Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spam King Pleads Guilty in Seattle

Posted by Zonk on from the why-would-you-want-to-be-king-of-that dept.

arbitraryaardvark writes "The Seattle Times reports that spammer Robert Soloway has pled guilty to mail fraud and tax evasion, in exchange for the state dropping multiple counts of identify theft. 'The electronic-mail fraud charge is punishable by up to five years in prison. The tax charge is a misdemeanor and carries a maximum one-year sentence. The law also allows for fines against Soloway and his business of up to $625,000 on all charges. Both sides agreed to let U.S. District Court Judge Marsha Pechman determine not just the amount of prison time Soloway, 28, might serve but also the number of his victims, the size of any fine and the amount of restitution he may be ordered to pay.' We've previously discussed his arrest and mention in the New Yorker. The wire fraud felony count is based on selling $500 packages to wannabe spammers."

10 of 152 comments (clear)

  1. Comment removed by account_deleted · · Score: 2, Insightful

    Comment removed based on user account deletion

  2. Re:For sending too much email? by thyrf · · Score: 4, Insightful

    That's all fair and well if you're only expecting email from certain servers, but for most of us a deny-by-all service doesn't cut it.

  3. Re:For sending too much email? by jd · · Score: 3, Insightful
    And you'll identify these e-mail servers how? By hostname? (Domain stealing, DNS poisoning, DNS injection) By IP address? (Fake IP headers + source routing, Router table poisoning, Zombies on legit servers, Zombies on any machine between legit server and target) By mail headers? (Zombies anywhere)

    And you guarantee inclusion of legit traffic from mobile sources, how? You don't know what IP address or ISP will be used. What about legit mailing lists, where the originator is indeterminate?

    X.400 provides much better authentication, and offers an API for repudiation, but if that's what people really wanted, we'd be using it. Or maybe everyone would use SMTP-over-SSL where client-side and server-side certificates were validated. We don't use them because people need the privacy, anonymity and flexibility of the existing system, although I'd argue almost anything is technically superior to the existing system.

    In the end, although a totally secure option should exist, an insecure option should also exist that is controlled by policy rather than technology, and that ultimately means laws.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  4. Re:I hope... by Bored+MPA · · Score: 5, Insightful

    Because rape, HIV, and Hepatitis aren't cruel and unusual punishment in your book? Or is that just the line you toss out to get out of jury duty?

    Your comedic take is about as funny as the drunk guy I saw yesterday that said "Ooops, you just knocked over your home" when he walked past a homeless guy that dropped a cardboard box yesterday.

  5. Comment removed by account_deleted · · Score: 2, Insightful

    Comment removed based on user account deletion

  6. Calm down! by xaxa · · Score: 4, Insightful

    There's too many comments suggesting he should be killed, raped, or otherwise hurt. If you seriously approve of that kind of punishment, either
    a) move to a country with Sharia law
    b) save it for the worst offenders, those that actually murder others, like some US states do
    c) grow up. At worst he's annoyed you, and maybe cost you a bit of time or money.

    1. Re:Calm down! by dissy · · Score: 5, Insightful

      There's too many comments suggesting he should be killed, raped, or otherwise hurt. Seriously.

      For the people advocating death/rape for this guy: just wait until you are falsely imprisoned, or simply imprisoned for a minor infraction such as telling your mind verbally to someone who turns out to be on the 'good' side of the law. It happens very frequently in this country. And non zero odds that it will happen to you as well.

      To everyone else: don't get me wrong, I'm not at all saying Soloway is innocent and should not be punished for his crimes. Just that wishing cruel and unusual punishments on him, which sadly are highly likely to happen to anyone that ends up in jail or prison, will also be forced on a small part of the innocent population as well, and that it's never right.

      I also don't feel stupidity should be punished with nightly beatings, rape, disfigurement, torture, and potentially murder in the prison system either, despite the fact that the people wishing these things on others will probably never learn just how stupid such desires are until it happens to them.
      But I sure do wish there was less stupid people in the world, such as those that cheer for this sort of treatment.
  7. Re:For sending too much email? by ZorbaTHut · · Score: 3, Insightful

    Who cares if someone sends junk faxes, the phone network is an open system and it's designed to indiscriminately deliver messages - making junk faxes illegal is a terrible idea. If you don't want wasted toner, just don't accept phone calls from every bozo on the phone system.

    And yet, oddly, junk faxes are illegal, because they cause a significant amount of cost for the receiver. Just like junk email does.

    The law won't [i]fix[/i] things, of course. Junk faxing still occurs. But it might help, if it's designed properly.

    --
    Breaking Into the Industry - A development log about starting a game studio.
  8. Re:For sending too much email? by frdmfghtr · · Score: 2, Insightful

    So, how does this fail ?
    It fails because your Aunt Mathilda doesn't know the first thing about email encryption, nor does she care. Businesses won't mandate its use with the buying public because most of those customers will go somewhere else instead of changing their email habits. "Public keys? How does a key protect anything if it is public?" "Cryptographic signature verification?" Good luck explaining that the John and Jane Public.

    I don't expect to see widespread use of email signing (or encryption for that matter) until:

    (a) It is mandatory and automatic on all email clients; and
    (b) conforms to ONE standard (PGP? Digital certificates?).

    I don;t know much about digital signing of email beyond setting up Mail to use it; and I do use it on all outgoing email. However, I have received only a handful of email messages that have been signed, and they all were from federal gov't research labs where PKI use is mandatory.
    --
    Government's idea of a balanced budget: take money from the right pocket to balance...oh who am I kidding?
  9. Re:For sending too much email? by darkpixel2k · · Score: 2, Insightful

    I hate these forms.
    Let's go through it

    (X) technical ( ) legislative ( ) market-based ( ) vigilante

    What other way will there be of blocking spam? Legislative won't work because there is no one governing body that controls the entire world and can punish those that do wrong.

    Market based...well, it might work, but the solution will probable be some sort of technical device like a barracuda appliance.

    Vigilante would work if we just shot all the spammers, but then those people would go to jail for murder. Wait until we can clone, then send your clone in to do the dirty work and hope they don't grab you instead of your clone.

    So technical is the only way.

    (X) users of email will not put up with it

    Fine, they can put up with the spam.
    But in my experience, users will put up with a lot of shit if it's required of them. Think BSODs, Windows ME, Windows Vista, etc...

    (X) requires immediate total cooperation from everybody at once

    Kinda like SMTP is required by everyone. If you don't have it, you don't get mail.
    I don't care if it's another protocol, or the same protocol with changes. Kinda like IPv6, eventually there will be a cutoff date and everyone needs to get on board or else things just won't work. Get the new email protocol in place, have it work along side SMTP and then once it's developed and tested set a shutoff date for SMTP.

    Yeah, it'll be a lot of work, but that's our job. We do the technical shit on the internet. Just like the telco guys--I don't care how my phone call gets from point A to B, just that it does get there.

    (X) many email users cannot afford to lose business or alienate potential employers

    This seems somewhat irrelevant. We're not talking about immediately shutting down SMTP and saying 'fuckit'. A group of intelligent geeks like you'd find on slashdot (for the most part) are completely capable of coming up with a transition plan.

    (X) huge existing software investment in smtp
    (X) susceptibility of protocols other than smtp to attack
    (X) willingness of users to install os patches received by email

    There's always going to be a huge investment when switching (think IPv4 to IPv6). At some point the flaws or limitations of the system become too big a problem and you must change. Have we reached that point with SMTP and spam? Are we out of quick fixes like SenderID, Domain Keys, DKIM, blacklists, whitelists, spamassassin, greylists, etc...?

    As for 'patches' received via email, you're never going to stop idiots and social engineering.
    I'm not sure what you're getting at with attacking protocols other than smtp.

    (X) ideas similar to yours are easy to come up with, yet none have ever been shown practical

    That part is true. I'm sitting here saying we should come up with something, but not putting forth any ideas.
    But I believe if a group like Slashdot held a huge discussion about it, we would come up with something.

    --
    There's no place like ::1 (I've completed my transition to IPv6)