Zango's request for a TRO against PC Tools denied

Two weeks ago, I wrote about how spyware maker Zango is suing PC Tools for labeling them as spyware and removing them from users' computers.

The latest news from SunbeltBLOG is that their request for a temporary restraining order has been denied by the court (pdf, 9 pages). (Link via Spam Notes.)

To summarize the court papers: The latest version of PC Tools' Spyware Doctor program gives Zango the most benign rating available, but still lists them. Zango says this isn't good enough because older versions of Spyware Doctor are still available, and because Zango doesn't want to be listed at all. Zango admits they distributed harmful malware before, but says they've gone straight since they were fined $3M by the FTC.

The court agrees that Zango will suffer harm to its reputation if it PC Tools continues to label them as a "Potentially Unwanted Application" but disagrees that the harm is significant enough to warrant a TRO, especially given that PC Tools has already taken steps to mediate the harm.

More significantly — and here are the best parts — the court has stated that it thinks that Zango is unlikely to win their case on the merits (page 6).

But most significantly of all, on page 8, the court rules that the public interest favors the defendant. That is, "it is in the public interest to allow companies similar to Defendant to be able to exercise their judgment and block potential malware applications"

Spamhaus ZEN: 80% blocking rate, zero false positives

As reported yesterday in Al Iverson's SpamResource web page:

Iverson was becoming overwhelmed by the spam sent to his abuse address. For obvious reasons, it's a very bad idea to filter an abuse-reporting address because legitimate abuse reports are too easily mistaken for spam.

As an experiment, Iverson applied the the Spamhaus ZEN blocking list to his incoming abuse mail — to tag rather than block.

(Spamhaus ZEN is a merger of the three blocking lists maintained by Spamhaus, and thus should be the most aggressive of them all.)

Iverson's results: out of over 2200 spams received in February so far, nearly 80% would have been blocked by Spamhaus, and there were zero, none, nada false positives.

This is encouraging news for administrators who worry if it's safe to use a blocking list. More testing is required though before it's safe to give Spamhaus the Zero False Positives Seal of Approval. At the very least, we need to see results from a variety of different users, and we need to see the results applied to a corpus of many more than 2200 messages.

Today's new useful resource

Brought to my attention today: Tracking the Spammers at DanHatesSpam.com. There are some truly excellent tutorials and examples here. He also includes a list of Secretary of State websites, which help you identify the actual owners of a spamming business.

See also his list of small claims court cases, most of which he's won and some of which are still pending. An inspiration to us all.

Tools in the fight against spam

I'm on the fence about whether I should mention some of these tools or not, as there are those who consider fighting abuse with abuse to be a bad thing. The other school of thought is that it's ok to defend yourself when you're attacked by spammers.

This post is a living post; I'll be adding to it as time goes on. Perhaps later I'll replace it with a link to a static page.

• Sender Score — Call themselves "The world's most comprehensive database of email sender reputation". Use it to check out your own business and make sure you're staying out of the anti-spam blacklist.
  
• Wpoison -- The oldest one I know of. This is a cgi script that generates bogus web pages on demand. Each page is filled with giberish, fake email addresses, and links to more wpoison pages. The idea is that email address harvesters will harvest the fake email addresses and poison the spammer's database. This is a very old script and may no longer be effective. It also has the potential to poison the databases of search engines, which is an undesirable side effect. The search engines are likely to drop your entire site from their crawl in response, which is probably something you don't want. Protect the search engines (and yourself) against this by installing a proper robots.txt file along with wpoison.
• Spam Poison -- Seems to be a commercial reincarnation of wpoison. They provide you with a tagged url to place in your web site which redirects harvesters to their web site. Not clear how they make money (if any) from this. Also, the links have "spampoison.com" in the clear, so I would think that the harvesters will have learned to ignore those links by now.
• Spam Gourmet -- One of my favorites. They provide email addresses with short lifespans to use anywhere you're required to give an email address to strangers. Their basic service is free and fairly easy to use. You sign up with them and get an email address in their domain. Then, whenever you need to enter an email address on a web page, you enter one in the form userid.N.cookie@spamgourmet.com. The cookie is anything you want to use for that web site, and N is the maximum number of emails you're willing to receive. The first N messages are forwarded to you. After that, it becomes a black hole, never to contact you again. You don't even need to visit the spamgourmet.com web site after the initial signup. The only tricky part is coming up with cookies you haven't used before.
  
• Spam Decoy.net — Disposable email accounts (not yet reviewed).
• SiteAdvisor -- Provides two services: First, they seed web forms all over the internet with tagged email addresses to see which ones get spammed. Second, they visit sites with potentially malicious software to see which ones download malware onto their computers. They then make this database available under the creative commons, and provide warnings while you surf. Visit their web page for a short animated demo. See my review above.
• Spam Cube -- A hardware solution to spam. Similar to a firewall box, Spam Cube sits between your computer and your network, filtering out spam as it arrives. Presumably, its filters are regularly updated remotely by the vendor. Like a firewall box, Spam Cube is configurable via a webbish interface. See International Herald Tribune review.
• SpamFighter — Collaborative anti-spam tool for Windoze. Click on a piece of spam that the filter missed, and the spam is removed from everybody's inboxes simultaneously. Not being a Windoze user myself, I haven't tried it out.
  
• SpamSieve -- Bayesian filter software for Mac OS X. $25. 30-day trial available.
  
• SpamPal -- Filter program for Windows. Runs between your mailbox and your mail program, tagging incoming mail as spam if the sender is found in a DNSBL database.
• SpamAssassin -- Similar to SpamPal, but for Unix/Linux. A perl program launched from procmail which tags spam based on multiple criteria, including DNSBL listings.
• Blue Frog -- Subscription service which maintained a do-not-spam list and complains to spammers on your behalf. Driven out of business by a denial-of-service attack in 2006.
• TattleMail -- Subscription service which automatically analyzes your spam for you and sends complaints to the proper authorities. $1/month. See ClickPress review.
• FormFlood -- A program written to fill web-based forms with gibberish. Nominally intended to load-test servers, it can also be used to poison a spammer's leads database. Here's how it works: A spammer (say a mortgage spammer) floods you with spam asking you to fill out a form to apply for a mortgage. (In reality, this information is simply sold to mortgage brokers, who will contact you later.) FormFlood lets you fill out the spammer's form thousands of times with reasonable-looking gibberish. This wastes the time of the mortgage broker who hired the spammer and makes the spammer's leads worthless. Soon, that spammer is out of business. Poison the databases of enough spammers, and the mortgage broker who hired them starts looking for more legitimate ways to run their business.
• PhishFighting.com -- Similar to FormFlood; this site allows you to report the URL of a phishing site, which is then flooded with bogus information. The phisher is then unable to find the useful information in the flood of useless data.
  
• Spam Vampire -- This is a program intended to suck down all of a spammer's bandwidth. In short, if enough people run it, it creates a distributed denial of serivce (DDOS) attack against the spammer's web site. It's written in javascript and runs right in your browser. You installing it by downloading the source code (which is an html file) onto your local disk. You configure it by editing the web page to point at a web page owned by the spammer that's annoying you, and by disabling caching in your browser. You run it by simply viewing the web page in your browser. If you like, you can even simply view the web page directly from the spam vampire web site, but then it attacks the spammers that Darren Brothers chooses instead of the ones you choose. The instructions seem to be directed at Windows users, but it probably runs under Mac and Unix/Linux as well. I haven't tried it myself
• Refi Retaliator -- Another program intended to poison the leads database of a mortgage spammer.
• Lad Vampire -- Coordinates DOS attacks against spammer web sites, similar to Spam Vampire.
• Cloudmark -- Community-based anti-spam service.

Links to many spam-fighting tools and tutorials can be found at Spam Huntress' web page.