$1 Billion Awarded in Lawsuit Against Spammers

phoric writes "In what is believed the be the largest federal judgement in history against spammers, an ISP from eastern Iowa was awarded a $1 billion dollar judgement against three mass-mailing companies, which were said to be sending up to 10 million e-mail messages per day to the small internet provider."

Why them, not me?

[elh_inny]

Will they share, after all I am a vicitm as well?

Re:Why them, not me?

[_w00d_]

Yes but you haven't brought a suit against the spammers. And I believe under the CAN-SPAM act, you cannot anyway. I think only ISPs may sue. I have no idea if they are required to share the wealth.

Re:Why them, not me?

[eneville]

The money _SHOULD_ go towards projects like Spamcop et al.

As someone else just mentioned its the ISP who sues and wins, part of the money will go towards damages involved in catching the nasty people.

The winning ISPs will probably now get a torrent of mail heading their way, which probably futher anoys their customers, but I bet they have tighter logging in place!

Re:Why them, not me?

[TFGeditor]

"I believe under the CAN-SPAM act, you cannot anyway."

The CAN-SPAM Act is a shining example of what you get when legislators do not have *one* clue what is going on, but make laws anyway.

You ought to have to pass a test to be a legislator, judge, or even a damn dog catcher.

Re:Why them, not me?

[henrycoderm]

Why would they pay you? If you are you a customer of theirs then maybe they'd be nice enough.

Re:Why them, not me?

[jcr]

File your own suit against the spammers, and then get in line to collect. They'll be bankrupt, so you're not likely to get much.

-jcr

Re:Why them, not me?

[adeydas]

just think how much will AOL get when they sue the spammers!!!

Re:Why them, not me?

[njcoder]

"You ought to have to pass a test to be a legislator, judge, or even a damn dog catcher."

What the hell did dog catchers ever do to you that you would lump them in the same category!?!?!?!

Re:Why them, not me?

[TFGeditor]

Well, they are paid with money the government extorts from me--isn't that enough?

Re:Why them, not me?

[Fishstick]

>You ought to have to pass a test to be a legislator, judge,

yes. it's called an election

Re:Why them, not me?

[WhatAmIDoingHere]

You can leave the country at any time.

And you know what, we won't miss you.

Re:Why them, not me?

[triclipse]

It is true that under the CAN-SPAM act, Internet Service Providers are the only private parties who can file a lawsuit under that act. However the CAN-SPAM act also provides:

"(1)IN GENERAL.--This Act supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation,or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto."

That means that some state laws (such as California) have parts of their spam law still intact. Under California, for example, it is unlawful to advertise where "The commercial e-mail advertisement has a subject line that a person knows would be likely to mislead a recipient, acting reasonably under the circumstances, about a material fact regarding the contents or subject matter of the message." (CA Business & Professions Code 17529.5(c))

Because this part of CA's spam law prohibits falsity in a part of the email message, it is not pre-empted. Therefore, because CA's spam law allows individual recipients to sue, an individual could bring a spam suit under CA law, but not under the CAN-SPAM Act. An ISP could bring a lawsuit in Fed court alleging violations of both state and federal law.

Re:Why them, not me?

[TekPolitik]

[If you don't like paying tax] You can leave the country at any time.

If you're a US citizen, and you earn more than around $US70,000 (it may be more than that now), you have to pay US income tax (virtually) no matter where in the world you live.

Re:Why them, not me?

[TekPolitik]

>You ought to have to pass a test to be a legislator, judge,

yes. it's called an election

Actually, an election is quite an appalling test if you're trying to find the person who will be best at the job. Imagine getting some random person off the street and asking them to interview candidates for a tech job. "This person thinks tha' InterWeb is called tha' Internet. How dumb is that?". Are you certain that if you were the best candidate for the job, you would be able to convince somebody who is entirely ignorant of your field that this is the case? What about when you're up against a slick con-man who knows how to convince the ignorant person of anything they like?

That is what elections are like. The average person has no idea what skills are required to be a good legislator, or a good judge. Most have no idea of the terminology involved, and have no real way of evaluating the skills of the candidate. However, the average person is likely to be taken by a slick con-man running for office.

Elections are not about choosing the best qualified candidate, they are about being able to throw out somebody who has proven themselves to be a bad candidate.

The truth is, when faced with a field of entirely new candidates for a public office, you are probably just choosing the con artist who takes you in most effectively.

Re:Why them, not me?

[WhatAmIDoingHere]

And when you're living in the middle of nowhere in China, Africa, Russia.. anywhere else.. how are they going to make you do anything?

Re:Why them, not me?

[Fishstick]

>an election is quite an appalling test

no argument there -- my comment was not intended as an endorsement of the system, merely pointing out a fact.

Re:Why them, not me?

don't expect to come back

Re:Why them, not me?

[soft_guy]

Do you honestly think they can't or won't extradite you if you don't pay your tax?

Re:Why them, not me?

[Guppy06]

"You ought to have to pass a test to be a legislator, judge, or even a damn dog catcher."

Ah, but who writes the test?

Re:Why them, not me?

[maw]

Spamcop? Sheesh? They make the spamming problem worse, not better.

Re:Why them, not me?

[WhatAmIDoingHere]

You know some countries don't have agreements with the USA, right?

Re:Why them, not me?

[MrBigInThePants]

"The truth is, when faced with a field of entirely new candidates for a public office, you are probably just choosing the con artist who takes you in most effectively."

Like you n3ed a field of entirely new candidates for this to happen??

Dubbya Anyone??

Re:Why them, not me?

[daft_one]

Case in point: Montana's new Governor, Brian Schweitzer. He actually managed to win with vague promises that he "has a plan for Montana" and branding his opponent as a "career politician" in such a tone and with such an expression on his face as to imply without actually hitting the slander-mark that his opponent must therefore be corrupt and just-plain-evil. That's right folks... experience makes you LESS fit for the job.

Re:Why them, not me?

[soft_guy]

Yes, I do. However, the countries that don't have extradition treaties with the US are mostly ones I wouldn't choose to live in.

Do you know which countries these are?

Your best option may be to father a child in Argentina.

Guarenteed?

[Renraku]

I'll believe it when I see it. Spammers have a way of packing up and vanishing from the face of the earth over night.

Re:Guarenteed?

[Richie1984]

"We hope to recover at least his costs,'' Wallace said.
I doubt that they'll ever see any of that money, but the ruling will perhaps put off people from getting into the spamming business. A $1 Billion fine is, after all, a major incentive not to flood networks with spam traffic.

Re:Guarenteed?

[tacocat]

Good question. Now the problem becomes a matter of collection and identification of who actually has the money to pay this. They may have won. But until they can get the collection process started I question it's value.

How many times have companies lost in a suit only to have the collection phase take 10-20 years, basically wearing down the suit winner into accepting a fraction of their due?

The problem is you can't really put these people in jail until they pay up. IIRC that's referred to as debtors prison and they tossed that idea out a long time ago.

Re:Guarenteed?

The trial was a bench trial and the spammers did not show up, nor did their lawyers show up (if they had any). It was effectively a trial in absentia. Reporters were unable to track down anyone associated with the defendants. It appears that they have "disappeared".

Re:Guarenteed?

[sixy]

I'll believe it when I see it. Spammers have a way of packing up and vanishing from the face of the earth over night.

Just like carnies... I bet spammers have small hands too.

Re:Guarenteed?

[bani]

you can however fuckup their credit real good, so they will never ever be able to get any loans or credit or anything from ANYONE.

send a copy of the judgement to anyone doing business with them.

basically you can make it really hard for them to do business with anyone ever again, until they pay off their judgement.

keep in mind a fraction of a billion dollars is still quite a lot of money. i'm sure collection agencies will go wild over that amount.

Re:Guarenteed?

[dattaway]

But until they can get the collection process started I question it's value.

I'm sure there is no shortage for offers of "insurance" that they will get the money. Many speculators with money would like to gamble and say, "we'll give you 1,000,000 in cash now if you sign over all the rights to the settlement to us." And like a bondsman, they will go after the spammer with millions of dollars worth of paid goons to collect. With a price like that on the spammer's head, there's no escape in this small world.

Re:Guarenteed?

[No.+24601]

I'll believe it when I see it. Spammers have a way of packing up and vanishing from the face of the earth over night.

Damn, I knew that Nigerian guy wasn't from Nigeria.

Re:Guarenteed?

And the congress still insists on protecting them by a "can-spam act".

Re:Guarenteed?

[mordors9]

I doubt they will collect and that is why this will not effect spam traffic. Since the defendants were not present at the trial, I wonder if they were even able to serve them with the summons and complaint. Unlesss we can actually track these guys down and then punish them, nothing will change. The real answer is going to be developing the technology to filter all of this out as soon as it comes into the pipeline.

Re:Guarenteed?

[hitchhikerjim]

The "real" answer (as with all security problems) is a multi-pronged approach. This is an excellent start on one of those prongs... and will be even better if they actually manage to find any of these companies to collect.

And yes -- filtering the crap is another important prong. As is a better system for stopping spoofing so that tracking the perps is easier.

Re:Guarenteed?

[Vlad_the_Inhaler]

No, according to some mails I got recently, you can get cheap loans even without a good credit history.

Sending a copy of the judgement to anyone doing business with them implies that people who pay spammers would not see that as a glowing testimony. Are you serious about that?

Re:Guarenteed?

[Vombatus]

I have a copy of an email here somewhere (and if I can't find it, I'm sure another one will flood my inbox) offering to fix my credit.

So, they will not be inconvenienced too much :)

Re:Guarenteed?

I question it's value

"its".

Re:Guarenteed?

you can however fuckup their credit

"fuck up" ("fuckup" is a noun).

Also, in English, the first word of a sentence is usually capitalized.

Re:Guarenteed?

[tacocat]

Really? I wonder how Fucked Up Microsoft credit is?

I recall in Michigan there was a problem where the State is not allowed to do business with any convicted felons. After Microsoft was convicted, the State of Michigan changed the law.

You live in an idealistic world.
I live in a sarcastic one.

Good

[eneville]

Lets not stop at 3.

yay!

[northcat]

Now this is how it is supposed to be done. Make them pay monetarily. If you send them to jail they'll just come out after a few years and enjoy their money. (They'll even enjoy getting ass-raped)

Re:yay!

[MrRTFM]

Now this is how it is supposed to be done. Make them pay monetarily.

It has always puzzled me that crimes where the criminals make lots of profit, somehow get to keep that profit when they get caught and go to jail.

Surely a better deterent would be - you lose *all* the gross money you made from this illegal venture PLUS 50% (or $25,000 - which ever is more).

But then IANAL although if there are any lawyers out there, I'd love to know the reasoning why this cannot happen.

Re:yay!

Well really, if they enjoy it, it's not rape.

Re:yay!

[DanBeai]

I found an interesting BLOG about the Deputy Communications Minister of Russia and what he did when he got tired of of getting spam from one obnoxious company. Seems he sent them back about 1000 automated voice messages, This was his plan:

1. User gets a spam, greps for the spammer's phone number, and sends it (along with his own area code and exchange) to a server.
2. The server searches the list of recent people who also forwarded spam who's own listed area/exchange is local to that of the spammer.
3. The server sends out an email to *those* people telling them about their neighborhood spammer.
4. Everyone local to that spammer then instructs their computer to dial that number occasionally and send them a warm personal greeting expressing their interest in their wares.

There are also a few ideas/sudgestions for doing this in a much larger scale.

You can read the full article here: http://www.tallent.us/blog/default.aspx?date=2003- 07-24#a6b033bc4-bc7b-48a8-968f-980f71662a5d

Also if you scroll down a few BLOGs you will find one titled "Study: Legislators are Pandering Idiots". It lays out a decent "anti spam" plan.

Wow

[Stevyn]

Kramer is unlikely to ever collect the large judgment, which was made possible through an Iowa law that allows plaintiffs to claim damages of $10 per spam message, said his attorney, Kelly O. Wallace of Atlanta.

That's a lot of money per email. When I saw the headline, I figured most of the money came from putative damages, but the article didn't mention it. Instead they were able to claim the amount from actual damages. This leads me to think that this law might not stick around for a while. It was also interesting that no lawyers were present for the trial.

Re:Wow

[Technician]

It was also interesting that no lawyers were present for the trial.


You forgot the word Defense.

Since the defence didn't show up, there was a default judgement. It's the same as not showing up to fight a traffic ticket. Only in this case the fine was $10. They just managed to rack up a whole slew of violations at $10 each then not show up to defend themselves.

Re:Wow

[IO+ERROR]

It was also interesting that no lawyers were present for the trial.

The spammers weren't present either, apparently. Now in order to collect this money, the poor guy has to go find the spammers. And they are probably just arriving in New Zealand right about now...

Re:Wow

[StormReaver]

"I figured most of the money came from putative damages...."

I've seen lots of people use this term, which doesn't actually exist in this context. The word you are looking for is punative as in "punish", which is what this type of judgement is meant to do.

The U.S. court system is a complete joke to spammers, though. The effect these unenforceable judgements have is more humorous than anything else.

Re:Wow

[Stevyn]

I originally misspelled the word and the spellbound firefox extension chose a different word than I was looking for. I didn't notice it until now, but you are correct.

Re:Wow

The award makes no sense. The party which won and suffered damage from the defendants' spamming activities had a sum total of 5,000 customers. Five thousand goes into $1 Billion how many times? I don't think the plaintiff had to spend anywhere near $200,000 per customer to continue successfully providing email. Iowa seems to have a legal problem with applying reasonable judgement in cases where one party isn't present to defend its interests. Case in point, this judgement by Iowa's judiciary is absurd by any standard. Judge Wolle should be ashamed.

Re:Wow

[cjhuitt]

I read an article on this in an Iowa newspaper yesterday. I seem to remember reading that the judgement was 1) for millions in damages, and then tripled for punative reasons, which then took the total over 1 billion, and 2) narrowed down from (approx) 56 "john doe" defendants to only three specific dependants. I don't remember reading this exactly, but I got the impression that the other john does were too hard to track down to actual people.

Also, there was a reason the punative damages were added, over and beyond what was allowed by Iowa law. I'm a little vague on the timeline, but it seems that his spam traffic tripled or more from the defendants soon after he had their actual company names in the suit. So the punative damages were at least partially added because it appeared they were continuing the same behavior in a harrassing manner against him for suing them.

Re:Wow

[techno-vampire]

RTFA. The law provides for damages of $10 per email. That means that if the three companies sent 100,000,00 emails to that ISP, they have to pay ten times that many dollars, or $1 billion. This is actually a fairly common way of calculating damages or fines. When you can connect to an SMTP server one time and upload thousands of spams, being forced to pay up for every connection just encourages then to send more spams each time they connect. Making each message a seperate violation means that the more they upload each time they connect the more they pay. It's just like when Earthlink sued Spamford Wallace; if he'd sent spam through their servers after the judgement, he'd have had to pay them $1000 per message, not per connection.

Re:Wow

the money came from putative damages

"punitive".

Re:Wow

[el_gordo101]

Also, there was a reason the punative damages were added, over and beyond what was allowed by Iowa law.

This was tried under the RICO act, which allows for triple damages.

Imagine

[jstrain]

all the V14GR4, fake Rolex watches, and mortgage refinances he can buy now!

Okay, but now let's look at the big picture

[davmoo]

This ruling is good.

But for every spammer eliminated, 5 more pop up to take their place. And the new ones are popping up outside the US, where US court rulings don't matter.

Nothing will change in the long run until the email protocols are changed to prevent spoofing and such.

Re:Okay, but now let's look at the big picture

But for every spammer eliminated, 5 more pop up to take their place. And the new ones are popping up outside the US, where US court rulings don't matter.

Where exactly should they pop up? Europe's anti-spam measures have been very effective so far. China is going to crack down on spam in order to get admitted into WTO - and if I was a spammer, I would not want to face jurisdiction in China of all places. Everywhere else is easily filtered. If my ISP auto-deleted all mail coming from Taiwan, Brazil etc., I for one would not bother.

There is a reason the vast majority of spam mails today come from the US. Once anti-spam measures there really deter people, spam will be a lot less of a problem world-wide.

Re:Okay, but now let's look at the big picture

[silverdr]

I would rather say that nothing will change as long as people keep replying to spam messages. Not replying to those is technically easier than changing mail protocols. OTOH what will my spamfilter accuracy calculating scripts do if there is no spam... ;-)

Re:Okay, but now let's look at the big picture

[AndroidCat]

Lots of little spammers pop up, but those are easier to deal with. These three were from near the top of the spammer "food" chain. ($700M against Amp Dollar aka ROKSO listed Daniel Walls is a spam partner/accomplice of Alan Ralsky.) That and that RICO was used has got to be worrying to all the kings, queens, princes and popes of spam.

A lot of spam might come from outside the US, but it's usually at the direction of people in the US. (I'll bet that these people used a lot of out-sourced web sites in China and such, but the money trail led back to the US.)

Re:Okay, but now let's look at the big picture

[Tom]

Nonsense. 90% of the big-time spammers are, and always have been, from the USA. Most of the actual spam is sent from somewhere else, but if you eliminate the spammers, the spam will vanish as well.

And while there are people outside the US who are spammers, the ratio is far, far less. Europe has as many if not more people online than the US, but last I checked there were 2 europeans in the top 20 spammers list.

I figure it's a culture thing. We over here simply know and understand that spamming is just wrong. In the US, there are so many crackheads, it's unbelievable. Some of it is good - a few of the most outlandish and yet great ideas come from over there. Most of it, however, is so far from even the broadest definition of "good", there are no appropriate measurements.

Re:Okay, but now let's look at the big picture

[miu]

I figure it's a culture thing. We over here simply know and understand that spamming is just wrong.

I don't know if I buy that. People are people and engage in profitable criminal activity everywhere it is possible - an explanation that makes more sense to me is that Internet access is more tightly controlled in Europe than in the US. Every American spammer has probably burned through dozens of ISPs and incorporations - I get the impression that such behavior would be nearly impossible in much of Europe.

Re:Okay, but now let's look at the big picture

[Tom]

People are people

Really? How come that 500 years ago, the church had more power than any king? How is it possible that 2000 years ago, slavery was a totally normal thing? Why is being rude a serious offense in Japan, and somehow "cool" in the west?

People are different depending on the culture they are surrounded by.

Internet access is more tightly controlled in Europe than in the US.

That would be news to me, and I work for a european ISP.

Every American spammer has probably burned through dozens of ISPs and incorporations

As have the european spammers. It's not that we don't have any, or that they don't use the very same methods. It's just that we have much fewer of them.

One explanation that would make sense to me is that credit cards are less ubiquitous in europe. That cuts the possible target audience by perhaps 50%. Also, I do believe the general public (not you and me, I'm talking about Joe Doe) is more educated in europe, and thus less likely to fall for the outright fraud that many spams are.

Re:Okay, but now let's look at the big picture

[Tony+Hoyle]

Over here ISPs talk to each other, so if you get banned for spamming in one you're going to find it real hard to get another one.

Do it twice and you might as well forget having an internet connection.

It helps that there aren't that many ISPs really - most of the ones that advertise are just resellers for one of the biggies.

Re:Okay, but now let's look at the big picture

[AndroidCat]

And to make the ROKSO list, you have to have been kicked off of three ISPs.

Re:Okay, but now let's look at the big picture

That would be news to me, and I work for a european ISP.

Is it skynet?

Re:Okay, but now let's look at the big picture

[miu]

Really? How come that 500 years ago, the church had more power than any king? How is it possible that 2000 years ago, slavery was a totally normal thing? Why is being rude a serious offense in Japan, and somehow "cool" in the west?

Of course people are shaped by their experience as a child and the cultural norms - but some things are constant, they may be expressed differently in the local culture but the constants don't change.

Re:Okay, but now let's look at the big picture

[robogun]

These damages must be made enforceable against the beneficiaries of the spam.

For instance, for the Viagra spams, Pfizer has enough to cover the award in this case.

Having to spend a billion (or at least a million in attorney's fees fighting it) should make them a little more picky about who distributes their pills.

Whip them!

[mousse-man]

They should rather have the spammers flogged to the tune of one million whiplashes.

Much more effective. They can't pay the fine anyway, but they still feel the pain until they're a bloody mess.

Re:Whip them!

[BVis]

Folks, whipping the spammers isn't effective if you can't find the bastards in the first place. Most spammers have 2 primary skills, 1) duping ISPs into thinking they're legit businesses long enough to dump their email into the stream and 2) vanishing when they're found out.

The solution to spam is to find the idiots who buy the spammer's stuff, and fining them $1000 per transaction. The only way to resolve the spam problem once and for all is to take away the profit motive. This is different than blaming the victim; this is analogous to prosecuting someone who buys obviously stolen merchandise (receiving stolen property). The "reasonable person" test would apply. A "reasonable person" would not believe that you could get Viagra without a prescription legally, get a mortgage at a rate 3 points below the going rate, etc.

We regularly prosecute people whose actions cause harm to the general public, such as drunk drivers. By their actions the people who buy merchandise from spammers are enabling behavior that causes harm to the public, and should be prosecuted.

Slippery Slope

[MustEatYemen]

I disagree with this ruling. When we start marking certain sent data as objectionable and unsolicited it creates a problem that it is possible to redefine any data as unwanted, and charge the sender. This also creates a lack of responibility atmosphere, instead of the administrator setting up some barriers, they will simply sue the other companies out of business. As far as I can gather from the article, these companies did not setup zombies inside his network, they were, they were sending mass mail to him directly. If he was smart, a quality firewall would cut them off. (But hey, using the law to win yourself a theoretical one billion that none of those companies have, sounds like a good reason to be incompetent on the job) This reminds me of the FCC, and how electronic devices must recieve harmful interference, instead of being hardend. Same case with spam, instead of companies trying to harden themseleves agaist it (many tools freely available, and many more comercial solutions) then turn to the goverenment to have them babysit them. (Which is rather threatening when someone with knowledge and a purpose steps in and abuses the systems, (spammers/crackers/ terroists? (aka the boogy man)))

Re:Slippery Slope

You're clueless, so we'll forgive you for being too stupid to understand the facts here.

Re:Slippery Slope

[Cylix]

It's not a war to be won, people simply need to stop sending unsolicited messages...

If they can't play by the rules... then they get slapped around.

I'm actually surprised someone came up with a definition of spam that was good enough to use in court.

Re:Slippery Slope

[Ph33r+th3+g(O)at]

This reminds me of the FCC, and how electronic devices must recieve harmful interference, instead of being hardend.

The statement on devices that says they "must accept any interference received" doesn't mean that the devices can't be hardened against interference (e.g. with a tinfoil hat)--it means that users of the devices have no legal cause to complain to the FCC that someone else's whozit is interfering with their device.

Re:Slippery Slope

[jcr]

You seem to be under the misapprehension that spamming is a first-amendment issue. It's not, and has never been a free-speech issue, it has always been a property rights issue. Spammers make their money by stealing service from millions of people.

Ralsky and the rest of his ilk are free to say whatever they want to say, but that does NOT include a right to use my computer/router/etc. to convey their message.

-jcr

Re:Slippery Slope

[tomstdenis]

What?

CAN-SPAM [iirc] defines spam as [other than unsolicited] email with fake headers. If you don't misrepresent yourself in email it's not technically spam as far as CAN-SPAM is concerned.

As for "if he was smart..." do you know how much spam public folk get? Fuck I'm just a small-time OSS developer and I get 100s of spams a day. I can only imagine what other big OSS developers, politicians, etc, get.

Even with a filter I have to at least look at the subject lines. For instance, I recently received an email from Joy Latten [from the linux center at IBM] which was first sent to my junk box until I marked it as not-spam.

What if it had been a job offer or other actually beneficial offer? I can't afford to just "delete all junk" without looking at the lines first.

And the problem isn't "oh block one IP and all your spam disappears". I tried that. A year or so back I had about 200 networks and 700 IPs in my ban list. And I still received a barrage of spam each day.

So yes, suing the larger spam operators is a good idea. It takes the profit motive out of the business. And really while I think spammers should be shot in the streets for ruining such a simple and effective communication medium I don't think prison time is the answer. Civil actions are enough.

Tom

Re:Slippery Slope

[mikkom]

they were sending mass mail to him directly. If he was smart, a quality firewall would cut them off.

Ok you are obviously pretty smart yourself. Please post a link to such firewall product that would block all of my spam mail.

I'm currently using spamassassin and still getting about 2 spams per day, thank god it blocks almost all spam (about 100 per day).

If you are hosting large amount of email accounts, filtering all spam will consume most of your cpu power and 2 spams per day will consume most of you HD space.

Re:Slippery Slope

Sorry, you're incorrect. Electronic devices must deal with some noise and must NOT cause interference above a given threshold (which is pretty low). Read the back of most RF electronics devices that transmit stuff.

David
(logins for news sites suck)

Re:Slippery Slope

[woodlander]

Bullshit. Sorry, but that seems to sum it up so well that no other words are required.

Re:Slippery Slope

[iamcf13]

Ralsky and the rest of his ilk are free to say whatever they want to say, but that does NOT include a right to use my computer/router/etc. to convey their message.

Fine.

Filter 'em out like I do with my own software and kwitchyerbellyaching!

"Nothing in the Constitution compels us to listen to or view any unwanted communication, whatever its merit. We
categorically reject the argument that a vendor has a right under the Constitution or otherwise to send unwanted material
into the home of another. If this prohibition operates to impede the flow of even valid ideas, the answer is that no one
has a right to press even 'good' ideas on an unwilling recipient. The asserted right of a mailer, we repeat, stops at the
outer boundary of every person's domain."
-- Chief Justice Warren Berger, U.S. Supreme Court

(Quote obtained from UXN Spam Combat.)

Too bad I can't use my mailserver program right now and delete the spam at the mailserver end instead of wasting time downloading it and deleting it automatically.... =/

As long as there is email, there will always be spam. As said earlier in the past, spam is a societal issue--technological solutions like mine and others of their ilk are only band-aids of varying degrees of effectiveness. Changing the email protocol will not ultimately solve the problem--spammers are sure to find a way around any new email protocol--even if they have to steal even more computing resources from unsuspecting users to get the job done!

It appears the only way to truly stop spam is to stop using email. If you can't do that, you'll have to use some type of filtering. All the anti-spam laws in the world will not stop spammers who reside outside their jurisdictions....

Re:Slippery Slope

They didn't need to set up zombies. They clogged the ISP's bandwidth to the tune of 10,000,00 messages per month, at (conservatively) 1,000 bytes of message and protocol overhead each (spammers love HTML mail: a perfect fit to the all noise, no signal business model). 10GB per month of bandwidth is less expensive than it used to be, but it isn't free. That's probably equivalent to dozens of customers. IOW, theft of service.

I hope they have a good collection agency!

Re:Slippery Slope

[fdiskne1]

CAN-SPAM [iirc] defines spam as [other than unsolicited] email with fake headers. If you don't misrepresent yourself in email it's not technically spam as far as CAN-SPAM is concerned.

You don't remember correctly. According to an article at News.com:

The Federal Trade Commission issued on Thursday its final regulations as to what the government will consider commercial bulk e-mail, or spam, which is subject to restrictions under the federal Can-Spam Act.

According to the FTC, bulk e-mail is commercial if it includes advertising and promotion or if the subject line or beginning of the message would be reasonably considered to be advertising or promotion.

Re:Slippery Slope

[tomstdenis]

Ok. So I email a stranger a bug report that's not spam by that definition. Or if I email a cute girl I met at the office, or etc...

I don't see the slope.

Tom

Re:Slippery Slope

[Guppy06]

"When we start marking certain sent data as objectionable and unsolicited"

"Objectionable" is a matter of personal judgment, but "unsolicited" is not. It's a simple yes-or-no answer to "Did you ask to receive this?"

"instead of the administrator setting up some barriers, they will simply sue the other companies out of business."

That's the whole point of having a legal system to begin with. You can take the guy to court instead of having to break his kneecaps.

Tell me, are you wearing your gun right now?

Re:Slippery Slope

[spectecjr]

Fine.

Filter 'em out like I do with my own software and kwitchyerbellyaching!

If I still have to pay bandwidth fees to download my email (like I did when I logged on from Peru earlier this year, or like I would if I was paying by the megabyte for my internet pipe), then I'm still financially inconvenienced by having to do this.

This is no different than someone sending junk faxes to you - if you pay for the fax paper, then they have no right to abuse your fax machine.

Similarly, I pay for my internet service, my bandwidth and my computer storage space. Therefore the spammers have no right to clog any of those up.

Never mind the fact that filters don't work perfectly.

Re:Slippery Slope

[Hal9000_sn3]

...If he was smart, a quality firewall would cut them off.

I was going to ask, because I did wonder, if you had any actual reason to think this was feasible.

But, I found an earlier post of yours where you state that

'This was my first *nix box that I setup and FreeBSD has been relitivily painless and rock stable (my needs are minor)'

So, as I suspected, you have no idea what your recommendation would entail.

Re:Slippery Slope

[jcr]

I do filter the spam, but any filter I run doesn't address the problem of having to download a hundred messages to filter out the two that aren't spam.

It appears the only way to truly stop spam is to stop using email.

Spamming is a criminal activity, and like any other criminal activity, even though you may never eliminate it completely, you reduce it to tolerable levels by 1) tossing the perps in jail, and 2) confiscating their ill-gotten gains.

-jcr

Grrrr!

[Israfels]

Great, yet another reason that good old fashion American spamming companies are going to be outsourced to India.

Re:Grrrr!

Guess what.. I AM A MAIL ADMIN in India and these are my stats for the last 2 months..

United States 257,016
India 61,609
Korea, Republic of 32,352
United Kingdom 21,689
Japan 20,027
France 19,977
Canada 18,347
Germany 18,283
China 15,039
Spain 10,174

Re:Grrrr!

Check your stats on the spamvertised sites. Most of the "bulletproof" sites are in China. The emails come from the U.S. because of hijacked residential broadband connections.

Who's fault though?

[HeliumHigh]

We all know it was the lazy sysdamin's fault. He was surfing for pr0n instead of checking the logs and realizing there were so many peices of spam coming in/going out. We should remove all sysadmin's from the world, and trust Iowa to keep the spammers at bay. ~HH

Sadly....

[ralinx]

...the ISP was contacted about the money through an email with the subject "YOU HAVE JUST WON 1 BILLION DOLLARS!!!" which they obviously deleted, and now they can't receive their money.

"Thousands of CD-ROMs"

Wallace said he presented about 1,400 pieces of evidence at a hearing to determine the amount of damages, including selections from thousands of CD-ROMs full of computer usage log files showing that large numbers of spam e-mail were not atypical.

Geez. Ever hear of DVD's?

no reply

[kirun]

There was no immediate reply to an e-mail sent to Cash Link Systems on Saturday.

There was, however, an unusually large number of junk emails arriving.

$1 billion--wowzers!

[Ph33r+th3+g(O)at]

Based on current advertised prices (rounded to nearest unit, exclusive of shipping and handling), that's:

• 6,250,391 ersatz Rolexes or
• 1,513,240,858 penis enlargement pills (??? miles of penis)
• or
• 3,787 mortgages for average homes (principal only) or
• an infinite number of NOT WORK SAFE cheating wife personals
• or
• 20,000,000 $50 free casino credits
• or
• 8,474,576 weeks of diet pills or
• 10,002,500 breasts enlarged

Re:$1 billion--wowzers!

[AndroidCat]

... And a ink-cartridge in a pear treeeeee!

Re:$1 billion--wowzers!

[njcoder]

" 10,002,500 breasts enlarged"

In that case, let's hope the recipients of the money do the right thing.

Re:$1 billion--wowzers!

Or 50 euro!

Re:$1 billion--wowzers!

[Feanturi]

But how much is that in Libraries of Congress packed full of AOL CDs?

Re:$1 billion--wowzers!

[DJStealth]

10,002,500 breasts enlarged

Good thing this is an EVEN number. Otherwise, I might be a little concerned.

Re:$1 billion--wowzers!

[Ph33r+th3+g(O)at]

I made sure of it :). Actually, with rounding, it did come out even.

Sting?

[tomstdenis]

Why not just work with credit card merchants. Many of these spams are for crap you can buy with a credit card.

So have police [or a taskforce] use specially marked cards [that otherwise appear like a credit card to the spammer]. Then when the merchant puts the transaction through their details are sent back to the task force.

e.g.

1. Get spam
2. Go there, buy shit
3. They try to collect with merchant
4. They then get a knock on the door a day later from the FBI or something.

Spammers already don't accept money orders and cheques [for obvious reasons] so let's make them afraid of credit cards as well.

And before anyone thinks this is entrapment step #1 takes care of that. They're selling to you without solicitation. ...

Aside from that I also really don't understand why spammers spam. I mean I don't know what a r0llex is, can't use any v1@gra and really can't afford a hom3 l0@n at the moment. So why bother emailing me over and over and over again.

I'm sure if I wanted herbal penis meds I'd already be in business transaction with the spammer anyways.

Oh well, can always just stop using email I guess.

Tom

Re:Sting?

[Ph33r+th3+g(O)at]

The FBI isn't very effective on knocking on the doors of the Russian and Chinese mafias--what would work is a fast-track protocol for killing their merchant accounts after some determined number of spam reports.

Re:Sting?

[tomstdenis]

I'm sure most of the spam [I get at least] isn't from the mafia. It's just asshat college dropouts that want to make money by not doing real work.

Tom

Re:Sting?

Aside from that I also really don't understand why spammers spam. I mean I don't know what a r0llex is, can't use any v1@gra and really can't afford a hom3 l0@n at the moment. So why bother emailing me over and over and over again.

You and me both but as long as there is a certain percentage of idiots out there that will buy then we all have to suffer. None of these people would be doing it unless they were making a profit.

We need to educate the users, possibly using a wooden bat...

Re:Sting?

[tomstdenis]

"You and me both but as long as there is a certain percentage of idiots out there that will buy then we all have to suffer. None of these people would be doing it unless they were making a profit."

Another possibility is there a lot of "new spammers" who haven't learned the no-profit issue to spamming [for smaller time spammers that is]. I mean it's the same thing as pyramid scams [which I haven't really received lately... mmm].

I like your idea involving the bat. I think a "taste of their own medicine" would be better. Cut off their phone, snail mail, net access and glue their mouths shut. See how much they like having to make due with hampered communication mediums. ;-)

oh what's that? You want to talk with your friends from around the world? Better learn ASL first because have I an offer for you. Genuine r0ll3xes at half price!!

Tom

Re:Sting?

[swb]

"Following the money" would be a great investigative technique, whether single-instance to get the person running a particular spam business, or, as the FBI has done with organized crime, mapping out the entire business enterprise and then taking it all down at once.

The RICO statutes used for organized crime ought to be used for spamming as well. I can only believe that banks and other financial instutions are willing agents in the spam trade, as are ISPs and other nominally legitimate businesses.

A RICO sting that took them all out and sent otherwise "savvy" businessmen from "legitimate" businesses to hard-core Federal prison, as well as fining their companies and making a big, public, awful-PR mess would go a long way towards cutting off the "air supply" that spam and spam businesses need to be viable.

If you can't get no-questions-asked merchant accounts, ISP connectivity or other things needed to run a spam business, it's going to be more expensive, more complicated and difficult to run and that means less business period, and, less *spam*.

The mystery is why none of this has happened; spam is a huge, profitable and quite openly practiced fradulent business.

Re:Sting?

[Ph33r+th3+g(O)at]

Actually, I find that my spam load decreased precipitously once I started running wget in a tight loop against the spamvertised sites. I'm down to just a couple a day, and those are usually Nigerian spams, and if they're using a legitimate mail provider, I send a note to abuse and get the box shut. Once in a while, I still get a website--for example, the one in my .sig.,

I do believe that bulletproof hosting in Russia and China has mob connections--of course, the governments of those countries themselves could be considered Mafioso.

Make rich fast!

[gmuslera]

At least that affirmation from spammers have some good basement now,

If individuals can't sue big spamming companies, something like a class action lawsuit could give us (well, you, im not us citizen) another $1b?

Re:Make rich fast!

[lxt]

"If individuals can't sue big spamming companies, something like a class action lawsuit could give us (well, you, im not us citizen) another $1b?"

But come on - how much of that billion will actually be paid? I doubt however rich the spammers are they ever came close to that figure from the products they were selling. The least the judgement does is act as a warning other spammers (not that it'll do that, because I suspect a vast number of spammers live outside the US), and at best the ISP will see a little of the $1 billion awarded.

In order to collect

[Nine+Tenths+of+The+W]

The ISP just needs to give their bank details to a nice man from Nigeria who'll handle all the financial work

Money fines alone will not stop them.

They will file for bankruptcy end escape to establish another spamvertising companies. They should include physical punishment like "Castration"

--
Castration for Salvation!

Re:Money fines alone will not stop them.

[ScrewMaster]

Not a bad idea. It may not stop them but at least it will help get their defective chromosomes out of the gene pool.

Re:Money fines alone will not stop them.

[techno-vampire]

IANAL, but as far as I know, you can't get out from under a court judgement by declaring bankrupcy. Your other debts may go away, but you've still got to pay the damages or fine.

CIS - compuserve confusion?

While most of the addresses were for large providers such as America Online, Microsoft Network, Hotmail and Earthlink, CIS somehow had 2.8 million addresses entered on the CD-ROM, Wallace said.

I wonder how the names in that db match up with an older AOL or Compuserve mailing list, at some point compuserve was using the CIS name for everything.

Next step....

Now, all we need are a few more lawsuits like this and maybe we can buy out MS and take care of the 2nd worst email problem out there :-)

Re:Next step....

[Marthisdil]

Too bad it's too late to teach your parents about birth control...=/

Judge Evil?

Right. As if these guys even have "one billion dollars".

Re:Judge Evil?

[AndroidCat]

No problem. They'll just send out an email where you send a buck to the five names on the list...

Re:Judge Evil?

[Hatta]

Hello, this is Homer Simpson, AKA Happy Dude! The court has ordered me to call every person in town to apologise for my telemarketing scam. I'm sorry. If you can find it in your heart to forgive me, send $1 to Sorry Dude, 742 Evergreen Terrace, Springfield. You have the power!

Let's don't blame the victim here

[gadlaw]

This argument reminds me of arguments like 'she asked for it' or 'well, you should have locked your doors'. Blaming the victim for not doing everything humanly possible to prevent the crime against them is one step away from anarchy. And make no mistake, this was a crime as defined by the law. The spammers thought that they had a small company that wouldn't and couldn't fight back. The spammers thought they would get away with it as they have always done. In this case the victim fought back. Shame on the spammers and hooray for the victim.

Trade issues

[harryoyster]

These sorts of things are great except that a fair percentage of the spam is now NON US based. The real effort needs to become much more dramatic. Removing the international routes for networks that spam will cause a massive change in what those ISPs believe in.

more needs to be done

[harryoyster]

The real problem is that more people need to make a bigger effort against spam. The US fines and stuff imposed on spammers doesnt really make that much of a difference to SPAM world wide. The majority of my spam is now non-us based for the first time in years. What can we do.. stop routing to those ISPs that have problems. revoke entire ranges of IPs. it will work.. make everyone on that ISP suffer will make the ISP change thier policy very very fast.

Re:more needs to be done

[phreaki]

Amen, a billion dollars to cis does nothing, just like if Hotmail got a billion. They'd spend it on a new headquarters for Microsoft. If the judge was smart, the customers get the money, and Kramer doesn't get a dime. Who suffered? Not Kramer, he still checked his email no doubt.

Re:more needs to be done

[syukton]

So once we've got this system in place to just "turn off" huge ranges of IP for entire countries, who gets to decide when the system gets used? Congress? The president? Somebody with, say, an agenda? Who gets to push the magic "China disappears from teh interweb" button?

The real problem isn't that people need to make a bigger effort against spam. The problem is the spammers. The problem is that there's people out there that view what they're doing as OK. It's not OUR fault for not policing one another more sternly, it's THEIR fault for acting out in such a way that it REQUIRES policing. It's bad behavior, plain and simple, THAT is the problem.

That's like saying the problem with terrorism is that we don't fight against it. No, the problem with terrorism is that there are people out there who can justify mass murder in order to instill fear and trauma in others. The problem there, again, is people just behaving badly.

What I want to know is why you think it's our responsibility to stop somebody from doing something that harasses/annoys/injures us and why you appear to believe that they shouldn't just have the sense to, say, not do it in the first place?

Re:more needs to be done

[harryoyster]

The IP assignment teams like ARIN/APNIC/RIPE etc need to have more powers to stop spammers. There are clauses in many of the agreements that people sign to get an assignment of IPs. so why dont they use that in revoking IPs for people that have problems? There are ways to do it but as always its a joint effort from everyone. otherwise its too little too late.

Florida bankruptcy laws?

[AndroidCat]

Some of these spammers were in Florida, and I know that Florida has laws that let you keep large personal assets like houses even in bankruptcy. (Strange how many scam artists move to Florida.) Does it matter that the judgement was from a federal court?

The question is probably moot since the spammers vanished before the case started. (They didn't didn't even send lawyers to the court.)

Re:Florida bankruptcy laws?

[Chatmag]

There are some laws here in Florida that protect homes from confiscation (a homestead law). From what I understand of it, it only pertains to liens from within Florida, not a Federal lien. I'm going to do some more checking and read the laws to see how it may or may not pertain to this ruling. Let's hope Ralsky joins the ranks of the homeless, and soon :)

Re:Florida bankruptcy laws?

[Chatmag]

Doing a little checking, I found this:

For example, even Florida's homestead protections cannot avoid a lien placed on the house related to criminal or egregious activity. Secondly, federal agencies have unlimited resources to attack lawyers who attempt to deceive the agency or collaborate with targets of their investigations. Targets of federal civil or regulatory agencies are "toxic clients". Its not worth it. From: Florida asset protection It may just be that the Feds could take whatever they own, regardless of the state protections.

Re:Florida bankruptcy laws?

[Chatmag]

Here's another item I missed from the same site:

A prospective client called and asked whether the Florida homestead protection extends to IRS debts where the IRS debt pertains to one of the two spouses who own the homestead. While Florida's homestead is a broad and strong asset protection shield, it does not offer full protection against IRS taxes. The IRS can put a lien on homestead property to collect taxes. While the IRS cannot force a sale of the residence to collect taxes, the tax lien would remain a recorded encumbrance, and whenever the house is sold, the taxes, plus accrued interest and penalties would have to be paid before the homeowner received any sales proceeds.

What works for one Federal agency should work for all of them. So if the SEC or a Federal Judge placed a lien on the property, it may not be collected, but if he sells the house, it would show and then have to be paid, or the sale would not proceed. He's screwed, if I understand that correctly.

Re:Florida bankruptcy laws?

[rnicey]

According to one of the links the judgements are against the spamming companies. Unless someone pierces the corporate veil here (which is quite possible), the individuals won't even notice.

Re:Guaranteed?

[triclipse]

Minimum due process standards require that a person be served with a summons and complaint before a default judgment - or any other kind of judgment - can be entered against a party.

Whether they were personally served or not is a different question. However, personal service is not required. They can even be "served" with the summons and complaint by publication in a newspaper if diligent attempts at personal service have been made.

Lack of personal service may make it easier for them to set aside the default judgment, but I doubt they will show up in court to make the proper motions.

If I understand correctly.

[mindstrm]

The defendants never showed up in court, so it was a default judgement.

What I wonder is this:

If the plaintiff can now track down the principal owners of these companies that the judgements were against, can he immediately sieze all their assetts? any business/fancy cars/homes/etc?

The court's responsibility isn't to find these poeple, right? Collecting is up to the plaintiff now, but the courts will assist?

Who cares about the 1 billion.

according to this article http://www.qctimes.com/internal.php?t=Search&doc=/ 2004/12/18/stories/local/1041776.txt
the judge filed the summary judgement under the Federal Racketeer Influenced and Corrupt Organizations Act (other wise known as RICO). This means anyone associated with any of these organizations, can be charge with crimes commit by another member as if they committed the crime themselves. If that's not bad enough a bunch of asset and forfeiture laws can now be used against these individuals and companies.

Re:Who cares about the 1 billion.

[AndroidCat]

Since Slashdot's favourite spam king Al Ralsky is connected to at least some of the people involved, he's probably hiding in the bunker of his Spam Palace and feeling poorly.

I think everyone should send him a Christmas card to cheer him up. (Or maybe DVDs of the David Cronenberg remake of It's a Wonderful Life.)

1 billion??

[photonic]

Although I think all spammers should be hanged by their balls and it's good to bankrupt them all, I do have some problem with the amount of money that people claim in the American justice system. Next thing you know people will sue because a song contains dirty language.

Oh wait...

Merry X-mas to all the lawyers.

Interesting Thought Business Loss Tax Reduction

[WillRobinson]

If they cant collect the judgement. Can they take it off their taxes as a loss?

Why does such a law even exist?

[Baldrson]

What is the point of a law like this anyway? Why not leave it up to the courts to calculate this stuff on a case by case basis?

Re:Why does such a law even exist?

[ion++]

If the courts has to calculate this everytime they have to use time, alot of time on the calculation, and the spammer will reject the damage numbers from the ISP, and the court has to spend more time.
Having a fixed number is much easier.

Re:Why does such a law even exist?

[Baldrson]

If the courts has to calculate this everytime they have to use time, alot of time on the calculation

That's what case law is about. Courts set precedents and other courts tend to follow them with departure on a case by case basis.

It just doesn't make sense for legislators to dive into this sort of detail.

Dog catchers

[Vitus+Wagner]

It is good idea to use dog catchers in anti-spam process. Send them to arrest spammers with all their equipment. They'd catch spammers with their nets, put them in cages and bring to the jail. There should be couple of TV operators send along to broadcast the action.

People should see that spammers are treated no better than rabid dogs.

Re:Dog catchers

And if no-one claims them within seven days....?

Re:Dog catchers

[kcb93x]

You'd give them seven days?

$1 billion vs $2.6 million

[jmcmunn]

Ok, so the spammers have to pay $1 billion for what they did. On the other hand Diebold only had to pay $2.6 million for writing bad voting software that potentially ruined the future of the country by allowing for voting results to be hacked?

There's something wrong with the way our legal system works, and more importantly this shows that people don't value their right to vote nearly enough. Spam seems so terrible to people because it annoys them on a daily basis, and yet no one is up in arms about their freedom to vote being insecure.

Come on people get the priorities straight...afterall there's decent antispam software out there, and even a small ISP can block people from sending spam through their servers if they are properly patched and up to date on security realeses. Damn, I only wish some spammers would take advantage of any holes I have now, then I could sue and be rich forever.

Re:$1 billion vs $2.6 million

[Vlad_the_Inhaler]

Diebold contested the case, the spammers did not.

Re:$1 billion vs $2.6 million

[mizhi]

Ok, so the spammers have to pay $1 billion for what they did. On the other hand Diebold only had to pay $2.6 million for writing bad voting software that potentially ruined the future of the country by allowing for voting results to be hacked?

I believe the difference lies in the intent. Unless you're the tinfoil hat wearing type, problems with voting machines could be seen as a most likely stemming from honest mistakes in code. As it's a generally accepted fact that it is nearly impossible to rid complex code of bugs, it seems unfair to hold companies responsible for flawed code.

This is also why I am generally against electronic voting. I'd much rather have pen-and-paper ballots. But in those cases, the bugs lie more in the stupidity of the voters than in the system.

Spammers, on the other hand, intend to flood you with unwanted emails.

Re:$1 billion vs $2.6 million

Says the guy with the spam link in his sig.

Re:$1 billion vs $2.6 million

[wmspringer]

I believe the difference lies in the intent. Unless you're the tinfoil hat wearing type, problems with voting machines could be seen as a most likely stemming from honest mistakes in code. As it's a generally accepted fact that it is nearly impossible to rid complex code of bugs, it seems unfair to hold companies responsible for flawed code.

Even when they illegally changed the code after it was certified?

Don't Miss the Best Part

A lot of folks here haven't hit on the best part of the story:

>>U.S. District Judge Charles R. Wolle filed the default judgments Friday against three companies under the Federal Racketeer Influenced and Corrupt Organizations Act

The "Federal Racketeer Influenced and Corrupt Organizations Act" is RICO, the same piece of legislation the FBI uses to go after Organized Crime. The penalties imposed were initially $10 per spam and then TRIPLED thanks to RICO. Check out this CNN version of the story that gives a bit more detail on the sentencing:

http://www.cnn.com/2004/LAW/12/18/spam.lawsuit.ap/ index.html

Spammers aren't just a bunch of sleazy marketeers anymore--they conspire with hackers to violate the law. Spammers often pay hackers to assemble large botnets--ie go hack a hundred thousand home users' PC and stick malware on them--which are then used as disposable spam relays to fire off millions of messages which can't be traced back. (The next time your computer slows down, check your firewall to make sure you're not doing some spammer's dirty work for him). Hacking boxes like that is illegal in the US and many other countries. Paying someone to do it for you is criminal conspiracy and I hope the judge saw that. Treating these guys like the criminals they are is the only we'll ever get a handle on spamming.

Re:Sting? I tried it ...

[triclipse]

I did something similar to this, but put no money out. I responded to one of those mortgage emails (the subject line had something like "We owe you $60001" and went on to say something like, "Your mortgage application is approved, click here for final details ..." I am confident you have seen this species of spam once or twice :-)

I followed the link and put in a fake name - a name I have never used anywhere else - but provided them with my real office phone number. Because it dealt with mortgages, I knew someone who had sufficient ties to my jurisdiction would respond if they wanted to sell me a mortgage.

I had over 40 fricking banks and mortgage brokers call me using that fake name! So what did I do? I sued the bastards.

Now, whether or not I believe them when they say that they didn't know that their leads were generated by spam, the judge in this particular case (who didn't know very much at all about the technology or economics of spam) said that, as a matter of law, they were not liable under my state's spam laws. However, before they were dismissed from the case, I was able, through discovery, to learn where they purchased those leads. So although I have dismissed the banks and brokers, I have named as defendants the companies who sold them the leads (which, I was surprised to learn, were also in my jurisdiction). My plan is to trace that fake name all the way back to the company that first sold it to somebody else.

In seeing how much money these banks and brokers pay for leads, it is understandable why spammers take the risk of a judgment such as the one in this Iowa case - they are making money hand over fist!

I run my own mail server

[codepunk]

I run my own mail server, so am I a ISP? Can I
sue these bastards for using my bandwith sending me unsolicited crap. What is the definition of ISP in reguards the the can spam act?

Re:I run my own mail server

[phreaki]

If forging is going on, spoofing, you are better off to let the FCC sort them out. There is HUNDREDS of cases ready to roll out. Stop the spam, use real tools to stop the flow, winning a lawsuit does nothing. It teaches no company anything that has enough money to startup again in another state, or country.

1 billion $$$

[Xero_Cool]

Wow, this person is really lucky. His son is registered on Neowin btw :).

Silly reporter ... you've got (incoming) spam!

[rebill]

There was no immediate reply to an e-mail sent to Cash Link Systems on Saturday.

Congratulations! Your e-mail adderss has just been harvested, Mr. Associated Press reporter. I am sure that the "replies" will start pouring in, presently . . .

Related link left out of story

[Chatmag]

When I submitted this news item last night (rejected, of course), I had posted a related link. Apparently Ralsky is also in trouble with the Securities and Exchange Commission regarding a fraud scheme .

So sell the debt on.

[anticypher]

There are collection agencies out there who will pursue judgements against defendents who lose court cases. In this case, the ISP can identify the person or people behind each company with the help of ROKSO, spamhaus, and friends. He can then get the judgement directly named against them, then sell the judgement on. Collection agencies are bottom feeding scum, just like spammers, so they'll have no problem in mucking around the trailer parks of south florida.

Collection agencies will keep a percentage of the money recovered, anywhere from 20% to 90%, depending on the difficulty in getting the money. They are persistent, and tend to circumvent inconveniences like bankruptcies or moving from state to state. They'll grab money from a bank account, after showing the bank officer the original judgement, then let the defendent return to court to try and get it back. Habeus Cashus.

With a billion dollars in judgements, I would bet there are a handful of sleazy but effective collection agencies who will take on the debt knowing they'll be able to collect small amounts here and there for the life of the spammers. It all depends on grabbing the cash before the other agencies.

the AC

Let me see if I understand

If your faulty voting machines compromise the integrity of an election, its a $2 million offense
If you send people ads for penis pills, its a $1 billion offense.

That's "punitive".

http://www.m-w.com/cgi-bin/dictionary?book=Diction ary&va=punitive

shouldn't that be...

[davideo_ID]

Shouldn't that be ; In what is believed TO be the....

will cause a massive change - real world?

[nihaopaul]

Removing the international routes for networks that spam will cause a massive change in what those ISPs believe in.

this isn't true, many do this for china, i have complained many of times to my isp and yet they do nothing. most people would suggest to switch isps, pretty funny that china has one isp.

Re:Interesting Thought Business Loss Tax Reduction

[barfy]

Or even more interesting can they *sell* that bad debt to someone else for the tax write off.

Say would microsoft think it was worth 250 million dollars to acquire a company that had 1 billion dollars in bad debt?

I smell a business play!

1 billion, come on

[phreaki]

Law is law, we are supposed to abide by it, but maybe it's out of bounds here, but the clinton ISP must be IDIOTS. Give the spamming companies 1 billion dollars, but any company who would possibly give the admin from the clinton ISP a job should be out of their mind. 1. Open source eradicates spam. 2. SBL 3. Packet Filters 5,000 customers and he can't get email servers up? Four companies spamming him and he can't block it? Someone doesn't know Perl, Python, PHP, C, FreeBSD, OpenBSD, Linux or even something tiny like spam scores, or even Inetd to block repeated connections. The saddest part here? Run a shoddy show in clinton and reap the benefits. Spam my servers in florida and you'll find yourself smack up against: block from spammer to any Funny how he couldn't eh? Maybe a python script, perl, or anything that monitors your maillog files, then autoblocks..... Nah... let's just sue, stick my head up my ass and let myself look like an idiot to 100 million people, now that's the way to do it!

Re:1 billion, come on

[techno-vampire]

Don't be more of a fool than you have to be. He had enough email servers for his 5,000 customers, but he didn't have enough for the 10,000,000 emails per day they were receiving, and there's no reason he should have. He had no reason to expect that much incoming email, so he wasn't prepared for it. Not only that, the email wasn't just from those three companies. They were three of the offenders that he managed to identify and who didn't bother to contest his suit. Who knows how many other spammers were deluging him? For that matter, are there still suits open against other spammers that did show up? I don't know, and clearly, neither do you.

Re:1 billion, come on

[phreaki]

Geez, we all have servers that are open to any amount of slamming at any time. 10 million emails per day clogging up your email servers? That's even more crazy than saying 1 billion dollars will solve the problem. I can accept 3 million emails per day on a modest PC, and by accept I mean full SBL, even on the bounces coming in. If I filter out the bounces, include them on the stats, I could do it easily with just 2 servers. Now, who will he sue to get money to buy some books that have simple ideas to alleviate some serious bottleneck that his techs introduced. Show me a postfix that can't take that abuse, and I'll show you mine that can.

Re:1 billion, come on

Geez! Are you a moron ?

Who is talking about clogging ? A lot of small ISPs usually have to pay for the bandwidth on a per GB basis. Now they have the option of either absorbing the extra 10 Gb per customer cost themselves, or pass it on to customer. First option is usually unviable for the ISP and second one will result in loss of customer base. Will you pay 200 dollar extra for receving spam of all things ?

I personally by the way, will not permit my ISP to bounce mails on my behalf either. At most, they can mark some of them as spam. If they bounced some legitimate e-mail, I will raise hell with them.

Re:1 billion, come on

[lav-chan]

OK, the guy who owns the ISP is my dad (i actually live in an ISP), so i think i know a little bit about this.

(a) My dad doesn't need to be given a job. He runs his own ISP, remember?

(b) It wasn't just four companies spamming him. There are hundreds of people spamming us. There were millions and millions of CIS addresses sold on CDs to hundreds of spammers around the world. My dad has 5000 customers. It doesn't take a TON of computing power to do e-mail for 5000 customers in Iowa. HOWEVER, at one point at least (i don't know if it's still the case, but i was told that it was) we were getting more e-mail than America Online. You can't just throw a Perl script at something like that, sorry.

(c) Obviously i'm not an expert on this, but spammers use lots of tricks to send e-mail to people. They forge their reply addresses so that they return Yahoo! and Hotmail and things like that. When you've got millions and millions of e-mails being shoved into your mail server and they're all going to fake addresses your server wants to send messages back to Yahoo! saying that the addresses don't exist, but of course the Yahoo! addresses are forged too, so what ends up happening at first, before anyone can even do anything, is Yahoo! blocks you because you're flooding their servers with messages about undeliverable mail, et cetera....

(d) Even with all your rad Perl scripts, it does take processing power to run those on millions and millions of e-mails a day.

(e) In any case, spam is a relatively new thing -- you can hardly expect someone who's never had to deal with it to be an expert at blocking it. You'll notice in the article that he now says he's a 'spam professional' or whatever, and as far as i know he's got it set up better now so that this isn't such a huge problem. But he wasn't always an expert on it and it took a lot of time and new mail servers and help from people who knew more about it and big sites like Yahoo! blocking him and so forth before it was finally kind of under control.

(f) I don't really see where you get off blaming anybody but the spammers. If i shot and killed somebody would you say it was their own fault for not wearing a bullet-proof vest?

Except for this post i was pretty impressed with the responses on Slashdot. A lot of you actually seem to know a little bit what you're talking about, unlike the people on Neowin and Fark and stuff. (Not that they were really discussing the story, of course. On Fark it was mostly joking about Mac users and on Neowin it was just 'hay can u give me sum money lol???'.)

Re:1 billion, come on

[lav-chan]

Also, he didn't sue them for a billion dollars. The punative damages were miniscule compared to the damages that he received om accprdance with state and federal law.

Re:1 billion, come on

[lav-chan]

In accordance*, shit. :/

Re:1 billion, come on

[ArtStone]

I'm glad you pointed this out - any idea how an ISP with 5000 customers wound up with 2.8 million email addresses on that spammer's CD? That's about 500 email accounts per customer... Dictionay attack? Planted by a competitor? Randomly generated by the spammer?

Surely the claim isn't that every -attempt- to deliver an email to a non-existent email address was a $10 issue, is it? Or were they all accepted with a default account for the domain?

I think it unlikely that any of these folks are going to show up and ask for a modification of the judgment based on the fact that there was no actual valid recipient for the spam email. If they do show up, you stand to have a big inheritance.

Re:1 billion, come on

[lav-chan]

Like it said in the article, he thinks that they meant to try some other ISP, but they just... mistyped it or something, i don't know. As for what the e-mails were, i think that a lot of them were just like a@cis, b@cis, c@cis, so forth, and then they'd start over at aa@cis, ab@cis, ac@cis.... Don't know how far they went with that scheme. And then i think there were some completely ridiculous ones involving... you know, sexual activities and certain body parts, just addresses that no legitimate person would ever have. :/

As far as whether or not i think that the judgement is fair, i don't know. Not really, i guess. $10 per spam is a little steep, and i don't really understand the point of tripling the judgement because of the racketeering law... but whatever. They were warned multiple times, and even THEN they failed to show up to defend themselves. So i don't really feel too sorry for them.

Re:1 billion, come on

[LynXmaN]

Hey! Didn't know you were around here. :)

Well actually the poblem is a lot like that, but actually got kind of deeper.

The big problem with that is that the spammers also used forged addresses, so not only CIS had to deal with tons of e-mails per day but also had to avoid bounces at all costs, since that would mean throttling over some other ISPs as well.

I think the spammer got a really clear confusion confusing CIS with "Compuserve Internet Services" which was the full name of Compuserve

Re:1 billion, come on

[phreaki]

a. Horribly, or should loose it. Darwin does apply in biz. b. Never, I've been told how much, 10 million a day is nowhere near. (Not even a 1/16) c. Yahoo would block you within 15 minutes of bounces. Return address attacks still have a defense. d. Like I said before, Python, Perl, PHP and Packet Filters, not one, but many technologies, each having their own strength. I've already said, give me 10 million incoming emails and I'll parse through all of them with just two 2.0ghz single proc machines. e. I'd hope so, every single admin has to deal with it and we never get a dime, or even attempt to. f. Not the case at all, I blame spammers too. But as an admin who does control email systems, I've had to apply reason and common sense to many affiliates in my past 10 years. One of those being that the admin who gets behind a lawyer should be spotted a mile away. So many non factual statements come out of a pair like that, so that most if not all of the 'facts' in the lawsuit that pertain to crushes of email i've seen thrown out by a judge that other members of a 500 pound gorilla's legal team brought up. It's never easy to run head first at a train that has already left the station. But in the case of Robert Kramer, I will and no doubt continue to. Now where is that google account so I can sell some anti-spam services to anyone in Clinton, Iowa, I think they need it.

Re:1 billion, come on

[lav-chan]

hay~

The big problem with that is that the spammers also used forged addresses, so not only CIS had to deal with tons of e-mails per day but also had to avoid bounces at all costs, since that would mean throttling over some other ISPs as well.

Yeah, that was the problem they'd told me about early on, but i figured they fixed it after a while since i didn't hear about it anymore.

I think the spammer got a really clear confusion confusing CIS with "Compuserve Internet Services" which was the full name of Compuserve

o rly

More info in local paper (link)

[SpammersAreScum]

The local (Clinton, Iowa) paper had more information here. Key quote:

CIS stated in the lawsuit that the defendants sent the spam to CIS e-mail addresses that were found on a CD-ROM titled "Bulk Mailing 4 Dummies. The court documents stated that CD-ROM included a list of more than 2.8 million e-mail addresses with the "cis.net" domain. Nearly all these addresses are fictitious, have never been assigned to a CIS subscriber and have never been used, except entered on the list included on the CD-ROM. Kramer can't be sure, but he believes the "cis" was mistakenly entered into that CD-ROM and that the creator had actually been trying to input another company's information.

Re:More info in local paper (link)

[phreaki]

Even worse, CIS was obviously a take on Compuserve. Maybe the real CIS will stand up and take the 1 billion that -they- deserve for fighting spam. They no doubt spent more money on their machines and network than the cis.net did, which was to roll over and sue instead of doing what every other ISP and major email provider is forced to do: Take real steps, not a paper fight.

Re:Sting? I tried it ...

[dubl-u]

So what did I do? I sued the bastards.

You are my hero.

Have you written up your experience anywhere? I'd love to know all about how much time it took, how much money it cost, and so on.

Finding the perps

[Dachannien]

I'd really like to see these spammers be forced to pay what small fraction of the damages they can afford. It seems like tracking them down and handing over their information to the complainant could be accomplished a lot faster with a "distributed investigative" approach. That is, a lot of people across the Internet bring what small part of the picture they can, and combined, the identity of the perpetrators can be determined.

Who knows, maybe out of the damages could come a "finder's fee" as a donation to the EFF or some other charitable organization.

Re:Finding the perps

[Chatmag]

It's fairly simple to track down spammers. Open a credit card account to purchase spammed products, then when the statement arrives, trace the money to whatever account received the money.

Also a victory for insane judgements

Anyone notice the out of control state of litigation here in America? Exactly how did these spammers cost this company $1B in potential revenue.

Uh huh

[ScrewMaster]

That one billion sounds good ... but what do you think it will get reduced to upon appeal?

Re:Sting? I tried it ...

Honestly, as much as I admire what you did - you really had no right to sue these companies. After all, you did respond to the advertisement ASKING for information.

Re:Sting? I tried it ...

[ScrewMaster]

Nonsense ... this is America. Everyone has the right to sue everyone else, any time, for any reason. And this guy at least had a good reason.

Re:Sting? I tried it ...

[triclipse]

I do agree with you to some extent. I weighed for a long time whether it was The Right Thing To DoTM.

Eventually, however, my hatred for spam led me to file the complaint. The mortgage spams are so blatantly fraudulent ... misleading subject lines, messages that state outright that you are already involved in this fake company, and then you are led to a fake bank Web site with fake FDIC logos and Verisign security certificates - lies from end-to-end. (No Slashdotters are going to fall for this, but think of the grandmothers!).

And these companies, whether they realized or not, are funding this international criminal conspiracy. They should have fricken thanked me (and actually one or two of them did off the record).

Terrorism is the new Godwin's Law

This article had me entertained, right up until the guy claimed that spam was terrorism. Then he became just another clueless dork.

Spam is unpleasant and irritating. Terrorism involves violence and death. Calling spam terrorism just makes you look stupid.

If the backbone went to source pricing

[garyebickford]

I haven't studied the problem in detail yet, but I think there may be a relatively straightforward mechanism to allow UCE senders to pay their fair share of the cost of the net, and to institute some real economic feedback into their business equation. If I were an ISP or backbone provider such as AOL or Earthlink or Level 3, I might lobby for a change in the law - at least at first glance.

At present, the cost of shipping data around the net is basically shared equally by senders and receivers of data. However, successul models of networks where the marginal cost of traffic is attached at a single end (either source or sink) exist. One example of sink-based marginal costing is the power network. Your electric bill includes a fixed infrastructure charge, plus a charge based on your usage. Electricity users adjust their behavior based on this single-ended cost model. It is easy to see that the dual of this data-sink-rate model is a data-source-rate model. It works exactly the same, just the other way.

Similarly, if everyone connected to the backbone pays only for data that they source (plus fixed infrastructure), then AOL's cost for receiving all that email is greatly decreased. Indirectly the spammers would be paying AOL to accept their email, just as indirectly every electricity user pays private entities to build natural gas generators on spec (just the money goes the other way)

Because the net isn't set up that way already, there are some fairly daunting transition issues. The cost of running a high voume web site would probably rise substantially, at least initially, but without some study it's difficult to say how long this would be the case. It's quite possible that most people's overall cost would settle out in a year or two.

I can't go into why in this short space. Suffice it to say that many arrangements would change as people find new ways to do what they do - for instance protocols like BitTorrent to allow users to share and localize data traffic, in order to maximize traffic within an ISP's local routes and avoid the cost of backbone transmission. It's important to note that in the "long run", if this is done right, the net cost of the network (that we all pay for in some way already) should eventually be spread around such that nearly all users would not see a significant difference in their total overall cost - but the way the accounting is done would change.

Beneficial effects of this change might well include simpler commercial web pages (fewer gratuitous graphics) with real standardization to help prevent browser errors and expensive retransmission; and a demand for longer term cacheing of webpage components on a user's workstation, or at the ISP's site - Akamai would be a big winner. Private users might see a reduction in basic cost of their internet connection, but have to pay fees to more web sites, and the market would increase for network information service aggregators who would offer, for example, subscriptions to 50 blog sites for one low monthly cost. This would encourage the many small newsletter writers by providing them with a market making mechanism. Such aggregator packages are analogous to cable TV packages, but without the wire monopoly - ISP's might include those packages in their "enhanced" offerings. And, of course, spammers would have to charge their advertisers real money.

IANAL either but here's my guess.

[eugene+ts+wong]

It's probably because there are too many people out there that would cry, "That's cruel and unusual punishment!", and/or "That's not solving the problem! We should try to help these criminals or we are just as bad as they are!!".

What kind of test?

Is it a...global test?

This is progress, in an obscure way

[Animats]

Spam is changing, and in ways that indicate the end of the beginning may be in sight.

First, spam from "legitimate" companies is dead. If you don't lie in the headers, you get filtered out, and if you do lie, CAN-SPAM gets you. So it's a total lose for any company with a real, physical address.

As a result, political pressure for weak spam laws is decreasing. The "legitimate" players can't make any money with it. This offers the opportunity for better legislation next time around.

Spam is becoming a branch of organized crime. That only works until law enforcement starts taking it seriously. Spam is so visible that it can't be hidden, and it's not really that hard to follow the money. "Phishing" scams are becoming seriously annoying to the financial-services industry, which has considerable clout. We'll see more action there.

One thing I expect we'll see is a major crackdown on anonymous businesses on the net. It's illegal in many jurisdictions to take a credit card without disclosing the real identity of the business, but enforcement is weak. This may well be enforced via the banking system. We're about ripe for a crackdown on "bulletproof credit card processing". It's money laundering, which attracts attention from anti-terrorism people.

EWeek's looking for a reply from these guys.....

[mranchovy]

There was no immediate reply to an e-mail sent to Cash Link Systems on Saturday.

They should be getting plenty of replies any time now......

Zing?

I'm sure if I wanted herbal penis meds I'd already be in business transaction with the spammer anyways.

Don't bother; just eat fresh uncooked parsley, it works better than most of the offered products.

Remember....

[abb3w]

There is a difference between winning a judgement, and collecting it. Even best case scenario, I'd guess the collected amount will lose at least one zero off the judgement.

Calling Section One

[Oloryn]

"My dad put it well when he said I was being terrorized, and I was,'' Kramer said.

Where is Nikita when you need her?