Microsoft Wins Record Amount from Hotmail Spammer

mytrip writes to tell us News.com is reporting that Microsoft has won a record $87,177 against spammer Paul Fox who used a hotmail account to direct users to his pornographic download site. From the article: "But while Microsoft has clearly won, the case highlights a failure in the British legal system to tackle spam. Despite efforts by the Information Commissioner's Office to gain power from the Department of Trade & Industry to deal with spam, Information Commissioner Richard Thomas remains hamstrung."

hamstrung!

[fohat]

Spam! I get jokes! Perhaps the pig icon should be in a blanket though.

Re:hamstrung!

[Sabaki]

Or a poke.

Re:hamstrung!

[Turbs]

MS really brought home the bacon on this one...

Re:hamstrung!

[hotdiggitydawg]

Blanket? C'mon, you can do better:

• in a donut shop
• swinging on a star
• on a spit
• sliced, cured and put in a barrel in Ted Stevens' office, along with all the other pork
• cleared for takeoff now that Microsoft announced it wouldn't enforce patents
• etc...

a double-edged sword

[User+956]

Despite efforts by the Information Commissioner's Office to gain power from the Department of Trade & Industry to deal with spam, Information Commissioner Richard Thomas remains hamstrung.

Sounds like Information Commissioner Richard Thomas is into the kinky stuff. That's why there's no action on this topic.

Re:a double-edged sword

[geekoid]

I hate it when I get Hamstrung while playing WoW during PvP!

Re:a double-edged sword

[el+americano]

The missing line from the summary is:

"Because Thomas' office can only deal with spam originating in the United Kingdom.."

They should wave the white flag. I don't see any incentive to pursue prosecutions with this restriction and those penalties.

Some consider B2B mail to be spam

Yes Microsoft, that means you with your bcentral bollocks!

OK, now I'm Freaking out

[djeshelman]

Okay - so earlier today I posted about testing weapons on spammers... and Microsoft... this is creepy.

Re:OK, now I'm Freaking out

[ZeroExistenZ]

Quick! write a post about Duke Nukem Forever and releases before your powers wear off!

Re:OK, now I'm Freaking out

[djeshelman]

ROFL. Or maybe Starcraft II !!!!

I bet that really hurt...

[HatchedEggs]

Sooo basically the Spammer had to pay 1/10th what he earned doing all that spamming? Say it ain't so!

If they really step it up and go at him perhaps they'll take away his tinker toys.

Not nearly enough.

[jcr]

As long as the penalties for spamming are less than the spammer's seeing in revenues, this shit is just going to keep piling up. I vote for flogging the bastard.

-jcr

Re:Not nearly enough.

[Zocalo]

Oh yes, flogging as a punishment. That'll work. I can just picture my inbox overflowing with S&M porn with genuine contact details included to "aid" law enforcement. The irony is that would probably make it CAN-SPAM compliant and there would be nothing anyone could do about it an updated "Think-of-the-Children-SPAM" law got passed.

Re:Not nearly enough.

[jd]

In England, it is a legal requirement that all makes over the age of 12 practice with the longbow. This qualifies you to be a debt collector in cases of spammer bankrupcy.

Re:Not nearly enough.

[legoburner]

This is partially true, it is actually not a national law anymore, but is down to specific local laws. There are still some parts of England where the law has yet to be repealed, even though it was written in 1363 by King Edward III. Cue the 'Nothing to worry about if you have nothing to hide' speak, as if you are in those areas and dont practice longbow on sundays, you indeed have something to hide!

Re:Not nearly enough.

[cbhacking]

Of course, with sufficient longbow practice, a bit of justice against spammers (technically outside the legal system) becomes possible...

Re:Not nearly enough.

I vote to name and shame and cut off the low life scum's balls

Re:Not nearly enough.

[UKRevenant]

Whilst flogging would make a great family day out and TV special once a month it doesnt really have the global impact I would want.

If you choose to read on, be warned I will unveil in the next paragraph a potential global solution to the spam problem, so you may wish to do something similar to all the politicians I have lobbied and put your fingers in your ears and say 'la la la' (or perhaps just cover your eyes for this one)!

Spam is about making money, remove the ability to make money and the spam goes away. Common sense and few people would disagree, there are always some though! What I feel is the most effective way to do this is go after the credit card clearing companies, make Visa, Mastercard, AmEx & Co responsible. If I receive spam where the spammer can accept credit card payment, I file a complaint and get £10 compensation each time. I would expect the banks very quickly to add terms to their contracts saying 'absolutely no spam', you give them a reasonable period to implement and without credit card ability the website almost certainly dies. Game Over. Will this happen? of course not, but I cannot think of a more effective way of solving this within the next 12 months. The compensation maybe should only apply if say 100 file a complaint about the same spammer within a 1 month period.

You can tweak the specifics to be as harsh or as reasonably fair as you wish. The point is to make a global entity (or few entities) responsible for some of the actions of their customers that they profit from. That way a UK only law could kill spam on a global basis. We dont have to care where the spam came from to get it to stop.

Just my thoughts, that reminds me anyone seen the box?

Re:Not nearly enough.

[pete6677]

Stick the IRS on them. I bet they don't accurately report all income, and would fare poorly in an audit. That would wipe out their profitability fast.

Re:Not nearly enough.

[TheGreatHegemon]

When you think about it... Most fines are pretty much just official bribes - you give them money, they stay quiet. It's just legal instead.

Re:Not nearly enough.

[Cederic]

If I ever get prosecuted under that law I'll be taking my longbow to York and shooting anybody Scottish I see after it gets dark.

That's still legal, y'see..

Re:Not nearly enough.

[jimicus]

If I ever get prosecuted under that law I'll be taking my longbow to York and shooting anybody Scottish I see after it gets dark.

IIRC you have to be a native-born man of York to do that.

Re:Not nearly enough.

[technococcus]

Heinlein would agree with this solution...

Another Sham Victory

[mpapet]

Symbolic: "Microsoft making a world full of online threats safer for Y-O-U!"

Best case scenario:
1. the guy/organization/whatever claims bankruptcy and it's pennies on the dollar for MS.
2. Microsoft charges you more for their spam security software.

Lately with MS and most mega-corps, it's about maintaining a very high level of fear of non-compliance.

I'm glad I get paid to work on their product because it requires so much babysitting. Thank dog I don't run it at home anymore.

Re:Another Sham Victory

[solevita]

>I'm glad I get paid to work on their product because it requires so much babysitting. Thank dog I don't run it at home anymore.

So it's only Windows users that recieve spam?

Re:Another Sham Victory

[jbourj]

So MS is making money from the spammers and the spammed, fantastic!

Re:Another Sham Victory

[MadMidnightBomber]

2. Microsoft charges you more for their spam security software.

No offence, but if you're thinking of purchasing spam security software from Microsoft, you've got more pressing issues you should be worrying about.

Re:Another Sham Victory

[jimicus]

I'm glad I get paid to work on their product because it requires so much babysitting. Thank dog I don't run it at home anymore.

Spam aside, it's not just Windows - Microsoft have created an entire culture of "You have one desktop PC and you don't need to think about anyhing more than that". There is still plenty of software today which:

• Runs on Windows
  
• Is aimed at organisations where it's a dead cert you'll want it on many computers.
  
• Must be installed by running setup.exe and is not easily scriptable. (ie. the common switches to run setup silently don't work and there's no MSI. Yes I know about tools like AutoIT. They help, but they're not exactly ideal).
  
• Can't be installed by simply copying files & registry entries because the installer sets up a different bunch of registry entries depending on the system it's being installed on.
  
• Has no reliable means of rolling out across several systems.
  

I've actually had to explain to support folks who otherwise sounded reasonably competent that it is not practical for me to get on a plane and fly 11,000 miles just so I can insert a CD and go start, run, E:\setup.exe - and this is within the last 6 months, not 5 years ago.

How's the weather in Hell?

[solevita]

This is going to sundy crazy, but it seems as though Microsoft has recently been using the using the courts for good. First they use the coursts to punish those who have been scamming users with pirated copies of Windows for cash and now they're providing a better anti-spam deterant than the British legal system.

I know this goes against what many on /. may stand for, but I have to say that I'm surprised and pleased.

Go Microsoft! The **PAA could learn much from you.

Re:How's the weather in Hell?

[Umbral+Blot]

You mean the world isn't black and white? Damn it, I hate having to think!

Re:How's the weather in Hell?

[solevita]

I've just re-read what I typed earlier - I'm sorry for the keyboard errors I made; it's late and I'm tired. Hopefully you know what I meant though!

Re:How's the weather in Hell?

Lets see... Microsoft gets a great deal on publicity and the spammer pays 2 days worth of income from his activity. Nothing really changes except MS starts looking more like "one of the good guys"

Flogging the bastard

[Harmonious+Botch]

But don't most people survive flogging?

Re:Flogging the bastard

[jcr]

Ah, good point. Of course, they survive bankruptcy, too.

-jcr

Re:Flogging the bastard

[soft_guy]

But don't most people survive flogging?

Keelhauling

Re:Flogging the bastard

[Nimey]

Quite right. Draw, blood-eagle, quarter, shoot, then really hurt. Most importantly, mandatory castration/spaying.

Good For Them

[aztracker1]

I really hope they get to collect... What is really needed is a two pronged approach.

The first step is to eliminate most of the pseudo-anonymity of email... Not necessarily so much as to create the authentication system that Yahoo, or MS seem to be pushing for, even the lighter SPF system would be a good start. Of course the big guys need to work together, most internet email goes to MSN/Hotmail, AOL, and Yahoo, with larger ISPs like Earthlink, Qwest, etc. taking up a huge portion of the rest... If even half of the above required either A: SPF, or B: the sending MTA *IS* authenticated, or the MTA in the MX listing for the header's "from" this would do it... Now the responsible parties for email would be at least more trackable, since the spam zombies would be ineffective, or at least less effective (Responsible ISP mail admins flagging accounts with >10 emails an hour for review).

The second is to allow suits like this to have more teeth... Bankrupt the scum, ceize their assets.. Procecute under whatever applicable laws (most likely fraud).

Re:Good For Them

[cbhacking]

The problem with approach 2 is that Microsoft's suit against the guy was merely for breaking the terms of use for Hotmail. In a sad kind of way, I'm glad they were able to get this much out of him; it's not as if MS lacks lawyers, but that's a lot of money for violation of a checkbox-policy on a free service.

The solution is to let the government convict spammers for serious damages. However, the most a spammer can presently be fined for in the UK is 5,000 GBP (about $9,350 US). This should, in theory, be easy to raise... but I hardly know anything about UK law. In practice though, this "punishment" is nearly useless. Microsoft got 9x as much.

Record?

[Lord+Aurora]

Seems like this amount isn't very high. We really need to crack down on spammers and make them pay (literally, although the figurative meaning works well there too). IANAL, so I'd appreciate it if someone who is could give us a quick rundown of why spammers are so hard to prosecute. Or whatever the problem is.

As a quick aside, would someone please tag this "typo"? That "ut" and the beginning took about .3 seconds to process as "But;" .3 seconds I'll never get back. kthx. ;-)

Re:Record?

[imaginaryelf]

That's because in general, most spammers haven't broken any significant laws in their jurisdiction, or those who have broken laws, have not caused significant enough damage (monetary or otherwise) for a criminal investigation (which must precede a trial) to start. There's bigger fish for the DA to fry.

Remember that this story isn't about a criminal case. MSFT filed a civil suit to seek relief directly from the courts in monetary terms.

Re:Record?

Wrong. The reason the amount is so small is that it's a record in the EU. The record in the US is much larger.

no surprise

[Main+Gauche]

...Microsoft goes after record judgement.... last name "Fox".... coincidence? I think not.

Nor can he protect from Big Brother / Govt secrecy

[UpnAtom]

Why on earth is it being left to the Information Commissioner to pursue spammers? Does he not have enough on his plate with the British Govt...

a) ... about to reverse the legal right to privacy trying create the world's most intrusive database on citizens.
b) ... using taxpayers' resources to frustrate hundreds of thousands of valid requests under the Freedom of Information Act?

Uhhh... is that serious?

[Opportunist]

I thought hotmail was a spam-hoster? It isn't? Wow, could've fooled me!

Re:Uhhh... is that serious?

[rel4x]

Not intentionally. People still use them as "FROM:" addresses w/ proxies or open relays. Back in the day they were victrims of these bastard ass programs called "Internal Mailers" that utilize thousands and thousands of botted accounts, and send out 250 or so mails each. This guy sounds like he wasnt near that sophisticated. That's why he got caught.

Re:Uhhh... is that serious?

amen man! that should be the last thing anyone uses on the net anymore. there is so much phishing and spam on their accounts I never use it anymore. It takes too long to sift through all the crap you get to actually tell if someone you know sent you something.

Yum

[Flwyd]

He's ham strung to deal with spam? Maybe there was too much pork in the legislation.

Anti-Spammer nonsense

[apologetichardcore]

So someone used bandwidth he was paying for, without using a botnet, to send emails for companies that sponsored him. While I understand the logic in complaining about a nuisance, I am unable to relate to thos individuals who wish the assign some sort of punitive action to this spammer.

Is it really that hard to just hit delete? Is it a reasonable assumption that spam will be less profitable (and, sooner or later, unprofitable), if people stop opening spam email and purchasing the products advertised?

These individuals are obviously providing a service that many people utilize, and, botnet-mailed-spam notwithstanding, no actual harm is being perpetrated. The mere fact that some people are annoyed is not enough to warrant legislation or legal action.

Re:Anti-Spammer nonsense

[dufachi]

Some people actually pay for the bandwidth they receive. Being inundated with hundreds of spam mails uses said bandwidth. It's more than a nuisance, it's a charge to some people's wallet.

Perhaps there needs to be a "Do Not Email" list similar to the "Do Not Call" list. The DNC list has held up in court and caused telemarketing companies to be levied rather large fines.

Spam that you cannot possibly unsubscribe from and/or you did not explicitly sign up for is harassment, plain and simple; which, if I recall is a crime in most countries.

Re:Anti-Spammer nonsense

[cbhacking]

no actual harm is being perpetrated

Not to sound too 'ButThinkOfTheChildren' but you realize this guy was sending porno ads to minors? I very much doubt most people are okay with that.
Furthermore, this kind of spam has a number of other dangers:

• Say you were at work somewhere that monitors your internet access, and you accidentally click the link. Guess what... your machine just requested a highly NSFW site. Even if you don't get in too serious of trouble (there are places where that kind of thing will cost you your job) it's not going to look good to your boss.
• If your request gets through, your email address is now marked as valid, and will be sold, along with thousands of others, to other spammers for fractions of a cent each. Once even a few spammers have your address, it will spread until you'll become completely inundated.
• In line with the issue above, while clicking delete for a single message isn't too strenuous a task, dealing with hundreds or thousands of spam messages per day can have a noticable productivity hit. You probably can't indescriminitely delete them without checking for valid messages first, and as the percentage of real mail to spam gets worse, this can be difficult. Automated spam checkers usually get some false positives, forcing you to check the junk inbox from time to time, and also significantly increase processor load while downloading mail (again, a real problem if your spam can be measured in messages per minute).

Is it a reasonable assumption that spam will be less profitable (and, sooner or later, unprofitable), if people stop opening spam email and purchasing the products advertised?

In theory, yes. In practice, that's hopeless; whether through ignorance, accident, or faulty pattern recognition, there are people who believe what is advertised in spam and will buy it. Since the cost to operate a server and spew hundreds of spam messages per second is very low, and since spam is almost always either advertising for a product with real profit margin (porn, pirated software) or completely false advertising (fake pharmaceuticals, penis patches, etc.) it takes literally one click in tens of thousands to pay off.

Re:Anti-Spammer nonsense

[apologetichardcore]

The amount of people paying for their bandwidth on a per-kB basis is negligible, and comparable to the amount of people who pay for PO Boxes. Both are receiving something they do not want, and at a cost to themselves. I nevertheless do not excuse liability from the spammer who sends to those individuals.

The 'Do Not Call' services available are almost universally worthless, and with phreak-spamming and SMS-spamming gaining popularity, they become even worse than not signing up. A 'Do Not Email' list is inherently worthless, as any spammer worth his salt has a network of individuals who will certainly gain access to the entire list somehow.

As I said earlier, the only way spam will stop being a viable business model is when there is no actual business generated.

Re:Anti-Spammer nonsense

[jimicus]

Is it really that hard to just hit delete?

When you receive so many spams that you can barely distinguish the legitimate mail, yes it is.

Re:Anti-Spammer nonsense

[jcr]

no actual harm is being perpetrated.

The hell it isn't! Theft of services worth millions of dollars, money spent on anti-spamming measures, data lost when message queues overflow from being clogged with spam, just to name a few instances. Spammers are thieves, and that's about all there is to it.

-jcr

Slightly more complete summary

[cbhacking]

In the UK, there is almost no penalty for the general act of spamming, despite it being technically illegal. FTA:

"What should change is there should be a penalty where somebody is identified as sending spam--at the moment, [all we can do] is send a notice telling them to comply with the law. If they continue... they face a maximum fine of 5,000 pounds ($9,353)."

Microsoft was able to get the (relatively) high amount because, according to the terms of use for Hotmail (see section 3, which also mentions the anti-spam policy) this guy was in violation of the agreement. Individuals are also nearly powerless against spammers, in the legal sense; unless they can sue for significant damages caused by a single spammer, there isn't any legal action they can take against that person.

While this sort of thing does help give Hotmail and Microsoft in general a bad name (thus justifying the fine) the point isn't that MS was able to get $84k out of this spammer; it's that without a violation of the terms of use, the most he could have been fined for is 1/9 of that. That's hardly a deterrent, considering how easy automated spamming is, and how few clicks would be needed to recoup the loss.

Re:Slightly more complete summary

[jrumney]

they face a maximum fine of 5,000 pounds

There is no case-law as yet to clarify whether that is £5000 per spam-run sent, or £5000 per spam receivied. If sending a million spam emails can be counted as a million offenses under the law, a significant fine can be given (though the judge is probably not going to land them with the full 5 billion squid).

Re:frist s70p

You're two hours late for a first post, dude.

I owe you money

[140Mandak262Jamuna]

Dear Unknown, I am a spammer convicted of sending unsolicited messages to millions of people and I am ordered by the federal courts to pay every one I sent mail to a sum of 100,000$ each.

So if you have recieved spam from me, please send me your name, your address, your social security number, your bank account number, your mother's maiden name, the first pet you owned, the first car you owned, the name of your high school, your credit card number, expiry date and the card verification number.

Please allow six weeks for your account to be cleaned^H^H^H^H^H^H credited.

Have a nice day.

Must change the economy of spam

[140Mandak262Jamuna]

Spam works for the sender because, it costs them practically nothing to blast out millions of emails and there are always a few who respond to spam. One way to combat spam is to increase the cost to the spammers. I am not suggesting anything on the send side.

Just on the recieve side. We should be able to write some bots with some amount of AI to respond to spam. Suddenly the spammer is getting 990 bogus replies and may be 10 legitimate replies to his 100 million spam emails. We should be able to swamp out those dumbos who respond to spam. If the spammer has to go through 10 or 100 emails to get one chump, well it is that much more expensive to him.

,p> Would it be illegal to respond in bad faith to spam? IANAL.

I did the same.

[www.sorehands.com]

I went after a spammer. I got a $100,000 stipulated judgment. As part of the judgment, they agreed to provide the information on other spammers. Their money went to the California Attorney General's office. I wanted the information on the other spammers.

Taking out spammers is not about getting money. It is partly about making points, partly about getting information on other spammers, and to encourage others to go after spammers.

Its the thought that counts.

[xkr]

Wow! MS collected 10% of their legal bills.

Re:Its the thought that counts.

[Tim+C]

This won't have been about earning money for MS, it will have been about taking it away from this cretin and trying to make sure he doesn't do it again.

Re:Nor can he protect from Big Brother / Govt secr

Wow, modded down for the first time in several years of posting on Slashdot.

How can a unrated post be "Overrated"? Was what I wrote unjustified by the sources? Was it irrelevant?
Or did the moderator simply feel that Slashdotters needed to be protected from what I wrote?

Another Hotmail record....

[Lars83]

In other news, Hotmail sets the record for allowing the most spam through it filters.

My current empirical estimate is 1,000,000,000 per day.

A Dose Of Their Own Medicine.....

[IHC+Navistar]

If a spammer sends you spam, and is refusing to own up to it, can you DoS his server and wait for him to go to the authorities, just so you can get him in an arrestable situation for the spam? I mean, it would be pretty funny to get him to tell the judge you did it in retaliation for the porno spam he sent you.

I know it's risky, but I think retaliatory hacking and cyberwarfare is justified, provided you can present adequate documentation and research verifying the targets actions, against spammers. It's cheap, if free for the government, since the public it doing the work for them, and they take out spammers without having to spend millions taking them out themselves one by one. Plus, it think it would be very satisfying, like many other things, to be able to fry the server of a spammer, inconveniencing them, and costing them money instead of letting them profit from their flagrant public nusuince and greed.

-----

Sig Sauer

Re:I did the same ... and I was his attorney

[triclipse]

Yo Barbieslapper!

Yes, we did get a goldmine of information out of the spammer against which we got the stipulated judgment. I knew there was money in spam, but to see one spammer taking in $90,000 - $110,000 every day was an eye opener.

If any of you hate spam, you should thank Mr. Sorehands ... he is a one-man litigational nightmare to spammers and the kooks who use them to market their crappy products.

(Yes B, I will call you back ...)

Not to sidetrack this ...

[unsigned+integer]

but I'm starting to worry about the implications and far reaching effects of determining what is spam, and unlawful usage of email systems, etc etc.

It reminds me vaguely of companies slapping down DMCA suits on anyone who mentions their product or company in a negative light.

Eventually, companies and law enforcement will have the tools and the law on their side (everyone hates spam, right?) ... but then who gets to determine the definition of spam?

I'm sure we can all come up with a number of scenarios which would highlight the problems of when companies, with money at stake, can arbitrarily determine what is spam. Which of course, will NEVER happen ... (and I remember hearing the same thing about the DMCA and some of its glaring faults).

Eventually, it just seems it will become another tool for stifling what you and I may consider free speech, but yet again, the little guy can't afford $$$$$ to protect himself from big company with mega-lawsuit-fund.

Sigh.

Piss Money

[thelonestranger]

$87177 Time for Bill to buy himself that new ivory back scratcher.

"Two years from now, spam will be solved," - Bill

[Joce640k]

"Two years from now, spam will be solved" - Bill Gates, January 2004.

Unfortunately ...

[tbone1]

To get the money, they need to contact a gentleman in Nigeria ...

Richard Thomas

[Anonymous+Brave+Guy]

For what it's worth, our Information Commissioner is one of all-too-few good guys holding public office in the UK. He and his department have very consistently acted in the public interest, even when it meant directly opposing government policy over things like ID cards, or telling the government that freedom of information requests could not be dodged on technicalities (as with some MPs' expenses just this week). They also provide genuinely helpful guidance, e.g., on their web site there's a simple interactive system that tells you whether your organisation is exempt from requirements to register under the Data Protection Act, which has been useful and reassuring for several local clubs/community groups I've been involved with.

However, it is clear that his department is under-resourced, given the backlog of unhandled requests under the data protection and freedom of information legislation. I suspect this is not an accident, but it's not their fault. Similarly, the various data protection and freedom of information rules the Office of the Information Commisioner deals with have some (IMHO) unnecessary limitations that aren't really in the public interest, but he can't act against people taking advantage of them because the law says it's OK to do so.

Re:Nor can he protect from Big Brother / Govt secr

[Anonymous+Brave+Guy]

You just have to read (-1, Overrated) as (-1, I Don't Agree) these days.

I don't have exact counts, but as a fair estimate, 75% of my down-mods are (-1, Overrated) on posts also moderated up, often with multiple (+1, Insightful) mods.

Don't take it personally. I, for one, found some new and interesting material thanks to your links, and I'm grateful that you took the time to share them.

Re:"Two years from now, spam will be solved," - Bi

[MrAnnoyanceToYou]

He's gotten his 87 grand cut, he's happy, it's solved.

Missing link

The article forgot to include the link to the "pornographic download site." Please post link ASAP.

One spammer that will know Bubba

[www.sorehands.com]

I have one drug spammer, Robert Smoley -- in Florida that has paid me with a bad check. He wrote the company check as an installment on a stipulated judgment. Tonight, I plan on taking the bad check to the police for to start the prosecution for a bad check.

I wonder, if he can get discounts for his cellmate on viagra.