Brightmail Denies "White List" Deal With Spammer

ThePretender writes "From the InfoWorld article: 'A spammer's claim to his clients that he had an agreement with anti-spam technology vendor Brightmail to not block his traffic was contradicted by Brightmail officials today.' From the sounds of it, Scott Richter (apparently a notorious spammer) might just be looking for some media attention, he even goes as far saying he has similar agreements with some major ISPs. Ouch! May the drama unfold..."

sure, I believe him

[frovingslosh]

Spammers are always honest, arn't they?

Touchy, aren't they?

From optinrealbig.com front page:

OptinRealBig.com, LLC ("Optin") has been informed that the New York
Attorney General and Microsoft have announced a press conference for
December 18, 2003. Optin has not been informed by either Microsoft nor
the New York Attorney General as to what the purpose of the press
conference is. Through other sources Optin has been informed that the
purpose of the press conference is to announce that a civil complaint
has been filed alleging violations of New York law by numerous
defendants, including Optin and Scott Richter, its President. Optin and
Scott Richter vigorously deny any violations of New York law and ask
that their clients and friends make no decision regarding any liability
on their part until they have the opportunity to respond to any
allegations made against them. Neither Optin nor Scott Richter will
have any further comment regarding this matter until they have had the
opportunity to read and review the Complaint. Any inquiries regarding
this matter should be addressed to Optin's legal counsel, Linda Goodman
(619-233-3535). Ms. Goodman is currently out of the office and will not
be available for comment until December 19, 2003.

Re:Touchy, aren't they?

[netsharc]

OptinRealBig? Why did I read that as "Open Real Big"? And why did that put the disturbing image of the goatse guy in my head?

But, to be "goatsed" is definitely something this Scott Richter guy (as well as other spammers) deserves.

blah

[schematix]

The name of the spammer in question is Scott Ritcher by the way...not Richert. I've been lucky enough to meet this guy and even stay at his half million dollar house in Westminster Colorado for a week. He's doing pretty well for himself if you count the house, the 3 car garage with a black Lexus SC430 and a matching LX470. But overall i'd have to say him and his company are a bunch of idiots. His so-called "partner" Dustin Parker (it says this in the spamhaus link) is a total idiot . When i worked for him, Dustin was a 16-year old middle school drop out. We smoked a couple blunts together. Complete idiot. Just goes to show it doesn't take intelligence to become successful. Of course Scott is only dragging Dustin along because Scott himself is clueless from a technical standpoint. I dunno what the point of this post was except that Dustin is an idiot and Scott isn't far behind him but Scott's making millions off of other idiots so i guess that says something.

Re:blah

[segment]

that's a myth that it makes you forgetful... hell I've been smoking since.... since .... since....

That's nothing...

I've got a deal with Microsoft and the big AV companies to not do anything about the email virus I'm about to let loose.

Enjoy suckers!!! :)

Re:That's nothing...

[ma++i+ude]

I've got a deal with Microsoft and the big AV companies to not do anything about the email virus I'm about to let loose.

Tell me, does this involve Microsoft's decision not to issue any patches for a month?

Why not revise email standards?

[plinius]

The problem is that anyone can create bogus emails, thereby masking their own identity. Well surely there is a technical solution to this, such as abandoning the current mail protocols to prevent people from submitting emails with fake identifying info, or from submitting emails from bogus IPs. But where is there any progress along these lines?

Re:Why not revise email standards?

[operagost]

Every modern SMTP server I know of logs the client's IP and places it in the message. Look at the headers in your email some time.

Received: from imo-r04.mx.aol.com (152.163.225.100)
by orff.operagost.local (V5.1-15Q, OpenVMS V7.3 VAX);
Wed, 17 Dec 2003 21:21:41 -0500
Received: from someluser@aol.com
by imo-r04.mx.aol.com (mail_out_v36_r4.8.) id 2.105.3c03c144 (25508)
for <somebody@operagost.com>; Wed, 17 Dec 2003 21:20:34 -0500 (EST)

The first "received:" is the server who delivered the mail to yours. Normally this is the actual sending server, except in two instances:

You have a forwarding service like Mail.com,

The sender is using an open relay.

In either case, you can still find out the spammer's location by scanning down the "received:" list until you find the first exchange that took place. This guy is apparently a real AOLer as there is no other server in between. It doesn't matter how crafty he is- he can even modify the header of his outgoing emails with some special SMTP client software, but I'll still know what IP delivered the mail to me. It gets more confusing with ass-clowns running open relays, but the info's still there.

Re:Why not revise email standards?

[whoever57]

In either case, you can still find out the spammer's location by scanning down the "received:" list until you find the first exchange that took place

While that used to be true, nowadays a lot of spam is sent via open proxies. In this case, the proxy will not show any other "received" lines, except for the fake "received" lines that the spammer has deliberately inserted in order to divert tracking attempts.

Re:Why not revise email standards?

[Tarqwak]

If you can't kill them then filter them...

One thing that seems consistent lately is that domains what are linked in the spam have been created in less than a month, more likely in the past week.

Do a whois on linked <a href="..." <img src="..." <script src="..." domains, and if (registration date < 1 month) add-to-spamminess(+1);

Yes I know, whois servers aren't meant for this :/

spammer fraud?

[belmolis]

If it's true that Brightmail made no special deal with him, it looks like he could be prosecuted for consumer fraud as well as spamming. Indeed, his clients could presumably sue him too. If Brightmail did make a special deal with him, assuming that they advertise that they block spam, then they comitted consumer fraud. Somebody's in trouble here one way or the other.

Re:What will be the result of the Anti-Spam Law ?

[fmaxwell]

The result of the Anti-Spam law will be more American jobs moving over seas or to disreputable neighbors.

That's like complaining that laws against kiddie porn mean that Americans are missing out on working in the lucrative kiddie porn industry.

Think about it. Once those jobs move over seas America will have even less power to constrain the pread of spam.

Once they go overseas, e-mail providers can just put country blocks in place (see blackholes.us) and the problem is solved. If those countries want to join in our reindeer games, then they can crack down on the spammers and the blocks will go away.

Address

[I_am_Rambi]

Seems like his address can be found here

Scott Richter
1333 w 120th Ave suite 101
Westminster CO 80234
Srich10195@AOL.COM
303-5509828

OR

Richter, Scott srich10195@al.com
SaveRealBig
p.o.box 21316
denver, co 80221
usa
303-428-3600

Re:Address

[erveek]

You could always argue that he could opt out of your valuable subscription paper-bag-full-of-flaming-dogshit service at any time.

Re:Address

[Kris_J]

How about a sign on a stick that reads "The person inside this building thinks your 12 year old daughter needs a bigger penis"?

From the Article

[alphonso_bedoya]

Francois Lavaste, Brightmail VP of Marketing, said in a statement provided the GripeLog, "I have personally verified, with the assistance of male members of my department, the ineffectiveness of products advertised by Mr. Richter." Other Brightmail executives were spending the holidays in Nigeria and were unavailable for comment.

Actually, He is being honest

I have written several times of a major spamming operation that is using major ISPs. This is the guy who has been paying MSN > 1Million / month (apparently, also, Yahoo and AOL, but I do not know what the amount or deal is there). MSN then was getting greedy and raised it to > 5Million. From what I understand several of the other spammers kept the deal, but this guy approached another major DSL company and offered 2Million / month. The interesting thing is that he wants IPs and bandwidth. The major companies do not try to shut down insecure servers becuase they locate them and then simply use those IPs. Later they can blame the client.
Most of the spam that everybody thinks is coming from overseas is not. It is here, but the large ISPs are willing to hide it for a large price.

Re:Actually, He is being honest

[Technician]

I check the headers. Somewhere the link of IP address breaks down. The last one or two servers are false most of the time. However the last valid server indicates the IP where it really received the packets from. I do find most of my false header mail is from overseas. However some of it is from the US with a false entry indicating .nl or .ru. I don't speak Russan and I have no relatives in the Netherlands, so any mail claiming to come from there is auto-deleted by my filter. I found most of the from the US really, but claiming .nl or .ru is simply a virus running from one of the client machines of one of the major DSL or Cable providers. Norton usualy filters any of these before the header filter gets them since virus scanning is first.

It's amazing how many people run unpatched boxes on broadband with neither a router or AV software.

With what I know now, I wouldn't consider running a Windows box on a broadband modem without a router AND AV software. Change the gateway address to someting other than 192.168.1.1 or 192.168.0.1. Lots of machines configured the same make easy targets for exploitation. Make changes to reduce the number of easly infected machines.

The spammer rules

[cluge]

With variation from time to time, the rules that ALWAYS applies to spammers are[From news.admin.net-abuse.email]:

Rule #1: Spammers lie.
[(Proposed) Sharp's Corollary: Spammers attempt to re-define "spamming" as that which they do not do.]

Rule #2: If a spammer seems to be telling the truth, see Rule #1.
Chrissman's Corollary: A spammer, when caught, blames his victims.

Rule #3: Spammers are stupid.
Krueger's Corollary: Spammer lies are really stupid. Pickett's Commentary: Spammer lies are boring. Russell's Corollary: Never underestimate the stupidity of spammers.

I say see rule #1 when listening to a spammer.

AngryPeopleRule

Is this an attempt to hold customers?

[Chatmag]

*'A spammer's claim to his clients...*

I think that's the key phrase here. Apparently Scott is losing customers, and in order to retain them, or gain new ones, he has to tell clients he is "whitelisted". What reputable business would want to pay an email broadcast company, when that company is blocklisted. He couldn't possibly think to use this as a defence, saying that if Brightmail whitelists him, he must not be a spammer. But then again, from what I've seen regarding him, I wouldn't be surprised.

As far as I'm concerned, any business that uses Optin is just as sleazy as Scott.

Proving a negative...

[LostCluster]

The biggest problem with the "I didn't opt in!" complaints is that spammers have gotten better and better at submerging the opt-in indication to a yes-defaulted checkbox within all sorts of websites and software. Once you have slipped up and comprimised your e-mail address this way, you've basically given that publisher permission to spam you and share your address with any other spammers they want to "partner" with.

Therefore, anti-spam laws will always have a hole that a truck can be driven through. Since proving that you've never accidently tripped over a "universal opt-in" is nearly impossible to do, successful prosecutions will be tough.

The only way we're ever going to fully kill spam is to abandon SMTP and get a better way to verify that e-mail really came from the claimed sender and leaves a valid return address...

A note on Brightmail

[pw700z]

Part of the reason to toss the name 'brightmail' around is because their product is awesome at stopping spam. The spammer is probably just trying to undermine brightmail's credibility.

sure

[danidude]

Use the "which is more probable?" principle: which is more probable? A anti-spam technology ruin itself by promising blocking spam and letting thousands of junk mail pass by becouse ti made a deal that will ruin it's bussiness or The goo'dam spammer is lying?

So who are these guys http://www.ileads.com

[ozzee]

I was told by a friend of mine (mortgage broker) that his company stopped using ileads.com because they were getting too many "bad quality" leads.

It seems that some people are starting to fill out these forms and having the brokers contact them and then after taking all the contact information from the broker, they inform them that if they don't a) divulge the information of where they got the lead and b) agree to stop using companies that use SPAM to generate leads that they will hand their contact details to the foaming at the mouth public.

Is this legal ? Souds like sweet justice to me.

Re:So who are these guys http://www.ileads.com

[CaptBubba]

It is sweet justice. Either Newsweek or Time had an article a year or so ago about spam and anitspammers. One guy was so annoyed by a spammer that kept sending the same spam to him (the guy must not have had a filter) so he bought something from the spammer.

The buisness that was spamming was then listed on his credit card statement. He sued them and won something like $1,000 from them for ignoring his opt-out requests. He had a statement about his technique for finding the spammer that went something like "They could hide from me, but nobody can hide from American Express"

I wish credit card companies had fake numbers to give to these spammers and paypal fraud artists that would automatically trigger alarms when they ran through for verification. This would be a great way for people to track down who is actually profiting from the spam. A good-guy version of the trojan horse, if you will.

Re:So who are these guys http://www.ileads.com

[Feztaa]

I wish credit card companies had fake numbers to give to these spammers and paypal fraud artists that would automatically trigger alarms when they ran through for verification.

Hey, that's a great idea! It's like that honeypot thing I read about a while ago (can't find a link, sorry).

Anyway, I don't know anything about credit cards (not having one, and all), but I heard that for security reasons, you can have the credit card company put limits on your account, like if you work 9 to 5, have the card raise red flags if it's used between 9 and 5, since you're not likely to be using the card while you're at work and any use at that time is likely fraudulent. So just sign up for a credit card and say something like "I only use it sundays, flag everything else", and then buy into a bunch of spam stuff on monday.

And then, just never use the card for anything but spam. I guess that's a little extreme, but if you really wanted to hunt down these spammers...

Anti-spam Software and Spammers

[fdiskne1]

Not only do some anti-spam software companies make deals with spammers (according to the article), but some also are among the worst spammers.

I talked to a few different anti-spam software companies over the last few months. With each of them, I told them that once we made the decision on which (if any) software to go with, I wanted absolutely no further phone calls or emails trying to sell me their product. We made our decision just over 3 weeks ago and informed the software venders.

Two weeks ago, I received a spam from one of the venders we didn't purchase from. (Yes, the software we decided on caught it, but still, it's the priniciple of the thing.) I followed their procedures to opt-out and also sent an email to the salesperson whose name and email address appeared in the email. I informed her that I told them that I wanted no emails from them trying to sell me their software. I explained how disappointed I was in them and asked to receive no further emails.

A few days later, I received another spam from them. This one was "signed" by a VP of the company. Again, I opted out and sent an email to the VP explaining the entire situation. I explained that I was beyond disappointed and was now getting angry. I demanded that I not receive another sales email from them and explained that if I did, I would be passing the word about their tactics to friends that might be in the market for such software.

Guess what? I got another one. This time, I called the salesperson I was dealing with and explained that I was going to tell everyone I know about how Intellireach is an anti-spam software company that spammed me, did not honor my request to not get spammed in the first place and also did not honor several opt-out requests when the requests followed the instructions in the spam.

His Brightmail claim not plausible

[gujo-odori]

I work for a Brightmail competitor, and I find Richter's claim of cutting a whitelist deal with Brightmail to be completely implausible. They wouldn't do anything like that for the same reasons we wouldn't do anything like that:

1) If they were ever caught (and they probably would be, because their software integrates with your MTA, which means someone could reverse-engineer it or snoop traffic between the MTA and Brightmail), their competitors' sales departments would have a field day stealing their customers. The anti-spam business is growing rapidly, but it's very competitive. If any of the companies in this field cut a whitelist deal with a spammer and got caught, the others would eat their lunch;

2) Even if they didn't get caught, lowering their spam prevention effectiveness would cause complaints from their customers and make it harder to beat the competition in comparisons and they'd lose out in the marketplace. Competition is huge, and Brightmail is somewhat limited in that their system only works with some MTAs, whereas some other systems (such as ours) are completely MTA-agnostic, which means we can sell to anyone. They wouldn't dare take such a chance, nor would they trust the spammer to keep his mouth shut if he got in a tight spot. Spammers, after all, are fundamentally unethical people, and an anti-spam company would never trust one.

I don't believe his claim at all.

Re:They both must be right, would either one lie?

[mr+i+want+to+go+home]

Agreed! Just how trustworthy does anyone think AOL is?

From the Reuter's article linked to in the story..

"Scott Richter, a bulk e-mailer who ranks No. 3 on Spamhaus's list, told Reuters he was not worried by the arrest because he said he does not break any laws.

"I'm happy to see law enforcement cracking down on people who use false headers and I wish they could get all of them," Richter said. He added that he sends large amounts of commercial e-mail but does not disguise routing information and takes pains to comply with Internet providers' policies.

"I was just at AOL's office a month ago," Richter said.

AOL officials declined to comment on their relationship with Richter or say whether he had visited their offices. "We are aware that he follows the legal developments (of anti-spam laws) very closely," AOL Assistant General Counsel Charles Curran said."

What do you do when you know you've screwed up, but can't say so?

Decline to comment of course!

Confused post - Richter's going down!

[dazed-n-confused]

The original poster seems to have missed the story. OptInRealBig spammer Scott Richter isn't "looking for attention" -- he's being prosecuted for fraud. His (implausible) claims about a deal with Brightmail have been disclosed in emails gathered as evidence by the New York Attorney General's office (that's a 2.5 MB PDF, Richter's Brightmail allegations are on p.90-91).

Might be something to it

[AngryShroom]

My company is far too small to contract directly with Brightmail so we setup an account with a Brightmail service reseller recommended by Brightmail. The very day we switched our MX record over to them the amount of spam we received actually skyrocketed. I even tested this theory by sending a piece of mail to a brand new mailbox with a GUID as the address through a telnet session directly to the service mailserver. Within an hour that mailbox started to receive spam!

They deny the possibility and called me a liar. We no longer use that service.

There is always the possibility that one of their employees is not so honest and the company has no knowledge of this activity but something is amiss.