NYT on Spam Cops

yet another coward writes "The New York Times reports on new measures against spam. (Sperm sample required, sorry ladies) Microsoft has increased efforts to track and prosecute spammers. Hotmail receives 2 billion (2 * 10^9) spam messages per day. In a twist of weirdness, the Direct Marketing Association is funding investigators who cooperate with the FBI on spam investigations. Spamhaus also gets a mention."

Article text. *NO KARMA WHORING*

May 31, 2004
When Software Fails to Stop Spam, It's Time to Bring In the Detectives
By SAUL HANSELL

EDMOND, Wash. - Sterling McBride spends a lot of time waiting for spammers to make a mistake. They usually do.

When he hunted down escaped prisoners for the United States Marshals Service, Mr. McBride learned the value of lying low until fugitives trip up, leaving small clues on their whereabouts. Now, as an investigator for Microsoft, Mr. McBride watches carefully for tidbits of data that link some of the two billion pieces of junk e-mail that Microsoft's Hotmail service receives each day with the people who send them.

Once he finds an electronic key to the spammer's identity - a real name, address or phone number - Mr. McBride uses all the tools of a regular detective: trailing suspects, subpoenaing their bank records and looking for disgruntled former associates to become informers. But first he must lift the cloak of anonymity provided by the Internet.

"The guys who do this are pretty tenacious," Mr. McBride said. "There are networks that are very well organized. But we have really started to figure out how they operate."

Spammers have been sending more junk e-mail than ever, despite a new federal antispam law that took effect Jan. 1. So far, few have been brought into court because it is hard to find them and link them to electronic offers of pills and pornography.

So the vanguard of the fight against spam has turned from software engineers who try to identify and block spam from e-mail in-boxes to investigators in private industry, like Mr. McBride, and an increasing number of prosecutors and law enforcement agents who are learning how to combine traditional detective work with cyber-sleuthing.

The Federal Bureau of Investigation is increasing its effort to investigate spammers, largely in response to the new law. In an unusual arrangement, the Direct Marketing Association has paid $500,000 to hire 15 investigators who work alongside agents from the F.B.I. and other government agencies in a program known as Project Slam-Spam.

Using information provided by Internet providers along with their own decoy computers and e-mail accounts, these investigators have built a database of more than 100 spammers. Increasingly they are actually purchasing pills and responding to offers of get-rich-quick schemes to track down the spammers.

"Initially you start to work backwards from the e-mail and find that to be a very frustrating route," said Daniel Larkin, chief of the F.B.I.'s Internet Crime Complaint Center, the unit that is coordinating Project Slam Spam. "That doesn't lead to a live body. We have collectively realized you have to go the other way and follow the money trail."

The project has built cases against 50 spammers, which it has started to refer to federal and state prosecutors. It hopes to orchestrate a coordinated sweep of spam prosecutions and civil cases later this year to highlight the seriousness of its antispam efforts, Mr. Larkin said.

Even before the new law took effect, there was an increase in both civil and criminal actions against spammers. Last week, Howard Carmack, who sent 825 million junk e-mail messages from his home in Buffalo, was sentenced to at least three and a half years in prison, in a case brought in 2003 by New York State for violations of identity theft and business records laws.

The big Internet service providers, especially America Online, a unit of Time Warner, and EarthLink, have been steadily suing spammers for the last few years, using trespass and computer crime laws.

Microsoft is a relative latecomer to the tactic. Until recently, it hoped to rely mainly on software to identify and discard spam. But once it decided to take spammers to court, it moved after them with a vengeance, building what is probably the biggest operation in the world devoted to investigating and suing spammers.

Microsoft's two-year-old "digital integrity" unit - which also fights online fraud, ide

Re:Registration site

[swordboy]

No Need - plenty of other sources out there.

From Article: MaxxLength penis enlargement pills

[CreamOfWheat]

It is a real postal box that was associated with the Camania site. It turned out to be at a Mail Boxes Etc. in Kirkland, Wash., only a few minutes from Microsoft's headquarters. Microsoft then hired outside investigators to stake out and follow whoever picked up the mail. It turned out to be Jason Cazes, who Mr. McBride said sells "MaxxLength" penis enlargement pills. HOW is this a faulty product? It just promises for you to reach your maximum lenght, whether that be 3, 6 or 9 etc.

Futureproofing Spamhaus

[alanxyzzy]

In related news, Spamhaus has announced a Funding model based on charging large corporate networks a yearly fee for our Data Feed rsync/ixfr service.

The public DNSBL service will remain free.

Re:Article text. Mod Down; Copyright Infringement

[the_Bionic_lemming]

Regardless of whether this was posted for karma or to benefit other users here, it is still copyright infringement.

Cool - then just do it this way then.

Made from This Page.

The DMA hates spammers (true)

[Random+BedHead+Ed]

In a twist of weirdness, the Direct Marketing Association is funding investigators who cooperate with the FBI on spam investigations.

Not much of a twist at all, despite many of the above comments. Just grok this: the DMA hates spammers. No, really. I know someone who works for a company that's part of the DMA, and spam is her biggest headache. While we all hate commercial e-mail in general, the DMA is made up of companies who want to play by the rules. True, they want to have a hand in writing the rules as well, but the rules are pretty good ones. No faking your source IP addresses or From: fields. Always have an Unsubscribe feature that actually works. And so forth.

Spammers make the DMA's life a living hell. It's impossible to have a conversation with most people about legitimate commercial e-mail because illegitmate spam is such a pain (I just deleted 20 spams, vs. three real messages in my Lycos mail). With an annoyance like spam, no one even wants to hear the DMA's side of the story. So the DMA's members get blocked from sending e-mail by many sysadmins (like me).

If all commercial mail conformed to the rules that the DMA advocates, no one would complain to ISPs about commercial mail because the power to prevent it would be in the hands of the recipient. Just click Unsubscribe and you're free and clear. Until spammers go away, that's impossible because no one trusts Unsubscribe links. It shouldn't surprise us that the DMA will do anything they can to prevent spam.

Re:The DMA hates spammers (true)

[homer_ca]

"the DMA is made up of companies who want to play by the rules. True, they want to have a hand in writing the rules as well, but the rules are pretty good ones. No faking your source IP addresses or From: fields. Always have an Unsubscribe feature that actually works."

The problem is that email addresses eventually leak out from the more legit DMA members to shadier and shadier spammers, whether it's through "affiliates", bankruptcy sales, or corrupt employees. See the story of Nadine for an excellent example of how this happens.

Re:Illegal and tricky Spam

[Noryungi]

Why don't you just forward this to the FBI? I am sure their kiddie porn Dept would be interested.

Finding the relevant @fbi.gov address is left as an exercise for the reader...

Re:Article text. Mod Down; Copyright Infringement

[LiquidCoooled]

How come I can read the exact same article by simply going in via another entrance.

The common google affiliated link to all NYT stories is a gaping hole in their DNA sample taking policy.

I do however agree about posting the whole article, but news is news, and it should not change depending upon where you read it.

Same subject - if a story is submitted to slash, and it includes a link to an NYT story obtained from google - a perfectly valid news linking service, would Slashdot editors remove the google portion of the link and try to force us to signup?

OpenBSD + spamd

[Santana]

Actually spamd on OpenBSDdoes a great job stopping spam

I used to get around 300 messages daily, all of them spam. Now I only get 1 or 2 every two days.

Re:Registration site

[arturogatti]

If you don't wish to register you might consider visiting here also.

Re:My ISP blocks ALL port 25 traffic.

[jonfelder]

Filtering port 25 keeps users from using their own machines to send spam, or from spammers using the machines that have been infected with some worm to send spam.

The SMTP server doesn't need to require authentication because your ISP (should) only allow relaying from IP addresses administered by your ISP. It would be nice if they offered it though, but it's not necessary from their point of view.

All of your Internet traffic goes through your ISP. This means they can monitor ALL your traffic, not just mail...if you're concerned that your ISP is reading your mail, encrypt it before you send it. Even if your ISP supported authentication, since they control the server they could still monitor your email.

That goes for any of your other traffic too...if you don't want them to view it, encrypt it.

Hotmail headers

* If you have an MSN Hotmail account, click Options in the upper-right corner of any page. Click Mail on the left side, and then click Mail display settings. Next to Message headers, click Full, and then click OK.

Re:NYT Jokes

[yet+another+coward]

For the record, I submitted the article. I did not submit the registration required joke with it. Since Taco posted the story, he probably added it.