional genuine mail).

Re:A note on Brightmail

[pw700z]

That's interesting. I was specifically refering to their enterprise product - which is trully awesome (and somewhat expensive.) I'm such a non-fan of AT&T I would almost blame them for not doing something right. Wouldn't make any sense if the Brightmail ISP product was junk, but their smaller 'enterprise' product is great (it is). So, I dunno.

Re:A note on Brightmail

[Tony+Hoyle]

Install the popcorn, backhair and evil rules. Effectiveness back up to 99.9% again :)

Re:A note on Brightmail

[beebware]

Any chance of letting me know how you set up a SpamAssassin POP3 proxy? I've got a server of my own with SpamAssassin on it, but the large bulk of my emails (over 30 legit ones a day) and spam (over 3000 a day) come to my ISP's mail box which is just plain POP3 with no current filtering...

Re:A note on Brightmail

[Zocalo]

You need to tweak some rules manually from time to time to get the most from it, and make sure it is properly tuned for your system of course. For example, if you don't get any non-English emails then the default score is *way* to low, so you might want to add this:

score CHARSET_FARAWAY 10.0
score CHARSET_FARAWAY_BODY 10.0
score CHARSET_FARAWAY_HEADERS 10.0
score UNDESIRED_LANGUAGE_BODY 10.0

to SpamAssassin's "local.cf" file. Some other good ones are:

score HTML_IMAGE_ONLY_02 10.0
score MICROSOFT_EXECUTABLE 10.0
score MIME_HTML_ONLY 5.0

Your mileage may vary of course; you need to look at the specific spams that are slipping through *your* net and spot the common patterns or keywords. Especially the keywords; I defined a bunch of custom rules based around "Sildenafil Citrate" a while ago to deal with some jerk's marketing campaign. All hits on these rules went directly to my automatic spam reporting script - the campaign didn't seem to last very long... ;)

Re:A note on Brightmail

I agree. My ISP (Magma Communications) also uses Brightmail and it's very rare for me to see SPAM in my mailbox. They also offer SpamAssassin (not enabled by default) on top of Brightmail so whatever goes through is going through BOTH of them.

If I check which filter caught most of my SPAM I can see that SpamAssassin never really gets a chance to stop anything because it's all done by Brightmail first.

All-in-all I think Magma is one of the best ISPs around (Eastern-Ontario). I pay $61.95 (Canadian) for my ADSL connection (1500/320), they support my Linux firewall (their setup CD includes the scripts needed to connect), I'm allowed to run servers, and they have reasonable transfer limits (30Gb/30Gb from 7am to midnight, unlimited otherwise). What more could you ask for?

Re:A note on Brightmail

[cpeterso]

Brightmail sucks. My employer uses Brightmail to keep company email inboxes clean from spam. It does not work. Everyday I still receive about 10 "Microsoft admin network patches" virus emails, Japanese spam, and pr0n spam with OBVIOUS keywords like "15 inch horse cock", "teen girls", and "3 inch anus". Most of this spam has obviously forged To: and From: headers, too.

Re:A note on Brightmail

[balamw]

The easiest approach on Windows is SAProxy, which unfortunately is no longer free. I used this pop3proxy plus this How To SA on Win32 to roll my own. But if you're on unix, you could still use pop3proxy, but it sounds like you should read up on fetchmail.

Balam

Re:A note on Brightmail

[balamw]

It WAS working great since they first introduced it a few years ago until a few months ago. Now the hit rate is around 60% and dropping.

I think a lot of it has to do with the kind of spam you get. I get very different spams at home and at work. Perhaps brightmail would work fine on the work spam? Balam

Re:A note on Brightmail

[balamw]

Like anti-virus solutions, anti-spam solutions need constant updating. Make sure you are running the latest verion 2.61, with a well trained Bayesian database. The Popcorn, Backhair & Weeds ruleset another poster mentioned, and the detoken rules do wonders for me at work, but I don't seem to need tham at home.

Balam

Out of lying spammers, Scotty takes the cake.

[Rascally]

You generally can't believe a thing the guy says. I know for a fact he doesn't have agreements with at least one of the carrier/ISP's he says he does, and that carrier has had problems with him off and on for years through a couple of their larger hosting customers.

Of course, just for saying this, he'll threaten to get his dad (who's a lawyer!) to come after me, except of course that he's a tax lawyer.

Out of spammers, this guy is the lowest of the low.

Re:Out of lying spammers, Scotty takes the cake.

Out of spammers, this guy is the lowest of the low.

Uhm, you sure that's possible? I didn't think there was anything lower than a spammer.

sure

[danidude]

Use the "which is more probable?" principle: which is more probable? A anti-spam technology ruin itself by promising blocking spam and letting thousands of junk mail pass by becouse ti made a deal that will ruin it's bussiness or The goo'dam spammer is lying?

Re:Iraq? Afghanistan? Libya? Syria? N. Korea?

[Clay+Pigeon+-TPF-VS-]

The election is nearly a year away. November 2004. Do your research before you try again, Mr. Troll.

Why is everyone so focussed on the spammer?

[morelife]

You're just feeding his notoriety by talking about him, obviously it's a stunt on his part.

Brightmail has so few false positives and allows so little spam through that any noticable continuous stream of spam caused by such an alleged "arrangement" between Ritcher and Brightmail would be bound to get noticed by savvy end users/administrators, if not Brightmail post-installation tech support.

Same with alleged "whitelists" at ISPs - enough people have eyes on MTA configs that there would be questions.

This is bullshit and I'm sorry Brightmail had to stoop to a public answer.

So who are these guys http://www.ileads.com

[ozzee]

I was told by a friend of mine (mortgage broker) that his company stopped using ileads.com because they were getting too many "bad quality" leads.

It seems that some people are starting to fill out these forms and having the brokers contact them and then after taking all the contact information from the broker, they inform them that if they don't a) divulge the information of where they got the lead and b) agree to stop using companies that use SPAM to generate leads that they will hand their contact details to the foaming at the mouth public.

Is this legal ? Souds like sweet justice to me.

Re:So who are these guys http://www.ileads.com

[CaptBubba]

It is sweet justice. Either Newsweek or Time had an article a year or so ago about spam and anitspammers. One guy was so annoyed by a spammer that kept sending the same spam to him (the guy must not have had a filter) so he bought something from the spammer.

The buisness that was spamming was then listed on his credit card statement. He sued them and won something like $1,000 from them for ignoring his opt-out requests. He had a statement about his technique for finding the spammer that went something like "They could hide from me, but nobody can hide from American Express"

I wish credit card companies had fake numbers to give to these spammers and paypal fraud artists that would automatically trigger alarms when they ran through for verification. This would be a great way for people to track down who is actually profiting from the spam. A good-guy version of the trojan horse, if you will.

Re:So who are these guys http://www.ileads.com

I wish credit card companies had fake numbers to give to these spammers and paypal fraud artists that would automatically trigger alarms when they ran through for verification. This would be a great way for people to track down who is actually profiting from the spam. A good-guy version of the trojan horse, if you will.

But then the spammers would just block those numbers from being passed through their programs....

Re:So who are these guys http://www.ileads.com

[calyxa]

how about this - with every credit card, one would have a second 'key name' known only to the card user and the credit card company. so, when I make a 'regular' purchase, I use my card with my 'regular' name, "Joe Schmoe." but when I snipe a spammer, I use my card number (good, unfilterable by number) with the 'key name' (EVIL! EVIL! MUST KILL SPAMMER!), "Cecil Gentry."

-calyxa

Re:So who are these guys http://www.ileads.com

[nacturation]

But then the spammers would just block those numbers from being passed through their programs....

Assuming a spammer/fraud artist puts through more than one false credit card number per month, they would have no way of knowing *which* of the umpteen credit card numbers was the fake one that triggered the alarm. Sure, they could form an organization and track what numbers they put through, but even still -- do you think credit card companies would find it difficult to generate unique numbers? Hardly!

Re:So who are these guys http://www.ileads.com

[Feztaa]

I wish credit card companies had fake numbers to give to these spammers and paypal fraud artists that would automatically trigger alarms when they ran through for verification.

Hey, that's a great idea! It's like that honeypot thing I read about a while ago (can't find a link, sorry).

Anyway, I don't know anything about credit cards (not having one, and all), but I heard that for security reasons, you can have the credit card company put limits on your account, like if you work 9 to 5, have the card raise red flags if it's used between 9 and 5, since you're not likely to be using the card while you're at work and any use at that time is likely fraudulent. So just sign up for a credit card and say something like "I only use it sundays, flag everything else", and then buy into a bunch of spam stuff on monday.

And then, just never use the card for anything but spam. I guess that's a little extreme, but if you really wanted to hunt down these spammers...

Re:So who are these guys http://www.ileads.com

Congratulations on being lucky poster #7,777,777. Tell him what he's won !

Re:So who are these guys http://www.ileads.com

i bow down before thee oh choosen one of slashdot
lord of the 7s
keeper of that which is between 6 and 8

Re:So who are these guys http://www.ileads.com

Right on, you lucky bastard. All 7's -- you are a lucky man!!!

Re:So who are these guys http://www.ileads.com

[Feztaa]

Shit, it's time to buy a lottery ticket :)

Re:So who are these guys http://www.ileads.com

I, for one, welcome our new 7x7 overlord!

Re:So who are these guys http://www.ileads.com

[DavidTC]

That's what I do, too. I give them my real name and, this is the important bit, my email address, the on they spammed. (The spammer *already* has it, anyway, and as people like to give them lots of junk info, might be filtering that the email is one they sent the message to.)

If I'm not busy, I'll tell them they are doing business with criminals who committed felonies while representing their company.

If I am busy, I'll pretend to have no idea what they are talking about. Yes that is my name, and that is my email. However, I do not own a house, and do not want a mortgage.

And there was the time I pretended someone had paid me to answer the phone and pretend to be interested...

Re:So who are these guys http://www.ileads.com

[Echnin]

I actually just spent 5 minutes trying to find this post when I saw post #7777719... What life? Oh, that's an idea for my Christmas wish list.

Re:spending the holidays in Nigeria

[Technician]

Oh, so that's where the millions of dollars are from that they need help transferring to the US. Sounds like if we help them, we could make a few bucks! ;-)

Me too I've got an agreement, the Iron Bar

[totatis]

Me too, I concluded an agreement with this guy, about my Iron Bar(TM). Whenever I meet him, he lets me beat the hell out of him with my Iron Bar(TM).

Rumours are that I have agreements with other spammers too, they just love my Iron Bar(TM).

Iron Bar(TM), the ultimate solution to construtive talks with spammers.

Re:Me too I've got an agreement, the Iron Bar

[keeboo]

"Iron Bar"?! I do NOT think an iron bar is the solution for this.
Instead, an Iron Pipe filled with cement... Now we're talking about proper psychological approach.

Anti-spam Software and Spammers

[fdiskne1]

Not only do some anti-spam software companies make deals with spammers (according to the article), but some also are among the worst spammers.

I talked to a few different anti-spam software companies over the last few months. With each of them, I told them that once we made the decision on which (if any) software to go with, I wanted absolutely no further phone calls or emails trying to sell me their product. We made our decision just over 3 weeks ago and informed the software venders.

Two weeks ago, I received a spam from one of the venders we didn't purchase from. (Yes, the software we decided on caught it, but still, it's the priniciple of the thing.) I followed their procedures to opt-out and also sent an email to the salesperson whose name and email address appeared in the email. I informed her that I told them that I wanted no emails from them trying to sell me their software. I explained how disappointed I was in them and asked to receive no further emails.

A few days later, I received another spam from them. This one was "signed" by a VP of the company. Again, I opted out and sent an email to the VP explaining the entire situation. I explained that I was beyond disappointed and was now getting angry. I demanded that I not receive another sales email from them and explained that if I did, I would be passing the word about their tactics to friends that might be in the market for such software.

Guess what? I got another one. This time, I called the salesperson I was dealing with and explained that I was going to tell everyone I know about how Intellireach is an anti-spam software company that spammed me, did not honor my request to not get spammed in the first place and also did not honor several opt-out requests when the requests followed the instructions in the spam.

Re:Anti-spam Software and Spammers

[rossz]

You spent money on anti-spam software? Why? SpamAssassin doesn't cost a dime.

Re:Anti-spam Software and Spammers

PHB's think clippy is the shiznit, even on servers, and windows versions of spamassasin cost money.

Re:Anti-spam Software and Spammers

[zalm]

I have never replied to the OPT-OUT listed in any spam email. If you do reply to a spam email they know the address is valid. Further once a spammer knows an email address is valid, they may put the address on lists to sell to others. There were organizations with websites that collected spam forwarded to them for the purpose of tracing the spam for lists so ISPs could block the spammers, (anyone know of one currently?)

Re:Anti-spam Software and Spammers

[rossz]

Microsoft Exchange, all the safety and performance of a Pinto.

Anybody using it should be charged money for stuff everybody else gets for free.

Re:Anti-spam Software and Spammers

[fdiskne1]

I don't normally opt-out of ANY spam. In this case, I knew they already had the email address and knew it was valid. This was a company I was dealing with while we were evaluating different anti-spam software, not just any spammer. I opted out because the fact that they deal in anti-spam software told me that they could be trusted not to spam. I was obviously wrong.

Re:Anti-spam Software and Spammers

[balamw]

Running Exchange and Windows, doesn't completely rule out free SpamAssassin. I've set up a free SA based filter on the Exchange system at work. It's a debian box running SA-Exim that sits in front of the Exchange box. Since we don't get that much volume, it can be handled by an old 266MHz PII box that's useless for any recent version of Windows, but is great for Linux.

I drop mail at a score of 20 (mostly dictionary attacks, Viagra ads...) and flag anything over 6. Outlook Rules can then be used to further act on the flagged messages.

Balam

Re:Anti-spam Software and Spammers

[Spoing]

1. Guess what? I got another one.

Hell, Staples -- yes, that Staples: the office supply store on every corner in the US -- has spammed me through Doubleclick's email service for over a year. Multiple emails, phone calls, and use of the (now defunct?) web chat function did little good.

The last time I talked with them about 6 months ago, I told them that each and every spam they sent would be reported to multiple locations. So, the FTC (uce@ftc.gov), Spamcop, and a service my ISP provides each get a CC when Staples spams me.

Yep, and I mention it to others on and off line when appropriate.

Re:Anti-spam Software and Spammers

[rossz]

20 is a rather high score to drop at. I refuse at >8.0 and tag at >4.0. Yes, refuse. I run SA via Exiscan-acl so the sender is still connected when the email is scanned. It's a very low volume mail server so this is possible. I wouldn't attempt that on a high volumn network.

Between a few good blacklists and SA, almost no spam is getting through. In fact, the only crap slipping in is very short spams (not enough keywords to get a decent score) coming from open relays that haven't been listed and Cox Cable customers (I think they have everyone on static IPs so the dynablock RBL doesn't work). I may blacklist their entire IP range and whitelist their official mail server IP address.

this is how it works

welcome to 1998 guys... ISPS accept money in exchange for spam rights. I've seen it done, I've handed the check over and recieved the email addresses to both AOL and MSN. One of the biggest 'anti-spam advocates' in the US has a 40% stake in the second largest direct email business in the world.

the real spammers use people like slashdot readers to smash and block the smaller spammers.

Re:First Posters

yeah, they slob on my lovestik, too.

MOD PARENT UP +5 Funny

and the replies are truth

A lawsuit would be good.

[www.sorehands.com]

I'd love to see a lawsuit from Brightmail and expose who is really whitelisting snotty-boy.

Then if any spam filtering companies are whitelisting spammers, then go after the companies for fraud.

Re:A lawsuit would be good.

[Animats]

There is a lawsuit. The State of New York is after him.

Any actual user experiences to report?

[robogun]

I use att.net which screens incoming mail thru Brightmail.

For quite some time their filtering has been effective. Brightmail won't say how they do it, but human screening, and subsequent filtering of emails containing links to spamvertised domains seemed to be a part of it.

Lately I have just been spammed silly. Looking at the spams (what choice do I have) the same spamvertised domains are represented over and over. This had not happened in the past.

This spam continues after desperately hitting the "Report Spam" button (available on their webmail interface only).

This supports the theory that either ATT or their contract spam filtering with Brightmail are passing or inserting certain mails.

With this development, I am not inclined to extend this service contract with ATT. I will be certain to pass on this information when the contract is terminated.

Re:Any actual user experiences to report?

Personally, I have not bothered with any anti-spam. I am convinced that there are only 2 possible solutions that will work. The first is to hide the same way that spammers do. The 2'nd (and long-term answer ) is to change the smtp protocol. Yahoo may have an answer, but it will have to be implemented by others.

Re:Any actual user experiences to report?

[beebware]

From what I've heard about Brightmail (my ISP, Demon, is going to be introducing their filtering in the New Year), they have a large number of "trigger email boxes" around the internet. If an email is sent to one of those email addresses it HAS to be spam (because the address hasn't been used anywhere for anything) and then Brightmail filters on email being similar to the "trigger" mail (no, I don't know what criteria they use). Therefore if a spammer doesn't send email to any of the Brightmail trigger boxes, then they won't be flagged as spammers.

Re:Any actual user experiences to report?

[WindBourne]

It is a good idea and one that I was designing due to my position, but it ocunts on secrecy. I would guess that rihter was simply told the email addresses.

Re:Any actual user experiences to report?

I work for Brightmail.. posting anonymously.

This spam continues after desperately hitting the "Report Spam" button (available on their webmail interface only).

This supports the theory that either ATT or their contract spam filtering with Brightmail are passing or inserting certain mails


No, hammering on the "report spam" button does absolutely nothing more than hitting it once -- actually it's worse in some ways, since if the duplicates don't get caught (at AT&T I think they do), then it just screws up statistical data and keeps us from predicting patterns correctly. One reason you're seeing more of this spam is because Worldnet hasn't upgraded their version of Brightmail (it's not a money thing, upgrades are basically free), and therefore more spam that's designed to get around existing filters is getting through. I'd say complain to Worldnet, but you appear to be voting with your feet. Current versions are MUCH more effective.

BTW, you can get a plugin for outlook that adds a "report spam" button. Or you can just forward it AS AN ATTACHMENT WITH FULL HEADERS (sorry, just had to make it clear) to junk@brightmail.com and we'll see it.

Incidentally, AT&T doesn't have the "spamvertised URLs" filter that many other installations of brightmail do. That's probably why you're seeing more spam.

Re:Any actual user experiences to report?

[Spoing]

This spam continues after desperately hitting the "Report Spam" button (available on their webmail interface only).

I use a service through my ISP that is quite effective...yet, one specific spam I report sometimes daily is in Italian and it never gets blocked. Why, I don't know, though I doubt that it has anything to do with the ISP or the filter service allowing the spam through.

That reminds me...it's time to dump the couple hundread spam messages I've recieved in the last day or two.

Re:Any actual user experiences to report?

I am a Brightmail employee in the support department -- I'd post with my real name, but I don't need any more stress at work, thanks.

Brightmail actually says how they do it through a bunch of white papers and other documents on their website. It's very detailed to the point where it could be recreated handily by those who disrespect patents.

However, AT&T's Brightmail experience has suffered recently. Their efficiency is down slightly due to technical reasons which relate to the version that AT&T is running. This problem is at the top of my coworker's plate, and he's working hard at it.

Francois speaks the truth. There is no agreement with Scott or any other spammer. There is no special passing or inserting of mails -- with the sole exception of certain emails sent by AT&T. Those emails are whitelisted by address and subject for a limited time, and they can't get anything past the software, honest.

There are ways for you to report spam via interfaces other than the webmail interface -- I don't know off the top of my head, but if you really want to know, reply to this comment and I'll email you tomorrow with the answer.

I gotta say it

I wish credit card companies had fake numbers to give to these spammers and paypal fraud artists that would automatically trigger alarms when they ran through for verification. This would be a great way for people to track down who is actually profiting from the spam.

Due to my excessive paranoia, I'd hesitate to ever do a spam purchase online with a credit card... but, that bit seems like a genius way to take a spammer down.

Imagine a Beowulf cluster of angry spam recipients suing spammers for real monetary damages.

I am intrigued by your ideas and wish to subscribe to your newsletter.

[Full disclosure: Though I am aware of the great detriment to productive society that spam does, I just don't get any of it. I'd be pissed if I did.]

Re:I gotta say it

[ozzee]

Due to my excessive paranoia, I'd hesitate to ever do a spam purchase online with a credit card... but, that bit seems like a genius way to take a spammer down.

You would need to use a "CREDIT" card not a "DEBIT" card. I had one company in the past mess with me on a warranty issue. I simply called the bank I had the credit card with and the company finally resolved the issue, but not after having the money ripped out of their hands while they messed around trying to fix things.

When MC/VISA/AMEX start loosing money on spammers, you can bet that they will shut down their merchant accounts.

The thing I fear the most however is dangerous criminal activity from spammers to people who choose to do this. This can only be safe if lots and lots of people do this.

The other danger is bad guys deciding to do this to a legitimate buisness. Say I was an unscrupulous nasty SPAMINAL and I wanted to take out the competition, you could easily generate lots and lots of spam and then link to your competitions web site and watch them go down in a sea of bad transactions. This is what concerns me the most with this scheme.

Re:I gotta say it

[don.g]

Full disclosure: Though I am aware of the great detriment to productive society that spam does, I just don't get any of it. I'd be pissed if I did.

Lucky bastard.

Re:Iraq? Afghanistan? Libya? Syria? N. Korea?

idiot

obviously Bush wants to disarm the dem candidates by "capturing" Saddam, thus weakening their positions.. Saddam will remain a figure head for the Bush campaign for several months and the eventual trial, which will most likely be scheduled to coincide with the weeks before and during the election, will serve to bolster his ratings even more

No, no, no!

Instead, an Iron Pipe filled with cement...

Wrong again. It's supposed to be "Cement filled with spammer(TM)".

His Brightmail claim not plausible

[gujo-odori]

I work for a Brightmail competitor, and I find Richter's claim of cutting a whitelist deal with Brightmail to be completely implausible. They wouldn't do anything like that for the same reasons we wouldn't do anything like that:

1) If they were ever caught (and they probably would be, because their software integrates with your MTA, which means someone could reverse-engineer it or snoop traffic between the MTA and Brightmail), their competitors' sales departments would have a field day stealing their customers. The anti-spam business is growing rapidly, but it's very competitive. If any of the companies in this field cut a whitelist deal with a spammer and got caught, the others would eat their lunch;

2) Even if they didn't get caught, lowering their spam prevention effectiveness would cause complaints from their customers and make it harder to beat the competition in comparisons and they'd lose out in the marketplace. Competition is huge, and Brightmail is somewhat limited in that their system only works with some MTAs, whereas some other systems (such as ours) are completely MTA-agnostic, which means we can sell to anyone. They wouldn't dare take such a chance, nor would they trust the spammer to keep his mouth shut if he got in a tight spot. Spammers, after all, are fundamentally unethical people, and an anti-spam company would never trust one.

I don't believe his claim at all.

already there, sort of

[rdunnell]

many credit card vendors let you generate "fake account" numbers per online transaction. MC/visa both do it, amex might too (haven't looked recently). it's a feature that the banks offer, in the case of MC/visa, so your bank may not offer it. But it's been done.

that acct# gets used for one transaction only.. can't be reused, etc.

Re:WARNING, SLASHDOT NOW TIES AC COMMENTS WITH USE

Not true. They disallow moderating anonymous comments from the same IP, but don't tie the user account to an AC comment.

See comments.pl

sub moderateCid
...
# Can't modearate any anonymous comments from same IP.
return if $host_name eq $ENV{REMOTE_ADDR} && $cuid == -1;

Re:Hard to prove

Why is your post word for word identical to Lost Cluster's post which was posted just a few minutes earlier ?

Re:WARNING, SLASHDOT NOW TIES AC COMMENTS WITH USE

[Penguinshit]

Yeah. And my point is - so what?

Go find a REAL issue...

Re:Iraq? Afghanistan? Libya? Syria? N. Korea?

[Clay+Pigeon+-TPF-VS-]

Come on now. At least have the balls not to post AC. Everyone knows that Osama will fall from the ceiling on a bungee cord when they drop the confetti at the Republican Convention ;-)

Confused post - Richter's going down!

[dazed-n-confused]

The original poster seems to have missed the story. OptInRealBig spammer Scott Richter isn't "looking for attention" -- he's being prosecuted for fraud. His (implausible) claims about a deal with Brightmail have been disclosed in emails gathered as evidence by the New York Attorney General's office (that's a 2.5 MB PDF, Richter's Brightmail allegations are on p.90-91).

Re:Confused post - Richter's going down!

[JuggleGeek]

...OptInRealBig spammer Scott Richter isn't "looking for attention"...

No? See the NYTimes article , where Snotty is quoted as saying this:

Messing with us is a big mistake," he said. "The more press I get, even bad press, the bigger we get.

Tat sounds like he *is* asking for publicity, to me. I'm sure he would prefer that there were no lawsuit. I'd prefer that he was packaged up and sent via USPS ground delivery to Nigeria, without any airholes in the box.

Re:Confused post - Richter's going down!

[dazed-n-confused]

You have a point. But Snotty Scotty wasn't seeking publicity by lying about his alleged secret deals with Brightmail... that particular libel was only posted in a private email to prospective business partners (quite understandably).

So Scott Richter says he *is* asking for publicity, but he certainly *isn't* doing it by lying about Brightmail, and that's *not* how the Brightmail insinuations made it into the public domain.

Posting the story as it appeared on /. *without* mentioning the lawsuit, or the source of the claim, still seems bizarre to me.

Re:Confused post - Richter's going down!

[JuggleGeek]

I see your point, now. I didn't realize that there was no mention in this article about the lawsuit. Slashdot did mention it in a previous story, and I was certainly already aware of it, so it just didn't sink in that it wasn't mentioned this time.

I still believe that Snotty just told his "prospective partners" because he's losing business following the lawsuit. I find Brightmails claims much more likely than Richter's.

Mod parent up, "once in a lifetime"

[Kethinov]

Comment ID 7777777 seven sevens.

Re:Mod parent up, "once in a lifetime"

[Trejkaz]

Wouldn't eight sevens be better?

Re:Mod parent up, "once in a lifetime"

[Feztaa]

Why do you figure that? Seven sevens, that's a lot of sevens (seven of them!). Seven is a lucky number :)

I'll let you have eight eights, though, if you want.

Re:Mod parent up, "once in a lifetime"

[Trejkaz]

I figure eight sevens is a seventh luckier than seven sevens because of the seventh more sevens.

The prize...

MOD comment ID#7777777 up.

Give the guy something. I mean, karma doesn't cost money, so instead of something truly cool like a gift cert for ThinkGeek, just mod the guy up.

Or email him a redirect link to goatse. pfft.

[/my 2cents]

Yes, but whitelisting is not an issue.

[www.sorehands.com]

The only thing that is not an issue in the NY and Microsoft case is the issue of whitelisting.

If that is an issue, then the discovery of the people whitelisting them is appropriate, then people can go after the improper whitelisters.

report the assholes to spamcop.net

[Indy1]

and post the entire spam with headers to NANAS. Thats a usenet group where people report their spam to, it helps establish a pattern of who is spamming, and keeps companies from later saying they never spammed. Also some of the blacklists check NANAS and will make updates based on who is spamming.

One-use credit card numbers

[billstewart]

I don't know if they still do it, but American Express used to offer one-use credit card numbers, that were linked to your regular account. You could use these for shopping with merchants that you didn't want to give your regular credit card number. I assume they still had the standard features of being able to do charge-backs if you were complaining about the merchandise.

Another approach is to get a small bank account with a debit card, and never put more money in it than you're willing to risk losing to fraudulent spammers.

How it could be plausible but still bogus

[billstewart]

(Rule 1 - Spammers always lie. Rule 2 - Go read Rule 1 again.)

Maybe he's just claiming that Brightmail doesn't block 127.0.0.1 ?

Also in the news, man claims to be Elvis

Also, in the news, a bum in downtown Memphis claimed to be Elvis. While Graceland officials were quick to deny this, many were skeptical.

Typical spammer propaganda

[Felinoid]

Spammers like to pretend they are lagit (they know they aren't) to this ends spammers tend to clame alignences.
One spammer clammed Bill Gates was a backer not to long after an artical was published writen by Mr Gates himself condemming spam.

Annother spammer clammed to be part of a large consummer electronics company and got a yahoo listing accordingly.

AoL is often targeted for such clames after AoL sued spammers.

Spammers like to paint companys who are anti-spam as being pro-spam.
(When the worst thing a person can do to you is clame your one of them you know that person is dishonnest)

Re:Typical spammer propaganda

My God.

Please, PLEASE do yourself (and anyone who is forced to read your writing) a favour and GET A SPELL CHECKER.

Those Penal enlargement pills really work.

so... i believe the spammer.

Use the paypal "virtual" mastercard

[pr0ntab]

It's a one-time use recyclable MC CC number. You can always send money to yourself, then spend it with that card. Your transactions are logged along with all other transactions at paypal online.

Re:LONG LIVE KIM JONG-IL

Fuck with China and North Korea. Bring it on fat fags.

Next Week: 101 Ways to Saute Tree Bark

Might be something to it

[AngryShroom]

My company is far too small to contract directly with Brightmail so we setup an account with a Brightmail service reseller recommended by Brightmail. The very day we switched our MX record over to them the amount of spam we received actually skyrocketed. I even tested this theory by sending a piece of mail to a brand new mailbox with a GUID as the address through a telnet session directly to the service mailserver. Within an hour that mailbox started to receive spam!

They deny the possibility and called me a liar. We no longer use that service.

There is always the possibility that one of their employees is not so honest and the company has no knowledge of this activity but something is amiss.

Re:Might be something to it

[JuggleGeek]

If it also possible that AngryShroom, who first posted to SlashDot on 12/20/03 (the same day that this article came out) is in fact Snotty Richter. These are very serious claims, and I find them hard to believe. The fact that the account that posted them seems to have no more history than your average AC makes me even more suspicious.

Re:Might be something to it

[AngryShroom]

We can't all be longtime slashdot users. I stand by my claim. Yes I am new here. So are lots of people. Being a skeptic myself I realize there is little I can do to convince you otherwise. But then again I really don't care.

Re:Might be something to it

[JuggleGeek]

Do you have any evidence to go with that claim, or are we just supposed to believe you?

Re:Might be something to it

[AngryShroom]

What evidence would you believe? Think about it. I admit it was not a carefully crafted and well documented scientific experiment. At the time (about 6-7 months ago) there were others (on usenet and the services' own forums) echoing the same feeling that their spam increased after starting the service. I don't suppose you believe them either. After posting on slashdot I talked about this incident with a colleague and we both had the same idea that the fault may lie nowhere near Brightmail or the reseller service but with our ISP or theirs. There are approximately 14-16 hops along the way from our mailserver to theirs that the traffic could be sniffed and email addresses extracted from. I will do further testing on that. As we no longer contract with a Brightmail service I cannot reproduce the prior conditions.

Re:Might be something to it

[JuggleGeek]

here were others (on usenet and the services' own forums) echoing the same feeling...I don't suppose you believe them either.

I haven't heard about them before. Prior to this, all I had was your say-so. You have a new account, you post something that is hard to believe about BrightMail in a thread about how Snotty says he has a pink-contract with them which they deny, and you give no evidence.

Now you say that it's been discussed before (but without a URL so I can read that discussion) and also say that the problem may not be with Brightmail. You also said that you went through a reseller - but you didn't say who it was. Seems to me that if you're willing to accuse Brightmail, you should be willing to accuse the reseller, unless you have some evidence (again, which you haven't mentioned) that it was brightmail and not the reseller.

Pardon my sceptisism, but spammers lie, over and over. And the claims you've made sound incredibly fishy. Brightmail would be cutting their own throat. They have a *lot* of users, and it seems unlikely that they could do what you claim for long without getting a lot of press - and losing a lot of business. They would likely open themselves to lawsuits, too.

I keep up with spam news much more than most people, and haven't heard any such allegations - except from Richter claiming he has a pink contract.

I've been running searches through groups.google.com trying to find the usenet discussions that you claim took place. I'm not having any luck - but there are a *lot* of posts which mention Brightmail, and you haven't even mentioned which group the discussion took place in. If you're for real, then please post a URL. If you claim that google didn't archive any of the messages, or the replies, or any discussion about it at all, but that it still took place, then you'll continue to look like the troll I first took you for. Post the URL, and at the very least you *won't* look like Snotty Scotty slinging lies, and I for one will trust you more than I do now.

Re:Might be something to it

[AngryShroom]

Since you obviously can't read let me attempt to sum up my initial post for you:

I did not accuse Brightmail of anything.
I intentionally withheld the name of the reseller precisely because I am attempting to give them the benefit of the doubt as a company.
I did question whether their employees could be doing something without their knowledge.
I was merely stating my bad experience with their service. If you think Brightmail is above making deals with spammers you haven't been properly introduced to the human race.

And I must say your *belief* or accusation that I am Scott Richter is one of the funniest damn things I have ever come across. LOL

Bulkmail pass-through agreements are comment

[nazgul@somewhere.com]

Most of the major ISPs do this. It cuts down on the amount of filtering they need to do, and avoids false positive problems. However that doesn't mean it lasts. You can call AOL, give them some info and a contact address that they can verify, and they'll let your bulk mail through... but if they start getting complaints they'll block your IPs. So it's possible that when he started he actually did make such agreements, but I seriously doubt they lasted long.

a publicity artist

[jqh1]

might just be looking for some media attention,

and getting it... If his name was misspelled, good! -- spammers should be ignored, really, though. Otherwise, we'll just create more of them.

Re:WARNING, SLASHDOT NOW TIES AC COMMENTS WITH USE

[kevcol]

Blow it out your ass, a/c- I was right with Bob when you were still spewing green liquid out of your better hole into some stinky pampers. Not to mention taking a white bread and Thunderbird 'body and blood of Bob' communion given by Rev. Stang himself. Now get outta here.