Brightmail Denies "White List" Deal With Spammer

ThePretender writes "From the InfoWorld article: 'A spammer's claim to his clients that he had an agreement with anti-spam technology vendor Brightmail to not block his traffic was contradicted by Brightmail officials today.' From the sounds of it, Scott Richter (apparently a notorious spammer) might just be looking for some media attention, he even goes as far saying he has similar agreements with some major ISPs. Ouch! May the drama unfold..."

Touchy, aren't they?

From optinrealbig.com front page:

OptinRealBig.com, LLC ("Optin") has been informed that the New York
Attorney General and Microsoft have announced a press conference for
December 18, 2003. Optin has not been informed by either Microsoft nor
the New York Attorney General as to what the purpose of the press
conference is. Through other sources Optin has been informed that the
purpose of the press conference is to announce that a civil complaint
has been filed alleging violations of New York law by numerous
defendants, including Optin and Scott Richter, its President. Optin and
Scott Richter vigorously deny any violations of New York law and ask
that their clients and friends make no decision regarding any liability
on their part until they have the opportunity to respond to any
allegations made against them. Neither Optin nor Scott Richter will
have any further comment regarding this matter until they have had the
opportunity to read and review the Complaint. Any inquiries regarding
this matter should be addressed to Optin's legal counsel, Linda Goodman
(619-233-3535). Ms. Goodman is currently out of the office and will not
be available for comment until December 19, 2003.

Re:blah

[schematix]

woops...his last name is RichTer not Ritcher.

Address

[I_am_Rambi]

Seems like his address can be found here

Scott Richter
1333 w 120th Ave suite 101
Westminster CO 80234
Srich10195@AOL.COM
303-5509828

OR

Richter, Scott srich10195@al.com
SaveRealBig
p.o.box 21316
denver, co 80221
usa
303-428-3600

Sure it's possible

[mindstrm]

But you need to realize is that the reason email works, on the global scale it does, is precisely because of that lack of authentication, and it's decentralized, open nature.

I'm not saying "it's impossible"... it's certainly not.. but the more layers of authentication, and the beurocracies needed to manage them, the less workably any system becomes.

RICHTER

[oobar]

His name is Richter, not Richert, which is clearly indicated in the links provided.

Michael, by definition you cannot call yourself an editor unless you actually edit the stories.

Re:Why not revise email standards?

[operagost]

Every modern SMTP server I know of logs the client's IP and places it in the message. Look at the headers in your email some time.

Received: from imo-r04.mx.aol.com (152.163.225.100)
by orff.operagost.local (V5.1-15Q, OpenVMS V7.3 VAX);
Wed, 17 Dec 2003 21:21:41 -0500
Received: from someluser@aol.com
by imo-r04.mx.aol.com (mail_out_v36_r4.8.) id 2.105.3c03c144 (25508)
for <somebody@operagost.com>; Wed, 17 Dec 2003 21:20:34 -0500 (EST)

The first "received:" is the server who delivered the mail to yours. Normally this is the actual sending server, except in two instances:

You have a forwarding service like Mail.com,

The sender is using an open relay.

In either case, you can still find out the spammer's location by scanning down the "received:" list until you find the first exchange that took place. This guy is apparently a real AOLer as there is no other server in between. It doesn't matter how crafty he is- he can even modify the header of his outgoing emails with some special SMTP client software, but I'll still know what IP delivered the mail to me. It gets more confusing with ass-clowns running open relays, but the info's still there.

Re:Why not revise email standards?

[whoever57]

In either case, you can still find out the spammer's location by scanning down the "received:" list until you find the first exchange that took place

While that used to be true, nowadays a lot of spam is sent via open proxies. In this case, the proxy will not show any other "received" lines, except for the fake "received" lines that the spammer has deliberately inserted in order to divert tracking attempts.

His Brightmail claim not plausible

[gujo-odori]

I work for a Brightmail competitor, and I find Richter's claim of cutting a whitelist deal with Brightmail to be completely implausible. They wouldn't do anything like that for the same reasons we wouldn't do anything like that:

1) If they were ever caught (and they probably would be, because their software integrates with your MTA, which means someone could reverse-engineer it or snoop traffic between the MTA and Brightmail), their competitors' sales departments would have a field day stealing their customers. The anti-spam business is growing rapidly, but it's very competitive. If any of the companies in this field cut a whitelist deal with a spammer and got caught, the others would eat their lunch;

2) Even if they didn't get caught, lowering their spam prevention effectiveness would cause complaints from their customers and make it harder to beat the competition in comparisons and they'd lose out in the marketplace. Competition is huge, and Brightmail is somewhat limited in that their system only works with some MTAs, whereas some other systems (such as ours) are completely MTA-agnostic, which means we can sell to anyone. They wouldn't dare take such a chance, nor would they trust the spammer to keep his mouth shut if he got in a tight spot. Spammers, after all, are fundamentally unethical people, and an anti-spam company would never trust one.

I don't believe his claim at all.

Confused post - Richter's going down!

[dazed-n-confused]

The original poster seems to have missed the story. OptInRealBig spammer Scott Richter isn't "looking for attention" -- he's being prosecuted for fraud. His (implausible) claims about a deal with Brightmail have been disclosed in emails gathered as evidence by the New York Attorney General's office (that's a 2.5 MB PDF, Richter's Brightmail allegations are on p.90-91).

report the assholes to spamcop.net

[Indy1]

and post the entire spam with headers to NANAS. Thats a usenet group where people report their spam to, it helps establish a pattern of who is spamming, and keeps companies from later saying they never spammed. Also some of the blacklists check NANAS and will make updates based on who is spamming.

One-use credit card numbers

[billstewart]

I don't know if they still do it, but American Express used to offer one-use credit card numbers, that were linked to your regular account. You could use these for shopping with merchants that you didn't want to give your regular credit card number. I assume they still had the standard features of being able to do charge-backs if you were complaining about the merchandise.

Another approach is to get a small bank account with a debit card, and never put more money in it than you're willing to risk losing to fraudulent spammers.

Bulkmail pass-through agreements are comment

[nazgul@somewhere.com]

Most of the major ISPs do this. It cuts down on the amount of filtering they need to do, and avoids false positive problems. However that doesn't mean it lasts. You can call AOL, give them some info and a contact address that they can verify, and they'll let your bulk mail through... but if they start getting complaints they'll block your IPs. So it's possible that when he started he actually did make such agreements, but I seriously doubt they lasted long.