Spammers don’t like being challenged and fight back!

In a very interesting turn of events Spammers are not happy about getting a taste of there own medicine and have started an essential war between one company that is fighting back against spammers. [Wired]

Spammer sites under attack by Fed up Net Citizens

I did not realize this but apparently there is a fairly organized group of about 5000 people that pick a spammer site a day to go after. The results have been pretty good in a sense they are fighting fire with fire. Interesting read on the S*pam King Blog that tells of one spammer begging for them to stop. I think as Spam continues to rise we will see more people taking it upon themselves to go after these annoying scam artist sites. [S*pam King Blog]

FTC Offers Bounty to Name Spammers

The United States Federal Trade Commission (FTC) announced, in a public report, that a system of monetary rewards would help improve the enforcement of the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2002 (CAN-SPAM Act.) That Act, which became effective on January 1, 2004, required the FTC to conduct a study and provide a report to Congress on a CAN-SPAM “bounty system.” While the fact that bounties may be offered to those who help authorities in nabbing spammers doesn’t unusual, what is very much out of the ordinary is the projected bounty amounts necessary to make them effective.

The FTC reports three hurdles exist in enforcing the CAN-SPAM Act: 1) identifying and locating the spammer, 2) developing sufficient evidence to prove the spammer is legally responsible for sending the spam, and 3) obtaining the source of funding for the bounties. The report states that those with the information most helpful to authorities are whistleblowers and insiders: those who have had personal or business contact with the spammers, themselves. Because of the real possibility of retaliation, the monetary awards encourage the whistleblowers to come forward. The FTC thinks that awards of about $100,000, upward to $250,000, are reasonable, with funding for the bounty program to come from federal taxes.

Dave’s Opinion
I wish I knew a spammer; for a quarter of a million, I could by RV my kids are clamoring for and go on the road for a few months. Why do we need an incentive to do the right thing. Turning in details of bona fide spammers is just a good thing to do. Why should we expect to be bribed by the government?

Call for Comments
What do you think? Leave your comments on the message center.

References
FTC Report
Message Center

AT&T Released Details of Anti-Spam Filter, Hopes For Long-Term Benefit

AT&T received a U.S. patent earlier this month that will give intellectual property (IP) attorneys ground on which to stand when pursuing spammers.

The patent, number 6,643,686, grants AT&T IP protection for its system and method for circumventing schemes that use duplication detection to detect and block unsolicited e-mail (spam). What this means is that spammers can now be sued under the patent infringement laws for trying to defeat the anti-spam filters that run on mail servers.

In its patent application, AT&T provided significant details regarding how spam filters work and how they can be defeated, and this release of information has brought on a firestorm of protest from the e-mail security and anti-spam communities. However, AT&T anticipates that creating the legal grounds, however technical and specific, to pursue spammers will, in the long run, benefit the general Internet community more than the risks posed by releasing the details of anti-spam filtering systems.

Dave’s Opinion
AT&T is following a tried and true legal tactic of patent and then sue. These booby-trap or submarine patent suits are a staple of the legal profession, and in many cases they work well. I hope that AT&T shares its IP rights freely with those who want to put spammers out of business and are willing to pursue the legal process to do so.

Call for Comments
What do you think? Leave your comments below.

References
AT&T Patent

The Big Gorilla Project

Spam is an ever-increasing annoyance for e-mail users. Most people have some form of spam filtering application that reduces the instances of the frequently offensive unsolicited commercial messages. Many of these filters seek to identify spam based on the address from which the message is sent, but spammers are already wise to this trick, and spoofing is now commonplace. By hiding or misdirecting their transmission source, spammers make it exceedingly difficult for most users to determine from where the spam message actually came.

But there’s some hope for spammer identification. An loose alliance formed by large e-mail services (Microsoft, Yahoo, America Online, and Earthlink), the Anti-Spam Research Group (ASRG), and Intelligent Computer Solutions (ICS) is working on an e-mail sender-authentication system that’s been dubbed the Big Gorilla Project.

Using an identification system based on public key encryption, ISPs who have control over outgoing e-mail can include a piece of encrypted code in header of each outgoing message. The code snippet can be used by receiving ISPs to confirm the identity of the outgoing e-mail server and the authenticity of the e-mail message’s return address.

By confirming the identity of the transmission site, it’s a simple matter to blacklist and block known offenders.

Dave’s Opinion
I use a combination of anti-spam filtering applications, both on our incoming mail servers and our client workstations. So far I’ve been able to drop my daily spam tally from over 600 messages to about a dozen, maybe double that on a bad day. But that’s still not good enough. It’s not just receiving junk mail that bothers me, it’s the offensive content.

I’m all for proposals, both legislative and technical, that help kill off spam.

Call for Comments
What do you think? Leave your comments below.

References
Anti-Spam Research Group
Intelligent Computer Solutions

California Wins Legal Case Against Spammers

Two LA spammers were ordered to pay $2 million and received various business restrictions in Santa Clara County Superior Court, this past Friday. This is the largest judgment won by government prosecutors against senders of unsolicited e-mail. The spammers are also the object of a Federal Trade Commission suit; however, both legal cases are civil suits, so there’s not much chance that the spammers will see the inside of a jail cell anytime soon.

Since 1999, almost three-quarters of states have passed anti-spam laws, but prosecutors have brought only a handful of lawsuits; success in the legal system often requires integrating case law (past judgments), and until more criminal suits are won this catch-22 will continue. Rather than pursue criminal penalties, ISPs and frustrated individuals have been using the courts by filing suit using various laws such as consumer fraud and trespass.

Dave’s Opinion
The U.S. Senate unanimously approved an anti-spam bill this past Wednesday: the first federal legislation to tackle spam. The Sentate bill requires bulk e-mailers to indicate a valid return address, disclose that the content is advertising, and give consumers valid and working opt-out mechanisms. In addition, the bill bans the use of addresses obtained from automated mechanisms, such as web-crawling and e-mail harvesting.

Senate bill S.877, CAN-SPAM Act of 2003, also directs the FTC (Federal Trade Commission) to come up with a plan for a do-not-spam registry, similar to the do-not-call telemarketing registry.

The U.S. House of Representatives is considering competing anti-spam legislation, and may have a more difficult time reaching agreement; however, I’m holding out hope for a valid and reliable do-not-spam registry by 2005.

Call for Comments
What do you think? Leave your comments below.

References
S.877 CAN-SPAM Act of 2003

Don’t Spam in California

California Governor Gray Davis must be bucking for the Geek vote in the October 7th special election in which he could be recalled from office. Today he stood tough and signed an antispam law that prohibits anyone from sending unsolicted commmercial e-mail (UCE, aka spam) to a California e-mail address.

Requiring subscribers have opt-in (yes, opt-in, not opt-out) control over which junk mail they want to receive, the law will help prevent e-mail users from being bombarded with unwanted e-mail messages. Offenders are liable for damages up to $1 thousand for each message sent to an individual and up to a whopping $1 million for each advertisement campaign. The law grants the right to seek damages to the recipient, the state attorney general and the e-mail service provider.

The law has additional provisions that make it illegal to collect e-mail addresses for the purpose of sending spam.

Dave’s Opinion
Hoo-whee! This is the way to write an anti-spam law. Make just about everything about junk e-mail illegal. Way to go, Gray!

Call for Comments
What do you think? Leave your comments below.

References
California SB 186

Craziest Think I’ve Ever Heard: Pay Spammers Not To Spam

The craziest thing that I’ve ever heard is to pay spammers not to spam, and that’s just what a startup company from San Antonio, Texas, Global Removal (GR), is planning to do. Their theory is that spammers are in business to make money, and that the lowbrows will remove your e-mail address from all of their junk mail lists for a buck.

In addition, subscribers (you and me) are required to pay a fin to be part of this crazy scam.

Dave’s Opinion
My B.S. radar is way overloaded after reading about GR’s plan to pay spammers one dollar for each e-mail address that subscribes to GR’s program (after being spammed in an effort to garner subscribers). Yes, you read that right.

Here’s the scoop as I read it from Global Removal’s website:

1. spammers seek to get people to subscribe to Global Removal’s “do not spam list” by sending the invitation as a spam message.
2. spammers are paid $1.00 for each address that subscribes to the “do not spam list.”
3. uninformed users give Global Removal their e-mail address and $5.00 to be added to the list.
4. spammers are to purge their list of all subscribers.

Am I the only one who sees a problem here?

I’ve got to start giving spammers more credit. They’re smarter than I thought.

Call for Comments
What do you think? Leave your comments on the message center.

References
Global Removal
Message Center

Don’t Challenge That E-mail!

When I ask IT people what they see is the biggest problem on the net today, the most common response is spam. When I ask non-techies the same question, I always get the answer: spam.

There’s not much we can do at the moment to combat spam except install filtering software that keeps an eye out for common spam terms (I don’t want to list them here because there’s a good chance your filtering software will trash this newsletter).

There’s an alternative to e-mail filtering that’s being discussed when ISPs and other technical folk gather: challenge-response messaging. With this e-mail technology, senders will receive a challenge e-mail message the first time they send a message to an e-mail account that has enabled challenge-response security. If the sender appropriately responds to the challenge, the original message is then delivered to the recipient, and future messages sent to the same e-mail account will also be delivered.

This process verifies the sender’s return e-mail address and adds the address to the recipient’s white list, the tally of addresses from which e-mail messages may be received.

Dave’s Opinion
At first this sounds like a good idea; however, there are a few limitations to the system. The first is that challenge-response white lists may allow all e-mail from the sender’s domain to be delivered. If john@doe.com responds appropriately to a challenge, then not only will his future messages be delivered but also jane@doe.com, and charlie@doe.com.

The second problem I see is for e-zine (e-mail newsletter) publishers, including me. Challenges that are sent in response to the newsletter will result in the recipient’s being unsubscribed from the newsletter. Bounced e-zine messages are usually automatically removed from the subscriber list. This isn’t just a problem for publishers but also for readers who may not realize why they’re no longer receiving their newsletters after the challenge-response system has been installed by the corporate IT staffer.

And worst of all, the challenge-response system adds at least two additional e-mail messages traversing the net and corporate e-mail servers each time a new relationship is created.

Let’s solve the spam problem at it’s root by continuing to work through the legal system to stop spammers. In the mean time, do your part to make the spamming less enticing: don’t buy anything from spammers and don’t reply to their messages, you’re only confirming that they’ve reached a valid e-mail address.

ITinfo