MS Gets $7 Million From Spammer

pin_gween writes "Reuters UK reports that Microsoft has settled its spam suit against Scott Richter for $7 million. From the article: 'Microsoft and New York Attorney General Eliot Spitzer had sued Richter in late 2003, asserting that he had sent, or helped other spammers send, billions of e-mail messages to consumers touting everything from herbal products to loan consolidation schemes.'"

Spam Translation - Read the little font

[bigwavejas]

"Nevertheless, Richter said that he and his company had changed their e-mailing practices and pledged not to send spam to anyone who has not asked to be sent commercial e-mail."

Richter knows nobody in their right mind would agree to receiving the loads of $hit he shovels. What he effectively saying is, "I'm going to hide in teeny-tiny font, at the bottom of some website, when you click "Accept" for your order (whatever that may be) you're also agreeing to receive my spam."

In his case he's a product of what he solicits - Garbage.

Re:Spam Translation - Read the little font

[Frymaster]

Richter knows nobody in their right mind would agree to receiving the loads of $hit he shovels

and yet, miraculously, there are people out there who buy that stuff... if there weren't there wouldn't be any spam.

if we're really going to stop junk email, these are the people we should be working on educating. think what damage could be done to the spammers' pocket book if every new copy of outlook showed a little message every time a suspected spam was opened that said "warning: unsolicited commercial email may be fraudulant".

if ms is serious about shutting down spam, they should spend less on lawyers and more on educating their end users.

Re:Spam Translation - Read the little font

[ebyrob]

But stop and think about the economics a bit...

Richter has sent "billions" of spams. Say, that's 2,000,000,000 to be conservative. If he's merely been fined $7,000,000 that works out to less than 1/2 a cent per spam sent.

If he can make one $50 sale per 100 emails, then he's still in the green. Just how teachable do you think the dumbest 1% of people are? (And actually... judgements like this will probably kill spam, because it probably takes more like 1,000 emails to make that one sale given filtering and noise ratios...)

Re:Spam Translation - Read the little font

[schon]

there are people out there who buy that stuff...

Maybe, although that is far from proven - all we have is the word of the spammers themselves, and you must remember rule #1 (spammers lie.)

if there weren't there wouldn't be any spam.

Bullshit. If this were true, then there would never have been spam to begin with, because the *very first* spammers got exactly zero orders. Nobody bought anything, and yet spammers still spammed - why? because they could.

It doesn't matter if nobody buys anything - as long as sociopaths believe someone *might* buy their crap, they will continue to do it, and new ones will pop up as the old ones run out of money.

What they see is lots of spam from other companies, and (just like others who lack critical thinking skills) believe that "someone must be buying", and start spamming.

if we're really going to stop junk email, these are the people we should be working on educating.

How are we going to do that when *YOU* buy into the self-perpetuating "someone must be buying" myth? Since *YOU* believe it, spammers will believe it, and they will keep spamming.

Re:Spam Translation - Read the little font

[keraneuology]

if we're really going to stop junk email, these are the people we should be working on educating

No, if we really wanted to stop spam then we need to do two things:

1. Force specific performance on the part of the end beneficiary of the spam. When I get a spam offering a guaranteed mortg4ge of $350,000 at %3.5 and $600/month regardless of credit then any mortgage broker who responds to my click here action should be absolutely forced to give me a mortgage on those terms. Let him take it up with the spammer for making promises he couldn't keep.

2. Bar credit card companies from forcing payment for items advertised through spam.

The appropriate target is not the spammers - when a house is filled with roaches you blame the people who left the pizza rotting under the couch. Go after the people who are advertising and discourage them from paying people to spam from them. They often have lots of money and are easy to locate - Kraft (did you ever get an ad for Gevalia coffee?), Publishers Clearinghouse, General Motors... one guy sued Sears for spamming and won.

With the exception of the proof-of-concept and spam-to-spy mailings spam has a purpose defined by the people writing the checks. Make it more trouble and expense for those people and they will no longer write checks to the spammers.

By doing that and blocking all inbound email from RIPE, APNIC and Brazil and the spam issue is almost completely eliminated (to my satisfaction on my servers and my inbox at least - YMMV).

Re:Spam Translation - Read the little font

[stlhawkeye]

Maybe, although that is far from proven - all we have is the word of the spammers themselves, and you must remember rule #1 (spammers lie.)

Yeah, you're right that it has nothing to do with sales, but you're wrong that's it just because "they can." They do it because "they make money." Spam pays off even if nobody buys anything so long as they click-through to a web site. This model is becoming outdated rapidly, and is being replaced by phishing and fraud.

Bullshit. If this were true, then there would never have been spam to begin with, because the *very first* spammers got exactly zero orders.

They weren't selling anything at first. They were just advertising. Advertising is a subconscious phenomenon that works on most people, regardless of how hard they consciously work to resist its impact. Even seeing commercials that you hate because of their simplistic stupidity can often generate sales. Most people don't remember the company that a given commercial is for, but they did hear the name and subconsciously associate it with a memorable event. People are constantly walking out of grocery stores and shopping malls, badmouthing the "stupid" commercials for products that they just purchased. Advertising is attention, the sales don't have to be direct to be counted.

Nobody bought anything, and yet spammers still spammed - why? because they could.

They kept doing it because they were making money, they didn't give a shit if anybody bought anything or not, as long as they made money. Spammers are usually intermediaries for somebody else's business. The spammer doesn't care if that business makes money as long as they pay the spammer to distribute advertising.

It doesn't matter if nobody buys anything - as long as sociopaths believe someone *might* buy their crap, they will continue to do it, and new ones will pop up as the old ones run out of money.

Again, I don't believe this is entirely accurate. It doesn't matter if anybody buys anything, but spammers spam because they make money doing it. They are paid by somebody else to spam on their behalf, they generate some traffic, they scrape email addresses and resell them to other spammers, they phish for information for identity theft or resell to identity thieves, they try to defraud the ignorant.

What they see is lots of spam from other companies, and (just like others who lack critical thinking skills) believe that "someone must be buying", and start spamming.>

No, they see that spammers are making money and getting wealthy with little risk so they do it.

How are we going to do that when *YOU* buy into the self-perpetuating "someone must be buying" myth? Since *YOU* believe it, spammers will believe it, and they will keep spamming.

Wrong again. Spammers will keep spamming as long as they make money off of it. When it's not profitable, it'll end. That profit is not necessarily tied to sales. Big telecom companies are often complicit in spam dissemination, there's too much money to be made off of leasing transatlantic bandwidth to strategic clients.

Spam has to stop paying before it'll end. The question is where do you deal it, on the demand-side, or the supply-side? The demand is not from end users who want spam, it's from businesses who want to send it.

I wish they would stop settling

and send some people to jail AND take their money
simply taking their money isn't good enough as they can afford it so it becomes a cost of doing business

untill they slam them in jail nothing will change

Re:I wish they would stop settling

[pete6677]

That wouldn't necessarily work, because people would just spam under a corporate name and then bankrupt the company when caught. Even if the penalty applied to them personally, it would be hard to collect and bankruptcy would probably get rid of it. For serious cases of spamming, especially if the spam is fraudulent or sent via stolen internet access, jail time must be a possibility.

Re:I wish they would stop settling

What about community service?

I would like to see more alternatives to jail; I feel like physical restraint is only appropriate for violent crimes. Not only should the debt to society for a crime be punishment but also some effort of good will---violent criminals get locked up so they can't threaten physical harm. Tax evasion cannot be helped at all by imprisonment, for example.

Re:I wish they would stop settling

[ScentCone]

Send people to jail for sending email? C'mon...

A central part of the suit was the fact that the spam was actually fraudulant. False claims, phony unsubscribe mechanisms, etc. You do that sort of crap a few billion times, that's exhibiting enough contempt for civil society that jail seems perfectly reasonable.

Re:I wish they would stop settling

[HUADPE]

The problem with trying to take all cases to trial is that you can, and often do, lose the trial. Technology trials are long, costly (you have to hire expert witnesses to inform non-slashdot using jurors) and can result in a not guilty verdict. The advantage of getting a settlement is that it is over, and cannot be appealed. Oh, and this case could never have reslted in jail time because it was a lawsuit, not a criminal prosecution.

Re:I wish they would stop settling

[jcr]

Hear, hear!

I propose death by papercuts for spamming, but I don't think the legislature is ready to do it.

-jcr

Re:I wish they would stop settling

[fmaxwell]

They're using a publicly provided service with no effective barriers or restrictions on it's use.

No, the "public" isn't providing my mail server. The public didn't pay for the server, the software, the bandwidth, or the storage. I have effective (though not 100% effective) barriers to spam and I have posted the restrictions against sending spam to my domain. I also have less than 100% effective defense against other forms of trespass, but it doesn't mean that I should just put up with trespassers.

There are no posted signs that say "keep off the grass" or realistic ways to prevent anyone from doing so.

My domain is anti-spam.org. If that's not enough, my home page includes the following notice:

anti-spam.org specifically prohibits the transmission of spam (unsolicited bulk e-mail) to our network and considers spam e-mail a form of computer trespass. Spam constitutes a theft of our limited bandwidth and storage and interferes with our use of our Internet connection.

How much more obvious can I make it?

Why Microsoft?

[SlayerofGods]

Shouldn't 'we' as the true victims get some of that?

Re:Why Microsoft?

[Otter]

Why Microsoft?

Because they sued him and you didn't.

Sad thing is

[Sycraft-fu]

If he was willing to settle for $7 million that means that he's made at least that much, and probably significantly more, spamming :P:P

they're not getting $7 million

[rich42]

the article says "agreed to pay $7 million to Microsoft" not "gets $7 million" there's a big difference.

Microsoft's odds of actually seeing the money are about as likely as a spammer "unsubscribing" you.

Quick math

[BlackCobra43]

Let's assume he "only" sent spam to 200,000 people. Thse people took 5 seconds of worktime to delete it. Ballpark an estimate 15$ hourly wage and you've got 4,000$ of lost productivity here. Now realize that,according to the article, it's likely to be closer to 2,000,000,000 than to 200,000. Possibly even more.

Re:Quick math

And that kids is how you lie with numbers. That's like the RIAA saying that their losing hundreds of millions of dollars to pirates on the assumption that everyone who pirates would have otherwise bought the song legally.

Just because it takes 5 seconds to delete spam, you're assuming it's done on work time and if it is, then it's likely there's more productivity lost the employee even checking their mail at work. Not to mention that you can't measure productivity strictly as a function of time.

Not to mention that you're claimed productivity loss of $4 M is still less than the $7 M payed out by the spammer.

Obviously I'm not defending the jackass, but it annoys the hell out of me when people on slashdot hypocritically apply the same tactics that are disregarded and criticized (validly) when they're applied to software and music piracy (and yes, piracy is a perfectly valid term since language must evolve to meet the changing society). There's absolutely nothing insightful or interesting about your post.

Circular bullshit....

[Saeed+al-Sahaf]

So supposedly, from now on he will only be mailing to users who have "opted in".

A lot of the time these people buy lists from other SPAMers who "tell" tehm that the list they are buying is "opt-in". When the hammer comes down they tell the authorities "The guy I bought it from said they where all opt-in, how was I to know"? It's all circular bullshit.

Because you're a different victim

[jfengel]

In this case the victim is Microsoft because they run Hotmail, which received (and had to wade through) beaucoup spam from this asshole. If you had a Hotmail account, I suppose you could be entitled to some of this, but since you paid zilch for it in the first place you get zilch out of this.

If you run your own mail server, you may be entitled to sue the guy yourself. Good luck on that.

The CAN-SPAM law specfically restricts these sorts of lawsuits to ISPs, but I'm not certain of the details. Either way it's probably best to let a large corporation conduct this sort of lawsuit, because it'll cost you a fortune to sue the guy for the relatively small sums you'll get. It's unfortunately to have your right to sue removed, but in this case it's probably not worth your effort anyway.

Re:Confused

[scovetta]

Microsoft probably spent $20M in order to sue the guy. I'm sure that Bill is happy they won, but not because their profit this year will be $7M more.

Rule #1

[www.sorehands.com]

Rule 1: Spammer lie.

Think of spammers as Harcourt Fenton Mudd.

RAWR FIGHT THE MACHINE

[BlackCobra43]

Get real and post under an actual name, twit.
As for your "argument", it's shit. Nowhere did I say the spammer caused 4 million in damages. YOU extrapolated this from my hypothesis which is a framework under which you can (attempt to)EVALUATE or ESTIMATE the ACTUAL damages caused.

Next time READ before you flame.

Re:I can see it now

[soloes]

yah and while that is going on, all of the pharmeceutical compainies are going to decide to give their medicines to the poor who are sick.
Oh yah and politicians are going to actually do something good for the country.
Dreaming is good... waking up sucks

Why shouldn't they be locked up?

[fmaxwell]

I don't think that being a spammer should get you locked up

Why not? Why should spammers be able to steal and not face jail time? What is the cost for the stolen bandwidth? What is the cost of the stolen storage? What are the administrative costs spent dealing with the theft of bandwidth and storage by spammers?

If an ISP has to buy five more mail servers, an OC3 line, and add four more drives to his RAID system to store the spam, why shouldn't those who caused the ISP to bear that cost face jail time?

Every time an employee receives spam, it takes them some period of time to recognize it as spam and delete it -- usually more if it's forwarded to a Blackberry or other mobile device. Why should employers have to bear these costs for disruptive spam and have the spammer not face jail time?

Are we just trying to keep jails empty so that the radical right can have cells to lock up college kids caught with pot at rock concerts? Where the hell are our priorities?

Re:Why shouldn't they be locked up?

[Richard_at_work]

Im going to use an arguement here that often is used on slashdot in defence of abusing open wifi points. The email server is accepting the connection, its accepting the email, its accepting the contents, at no point does it say 'no', so how can it be called theft? Thats analogous to a wifi point accepting the connection and issuing you an IP address on request, which is the arguement people use on this forum in defence of using open wifi points.

Re:Why shouldn't they be locked up?

[fmaxwell]

Im going to use an arguement here that often is used on slashdot in defence of abusing open wifi points. The email server is accepting the connection, its accepting the email, its accepting the contents, at no point does it say 'no', so how can it be called theft?

I've seen 8 or more attempts in rapid-fire succession from different IP addresses all trying to deliver the same piece of spam after mail server refused the mail each time with a message stating that spam/UCE is not permitted at my domain. How many times must it say 'no'? How many days in a row must it tell any given spammer that we don't want their spam?

If someone knocks on your door dressed as a furnace repair man, how can it be called assault and battery if they come in and club you? That's the problem with spam. It pretends to be something that it is not in order to sneak its way into your mail server. It misidentifies the sender. It uses misspellings in the subject and body to evade filters meant to stop it. It often has misleading subject lines to make it appear to be a message from a friend or a company that you do business with.

Thats analogous to a wifi point accepting the connection and issuing you an IP address on request, which is the arguement people use on this forum in defence of using open wifi points.

I have used that very argument. But there's the key difference: There are simple, documented means to reject unwanted WiFi connections. There is no check-box on mail servers saying "do not accept spam." With WiFi, many people and organizations choose to make it freely available, so it's not unreasonable to assume that an open WiFi connection is intended for public use. Given the almost universal hatred of spam, it would be absurd to believe that it was welcome at any mail server that accepted it.

Re:Why shouldn't they be locked up?

[drsquare]

Why not? Why should spammers be able to steal and not face jail time? What is the cost for the stolen bandwidth? What is the cost of the stolen storage? What are the administrative costs spent dealing with the theft of bandwidth and storage by spammers?

In that case, should there be jail-time for unauthorised use of wireless connections? That's stealing bandwidth as well.

Oh, but the Slashbots reply "if you leave a wireless connection unsecured you're inviting people to use it". Yes, but if you have an e-mail client with no white-list or spam-filter you're inviting unsolicited e-mail. I wonder how the slashbots will get out of that one... probably by modding me down to hide their embarassment and to maintain the RDF.

Re:Why shouldn't they be locked up?

[CRC'99]

I reject your reality, and substitute it with my own.

Spam is a fact of life. It won't go away, it won't decrease. This is one of those wonderful "won't somebody please think of the children!" that people scorn so much on slashdot.

If your ISP has to buy more mail servers, the maybe they didn't do their maths correctly in the first place. Maybe they're not enforcing local policies clearly enough. Maybe they should have just thought of it all back when they designed their setup. It's easy to blame spammers, but reality shows that people just didn't think.

Stolen bandwidth? Stolen storage? Where was it taken? To say that it's stolen implies that somebody has been deprived of something. Sure, they may have less free space, but the capacity is still there - so nothing has been stolen. If you're running out of bandwidth/storage, then maybe you should have planned your business better and taken into account these things instead of counting on a bare minimum to survive.

Total frickin BS if you ask me

[gosand]

From a legal standpoint, this is a nice victory for Microsoft. I hope they achieve their deterrent effect by making the financial incentives to spam more dubious.

1. This was not a legal victory at all, it was a settlement. From TFA:

Richter, who was not immediately available for comment, said in the joint statement with Microsoft that he denied Microsoft's allegations.

Microsoft knows that game very well. Settling out of court really doesn't do anything legally.

And how financially painful was it for Richter to pay that $7 mil? If he made 20, then that isn't much of a deterrant at all. Microsoft knows this game very well also.

All in all, I think the whole thing reeks. Especially since $7 mil is couch-cusion money to them. They basically bought themselves a PR story with the lawsuit (look at Microsoft, they are anti-spam!). All this story tells me is that spamming pays if he can afford to pay $7 mil and still be in business, and that those who have the means to sue will benefit from everyone else's pain.

Re:Microsoft sees spam as a profit centre

[adamwood]

No it doesn't.

If you take a look at the medium terms risks facing Microsoft, one with significant impact is spam making the Internet unusable and thus slowing the growth in home computing, desktop software, and associated server software sales.

Microsoft should have a huge interest in stopping spam. They also have Hotmail and lots of cash, plus probably a few lawyers. They need to be seen to be willing to take losses to stop spam.

Where on Earth? Pretty close

[ShimmyShimmy]

Actually, this is not a completely unreasonable number. According an article from Netscape.com a few weeks ago, it says that 10% of people have bought something from a spam email. So, there's at least some basis, even if it's misinterpreted.
Of course, even the dumbest of the dumb get thousands of spams and probably only make one or two orders for a total of maybe $100 total.

According to Paul Graham in Hackers and Painters (IIRC), there is about either a 0.1% to 0.01% success rate per spam.
Generally, the cost of a spam (for bandwidth usage, the inconvenience of finding a hackable server, etc), runs about 0.1 to 0.01 cents per email.
Unfortunately (well, fortuneately for them), barring getting caught, this still makes sending spam a very profitable process.