The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Thursday, January 31, 2008

E360 sells affiliate status to other spammers — CONFIRMED

Just announced publicly on the net-abuse newsgroups: Some time ago, someone phoned Kelly Hale at E360 pretending to be someone being blocked by Spamhaus and answering E360's ad for Spamhaus removal services. Hale explained in some detail how, for $7500 per block of IP addresses, E360 would force Spamhaus to stop listing the caller's addresses by claiming that the caller is an affiliate of E360.

Hale explained at some length as to how it would be done, leveraging off of their previous lawsuit against Spamhaus (which they won by default when Spamhaus failed to show up, claiming lack of jurisdiction). Hale also offered quantity discounts if the caller wanted to unlist more than a "C" block (256 addresses) of IP space.

An advertising brochure for E360's service offers three options: The first is called "IP Identity Management" and involves modifying the Arin (master registry of all IP blocks) database so make spammer IP addresses look like they belong to E360. This is the service we knew E360 was offering.

The second service they offer is IP Tunneling. In a nutshell, this allows spammer email servers to connect to the internet over a virtual private network to E360's servers in order to hide the spammer's true IP addresses and make them appear to come from E360.

The third option is for the senders to pay E360 to send the spam for them.

A copy of the audio recording can temporarily be found at, along with copies of E360's brochures advertising the services [1], [2]. ( has a download limit, so these links won't work for very long, but I expect mirrors will appear shortly and will update this post as that happens.)

Anyway, very little of this comes as a surprise; it was pretty obvious that E360 was gaming the legal decision as a money-making scheme, having already sold affiliate status to Virtumundo at least, but this audio recording and these brochures are an undeniable smoking gun.

The only real questions that remain are: was this what they had in mind all along when they sued Spamhaus or did they only think of it later? And: how will the judge react when he sees and hears this?

Labels: ,

Tuesday, January 29, 2008

Sanford Wallace and Walter Rines in trouble with FTC again

This just in from the UK Register. The FTC is asking the courts to find Sanford Wallace and Walter Rines in contempt of court.

In 2006, Wallace and Rines settled with the FTC on charges of distributing spyware, agreeing to stop doing it and paying a slap-on-the-wrist $50,000 fine. Within months they were at it again, this time attacking MySpace with Malware and social engineering.

As the Register puts it: "Now the FTC is trying to grow a pair". The FTC is asking the judge in the spyware case to find Wallace and Rines in contempt for violating their 2006 agreement. The FTC also wants to seize over $500,000 in profits from the MySpace caper.

For the full story, including many details on Wallace and Rines' attacks on MySpace users, see Register article Spamford Wallace's MySpace riches come under attack.

Labels: ,

Two strikes against Domain Kiting

Domain Kiting (also known as Domain Tasting) is a practice that exploits a loophole in ICANN rules which allows a domain owner to return the domain name within five days for a full refund. This loophole allows spammers, speculators and other bad-faith actors to register tens of thousands of domains for no cost. The practice is primarily used by spammers hiding their origins, by search-engine spammers trying to game search engine rankings, and by speculators hoping that typos or other misguided links will bring enough traffic to the domain to make it worth keeping (domain tasting).

This week, two seperate announcements may have heralded an end to the practice.

First, Google announced that their AdSense program would exclude domains that fit the pattern of domains being repeatedly dropped and re-registered, thus taking away the financial incentive for search-engine spammers and domain tasters. See Yahoo! article Google combats domain name loophole.

The second, and more significant, word comes from ICANN. In their 23 January 2008 meeting, they voted to make their 20-cent-per-domain fee nonrefundable (see items 5 and 6). This fee may not sound like much, but when domain kiters are registering thousands and tens of thousands of domains every week, it may be enough to make the practice unprofitable.

This may also have an effect on Network Solutions' new policy of grabbing up domains it discovers people are thinking of registering.

Direct magazine picks up the Linhardt story

Direct magazine has picked up the story: Linhardt Sues Anti-Spammers…Again. The article contains a fair amount of detail on the story and its history. There's also a link to Linhardt's explanation as to why he claimed to have Sender Score certification from Return Path, which Return Path has denied.

Labels: , ,

Friday, January 25, 2008

E360 files third SLAPP suit against Susan Gunn and others

Three days ago, I asked rhetorically where E360 gets the money to file all these harassing lawsuits. That question becomes more serious with the news that Linhardt has filed yet a third lawsuit against Susan Gunn along with Mark Ferguson and Kelly Chien.

Details of the lawsuit can be found at SpamSuite. In a nutshell, it's the same lawsuit as before, claiming defamation because the defendants called them spammers.

There's no way that E360 can win this case on the merits given the abundant evidence of their spamming, and even Ferguson's proof that E360 falsified opt-in records. This is clearly just another lawsuit intended to harass anti-spam activists.

One major question: How many times are the courts going to allow Linhardt to keep re-filing the same lawsuit before they put a stop to it.

Where is the money coming from?

This brings us to the question: Where does E360 get the money for all these lawsuits? The one against Comcast certainly will go nowhere unless E360 spends significant money pursuing it.

One theory I've heard is that, like the Mark Felstein lawsuit against Spamhaus in 2003, this lawsuit is quietly being backed by a coalition of spammers. In this case, the spammers are hoping for a legal precedent which will force Comcast, and by extension other ISPs, to accept spam without any blocking.

Labels: , , ,

Tuesday, January 22, 2008

E360 back in court; suing Comcast this time

Where do they get the money for all this litigation?

According to Direct magazine, E360 is suing Comcast for blocking E360 spam.

E360 CEO Dave Linhardt insists that E360 does not spam, and that they've been Sender Score Certified by Return Path. Oddly enough, however, Return Path says that E360 has not been certified.

E360 is asking for more than $20M in damages. Perhaps this is their new business model? Send spam, then sue whoever blocks them.

Update: Spamsuite has the paperwork.

Their comments:
Of all of the pathetic lawsuits I've seen....

Well, this one's got it all.

Deferring a connection is tarpitting and is a denial of service attack. Not delivering mail is a denial of service attack. Using a spam filter is not legal (or maybe it's just that it's not kosher -- we'll have to find a rabbi to rule on that one). Not telling a sender how to evade filters is fraudulent. A sender's inability to design a system that can cope with sending more email while waiting for deferred messages to timeout and retry is a denial of service attack caused by the receiver. e360Insight has even tossed in a First Amendment claim and I was pretty sure that we moved past that by 1999. And finally, having a whitelist or a feedback loop that you don't let everyone have is a violation of fair trade rules.

It's stunning. It really is. I'm not entirely sure how you get to be this dense, but I suspect that it's a painstaking (and probably painful) process involving frontal lobotomies and maybe electroshock treatments.

My own comments: This isn't the first time a spammer has sued someone for blocking spam. About two years ago, a spammer called Longhorn Singles sued the University of Texas over spam blocking. They lost.

Labels: ,

Monday, January 21, 2008

More coverage in the blogosphere

Friday, January 18, 2008

Heise Security picks up the story

Anti-spammer fined for accessing DNS records of private network

Labels: , ,

UK Inquirer picks up the story

DNS zone transfers ruled illegal.

Money quote:
What worried the judge was if she didn't convict Ritz of being a hacker, then the computer crime laws in the Land of the Free would be turned on their head.

It was much tidier to make it a crime to access a server on the internet that is set up to provide that public info. It seems that no one explained to the judge what the Internet was.

Labels: , ,

Thursday, January 17, 2008

Citizen Media law project carries the case

This has actually been up for months, but I just found out about it.

Labels: , , ,

Excellent comment on the Ritz affair

ZWithaPGGB at Slashdot has written an excellent editorial on the judge's decision in this case. I take the liberty of quoting the key part here:

When a jurist with little or no technical understanding attempts to make a ruling in a case where much of the evidence is technical, there is often a serious case of cognitive dissonance. This is the case in Judge Rothe-Seeger's ruling in the Ritz case.

I am not a lawyer, and make no comment about the merits of the behavior of Mr. Ritz. I am, however, a network engineer, and someone actively involved in information security, particularly using DNS.

In ruling that querying a nameserver that was configured to provide a zone transfer for a list of all the hosts in a zone illegal, Judge Rothe-Seeger has demonstrated a fundamental misunderstanding of the technical design of the Internet, not just of DNS, but of ALL the applications and protocols. Further, the comment that Mr. Ritz's querying and republication of the public WHOIS data "without Network Solutions permission" was illegal also completely misunderstands the nature of Whois data.

What the judge has done is, effectively, to say that each person who asks a public server for information that it is explicitly designed to provide to all and sundry needs to get specific permission for that content from that publisher. This is completely at odds with how the Internet works. The Internet is designed in such a way that servers provide content to anyone who asks, unless the owner has configured the server not to do so.

Sierra could easily have prevented zone transfers from their name servers if they so chose. If they did not do so, then the presumption is that they intended to allow it. There are many very good reasons why a service provider would want their zone to be transferrable, and by configuring their nameservers in that way, they were, in effect, doing the same thing as someone leaving a stack of maps out in public, for all to take at their leisure. What the judge has ruled would be analogous to finding a crime when someone took a copy of an ad that included a layout of a house from a realtor's office.

The WHOIS data, on the other hand, is public record BY DESIGN. It is part of the basic design of the DNS that you be able to find out who the registrant for a given domain is. How else are all the legal remedies for copyright infringement, illegal content, abuse of service, etc. to be exercised if there is no way to find out who to serve notice on and in what jurisdiction they reside?

It is clear from Judge Rothe-Seeger's bio that she has little or no experience of life beyond North Dakota. It is also clear from her ruling that she has little or no understanding of the Internet. Based on her age, it is time for the judge to retire, as she clearly fails to understand the world in which she now lives.

Labels: , ,

Chris Jester of Suavemente donates $5000

It's only fair that the really big donors get a public "thank you" on these pages, so I'd like to start the ball rolling by thanking Chris Jester of Suavemente for his generous $5000 donation.

Update: There was confusion caused by PayPal holding the donation. This has been resolved.

Labels: , ,

More coverage of David Ritz case

Anti-Spam Blog: Breaking the Law
Bricks: WHOIS lookups criminal?? Bad law in North Dakota

Labels: , ,

UK Register picks up the story

This one was pretty good: Anti-spammer fined $60K for DNS lookup 'hack'.

Labels: , ,

Slashdot picks up the story

Some DNS Requests Ruled Illegal in North Dakota.

Labels: , ,

Wednesday, January 16, 2008

Circle ID picks up the Ritz story

See Al Iverson's article in CircleID: North Dakota Judge Gets it Wrong. It's an excellent article. Al goes into some detail as to the absurdity of the judge's ruling.

Reminder: you can donate to David's defense fund at this web site.

Labels: , ,

Tuesday, January 15, 2008

Apalling judgement in the David Ritz case

I've been waiting with bated breath for the last few weeks to find out how David Ritz's lawsuit turned out. It turns out that the reason I hadn't heard is that the court slammed him with an unbelievable gag order. Among many other things, he's not allowed to discuss this case in detail. The transcripts have even been sealed.

Luckily, Mickey Chandler, who runs Spamsuite has been able to obtain a copy of the court judgement.

Spamsuite describes this as "12 pages of bad law". That's putting it mildly to say the least. The court has ruled, in essence, that because Ritz knows more about network administration than the average user, that everything he does with that knowledge is criminal. The court ruling is full of statements that I find frankly outrageous, but without access to the court transcripts, they're impossible to refute in detail.

I'm hoping that it will be possible to get this case unsealed so we can see what actually happened in the courtroom.

I'm also hoping that this will be appealed. I've never seen such an ignorant decision in a court case before, and this needs to be fought not only for David's benefit, but for the benefit of anybody who wants to continue using standard forensic tools in the fight against spam.

But appeal or no appeal, David's legal expenses continue to pile up. Please take a minute and donate to David's defense fund, either at this web page or by sending a check directly to his lawyers at:

David Ritz
c/o Debra S. Koenig
Godfrey and Kahn, S.C.
780 N Water Street
Milwaukee WI 53202

Labels: , ,

Friday, January 11, 2008

Azoogle drawn into Ralsky spam case

Earlier, I wrote about Alan Ralsky and how he's been arrested in Michigan on various spam and fraud-related charges, along with his son-in-law and nine other people.

Well it turns out that this case is likely to tie into Joe Wagner's case against Azoogle. It turns out that in pre-trial discovery, Azoogle admitted that the spammer they'd hired in their Get a "Free" plasma tv spam was Superior Distributing of West Bloomfield, MN, which turns out to be none other than Ralsky's son-in-law, Scott Bradley. A simple public record lookup which only takes a few seconds, would have shown Azoogle who they were dealing with, so they'll have some trouble claiming they didn't know they were hiring the Ralsky spam gang when they sent out the spam. A simple Spamhaus lookup would have told them even more.

Joe Wagner's court case against Azoogle and other spammers will be heard next Friday morning at the San Jose downtown superior court. It will be interesting to see how it turns out.

Labels: ,

Thursday, January 10, 2008

Ralsky arraigned

There has been much speculation over the last few days on whether Ralsky would actually return to the U.S. to face various spam-related charges, or if he would take it on the lam. Well, the answer is that he came back and was arraigned in U.S. District Court in Detroit yesterday. In handcuffs.

Read all about it in the Detroit Free Press: Man arraigned on charges he sent e-mail to inflate stocks

Labels: ,

Sunday, January 06, 2008

The hammer drops; Ralsky indicted.

One of the world's major spammers, Alan Ralsky, has been indicted in federal court, along with his son-in-law Scott Bradley and nine others. They've been indicted in federal court in Detroit on charges of running an illegal spam operation. Defendants are residents of Michigan, California, Arizona, Russia, Canada, and Hong Kong. According to the Detroit Free Press, he could be facing up to 20 years in prison, plus fines.

Charged are: Alan Ralsky, Scott Bradley, Judy M. Devenow, John S. Bown, William C. Neil, Anki K. Neil, James E. Bragg, James E. Fite, Peter Severa, How Wai John Hui, and Francis A. Tribble.

Charges include stock fraud, conspiracy, mail fraud, wire fraud, money laundering, and computer fraud. The government is seeking forfeiture of assets worth $2.7 million.

Media coverage:
Ralsky is currently travelling in Europe. No bets as to whether he returns to the U.S. on his own initiative, or is arrested there and extradicted.

Labels: ,

Zango/180 Solutions exploiting facebook to install spyware

From the "This comes as no surprise to anybody" department comes word that Zango is using a Facebook widget to install spyware on victims' computers.

The article at Help Net Security describes the attack in some detail, but in a nutshell, the victim receives a Facebook notification that they've got a secret admirer, and need to install some software to find out who it is. And then you need to forward the spyware to five of your friends as well.

The software you're tricked into installing is, of course, the Zango spyware.

Remember boys and girls, it's no safer to install software that some stranger sends you on Facebook than it is to install software someone emails to you.