The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Thursday, July 24, 2008

Eddie Davidson kills family and then self.

I waited until multiple news sources had this story up before posting it, but it looks like it's true. Pump-n-dump spammer Eddie Davidson, who escaped from prison a few days ago, has killed his wife, his three-year-old-daughter, and himself. Two other children survived.

Media coverage:, Denver Post,, Fox News Colorado.

Tuesday, July 22, 2008

Another spammer in the slammer

As if there's a strange conservation law in effect to counteract Eddie Davidson's escape, Robert Soloway has been given four years in prison for mail fraud, electronic mail fraud, and failing to file a tax return.

While it's less than the prosecution was asking for, it's more than just a slap on the wrist, and with a little luck he won't return to spamming when he's out.

He will also have to pay $700,004 in restitution, which very likely is a slap on the wrist. First, he almost surely has the bulk of his ill-gotten gains safely hidden away and so $700k is a fraction of what he actually made, and secondly, I would bet that the $700k never actually gets paid.

Soloway will be allowed to roam free for sixty days before serving his sentence. The government considers him a significant flight risk, so it will be interesting to see if he actually reports to prison when expected.

Coverage: KOMO tv: 'Spam King' gets 4 years in prison. SpamSuite: Sentencing Hearing.

Labels: ,

Spammer on the lam

A strange story from Colorado today: Pump-n-dump spammer "Fast Eddie" Davidson who was serving 21 months in a minimum security prison in Florence, Colorado simply walked away from the prison camp and is now at large.

The full story can be found at 'Spam King' Escapes From Prison.

Tuesday, July 15, 2008

Word from the Soloway sentencing hearing

Robert Soloway's sentencing hearing has begun, with the hearing already gone to two days and a third day scheduled for next week. It's unusual for a sentencing hearing to go on for more than a single day, and they're still not finished.

The government's sentencing recommendations and Soloway's response can be found at Spamsuite.

In a nutshell, the government lays out what Soloway did (spamming, header forgery, fraud, tax evasion, etc.) They have so many victims it would take weeks for them to all testify. That Soloway has never paid a penny in the judgements against him won by Microsoft and Robert Braver. That Soloway bragged that the law couldn't touch him and none of the plaintiffs would ever see a cent.

The government asks for nine years in prison, three years probation, complete forfeiture of everything Soloway ever made from spamming, 624 hours of community service, and that Soloway be barred from the internet until his sentence is complete.

Soloway's response — or more precisely, his laywer's response — is a more interesting read. Paraphrased, it says:
  • They admit that Soloway was a spammer, but say in essence "hey, it's just a little spam".
  • They say he only spammed for charity, and if some non-charities took him up on his offer, well, that's not his fault.
  • He never spammed for himself, so he obviously didn't make any money from spamming.
  • The commercial email kit which he sold received more thanks than complaints.
  • Those people who said they didn't get the refunds he promised were just a misunderstanding, and it wasn't all that many anyway.
  • He meant to file his taxes, and was filling out the forms when he was arrested.
  • Spamming wasn't even against the law until 2004 so who cares that he was spamming since 1999.
  • Soloway wasn't really forging the email because the only forgery was putting the recipients own name in the "From" line, and once you opened the email you could see who it was really from.
  • All those customers who ultimately got blacklisted by their own ISPs brought it on themselves; they should have read the instructions more carefully.
  • It's not Soloway's fault that some ISPs have anti-spam policies.
  • Dark Mailer isn't spam software; don't believe what Wikipedia says about it.
  • Don't call them "zombies", call them "proxies".
  • You can't prove those servers really sent 120 million emails.
  • Soloway doesn't have any hidden assets.
  • Soloway was framed by other spammers using his business name.
  • Only a few of the complaints mentioned actual monetary loss and most of them don't provide any proof.
  • Soloway denies that he deliberately increased the amount of spam sent to people who asked to be removed.
  • Spam filters are cheap.
  • Soloway didn't harvest any email addresses [he bought them fair and square?].
  • Don't listen to Robert Braver, he's sued more than 240 people for spamming.
  • Ignore Braver's and Microsoft's lawsuits; they were default judgements.
  • Soloway never claimed the email list was opt-in.
  • At least he didn't send any porn.
  • It's not fraud because there was only a 1% complaint rate.
  • All those people who received the spam should be forced to prove their losses.
  • Soloway only made $400,000 in those four years of spamming he's charged with, so the total losses can't possibly be more than $400,000.
  • Putting someone's name in the "From" field isn't identity theft [I'm inclined to agree with this one - ef]
  • This is Soloway's first brush with the criminal justice system [ignoring all his brushes with the civil system, and the times he fled jurisdiction on both California and Oregon], so the court should go easy on him.
  • It's not his fault, he has Tourette Syndrome. He won't be able to get his meds in jail.
  • He offered to cooperate with law enforcement after he was arrested.
  • He's certainly learned his lesson now, yessiree. You can be sure he won't do it again.
  • Most of the people responsible for the Enron scandal got shorter sentences than the government is asking for here; it's not fair. Other spammers got shorter sentences.
  • And hey, it was just a little spam.
Well, that pretty much sums up the defense's case.

Various spam-fighters have been asked to testify at the sentencing hearing, but they're being sequestered before speaking so they don't have much to report outside of their own testimony. Apparently Soloway's mommy is there, scowling at everybody.

Other press on the story:
  • Soloway Case Reveals Big Business Behind Spam — discusses spam botmaster Adam Sweaney's testimony of how he sold botnet access to Soloway, how the cost of getting into the spam business has shut out all but the big-time spammers, how much spam costs the ISP industry, and how one Soloway customer lost his internet access after using Soloway's software and the losses he suffered as a result.
  • KOMO Victims testify at Spam King's sentencing — discusses the challenges the judge will have assessing damages. (Why does the press call every spammer a "Spam King")? Includes link to video with footage of Soloway and interviews with various figures in the story.
  • Computer World: Judge delays 'spam king' sentencing. The third day of testimony in the sentencing hearing has been scheduled for 22 July.
  • Seattle PI: 'Spam King' defied Feds, now faces up to 20 years.

Labels: ,

Tuesday, July 08, 2008

Zombies on my network? It's more likely than you think.

Just a quick link to John Levine's blog post Yes, you really have a zombie on your network. The article covers a discussion we had on a technical mailing list involving someone who was having a hard time believing that his network was really infected by spam-bots.

In the post, John forwards a good summary of the problem and what to do about it, written by Steve Champeon.

The key points in the article:
  • Don't look for clues in your mailserver's logs; chances are the spam is coming from infected machines with their own SMTP engines and aren't using your servers to relay in the first place. And even if they are, you won't find anything useful in the headers.
  • Shut down unauthorized port 25 outbound connections, and put a sniffer on your network to find out where they're coming from. In fact, do it now, before you find yourself listed somewhere.
  • Don't assume the blocklists have made a mistake; look to yourself first.
Remember, for every well-known published blocklist which will remove you once the problem is solved, there are a thousand privately-managed blocklists whose admins won't be bothered to periodically re-check to see if you should be removed. Entry into one of those blocklists is for life. So don't wait until you find out you've been listed somewhere before you take action to prevent outgoing spam.

Saturday, July 05, 2008

Et tu, Easyjet?

We call it "mainsleeze". That's when an otherwise mainstream company advertises via spam. Today's mainsleeze spam came from EasyJet, a discount airline in europe similar to Jet Blue, except with terrible service.

I probably never would have flown EasyJet again after my last experience, but they've just made it official. spammers and maybe more

Just a quick vent: lately, a new website,, has been spamming this blog with advertisements for their site. I've been spending too much of my valuable time deleting their spam as they post it.

A simple whois shows they're registered anonymously, which is commonly the mark of a less-than-legitimate organization.

I tried out their site myself. It's basically a place to vent your frustration. It's unlikely anybody will ever read what you have to write. After you've entered your complaint, you're given the opportunity to pay a fee and get preferential placement, which I suppose means you get placed at the top of the search results that nobody will ever be searching for anyway.

It remains to be seen what else they're up to. Similar review sites have been known to try to blackmail businesses with threats of negative reviews or censorship of positive reviews, or to charge fees to have negative reviews removed, and so on. I'll be watching for further news of them.

Meanwhile, if you really want to post a review of a business, positive or negative, then I suggest either ResellerRatings or Yelp, both of which are popular, honest, and well-established web sites.

Wednesday, July 02, 2008

Judge rejects Linhardt's request to be dismissed from Comcast lawsuit

When a judge's ruling starts with "I have before me a largely misguided motion...", you know it's a bad day for whoever filed it.

In January, E360 filed a lawsuit against Comcast in the hopes that they could force Comcast to accept E360's spam. E360 lost that suit.

In March, Comcast counter-sued E360 and its owner Dave Linhardt for spamming. This suit is still ongoing.

In April, E360 filed a motion to dismiss, asking among other things, that Linhardt be dismissed from the suit under the theory that he was only doing his job as officer of the corporation, and only the corporation should be held liable.

Today, Judge Zagel ruled against E360 on almost every single point. Most significantly, Linhardt will remain part of the lawsuit:

This leaves the final point, which seeks dismissal of the only natural person among the Counter-Defendants, Linhardt. What is offered to support his dismissal from the claims is the rule which protects corporate officers from personal liability for misdeeds of the corporation. However, this rule does not cover corporate officers who are alleged to direct and control the corporation. It is difficult to seek shelter in this rule when one is alleged to be the whole owner and controller of the all the corporations involved, as is the case here. And there are allegations of specific actions by Linhardt which would establish his liability, i.e., that he deliberately lied to Comcast when he orally stated that all intended e-mail recipients have opted in to receive the emails and that he ordered the abuse of process.

The only piece of the lawsuit the judge was willing to dismiss was Comcast's "unjust enrichment" claim which E360 asked to have dismissed and which Comcast didn't even bother to argue. The judge has dismissed this claim, but mentioned — practically invited — that Comcast was free to re-plead this count after discovery.

Also of interest is the Judge's reference to Linhardt's habit of repeatedly dropping and re-filing lawsuits. This is a judge who knows E360 for what they are and won't be letting them get away with any bullshit.

If only Susan Gunn and David Ritz had had judges with this much clue. But then, Comcast is very rich and Gunn and Ritz are not, and in the legal system, you get what you pay for.

(Speaking of which, I would like to take this opportunity to mention that David's legal battles are not over yet, and you can donate to his defense fund here.)

Labels: ,