Slashdot Mirror
OptInRealBig Wins Restraining Order On SpamCop
arikb writes "Some online newspapers are reporting that the infamous Scott Richter and his company OptInRealBig won a temporary restraining order against SpamCop. The TRO prevents SpamCop from sending complaints about OIRB to their provider or removing email addresses from the complaints it receives which regard OIRB. I think we will rue this day for years to come."
Update: 05/12 16:43 GMT by T : The Ultimate Fartkno writes "HillsCap, a fed-up SpamCop user, is now organizing a class-action lawsuit to be brought against Richter and Opt-In. At least 1,000 signatures are needed, so tell your friends!"
Video. Wonder how long that poor schmuck's server will last, but it's not on the Comedy Central page for the Daily Show that I can see.
SpamCop can't make the complainers' information anonymous.
Why would that matter? Who could the complainer recieve backlash from that would matter? Could they maybe get a frivilous lawsuit from that slime Scott Richter?
Ansi's and stupid tricks!
Weird, I don't usually see analogies on Slashdot that make sense. /applause
:P
But anyway, that's only one aspect of it. Richter is also going after them for forwarding complaints to OIRB's ISP instead of the company directly. It's not that people use their blacklists (although that's part of it), it's that SpamCop is actively trying to get ISPs to shut him down. Presumably for a violation of TOS or whatnot. Richter claims that it's unlawfully costing him business. I know, I know, he's full of #$@$, I am just stating the facts.
Auto-reply to ACs: "Truly, you have a dizzying intellect."
Opt In Real Big claims to be an opt-in only company. However, they operate through third parties with no checks in place to ensure the third parties are using opt-in lists, paying those parties based on how many people click their links. Making it a <fingerquote> policy </fingerquote> gives them plausible deniability up until people start laying down evidence that they're full of shit.
Paying for e-mail to stop spam? Nah. Check out the link below for a neat solution against spam.
http://www.paganini.net/ask/
Australia
"We're not going after IronPort because of their blocking. We're going after IronPort for the harassment," [OIRB's Scott Richter] said. "We're going to go after many antispam groups."
I think they are going after because of their blocking, but their suit does not complain about the blocking. They are going after anonymous e-mail complaints and sending e-mail to the ISP. Your argument does not address the issue at hand.
Very true.. that would be descrimination based on colour. But where do you draw the line? Perhaps I want to use the female restroom at work. I can't? I'm being denied! Sexual descrimination!
Actually, denying you the 'right' to use the women's restroom if you are a man is sexual discrimination, at least according to the The Undergraduate Council at Harvard University.
You obviously don't understand the issue. The problem as stated by the defendant is that SpamCop is hiding the identity of the complaining user and then complaining to the defendants ISP to get them disconnected. This leaves the no option to remeday the situation and they are not addressed directly.
What Yahoo or things like SpamAssassin do are passive filtering. Totally different thing.
This is the greatest checklist ever made. I owe the creator a donut and a big cup of coffee.
--
The parent post advocates a
( ) technical ( ) legislative (X) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work.
(One or more of the following may apply to your particular idea, and it may
have other flaws which used to vary from state to state before a bad federal
law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(X) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential
employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
(X) Unpopularity of weird new taxes
(X) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever been
shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(X) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
Auto-reply to ACs: "Truly, you have a dizzying intellect."
Right, but that does not automatically mean that SpamCop is doing anything wrong. The Can Spam act is essentially irrelevant here, because the issue isn't whether spamming is legal, but whether spamming was in breach of the contract with the spammer's ISP. The issue is that SpamCop is ratting out the spammer to his ISP for spamming, and that ISP pulls the spammer's plug. If the ISP has written into its contract with the spammer "no spamming" and he/she/it spams, then that is totally legal. The argument here that SpamCop is interfering with the spammer's business unjustly (which most of us think it isn't). The little razzle-dazzle about "we're complying with the can spam act!" whine by the spammer is irrelevant.
As an analogy: If we're neighbors in an apartment building that forbids pets, and I ratted you out to the landlord because you had a few cats, you won't be getting into trouble with thelandlord because owning cats is illegal... you'll be getting into trouble with the landlord because you've violated your lease.
What the spammer is trying to say here is that under the Can Spam Act, you cannot go directly to the ISP with complaints. You must complain to him first. IANAL, but that sounds like bullshit. If SpamCop was out of the picture and I complained to the ISP directly myself, would I get sued? I don't believe there's any way you could restrain my right of free speech to inform the ISP that his client is in breach of his contract. I also don;t think the ISP would be required to give up my identity to the spammer. As the article said, there isn't a legal requirement to be faced with your accusers in cases such as this.
Whether or not Spamming is legal is not actually the point. Any private individual has the right to hold opinions on the activities of another person or company.
:-)
The scummers, erm, spammers, are using the argument that blocking these emails is costing them business.
I would use the counter argument, that people (And this includes ISP's) choose *not* to recieve these emails because they are costing them time and money, and the spammers are not recompensing them.
You may have the right to show me advertising, but you dont have the right to make me pay for you to do it. One of the reasons i dumped my old Dial up account is the minute or so wait while i downloaded scum.. erm.. spam... erm... marketing emails during which time the clock was ticking, but i coudnt use my internet connection.
There are still quite a number of places in the world where people still pay for internet by the minute. (Not me any more fortunately)
So, if any of your spammers are out there reading this message, Feel free to try to sue me for accusing you of the following: you are BOTTOM SUCKING LEECHES who survive by MAKING EVERYONES INTERNET CONNECTIONS THAT MORE UNPLEASANT TO USE. I not only hoping you loose the case against SPAMCOP, AOS, MICROSOFT et al, i hope they NAIL YOUR SCUMMY LITTLE COMPANIES TO THE WALL, and prove to everyone just what MORONIC IDIOTS you are in practicing this BARELY LEGAL "marketing" activity that would be BANNED IN VIRTUALLY ANY OTHER MEDIA.
Hmm, theraputic, must do that more often
What are you indeed proposing?
A tarrif on raw data sent over the internet?
You can't possibly distinguish data sent over the internet in the form of an e-mail as opposed to some multi-player RPG or HTML. On the level that it passes from router to router from the original computer to its destination that is how it is treated (and should be too!) Indeed, firewalls and other cute things of that nature really end up perverting the internet by assuming (incorrectly) that only port 80 (typical HTTP port) is needed (or something similar).
A firewall is needed when computers on the other side of the firewall have poorly designed IP (internet protocol, not intellectual property) stacks and some very poorly implemented miscellaneous TCP services programs (like nettime, MOTD, or some other simple service) that has methods of attack through those programs. A clean well-designed IP stack with high-quality TCP applications do not need a firewall.
The solution is not charging $$$ for e-mail either. Who collects? How much per e-mail? Does the size of the e-mail matter? What about attachments? Is this above and beyond normal TCP/IP usage charges (in terms of normal bandwidth charges)? How do you stop spammers from "collecting" money from millions of people who "sent" e-mail to them (reverse spammers in this case... a variant not seen at the moment)? This last question is also about how spoofing can be used to undermine the toll collection system of any e-mail charges, which is something significant indeed.
You could certainly set up a totally new e-mail type protocol where you personally establish some sort of toll system, and let's also assume that every piece of e-mail that goes into a typical in-box will also pay you about 1/2 cent. Answer the above questions regarding this system if you think there is a viable solution here, but also let's assume that you will use E-gold, Paypal, or some other micropayment system here as well (maybe something you also come up with for this service). You had also better get a pretty good legal team together because you will also be the target of a whole bunch of lawsuits if it gains any popularity at all.
It simply won't work. What is needed more than trying to charge is to develop trust metrics between computers. Just making up an IP address here, but let's assume that 192.168.x.x has a bunch of e-mail servers that I trust. You can then assume that this is a good server. Let's assume that 10.54.x.x has a bunch of spammers. Don't trust anything coming from those servers.
BTW, this is essentially the approach that Spamhaus, SpamCop, and the IBHL and others are using to try and block spam.
The real trick here is that you also need to prevent spoofing. One nice thing about SpamCop is that the original author/developer of the site went through a whole bunch of work to try and find the actual owner of a given internet service that is sending you a given piece of e-mail based almost exclusively on IP address. The SpamCop site then tells you if it is an open relay, or a known spammer. This anti-spoofing is often hard to do and this is where the current e-mail protocol does indeed need to be strengthed, simply to identify clearly who sent the e-mail, and make sure that the computer sending the e-mail is who they claim they are.
As it is right now, I can claim to have the e-mail address president@whitehouse.gov and send you a message, and the current e-mail protocol won't be able to proof that I really am that person or not. There are ways (fairly easy as well) to not even get the IP address of my machine anywhere in any logs of any computer or in the e-mail header. Spammers take advantage of this simple fact, and e-mail servers should not accept e-mail if the IP addresses aren't correct.
This should also be illegal in itself. If you claim to have an IP address of 10.54.66.195 and that is not who you claim to be, it is false representation and should by itself be punishable under law independent of the conte
The SpamCop we are talking about here is not spamcop.com (which this /. article links to), it is spamcop.net.
Hmm, what idiot provides this guys bandwidth?
From the optinrealbig.com web site:
Contact us via e-mail: info@optinbig.com
or phone: (303) 464-8164
OptInRealBig.com, LLC
1333 W 120th Ave Suite 101
Westminster, CO 80234
I think we should all give them a call or send them a friendly letter letting them know what we think of their "service".
It's good to use your head, but not as a battering ram.
And the problem is non-existant. Spamcop replaces the real email address with a randomly generated prefix - a temporary email address - thereby protecting the client. ISPs can reply to that email address which returns a response back to the original complainant. So what's stopping him from doing that - nothing! (Except the volume of complaints - but then that's his fault for not running a proper confirmed opt-in approach).
And it does work. I have replies from ISPs confirming removal of spammers / disinfection of mail relay trojans - they have no problem replying to the email address as created by Spamcop.
The URL for SpamCop, as posted in the /. article, is incorrect. The correct URL is http://www.spamcop.net. I think we should all make an effort to donate something to the SpamCop Legal Defense Fund.
Free Firefox news reader.
Well, consider this scenario:
All's true that is mistrusted
You apparently haven't even read the SPEWS FAQ.
You weren't listed, your ISP was listed because they support spammers. Since you give your ISP money, you indirectly support spammers as well.
If you really cared, go to a different ISP.
Too many people like you are just complacent.
But anyway, that's only one aspect of it. Richter is also going after them for forwarding complaints to OIRB's ISP instead of the company directly.
SpamCop does not choose who to forward complaints to. It does provide automated header analysis to determine reasonable spam complaint addresses associated with the origin of the spam. The SpamCop user then chooses where to direct his complaint. SpamCop merely provides a temporary address for that purpose. This prevents spammers from (a) learning that the user's address is "live" (which makes it more valuable on a mailing list), or (b) attempting to discourage complaints by increasing the volume or objectionable nature of the spam directed to that address.
No, the system works like this: you ask the complaintant (who SpamCop easily allows you to contact) what his email address is so you can remove it from the list. You do so, and SpamCop stops blacklisting you.
Except, in reality, you are probably a spammer (therefore by definition a criminal) so you just ignore complaints anyway.
I have an archive of over 10,000 spams that I personally have recieved despite never having signed up for any. I turn away around 400 daily using SpamAssassin Bayes and various blacklists. My address was harvested from InterNIC (along with all the other domain admins) by spammers without anyone's permission.
SpamCop provides a service that people like myself can CHOOSE to take advantage of. You can easily find an ISP who does not use it. SpamCop has absolutely NO ability to "stop all bulk emailing" as you claim (god, I wish they did, though!).
If you want to take away people's right to choose whether to use SpamCop or not, you are just another amoral spam whore. If you don't think SpamCop has a right to publish lists however they choose, well, you're tempting Godwin's law.
The big argument that OptIn is using (and apparently with success) is that they are never being given the email addresses of those people who wish to opt out. SpamCop has existed since long before laws like CAN-SPAM, and its methods were those needed at the time. Now we need to make sure the laws that are being put in place have enough teeth to make a difference.
SpamCop has the data on the largest and worst of the spammers. It has data on the thousands of email addresses that have reported these spammers. Voluntarily sharing this with federal investigators would be a great beginning. Based on CAN-SPAM, there will need to be evidence that spammers are not removing email addresses. SpamCop can be the intermediary who stores a copy of every request to be removed and ever subsequent email with tracking back to the originator. By working with the feds, SpamCop could wipe out several of the hard-core spammers.
I was taking one day at a time, but then several days got together and ambushed me. (from a Rhymes with Orange comic)
Why would he need to know which email address the message was sent to? IMHO there should be a link in the message to click and opt-out (the link has the email address in it so the customer doesn't have to know anything). You would want to do this not solely for the recipeint's convenience, but also to save you from having to deal with dopes like him.
I once worked for a company that sent 100,000 emails a month to customers who had requested it.
In my experience, out of 100,000 people, there will be about 5,000 idiots for whom you have to make everything easy or you will run into problems like the one you recounted. I bet this happened more than once.
The TRO has already been dissolved.
From dissolution of ex parte TRO:
On May 10, 2004 the Court issued a temporary restraining order (the "TRO") against defendant
Ironport Systems, Inc. dba SPAMCOP.NET, Inc. ("Defendant") on behalf of OPTINREALBIG.COM,
LLC ("Plaintiff"). Defendant has objected to the TRO and sufficiently explained why its objection came
after the issuance of the Court's order. It was not through gamesmanship on the part of Defendant, but
rather issues of timing. The Court's order and Defendant's opposition crossed each other in the e-filing
system.
Having read and considered Defendant's opposition only for the purpose of determining whether or
not to maintain the TRO, the Court finds that the legal issues raised are more complicated than they
originally appeared and that the Court has a number of questions regarding the facts. Because of this, the
Court finds that the balance of hardships and the interests of justice favor dissolution of the TRO and
expediting the hearing on the preliminary injunction. This is to give both parties a full and fair opportunity to
be heard on the issues, to give the Court sufficient time to deliberate on these issues, and to issue a
judgment on the merits expeditiously so that the prevailing party shall obtain the relief necessary to prevent
irreparable harm.
United States District Court
For the Northern District of California
The Court wishes to clarify that the TRO was not a determination of the merits of this case. The
Supreme Court "has repeatedly held that the basis for injunctive relief in the federal courts has always been
irreparable injury and the inadequacy of legal remedies." Weinberger v. Romeo-Barcelo , 456 U.S. 305,
312 (1982). The limited record usually available on such motions renders a final decision on the merits
inappropriate. Brown v. Chote, 411 U.S. 452, 456 (1973); see also, Paragould Music Co. v. City of
Paragould , 738 F.2d 973, 975 (8th Cir.1984); Laurenzo v. Mississippi High School Activities Ass'n, 708
F.2d 1038, 1043 (5th Cir.1983) (student who challenged a rule which made him ineligible to play baseball
not a prevailing party because finding on the merits was not required for the issuance of an injunction
pending appeal); Bly v. McLeod, 605 F.2d 134, 137 (4th Cir.1979), cert. denied, 445 U.S. 928, 100
S.Ct. 1315 (1980) (TRO allowed plaintiffs to vote on absentee ballots but was in no way a determination
on the merits); cf Nitz v. Otte, 87 F.3d 1321 (9th Cir. 1996) (unpublished) (noting that the issuance of a
TRO did not constitute a proceeding of substance on the merit).
In contrast, a federal proceeding may be deemed to have passed beyond the " embryonic stage" if
the federal court has conducted extensive hearings on a motion for a preliminary injunction. Adultworld
Bookstore v. City of Fresno, 758 F.2d 1348, 1350-51 (9th Cir.1985).
The Court is aware, however, that Federal Rule of Civil Procedure 65(b) provides that a TRO may
issue ex parte to preserve the status quo. Having reviewed Defendant's opposition and considered the
facts brought forward by it, the Court questions whether the terms of the TRO actually preserved the status
quo or altered it by requiring Defendant to take proactive steps to limit the recipients of the complaints and
to list the names of those complaining. Because in such situations, the Court must be "extremely cautious,"
Lockheed Missile & Space Co. v. Hughes Aircraft Co., 887 F.Supp. 1320, 1323 (N.D.Cal. 1995), the
Court dissolves the TRO and expedites the hearing on the preliminary injunction.
For the foregoing reasons,
IT IS HEREBY ORDERED THAT the Temporary Restraining Order of May 10, 2004 is
DISSOLVED. Plaintiff shall serve and file a motion for preliminary injunction no later than May 12, 2004.
Defendant shall serve its reply no later than May 13, 2004. Plaintiff shall serve and file a reply no later than
May 14, 2004. The parties shall appear before the Court on
Become an evil genius by eating gifted children!
Who's the twit who rated the above insightful?
Its factually false information from someone who obviously has no experience receiving spamcop reports. As someone who does get 'em, I can say that this claim is utterly false.
Spamcop sends ISPs enough information that you can figure out which customer was spamming.
Make 'em pay! http://Payola.org #include "stddisclaimer
"strong legal grounds"
Would these "strong legal grounds" be open to discovery by the defense? Would their chances of winning be as high as you think if there had to disclose all of their so called "opt-int" address? Think their so called "opt-in" list had any spamtrap address in it? Think they can show that all of the address that they sent to actually opt'd in? Wouldn't they in the course of having to prove their case essentially prove that they are in major violation of the CAN-SAPM act?
IANAL - But... I doubt this case is going to have it's day in court.