...if they were willful, intentional, or reckless, and if they weren't, they still owe you $500 if you ask them to disclose to you any personal information disclosures and they don't. In either case, this only applies if you're Californian.
I'm currently (still!) suing TD Ameritrade for covering it up when they were hacked and the names, addresses, SOCIAL SECURITY NUMBERS, etc, of 6.4 MILLION customers were compromised. (See amtd.elvey.com.)...
(b) Any customer injured by a violation of this title may institute a civil action to recover damages.
(c) In addition, for a willful, intentional, or reckless violation of Section 1798.83, a customer may recover a civil penalty not to exceed three thousand dollars ($3,000) per violation; otherwise, the customer may recover a civil penalty of up to five hundred dollars ($500) per violation for a violation of Section 1798.83.....and you can file for an injunction to force them to disclose.
"Nicole Wong, Google's deputy general counsel, told reporters in Washington, D.C.: Google, in its own products and in policy discussions, has focused on three privacy principles: transparency of privacy policies, security of data and user choice, and control over how data is used, she said."
So I'd like to ask:
Nicole, why is DoubleClick's opt-out policy unclear as to whether IPs are used to deliver targeted ads to users who DO opt out?
The security flaw I reported back in 2000 here: http://www.elvey.com/it/SPRs.html has finally been somewhat addressed - since the deal was announced, IIRC. The policy now is relatively clear about the cookie opt-out only being a very partial tracking opt-out; they will still try to show you targeted ads even if you've opted out, although they still avoid explicitly admitting to doing IP-based tracking.
In other words, the DoubleClick opt-out system is still ineffective, but at least they admit it now.
Not lying about what you're doing is a big improvement in my book.
Yes, the 5xx is a big improvement, you're right. What we need is a Blacklist that... well, backscatterers.com is up, but doesn't seem to be operational. It should be easy to drop all mail from from IPs in such a BL, while treating the rest normally.
I got a couple hundred bouncebacks yesterday, despite having an SPF record. They don't seem to help much.
There are quite a few domains that have SPF records, like AOL, but having a record, and bit bucketing mail that SPF says is forged, are two very different things. Very, very few domains do the latter. It would be nice if more did. Does AOL? Well... I'm still getting hammered.
One spam I received yesterday suggests:
A spammer tried to send spam From: @elvey.com To:@aol.com
The spam was transmitted from/via mail2.infoquesthosting.net [65.61.1.49], a Barracuda Spam Firewall 3, which is broken by design. You thought Barracuda was helping FIX email? They're making the problems worse! But let's keep on topic...
So, the Barracuda takes the spam and sends it to @elvey.com, the innocent victim forged in the From:, despite the elvey.com SPF record.
This is typical. Like I said, a couple hundred bounces yesterday...
If the server of a so-called leader in the antispam arena is sending me spam despite appropriate SPF records, what does that say?
Well, I was in the same boat as everyone else, but I bit the bullet, contacted and retained a lawyer. A class action claim has been filed against TD Ameritrade in my name. Others just started signing on as well. Join the fight! (and please mod this up!) I had no idea how long this had been going on. There's some info and a form you can fill out if you might want to join the suit. The laws are such that it makes sense to join the claim if you reside in Alabama, Kansas, Illinois, Florida, Michigan, Missouri, New Jersey, Washington, Wisconsin, and/or West Virginia. It's my understanding that in these states you can't sign away your right to be part of a class action suit - i.e. any agreement to do so is unenforceable. Looks like there are dozens of folks who have also noticed the problem and have used disposable email addresses and could join, like Seth Breidbart (of Breidbart Index fame). Mention your slashdot handle if you fill out the form.
Oh, and as for the poster who mentioned spam to jsmith@bar.example.com being an issue: The email addresses I gave to Ameritrade were of the form jsmith@bar.example.com. The checksum is something based on jsmith, that I can calculate in my head, and have written a sieve script to calculate. Only when the checksum verifies is the mail allowed in. Otherwise I log it as a DHA attempt. I started giving out these email addresses a several years ago, and only relatively recently had to write the sieve code. 6Yankee: it's worthwhile! Oh, and yes, there were multiple controls in the experiment. The addresses were valid for years before I gave 'em to Ameritrade, and received no mail in that time. Many other valid addresses have also received no mail to date.
Oh and I got malware? I don't think so. Mac OS X with nothing extra on it but mozilla apps, used for nothing but my TD Ameritrade account. After they provided my address to the pump 'n dump crew the first time, I made sure there were no excuses left to point to on my end.
Ameritrade initiated the spam by providing my address, and the addresses of the other complainants on this thread and others, to the system that fed the botnet that executed the requisite SMTP commands. And all the spam to date is stock spam. Kryai's right; it's sad that efforts like his (I've done the same) to responsibly report security flaws are routinely ignored.
There are lots of short-term solutions, to which spammers adapt as they get widely adopted.
For example, content filtering in general is largely a short-term solution. Spammers invent and use obfuscation tricks; tools detect them, spammers invent new ones. Rinse, repeat.
Longer term solutions have to address root causes. These increase the consequences of spamming. IP blacklists, URI blacklists, domain blacklists, for example, result in negative consequences for bad actors and their associates. (Including folks who claim that they're not associates, where that association consists of sending money to the same folks for network connectivity, i.e. being customers of an ISP or webhost or ESP that harbors spamming customers.)
The way things are going, I see a continuing trend toward reputation services, where the reputation is that of an identity confirmed using one (or more) of the Email Authentication technologies - CSV (my favorite), SPF or DKIM/DomainKeys. (I've been building one, so I'm biased.) Only senders with positive (not just neutral) reputations will get through. Greylisting will, as another poster mentioned, be key in preventing spammers from getting one step ahead.
Complementary long term solutions include HashCash (e.g RubberStamp) -type solutions and better security.
SpamAssassin is a victim of its own success - it's so widely used that the first thing spammers do is send their mail through a server running it, and tweaking the message until it gets through that portion of its filters that are content-based. Of course SpamAssassin's Bayesian filter component helps in that regard, as do RulesDuJour, and other features that are not on by default. It works very well when tuned.
The unfortunate fact is that most ISPs and end users refuse to step up and shoulder the costs to keep their systems secure enough not to be sources of spam. They take on spamming customers and allow infected computers to remain on their networks. Until antispam measures impose costs that force these costs to be born (i.e. internalize the externalities), there will be more false positives and negatives.
Whoops ; Here are the examples I meant to include in my previous post.
Venezuela[1], Brazil[2], Extremadura and other regions of Spain[3], New Zealand[6], Bulgaria & Madeconia[4], and China[5], India. Development is often a worldwide effort, much like academic research.
For example, while I have only done a little FLOSS development, I've never met any of my collaborators in person.
Thailand Cities: Vienna, Munich, Geneva, Bergen[7]. Peru, Paris:almost.
"3, Insightful"? How 'bout "0, Uninformed"?
The crimes laid out in Thomas Penfield Jackson,
U.S. District Judge's COURT'S FINDINGS OF FACT are criminal under any reasonable legal system, including those of a 'truly free society'.
There is an old saying: "your right to swing your fist ends at the tip of my nose" that is applicable.
5-year perspective on the case is interesting.
Microsoft regularly flexes their patent muscle by refusing to grant use of patents it owns to competitors. E.g. Bill Gates himself has turned down patent licensing requests for use of Microsoft patents proposed as IETF standards. (google Microsoft IETF patent or read this)
Their anti-competitive practices most certainly do involve patents. Patent abuse is even an incriminating component of the above FINDINGS OF FACT.
And Microsoft's abuses go far beyond those discussed in the FINDINGS OF FACT; see http://kmfms.com/whatsbad.html.
I was there. My take: SenderID was a meme on the decline - several large entities and several small entities gave it the thumbs down; several large entities (all D.M.A. members, I think) gave it the thumbs up. Rikus: the place was abuzz with SPF discussion: it got several thumbs up and several thumbs down. CSV, SES, BATV were new and on the rise - no thumbs down. AOL committed to using CSV. (In the sense that they're 'using' SPF today) and got several other thumbs up. BATV got several thumbs up, SES got a few thumbs way, way up. A lot of folks expressed serious concerns about deployment complexity. It was pointed out that the different proposals have vastly different footprints and initial and ongoing support costs and motivations driving early adoption, which will dramatically effect effectiveness and deployment trajectories and costs. Most of the proposals will require millions of end users be walked through changes by their support staff, and this dwarfs all the other costs being considered, including even the cpu costs of crypto and the cost of record creations. However, this isn't an issue that affects most of the entities represented. It worried the small biz reps a lot. I'll post more details soon!
Its factually false information from someone who obviously has no experience receiving spamcop reports. As someone who does get 'em, I can say that this claim is utterly false.
Spamcop sends ISPs enough information that you can figure out which customer was spamming.
Your'e lazy, not stupid. It's not MD5 applied higer up in the OSi stack thant TCP, it's a modification to TCP itself that uses MD5: http://www.ietf.org/rfc/rfc2385.txt Briefly, here's what the sender does: take the usual IP packet, add a secret key, and a checksum of the above, and send that. It's amazing that an electronic Pearl Harbor hasn't happened yet.
. . . And On The 17th Day Of June, Microsoft Said: "Let There Be Spam!" 6/17/2003 AS MICROSOFT ANNOUNCES LAWSUITS AGAINST SPAMMERS IN WASHINGTON, IT WORKS TO LIMIT ABILITY OF CALIFORNIA SPAM VICTIMS TO GO AFTER SPAMMERS
SACRAMENTO - Backed by Microsoft, America Online (AOL) and Yahoo!, the Assembly Business & Professions Committee today refused to permit a vote on SB 12 by California State Senator Debra Bowen (D-Redondo Beach), a bill that sought to create the country's toughest anti-spam law by requiring advertisers to get permission from computer users before sending them unsolicited ads.
"Spam accounts for more than half of all e-mail sent, sticking businesses with a $20 billion tab for unsolicited ads they didn't ask for and don't want," said Bowen (D-Redondo Beach). "Spam isn't legitimate advertising and it's not free speech - it's basically high-tech junk faxing that forces e-mail users to pay for someone else's advertising campaign through slower computer service and higher Internet access fees."
Today in Redmond, Washington, Microsoft announced it filed 13 civil suits against U.S. spammers for sending unwanted, deceptive, commercial e-mail to Microsoft customers. Meanwhile, at that same time, Microsoft was testifying in Sacramento, California, before the Assembly Business & Professions Committee against Senator Bowen's bill, that would have banned spam and created an "opt-in" system for sending unsolicited commercial e-mail. If enacted, it would be the strongest anti-spam bill in the country, but Microsoft opposed it because it would have required businesses to get permission before sending e-mail ads (a concept known as "opt-in") and would have allowed individual e-mail spam victims to sue spammers for $500 per spam.
"Who do you trust to protect your e-mail inbox in the war against spam, Microsoft, AOL, and Yahoo! or the Attorney General and California's Privacy Rights Clearinghouse?," asked Bowen, referring to the three leading opponents and the two leading supporters of SB 12. "If you don't want to be sued for sending spam, don't send spam, it's not all that complicated.
"Microsoft, AOL, and Yahoo! sit in committee with a straight face, saying they're trying to improve the bill, while at the same time they're back in Washington, pushing measures to wipe out this bill and every single anti-spam law that states have adopted over the past half-dozen years," continued Bowen. "Why? Because they don't want to ban spam, they want to license it and make money from spammers by deciding what's 'legitimate' or 'acceptable' unsolicited commercial advertising, then charging those advertisers a fee to wheel their spam into your e-mail inbox without your permission."
SB 12 repeals California's "opt-out" spam statute in favor of a tougher "opt-in" system modeled on the federal law that bans unsolicited fax advertising. The bill requires companies that want to send e-mail ads to get an e-mail user's permission in advance if they don't already have a business relationship with the person. SB 12 allows any Californian who receives unsolicited ads to sue the sender and the advertiser in court for $500 per spam and the judge can triple the fine if he or she finds the sender willfully and knowingly violates the California ban. The bill also requires the court to impose an additional $250 per spam civil penalty to be directed to high tech crime task forces throughout the state in any spam judgement.
A June 10 report by the Radicati Group found e-mail spam will cost companies $20.5 billion in 2003, and by 2007, businesses will be forking over nearly ten times that amount of money, or $198 billion, to battle spam. A June 2 report by MessageLabs, a private anti-spam service, found 55.1% of all e-mail sent in May 2003 was spam. Jupiter Research found U.S. e-mail users received more than 140 billion pieces of spam in 2001 and an estimated 261 billion pieces in 2002 - an 86% increase. A Harris Interactive (www.harrisinteractive.com)
This is false. They don't typicaly start with Class C's. Do go look at SPEWS listings yourself and see. Don't ask nana-e posters for more hearsay.
Frankly, the slashdot moderation is stumbling, IMO, many of the +5 posts on this thread are active misinformation designed to discredit DNS blacklists, precisely BECAUSE they work. (This was discussed on N.A.N.A.BL a while ago.)
This crap about the attacks probably not being from spammers is just that. Who else would would break the law to do so? (These attacks are illegal.)
I don't think it's a problem that the RR smtp system was rated good (positive) by you, an RR customer who sends and receives email via said system. That would cause trustic to weigh the value of blocking that legitimate traffic sent using it against any spam that was sent using it, in deciding whether to blacklist it. Sounds pretty good to me. I'm looking forward to the son-of-trustic. (Yes, sending and receiving could be via systems on different IPs) Integration with a system like SpamCop would help. --
1)DNSBLs aren't perfect, therefore we should abandon them? Democracy isn't perfect, therefore we should abandon it? Come up with a better idea, then let's talk.
2)users of well-designed DNSBL-based systems can bounce mail that they suspect is spam, that include information (or a link thereto) about getting out of the DNSBL, AS WELL AS GETTING WHITELISTED/USING A WHITELIST KEYWORD to get mail through despite being blacklisted. This eliminates the false positive problem for email from people for whom it's important that the email get through, provided that they can follow the instructions (put a whitelist phrase in the email subject), and if they can't then I don't want to hear from them anyway.
3)DNSBL operators define an RBL as "A list of servers which send out spam or are known to be open relays"??? This is blatantly false; libelous even.
Looking at the jackpot dox, I don't see that it has a facility for sending LARTS* or submitting to DNSBLS, or content based filters. It doesn't seem to create a good source of data for training bayesian filters either.
*It has a facility for URLs to the logged spam for including in the DIY LARTS.
That's nuts. You're wrong: Even if you don't use or have associates who use Yahoo, MSN, Hotmail, IRC, or ICQ, you do have to suffer through the AIM ads (unless you block 'em) and memory hogging. Plus you don't have encryption.
They'll be trying to show that their latest stuff is cool, try to get some respect/mindshare. It'll probably be a big bust, becaue it'll keep malfunctioning, by collapsing under its own weight, with a few straws added by other show attendees (running large trucks through the holes in their software, most likely).
I put together one of these babies (2/3 TB, $2500)a few months ago! 3ware is cool. They had a bug in their RAID 5 code, but the support/handling of the issue was exemplary.
We put 8 80 GB maxtors and an Escalade 6800 in an old Gateway P166 tower with 32 MB, an extra power supply, 3 extra fans, and 2 NICs, running Linux 2.4 kernel running recent NFS code.
The only trouble was when I tried to format the drives with Partition Magic; it couldn't handle the size and corrupted my partition table! It's now running great. A drive died once, but came back online; the rebuild ran flawlessly.
PS whoever posted about using PowerFile should have checked the prices first.
I'm glad that the gov't (e.g. the FTC) is out there pursuing these scamsters.
But I think it's sad that they aren't out there pursuing scamsters in the medical arena. If you're of average intelligence, and take the time to pay attention, you won't fall for these scams. BUT the Sharper Image is selling stuff implying that magnets are going to heal your medical problems and keep your razor sharp, and that ions are going repair your hair and a bunch of other crap that isn't supported by any good science whatsoever. But the average guy isn't smart enough to know it's all a bunch of hooey. If you pore over the claims VERY carefully, you realize that they couch the claims: "people report", "may", "is said to", "is commonly believed to"... likewise for the massive "herbal supplement" issue! Natural DOESN'T correlate with safe.
"Supplements" should be regulated the same way as "drugs".
Slashdot Mirror
...if they were willful, intentional, or reckless, and if they weren't, they still owe you $500 if you ask them to disclose to you any personal information disclosures and they don't. In either case, this only applies if you're Californian.
The relevant law is CALIFORNIA CIVIL CODE SECTION 1798.80-1798.84 which you can find here:
http://www.leginfo.ca.gov/cgi-bin/displaycode?section=civ&group=01001-02000&file=1798.80-1798.84
(1798.83 and 1798.84 are the most relevant.)
I'm currently (still!) suing TD Ameritrade for covering it up when they were hacked and the names, addresses, SOCIAL SECURITY NUMBERS, etc, of 6.4 MILLION customers were compromised. (See amtd.elvey.com.) ... ...and you can file for an injunction to force them to disclose.
(b) Any customer injured by a violation of this title may
institute a civil action to recover damages.
(c) In addition, for a willful, intentional, or reckless violation
of Section 1798.83, a customer may recover a civil penalty not to
exceed three thousand dollars ($3,000) per violation; otherwise, the
customer may recover a civil penalty of up to five hundred dollars
($500) per violation for a violation of Section 1798.83..
"Nicole Wong, Google's deputy general counsel, told reporters in Washington, D.C.: Google, in its own products and in policy discussions, has focused on three privacy principles: transparency of privacy policies, security of data and user choice, and control over how data is used, she said."
So I'd like to ask:
Nicole, why is DoubleClick's opt-out policy unclear as to whether IPs are used to deliver targeted ads to users who DO opt out?
The security flaw I reported back in 2000 here: http://www.elvey.com/it/SPRs.html has finally been somewhat addressed - since the deal was announced, IIRC.
The policy now is relatively clear about the cookie opt-out only being a very partial tracking opt-out; they will still try to show you targeted ads even if you've opted out, although they still avoid explicitly admitting to doing IP-based tracking.
In other words, the DoubleClick opt-out system is still ineffective, but at least they admit it now.
Not lying about what you're doing is a big improvement in my book.
Yes, the 5xx is a big improvement, you're right. What we need is a Blacklist that ... well, backscatterers.com is up, but doesn't seem to be operational. It should be easy to drop all mail from from IPs in such a BL, while treating the rest normally.
I got a couple hundred bouncebacks yesterday, despite having an SPF record. They don't seem to help much.
m l
There are quite a few domains that have SPF records, like AOL, but having a record, and bit bucketing mail that SPF says is forged, are two very different things. Very, very few domains do the latter. It would be nice if more did. Does AOL? Well...
I'm still getting hammered.
One spam I received yesterday suggests:
A spammer tried to send spam
From: @elvey.com
To:@aol.com
AOL's response was:
554-: (ISP:B2) http://postmaster.info.aol.com/errors/554ispb2.ht
554 TRANSACTION FAILED
The spam was transmitted from/via mail2.infoquesthosting.net [65.61.1.49], a Barracuda Spam Firewall 3, which is broken by design.
You thought Barracuda was helping FIX email? They're making the problems worse! But let's keep on topic...
So, the Barracuda takes the spam and sends it to @elvey.com, the innocent victim forged in the From:, despite the elvey.com SPF record.
This is typical. Like I said, a couple hundred bounces yesterday...
If the server of a so-called leader in the antispam arena is sending me spam despite appropriate SPF records, what does that say?
Well, I was in the same boat as everyone else, but I bit the bullet, contacted and retained a lawyer. A class action claim has been filed against TD Ameritrade in my name. Others just started signing on as well. Join the fight! (and please mod this up!)
I had no idea how long this had been going on. There's some info and a form you can fill out if you might want to join the suit. The laws are such that it makes sense to join the claim if you reside in Alabama, Kansas, Illinois, Florida, Michigan, Missouri, New Jersey, Washington, Wisconsin, and/or West Virginia. It's my understanding that in these states you can't sign away your right to be part of a class action suit - i.e. any agreement to do so is unenforceable. Looks like there are dozens of folks who have also noticed the problem and have used disposable email addresses and could join, like Seth Breidbart (of Breidbart Index fame). Mention your slashdot handle if you fill out the form.
Oh, and as for the poster who mentioned spam to jsmith@bar.example.com being an issue: The email addresses I gave to Ameritrade were of the form jsmith@bar.example.com. The checksum is something based on jsmith, that I can calculate in my head, and have written a sieve script to calculate. Only when the checksum verifies is the mail allowed in. Otherwise I log it as a DHA attempt. I started giving out these email addresses a several years ago, and only relatively recently had to write the sieve code. 6Yankee: it's worthwhile! Oh, and yes, there were multiple controls in the experiment. The addresses were valid for years before I gave 'em to Ameritrade, and received no mail in that time. Many other valid addresses have also received no mail to date.
Oh and I got malware? I don't think so. Mac OS X with nothing extra on it but mozilla apps, used for nothing but my TD Ameritrade account. After they provided my address to the pump 'n dump crew the first time, I made sure there were no excuses left to point to on my end.
Ameritrade initiated the spam by providing my address, and the addresses of the other complainants on this thread and others, to the system that fed the botnet that executed the requisite SMTP commands. And all the spam to date is stock spam. Kryai's right; it's sad that efforts like his (I've done the same) to responsibly report security flaws are routinely ignored.
There are lots of short-term solutions, to which spammers adapt as they get widely adopted.
For example, content filtering in general is largely a short-term solution. Spammers invent and use obfuscation tricks; tools detect them, spammers invent new ones. Rinse, repeat.
Longer term solutions have to address root causes. These increase the consequences of spamming. IP blacklists, URI blacklists, domain blacklists, for example, result in negative consequences for bad actors and their associates. (Including folks who claim that they're not associates, where that association consists of sending money to the same folks for network connectivity, i.e. being customers of an ISP or webhost or ESP that harbors spamming customers.)
The way things are going, I see a continuing trend toward reputation services, where the reputation is that of an identity confirmed using one (or more) of the Email Authentication technologies - CSV (my favorite), SPF or DKIM/DomainKeys. (I've been building one, so I'm biased.) Only senders with positive (not just neutral) reputations will get through. Greylisting will, as another poster mentioned, be key in preventing spammers from getting one step ahead.
Complementary long term solutions include HashCash (e.g RubberStamp) -type solutions and better security.
SpamAssassin is a victim of its own success - it's so widely used that the first thing spammers do is send their mail through a server running it, and tweaking the message until it gets through that portion of its filters that are content-based. Of course SpamAssassin's Bayesian filter component helps in that regard, as do RulesDuJour, and other features that are not on by default. It works very well when tuned.
The unfortunate fact is that most ISPs and end users refuse to step up and shoulder the costs to keep their systems secure enough not to be sources of spam. They take on spamming customers and allow infected computers to remain on their networks. Until antispam measures impose costs that force these costs to be born (i.e. internalize the externalities), there will be more false positives and negatives.
Whoops ; Here are the examples I meant to include in my previous post.
8 -30-011-26-NW-LL-PB5
Venezuela[1], Brazil[2], Extremadura and other regions of Spain[3], New Zealand[6], Bulgaria & Madeconia[4], and China[5], India. Development is often a worldwide effort, much like academic research.
For example, while I have only done a little FLOSS development, I've never met any of my collaborators in person.
Thailand Cities: Vienna, Munich, Geneva, Bergen[7]. Peru, Paris:almost.
[1] http://linuxtoday.com/news_story.php3?ltsn=2002-0
[2] http://www.ipsnews.net/interna.asp?idnews=26006
[3] http://www.linuxjournal.com/article/8485 - Good Read.
[4] http://www.foss.bg/news.php?id=2
[5] http://www.techweb.com/wire/story/TWB20031117S001
[6]
[7] http://www.iht.com/articles/2004/10/13/t13_2.php
"3, Insightful"? How 'bout "0, Uninformed"? The crimes laid out in Thomas Penfield Jackson, U.S. District Judge's COURT'S FINDINGS OF FACT are criminal under any reasonable legal system, including those of a 'truly free society'. There is an old saying: "your right to swing your fist ends at the tip of my nose" that is applicable. 5-year perspective on the case is interesting. Microsoft regularly flexes their patent muscle by refusing to grant use of patents it owns to competitors. E.g. Bill Gates himself has turned down patent licensing requests for use of Microsoft patents proposed as IETF standards. (google Microsoft IETF patent or read this) Their anti-competitive practices most certainly do involve patents. Patent abuse is even an incriminating component of the above FINDINGS OF FACT. And Microsoft's abuses go far beyond those discussed in the FINDINGS OF FACT; see http://kmfms.com/whatsbad.html.
I was there. My take: SenderID was a meme on the decline - several large entities and several small entities gave it the thumbs down; several large entities (all D.M.A. members, I think) gave it the thumbs up. Rikus: the place was abuzz with SPF discussion: it got several thumbs up and several thumbs down. CSV, SES, BATV were new and on the rise - no thumbs down. AOL committed to using CSV. (In the sense that they're 'using' SPF today) and got several other thumbs up. BATV got several thumbs up, SES got a few thumbs way, way up.
A lot of folks expressed serious concerns about deployment complexity. It was pointed out that the different proposals have vastly different footprints and initial and ongoing support costs and motivations driving early adoption, which will dramatically effect effectiveness and deployment trajectories and costs. Most of the proposals will require millions of end users be walked through changes by their support staff, and this dwarfs all the other costs being considered, including even the cpu costs of crypto and the cost of record creations. However, this isn't an issue that affects most of the entities represented. It worried the small biz reps a lot.
I'll post more details soon!
Who's the twit who rated the above insightful?
Its factually false information from someone who obviously has no experience receiving spamcop reports. As someone who does get 'em, I can say that this claim is utterly false.
Spamcop sends ISPs enough information that you can figure out which customer was spamming.
The Court has Dissolved the Temporary Restraining Order.
Press Release: http://biz.yahoo.com/prnews/040512/sfw083_1.html (mod this up!)
Your'e lazy, not stupid.
It's not MD5 applied higer up in the OSi stack thant TCP, it's a modification to TCP itself that uses MD5: http://www.ietf.org/rfc/rfc2385.txt
Briefly, here's what the sender does: take the usual IP packet, add a secret key, and a checksum of the above, and send that. It's amazing that an electronic Pearl Harbor hasn't happened yet.
Ditto for the space.com site.
Lots of the pages don't work in Mozilla. Grr.
Bollocks! The word 'unwanted' doesn't even appear in the bill. (err... does /. have censors - oh right- no just moderators that vote posts up or down).
Proof AOL/MSFT support spam:
. . . And On The 17th Day Of June, Microsoft Said: "Let There Be Spam!"
6/17/2003
AS MICROSOFT ANNOUNCES LAWSUITS AGAINST SPAMMERS IN WASHINGTON, IT WORKS TO LIMIT ABILITY OF CALIFORNIA SPAM VICTIMS TO GO AFTER SPAMMERS
SACRAMENTO - Backed by Microsoft, America Online (AOL) and Yahoo!, the Assembly Business & Professions Committee today refused to permit a vote on SB 12 by California State Senator Debra Bowen (D-Redondo Beach), a bill that sought to create the country's toughest anti-spam law by requiring advertisers to get permission from computer users before sending them unsolicited ads.
"Spam accounts for more than half of all e-mail sent, sticking businesses with a $20 billion tab for unsolicited ads they didn't ask for and don't want," said Bowen (D-Redondo Beach). "Spam isn't legitimate advertising and it's not free speech - it's basically high-tech junk faxing that forces e-mail users to pay for someone else's advertising campaign through slower computer service and higher Internet access fees."
Today in Redmond, Washington, Microsoft announced it filed 13 civil suits against U.S. spammers for sending unwanted, deceptive, commercial e-mail to Microsoft customers. Meanwhile, at that same time, Microsoft was testifying in Sacramento, California, before the Assembly Business & Professions Committee against Senator Bowen's bill, that would have banned spam and created an "opt-in" system for sending unsolicited commercial e-mail. If enacted, it would be the strongest anti-spam bill in the country, but Microsoft opposed it because it would have required businesses to get permission before sending e-mail ads (a concept known as "opt-in") and would have allowed individual e-mail spam victims to sue spammers for $500 per spam.
"Who do you trust to protect your e-mail inbox in the war against spam, Microsoft, AOL, and Yahoo! or the Attorney General and California's Privacy Rights Clearinghouse?," asked Bowen, referring to the three leading opponents and the two leading supporters of SB 12. "If you don't want to be sued for sending spam, don't send spam, it's not all that complicated.
"Microsoft, AOL, and Yahoo! sit in committee with a straight face, saying they're trying to improve the bill, while at the same time they're back in Washington, pushing measures to wipe out this bill and every single anti-spam law that states have adopted over the past half-dozen years," continued Bowen. "Why? Because they don't want to ban spam, they want to license it and make money from spammers by deciding what's 'legitimate' or 'acceptable' unsolicited commercial advertising, then charging those advertisers a fee to wheel their spam into your e-mail inbox without your permission."
SB 12 repeals California's "opt-out" spam statute in favor of a tougher "opt-in" system modeled on the federal law that bans unsolicited fax advertising. The bill requires companies that want to send e-mail ads to get an e-mail user's permission in advance if they don't already have a business relationship with the person. SB 12 allows any Californian who receives unsolicited ads to sue the sender and the advertiser in court for $500 per spam and the judge can triple the fine if he or she finds the sender willfully and knowingly violates the California ban. The bill also requires the court to impose an additional $250 per spam civil penalty to be directed to high tech crime task forces throughout the state in any spam judgement.
A June 10 report by the Radicati Group found e-mail spam will cost companies $20.5 billion in 2003, and by 2007, businesses will be forking over nearly ten times that amount of money, or $198 billion, to battle spam. A June 2 report by MessageLabs, a private anti-spam service, found 55.1% of all e-mail sent in May 2003 was spam. Jupiter Research found U.S. e-mail users received more than 140 billion pieces of spam in 2001 and an estimated 261 billion pieces in 2002 - an 86% increase. A Harris Interactive (www.harrisinteractive.com)
What about the OQO Ultra-Personal Computer (UPC)? It runs Windows XP, and is the size of an iPod.
This is false. They don't typicaly start with Class C's. Do go look at SPEWS listings yourself and see. Don't ask nana-e posters for more hearsay.
Frankly, the slashdot moderation is stumbling, IMO, many of the +5 posts on this thread are active misinformation designed to discredit DNS blacklists, precisely BECAUSE they work. (This was discussed on N.A.N.A.BL a while ago.)
This crap about the attacks probably not being from spammers is just that. Who else would would break the law to do so? (These attacks are illegal.)
Please mod 5.
I don't think it's a problem that the RR smtp system was rated good (positive) by you, an RR customer who sends and receives email via said system. That would cause trustic to weigh the value of blocking that legitimate traffic sent using it against any spam that was sent using it, in deciding whether to blacklist it. Sounds pretty good to me. I'm looking forward to the son-of-trustic. (Yes, sending and receiving could be via systems on different IPs) Integration with a system like SpamCop would help.
--
/me whacks Philip Jacobe with a clue-by-four:
1)DNSBLs aren't perfect, therefore we should abandon them? Democracy isn't perfect, therefore we should abandon it? Come up with a better idea, then let's talk.
2)users of well-designed DNSBL-based systems can bounce mail that they suspect is spam, that include information (or a link thereto) about getting out of the DNSBL, AS WELL AS GETTING WHITELISTED/USING A WHITELIST KEYWORD to get mail through despite being blacklisted. This eliminates the false positive problem for email from people for whom it's important that the email get through, provided that they can follow the instructions (put a whitelist phrase in the email subject), and if they can't then I don't want to hear from them anyway.
3)DNSBL operators define an RBL as "A list of servers which send out spam or are known to be open relays"??? This is blatantly false; libelous even.
Looking at the jackpot dox, I don't see that it has a facility for sending LARTS* or submitting to DNSBLS, or content based filters. It doesn't seem to create a good source of data for training bayesian filters either.
*It has a facility for URLs to the logged spam for including in the DIY LARTS.
That's nuts.
You're wrong:
Even if you don't use or have associates who use Yahoo, MSN, Hotmail, IRC, or ICQ, you do have to suffer through the AIM ads (unless you block 'em) and memory hogging. Plus you don't have encryption.
They'll be trying to show that their latest stuff is cool, try to get some respect/mindshare. It'll probably be a big bust, becaue it'll keep malfunctioning, by collapsing under its own weight, with a few straws added by other show attendees (running large trucks through the holes in their software, most likely).
We put 8 80 GB maxtors and an Escalade 6800 in an old Gateway P166 tower with 32 MB, an extra power supply, 3 extra fans, and 2 NICs, running Linux 2.4 kernel running recent NFS code.
The only trouble was when I tried to format the drives with Partition Magic; it couldn't handle the size and corrupted my partition table! It's now running great. A drive died once, but came back online; the rebuild ran flawlessly. PS whoever posted about using PowerFile should have checked the prices first.
I have a hard copy of http://www.raidzone.com taped to the side of the box.
It's used to send and retrieve large files over the 'net; I haven't even bothered to benchmark it, as the 'net will be the bottleneck.
I'm glad that the gov't (e.g. the FTC) is out there pursuing these scamsters.
But I think it's sad that they aren't out there pursuing scamsters in the medical arena. If you're of average intelligence, and take the time to pay attention, you won't fall for these scams. BUT the Sharper Image is selling stuff implying that magnets are going to heal your medical problems and keep your razor sharp, and that ions are going repair your hair and a bunch of other crap that isn't supported by any good science whatsoever. But the average guy isn't smart enough to know it's all a bunch of hooey. If you pore over the claims VERY carefully, you realize that they couch the claims: "people report", "may", "is said to", "is commonly believed to"... likewise for the massive "herbal supplement" issue! Natural DOESN'T correlate with safe.
"Supplements" should be regulated the same way as "drugs".