Gates' Resolve in Bringing Spammers to Justice

An anonymous reader writes "It didn't seem to me like any single company had the stomach to keep after the scum that are ruining the Net for the rest of us. Unless that company is Microsoft. Since the beginning of 2003, Microsoft has filed 96 lawsuits against spammers, and 119 lawsuits against phishers. By any measure, 215 lawsuits constitutes a legal juggernaut. "

Referrer Log Spammers should be sued too

[xmas2003]

Wow - Microsoft/Gates usually gets a bad rap on /., but kudos to them for going after the scumbags of the Internet. Another group I find annoying is the folks who do referrer log spamming. Even though I don't publish those log stats (so their efforts are to naught), they continue to send their stupid traffic and it's a bit annoying to see in the web log analysis.

No, you fools, don't be taken in!

[sam_handelman]

Don't you realize that every time you say something nice about Microsoft, Bill and Melinda dine on one of those Indian babies they've "saved" from HIV? How to serve man, indeed!

In all seriousness, the spam epidemic is actually caused by a relatively tiny number of people, so it would seem that this is a workable strategy - but the cause will just be taken up by people outside of our jurisdiction (Russians, mostly.)

Legal Juggernaut?

By any measure, 215 lawsuits constitutes a legal juggernaut.

Yet I'm still getting more and more spam as time goes on. These lawsuits might buy Microsoft some goodwill, and they might situate injunctions against spammers who are spamming Microsoft. But what are they doing for the anti-spam movement in general? Not a damned thing.

Lawsuits vs. building a better product?

[Stiletto]

Strange: If any one company out there has the install base to actually do something technical about spam, it's Microsoft, yet they'd rather sue than improve their product.

I'm surprised ISP's aren't filing hundreds of lawsuits. They claim their servers are so overworked by all the spam, but they aren't doing anything effective about it (legally or technically).

Re:Lawsuits vs. building a better product?

This is precisely correct. Rather than feature-fill their software with stupid auto-activate tools that encourage viruses, and auto-load tools that promote such abusive advertisiing, and wasting their time on amazingly silly patented XML-based header modifications that cannot be used by others such as their SenderID system, they could instead fix the way their mailer software and operating systems cncourage this behavior.

Or they could put some lobbying effort directly into changing the laws. The law in question is US Criminal Code, Section 18, paragraph 2701, the junk fax law. A simple extension of this law to include email would pass the First Amendment challenges the junk fax law already has passed, and would give ISP's and victims of spam the leverage to get the spammer's network feeds and accounts canceled. Of course, it would put a big spike in the sales of junk email software and the Windows systems to run it on, but that seems acceptable given the huge price spam imposes on people.

Re:Lawsuits vs. building a better product?

[jbolden]

If the standard were published and fully documented in a way that was reasonable to implement across mail platforms I'm not sure the /. crowd would have a problem. /. has debated SMTP vs. other systems for a long time and Microsoft would be a good choice for updating the standards.

People don't have Microsoft being involved in standards, rather they dislike Microsoft using standards as a way to sell their products.

Re:Lawsuits, the last refuge of the incompetent

[DaHat]

In any battle, technology is only a small bit of it. Policy is an area that is far more important than technology in most situations, even when you don't know it. Would you rather they sit on their hands and let the spammers continue to ruin the internet?

I don't see you taking an active step to stop spammers other than maybe a little filtering and deletion here and there.

Re:Lawsuits, the last refuge of the incompetent

[WolfWithoutAClause]

Actually, Microsoft tied up the technology to implement cryptographically signed email headers in patents, so that others; noteably open source email servers, couldn't use it.

That means that spammers have continued to be able to fake the headers out, and it makes it harder to filter off the spam (particularly on the send side of email- in other words, stopping spam enter the internet in the first place).

So, Microsoft have taken the decision to fund lawyers, rather than fund technology that is likely to massively reduce spam; Microsoft have sided with a bunch of lawyers.

Its an obvious ploy...

[JustNiz]

If they become the unofficial police of the internet, they will be first in line to be the official ones, when government (with a little help from microsoft) decides that such a body should exist.

Let's get this straight

Open Source servers don't implement crypto-signed email headers, so spammers continue to use those servers to send spam.

And you manage to blame this Open Source failure on Microsoft?

I didn't know the /. culture was that anti-MS.

Re:Let's get this straight

[WolfWithoutAClause]

Open Source servers don't implement crypto-signed email headers, so spammers continue to use those servers to send spam.

The IETF standard for crypto-signed email headers was substantially derailed by Microsoft not wanting to 'play nicely' with the extremely large proportion of the email servers out there that run on open source.

So, Microsoft imposed licensing requirements that the open source community couldn't meet. Yeah, to that extent, I blame Microsoft. That's not an Open Source failure, it's a deliberate licensing decision by Microsoft to write the license that way; even after it was clear what the effect would be- ultimately to help spammers.

Re:Come off it

[vidarlo]

Spammers need bandwith for sending out spam. So, what if we slashdot 'em? Just post a link on top of page saying "Get a spammer today". I bet it would be a huge success...

You believe that this will work.

[khasim]

Where are the supposed "good guys"?

Working on systems that cannot be cracked so easily and fighting to ensure that any standards remain free from proprietary restraints.

Why do you ask?

I realize the OSS community is doing things with their software to try and defeat spammers and phishers, but let's face it, legal action is the only real course of action to stop these guys (or at least whittle down their numbers).

Okkkaaaaayyyyyy.... Do you have ANY evidence that such has resulted in ANY reduction of spam?

From what I've seen, spam levels haven't dropped at all.

So why do you believe that this approach is effective?

The OSS community has for-profit companies out there... why aren't they flexing their muscle to help stop these scammers?

How many cracked Linux boxes do you think the spammers use? None? Well, it would seem that the OSS community is dealing with the problem at the technological root.

Microsoft is at least doing something... and it demonstrates exactly what a big corporation like that can do when that lkind of capital is directed at doing something worthwhile.

Again you go with your ASSUMPTION that lawsuits will result in less spam.

That's the THIRD time you've hit that ASSUMPTION yet you have not provided any EVIDENCE that supports it.

I think in the fervor to attack the supposed "evil monolith" people here tag as "Micro$oft", they forget exactly how much Gates, his company, and his employees donate to good causes around the world.

Why do you Microsofties hang out here?

If the best you can do is, "Bill does some good things with the money he made from illegally leveraging his monopoly", then you've lost from the beginning.

When you're worth $50Billion, it's easy to put a few million on some pet causes. And the gullible hero-worshipers will eat it up.

Yay! Bill is taking some spammers to COURT!

But Bill is NOT working with the Open Source community to implement PATENT-FREE systems to improve email.

And THAT is the deciding factor. Bill makes a LOT of money from illegally leveraging the desktop monopoly.

Bill sells a LOT of crap software that is completely insecure by default (and makes a LOT of money from it).

But you think that other people don't understand because they still dislike him even though he is willing to take a tiny percentage of his money to do some nice things (as long as those nice things in no way, shape or form could ever harm his illegally leveraged monopoly).

So, would YOU feel sorry for those spammers if THEY were giving hundreds of thousands of dollars to fight hunger or disease?

Would you support their continued spamming efforts?

If you say "no", then you're a hypocrite.

You're confusing the incentive with the tech.

[khasim]

Robbing banks is VERY lucrative.

Yet your corner bank isn't robbed every day (or week or month or year).

There might be strong incentive to send spam and make lots of money, but the spam still has to go out on technological avenues. All you have to do is to identify those and limit their effectiveness.

#1. Zombies.

#2. Open Relays.

#3. Individual email accounts (30 day AOL free!)

#4. Sites owned by the spammer.

If you look at it that way, you'll see why MULTIPLE measures are needed. What will work against zombies will NOT work against Individual email accounts.

If you deal with the tech, then the incentive won't matter because there won't be any way to implement it.

Since this is about Microsoft's involvment, I'll focus on what they could do.

#1. Zombies. Microsoft announces a partnership with the ISP's and those ISP's block outgoing port 25 on their home connections. Microsoft offsets the cost of this with a couple $$Million$$ to each ISP for hardware upgrades and support calls. Anyone who needs port 25 access (people who work from home and don't have systems setup to handle it) can call and have enabled for their address.

#2. Open Relays. Microsoft forms a partnership with spamhaus, spamcop, etc to mirror the open relay databases of those people. Since Microsoft also has Hotmail and MSN, Microsoft is in a great position to identify new open relays and add them to the list as they are abused.

#3. Individual email accounts. Not much that Microsoft needs to do here. All the ISP's need to do is to limit the outgoing email to 10 unique connections per minute.

#4. Spammer sites. Again, Microsoft helps by hosting a mirror of the blacklists.

There, the spam problem is down to a tiny fraction of what it was. The spammers might still WANT to send spam, but HOW are they going to do it?

Re:You're confusing the incentive with the tech.

[canadian_right]

Robbing banks is NOT very lucrative.

The average bank robbery nets less than a thousand dollars, and over 80% of bank robbies are solved due to excellent security and survveilance in the average bank. Unless your bank is poorly run you will notice that there is NO cash up front with the tellers. They have to get cash from a machine designed to dispense cash slowly. Pretty much the only people robbing banks are desperate drug addicts these days.

It is very difficult to steal a large amount of cash these days. Smart jewlery stores only display fake jewlry and store the real goods securely offsite.

The cash/jewelery is SOMEWHERE.

[khasim]

Robbing banks is NOT very lucrative.

I want you to think about that for a moment. The place with lots of money is NOT very lucrative to rob.

What did I say in my original post?
Yet your corner bank isn't robbed every day (or week or month or year).

The average bank robbery nets less than a thousand dollars, and over 80% of bank robbies are solved due to excellent security and survveilance in the average bank.

Gee, do you suppose that SECURITY can counter INCENTIVE?

Which was the ENTIRE point of my original post.

Unless your bank is poorly run you will notice that there is NO cash up front with the tellers. They have to get cash from a machine designed to dispense cash slowly.

So TECHNOLOGICAL solutions (the machine that dispenses the cash) are implemented to counteract the INCENTIVE.

Again, that was the entire point of my original post.

It is very difficult to steal a large amount of cash these days. Smart jewlery stores only display fake jewlry and store the real goods securely offsite.

It doesn't matter WHERE it is stored.

What matters is the SECURITY.

If a jewelery thief has to rob the storage site instead of the store, so what? The INCENTIVE is still there.

But the SECURITY measures mean that almost every attempt will fail, no matter what the INCENTIVE is.

Now, to bring this back around to the ORIGINAL article, filing LAWSUITS will NOT stop spammers the same way jail time does NOT stop robbers.

Lawsuits and jail time are not enough to counter the incentive of lots of easy money.

It takes well-designed and well-implemented SECURITY measures.

I think you stopped at the first line of my original post.