Slashdot Mirror
Brightmail Denies "White List" Deal With Spammer
ThePretender writes "From the InfoWorld article: 'A spammer's claim to his clients that he had an agreement with anti-spam technology vendor Brightmail to not block his traffic was contradicted by Brightmail officials today.' From the sounds of it, Scott Richter (apparently a notorious spammer) might just be looking for some media attention, he even goes as far saying he has similar agreements with some major ISPs. Ouch! May the drama unfold..."
Spammers are always honest, arn't they?
I'm an American. I love this country and the freedoms that we used to have.
From optinrealbig.com front page:
OptinRealBig.com, LLC ("Optin") has been informed that the New York
Attorney General and Microsoft have announced a press conference for
December 18, 2003. Optin has not been informed by either Microsoft nor
the New York Attorney General as to what the purpose of the press
conference is. Through other sources Optin has been informed that the
purpose of the press conference is to announce that a civil complaint
has been filed alleging violations of New York law by numerous
defendants, including Optin and Scott Richter, its President. Optin and
Scott Richter vigorously deny any violations of New York law and ask
that their clients and friends make no decision regarding any liability
on their part until they have the opportunity to respond to any
allegations made against them. Neither Optin nor Scott Richter will
have any further comment regarding this matter until they have had the
opportunity to read and review the Complaint. Any inquiries regarding
this matter should be addressed to Optin's legal counsel, Linda Goodman
(619-233-3535). Ms. Goodman is currently out of the office and will not
be available for comment until December 19, 2003.
I've got a deal with Microsoft and the big AV companies to not do anything about the email virus I'm about to let loose.
Enjoy suckers!!!
If it's true that Brightmail made no special deal with him, it looks like he could be prosecuted for consumer fraud as well as spamming. Indeed, his clients could presumably sue him too. If Brightmail did make a special deal with him, assuming that they advertise that they block spam, then they comitted consumer fraud. Somebody's in trouble here one way or the other.
Francois Lavaste, Brightmail VP of Marketing, said in a statement provided the GripeLog, "I have personally verified, with the assistance of male members of my department, the ineffectiveness of products advertised by Mr. Richter." Other Brightmail executives were spending the holidays in Nigeria and were unavailable for comment.
You have a forwarding service like Mail.com,
The sender is using an open relay.
In either case, you can still find out the spammer's location by scanning down the "received:" list until you find the first exchange that took place. This guy is apparently a real AOLer as there is no other server in between. It doesn't matter how crafty he is- he can even modify the header of his outgoing emails with some special SMTP client software, but I'll still know what IP delivered the mail to me. It gets more confusing with ass-clowns running open relays, but the info's still there.
Gamingmuseum.com: Give your 3D accelerator a rest.
Part of the reason to toss the name 'brightmail' around is because their product is awesome at stopping spam. The spammer is probably just trying to undermine brightmail's credibility.
Use the "which is more probable?" principle: which is more probable? A anti-spam technology ruin itself by promising blocking spam and letting thousands of junk mail pass by becouse ti made a deal that will ruin it's bussiness or The goo'dam spammer is lying?
- no sig.
The buisness that was spamming was then listed on his credit card statement. He sued them and won something like $1,000 from them for ignoring his opt-out requests. He had a statement about his technique for finding the spammer that went something like "They could hide from me, but nobody can hide from American Express"
I wish credit card companies had fake numbers to give to these spammers and paypal fraud artists that would automatically trigger alarms when they ran through for verification. This would be a great way for people to track down who is actually profiting from the spam. A good-guy version of the trojan horse, if you will.
You could always argue that he could opt out of your valuable subscription paper-bag-full-of-flaming-dogshit service at any time.
-- This void intentionally left null.
I work for a Brightmail competitor, and I find Richter's claim of cutting a whitelist deal with Brightmail to be completely implausible. They wouldn't do anything like that for the same reasons we wouldn't do anything like that:
1) If they were ever caught (and they probably would be, because their software integrates with your MTA, which means someone could reverse-engineer it or snoop traffic between the MTA and Brightmail), their competitors' sales departments would have a field day stealing their customers. The anti-spam business is growing rapidly, but it's very competitive. If any of the companies in this field cut a whitelist deal with a spammer and got caught, the others would eat their lunch;
2) Even if they didn't get caught, lowering their spam prevention effectiveness would cause complaints from their customers and make it harder to beat the competition in comparisons and they'd lose out in the marketplace. Competition is huge, and Brightmail is somewhat limited in that their system only works with some MTAs, whereas some other systems (such as ours) are completely MTA-agnostic, which means we can sell to anyone. They wouldn't dare take such a chance, nor would they trust the spammer to keep his mouth shut if he got in a tight spot. Spammers, after all, are fundamentally unethical people, and an anti-spam company would never trust one.
I don't believe his claim at all.
From the Reuter's article linked to in the story..
"Scott Richter, a bulk e-mailer who ranks No. 3 on Spamhaus's list, told Reuters he was not worried by the arrest because he said he does not break any laws.
"I'm happy to see law enforcement cracking down on people who use false headers and I wish they could get all of them," Richter said. He added that he sends large amounts of commercial e-mail but does not disguise routing information and takes pains to comply with Internet providers' policies.
"I was just at AOL's office a month ago," Richter said.
AOL officials declined to comment on their relationship with Richter or say whether he had visited their offices. "We are aware that he follows the legal developments (of anti-spam laws) very closely," AOL Assistant General Counsel Charles Curran said."
What do you do when you know you've screwed up, but can't say so?
Decline to comment of course!
I wish credit card companies had fake numbers to give to these spammers and paypal fraud artists that would automatically trigger alarms when they ran through for verification.
Hey, that's a great idea! It's like that honeypot thing I read about a while ago (can't find a link, sorry).
Anyway, I don't know anything about credit cards (not having one, and all), but I heard that for security reasons, you can have the credit card company put limits on your account, like if you work 9 to 5, have the card raise red flags if it's used between 9 and 5, since you're not likely to be using the card while you're at work and any use at that time is likely fraudulent. So just sign up for a credit card and say something like "I only use it sundays, flag everything else", and then buy into a bunch of spam stuff on monday.
And then, just never use the card for anything but spam. I guess that's a little extreme, but if you really wanted to hunt down these spammers...
My company is far too small to contract directly with Brightmail so we setup an account with a Brightmail service reseller recommended by Brightmail. The very day we switched our MX record over to them the amount of spam we received actually skyrocketed. I even tested this theory by sending a piece of mail to a brand new mailbox with a GUID as the address through a telnet session directly to the service mailserver. Within an hour that mailbox started to receive spam!
They deny the possibility and called me a liar. We no longer use that service.
There is always the possibility that one of their employees is not so honest and the company has no knowledge of this activity but something is amiss.
"The greatest tragedy in mankind's entire history may be the hijacking of morality by religion." - Arthur C. Clarke