The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Friday, September 29, 2006

Identity theft spam ring busted in Connecticut

As reported in the Atlanta Business Chronicle, an investigation by the Earthlink abuse department has helped authorities nail a spam gang said to be responsible for millions of spams.

Indicted are Michael Dolan of North Miami Beach, Fla.; Charlie Blount Jr., of Branford, Conn.; Keith Riedel of Winter Haven, Fla.; Richard D'Andrea of West Haven, Conn.; Thomas Taylor Jr. of West Haven, and Daniel Mascia of West Haven. Blount, D'Andrea and Taylor have already pled guilty.

Tricks employed by the spammers include the usual account cancellation warnings, fake prize announcements, and fake greeting cards.

Tuesday, September 19, 2006

Spammers exploit Steve Irwin's death and other tragedies

Years ago it was much simpler: Princess Di dies in a terrible accident, and the next thing you know, a spammer is hawking Diana tee shirts on line.

Now, it's more subtle. The new scam is for spammers to send out ads for video tributes to fallen celebrities. To see the video, you only need to give them your email address. And oh, yes — the fine print says you give permission to be spammed for life and to have your information sold to other spammers. The spammers call this "permission-based marketing", and like the oppressive EULA's that came with your software, they're probably legal.

Spammers are exploiting the death of Steve Irwin, Anna Nicole Smith, and the victims of 9/11.

For more on the subject, see Security Pro News's article Let Us Spam You, Please and PC Authority article Spam threat from video tribute sites.

Worth reading: BusinessWeek online

Short and sweet: Rising Stakes in the Spam Wars. The article surveys the current state of the spam wars and talks about the direction spam-fighters are going in. Briefly discusses the need (or lack thereof) for legislation.

Monday, September 18, 2006

User Friendly picks up on Linhardt v Spamhaus

Link to comic goodness.

Is 'Gemma' research project a scam?

This from ZD Australia: Internet security firm Sophos believes the researcher "Gemma" who's asking people to send their spam to him for research purposes is actually phishing for good email addresses. Read more in Spam 'research project' run by spammers?

Spammers attack spamhaus

SPAMHAUSSteve Linford of Spamhaus is being joe-jobbed by someone who is flooding the role accounts of various sites with emails about the $11M judgement against spamhaus (obtained by spam provider Dave Linhardt in a court without jurisdiction). At least some of the spam is coming from EV1. See Spamhaus alert for more info. Spamhaus believes the joe-jobber is spammer William Stanley.

Other press articles on this story: c|net: Judgment fuels the Spamhaus rally cry. Anti-spam champion slapped with $11.7m damages.

Friday, September 15, 2006

ISP Infinite Monkeys & Co sues Scott Richter for $27M

Last court case of the day, I promise.

ISP Infinite Monkeys announced yesterday that they're suing Scott Richter — aka OptinRealBig — and four of his clients for $27.4M. For the full details, see their press release and complaint (pdf).

Also named in the suit are OptinRealBig client National Associate Credit Services, Inc., which has its own checkered past.

FTC shuts down four spam operations

Wow, a very busy week in the courts. According to the Register, the FTC has shut down four illegal spamming operations:

Cleverlink Trading Limited and its affiliates will pay a $400,000 fine for their "lonely housewives" sex spam.

Zachary Kinion has been ordered to pay $151,000 for porn spam, mortgage spam, and spam selling supposed privacy software. Kionion is allegedly broke, so the fine will never be collected.

William Dugger, Angelina Johnson, and John Vitale have received an $8000 slap on the wrist for their use of botnets to send porn spam.

And finally, we have Brian McMullen (aka BM Entertainment and B Pimp) has been hit with a $24,193 judgement for his use of botnets to spam for porn sites and drugs. Another allegedly broke spammer who won't be paying a dime. On the other hand, there is still sentencing on criminal charges pending, as he has pled guilty to charges related to spam and unauthorized possession of credit cards.

KSTM ordered to pay Earthlink $11M in spam lawsuit

Looks like this is Court Week here on the Spam Diaries. In today's article from The Register, we read that Earthlink has won an $11M judgement against KSTM LLC in a CAN_SPAM lawsuit.

Linhardt v. Spamhaus, part II

SPAMHAUSDavid Linhardt has won an $11 million default judgement against Spamhaus for listing him as an associate of Atriks. Unfortunately for him, Illinois courts have no jurisdiction in Britain where Spamhaus is located. See ZDNet article for more.

See also Spamhaus response to Linhardt.

Thursday, September 14, 2006

Microsoft wins £45,000 from spammer Paul Fox

From c|net news: Microsoft wins record amount from spammer. In short, Paul Fox was ordered to pay Microsoft £45,000 (approximately $84,177) for sending spam for his porn site to Hotmail customers. Apparently, this is some sort of record for Europe.

What makes the article most interesting, is its discussion on the toothlessness of UK anti-spam laws. In most cases, the Information Commissioner has very little power to take action against spammers, and individuals have no power at all.

Wednesday, September 13, 2006

Watch 419 scammers busted

Just a short film to brighten your day: reporters follow Nigerian police as they raid an internet cafe being used by 419 scammers:

Tuesday, September 12, 2006

Speaking of lawsuites...

SPAMHAUSSpamhaus is once again dealing with frivolous lawsuits from spammers. This time, David Linhardt, aka e360 Insight LLC, has obtained a TRO in Illinois to force Spamhaus to remove mention of them from the ROKSO record for Brian Haberstroh (aka Atriks).

There's one catch: Spamhaus is in the U.K. and Illinois courts don't have jurisdiction. See the Spamhaus response to Linhardt.

Labels: , ,

Sue a spammer today -- William Silverstein v. TJ Web Productions

Submitted for your consideration: It's a pleasure to see a spammer on the receiving end of a lawsuit, and so I bring you Silverstein v. T.J. WEB PRODUCTIONS, LLC and NINO ENTERPRISES, INC.

Executive summary: Porn spam advertising TJ Web arrives at the servers of William Silverstein. Silverstein duly complains. TJ Web does nothing, and the spam continues to arrive. Silverstein sues under California of Business and Professions Code § 17529.5.

Current status: TJ Web argues that although physically based in California, they're incorporated in Nevada and thus not subject to jurisdiction in California. The courts have ruled against TJ Web. In addition, the court has sustained three of
Silverstein's demurrers of Nino's Enterprises' defenses.

This is not Silverstein's first case against a spammer. See his Case Status Page.

Wednesday, September 06, 2006

Jeremy Jaynes loses appeal, off to slammer

Porn spammer Jeremy Jaynes, sentenced to nine years after his 2004 conviction for spamming under Virginia's tough anti-spamming law has lost his appeal and is finally off to the slammer.

Extensible Mail Protocol -- the new FUSSP?

In April, I briefly mentioned a new proposed Final Ultimate Solution to the Spam Problem.

This week, reader Jimmy B mentions Yet Another new email protocol, known as Extensible Mail Protocol, which is a web-based protocol intended to replace SMTP and POP3. In a nutshell, it packages messages as XML objects and transmits them over a secure and verified HTML connection. There are provisions for interoperability with SMTP and POP.

I haven't read the spec yet, but I have a couple of basic questions: Why does the protocol need to be HTTPS-based? A lot of ISPs use port 25 blocking to prevent their users from spamming. HTTP ports are not so easily blocked. Will this make it easier for spammers to abuse the protocol?

I'm also a little concerned about the GPL license. Will this be a barrier to commercial adoption of the protocol? I'm not entirely sure what the license covers, but I do know that a lot of commercial entities are terrified of it.

Finally, the reference implementation is written in C# for Microsoft. How much of a barrier will this be to adoption by the Unix world?

I'll write more once I've had time to read the documentation.