homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

Spammers ordered to pay $1 billion
Turning up the heat.

 1:00 am on Dec 19, 2004 (gmt 0)




 3:02 am on Dec 19, 2004 (gmt 0)



 7:00 pm on Dec 19, 2004 (gmt 0)

The defendants will just fold up their dummy corporate entities and move on.

I'm in favor of the ruling, but, sadly, I think it's going to be a case of playing legal whack-a-mole.


 8:29 pm on Dec 19, 2004 (gmt 0)

Exactly, they could just as well have awarded them a trillion dollars. They're probably not going to see a dime of the money anyway.


 8:51 pm on Dec 19, 2004 (gmt 0)

The sad part of it is that it to long.

My guess is that a good 25% of the emails sent as order confirmations do not even get to the in boxes of the people they are addressed to.

Filtered here and there by ISP's and user defined spam filters to the point of nearly useless.


 10:01 pm on Dec 19, 2004 (gmt 0)

Coming up with the figure of $10 dollars per spam message does make sense because it gives you a formula to address damages however the end result does not make sense. A billion dollars in damages is just silly.


 10:47 pm on Dec 19, 2004 (gmt 0)

Enough e-mails to equal a billion dollars at $10/e-mail is what is just silly.


 11:45 pm on Dec 19, 2004 (gmt 0)

One hundred million emails is a lot of spam. The fact that they'll never see much of that money is disgusting.


 2:12 am on Dec 20, 2004 (gmt 0)

If they can catch up with the spammers and sieze all of their assets (including homes and other assets), along with creating debts that the spammers will never be able to pay off, they can help deter other spammers. The problem is catching them. However, Virginia did put a North Carolina spammer in jail, so there is hope.

A judgement this large can serve as an incentive for anyone who knows the spammers to turn them in for a piece of the action.

Now if we could just replace the federal CAN-SPAM law with a law that really outlawed all spam with similar damages, we might be able to get somewhere.


 11:22 am on Dec 20, 2004 (gmt 0)

Just remember to keep all your spams in future.

Because, if you are ever called upon to make a claim, you'll need all the paperwork.

That there spam folder could be your next goldmine.


 1:48 pm on Dec 20, 2004 (gmt 0)

It is true that the paintiff may get little or no money.
But the deterent effect on anyone who is considering email as a marketing device will now have second thoughts.
As for me I don't even respond to e-mails anymore unless the sender specifically requested a response.
Even then I keep a copy of the incoming email just in case.
Theoretically ordinary people could be sued for sending a request for information on some website etc.

Considering the fact that some spammers send emails with bogus return addresses. What if that return address is anyname@yourdomain.com
And then people begin to sue you. It's scary thought isn't it, just to say the least.


 3:10 pm on Dec 20, 2004 (gmt 0)

It should be a criminal offense w/ jail time! Darn spammers!


 3:16 pm on Dec 20, 2004 (gmt 0)

Time to eliminate the concept of "internet privacy".

My solution is to tax ISP's for bulk e-mails. The first hundred addresses are free, then say a penny per address after that. Close to all internet users would never pay anything.

I posted a newsletter via e-mail every month for a while, about 1200 people asked to be signed up. I would have happily sent 12 seperate e-mails (100 addresses each) if that helped stop spam. A spammer with a million addresses would post 10,000 times? I think not.

Even with ISP software to stop splitting addresses up would only have cost me 11 dollars US a month, nothing compared to the lost wages due to deleting junk mail. The typical spammer would pay $30,000 per message.

As it is right now, I've basically stopped using e-mail. My filter at my ISP is set to only allow messages from a couple dozen selected friends. Unfortunately that does nothing to stop spammers.

We could also look at the Ham Radio environment, where everybody who transmits must be licensed by the FCC. It may seem draconian, but remember, by some estimates close to 90% of all e-mail is spam. We do need a major re-work of the protocol, or just dump it altogether.


 4:10 pm on Dec 20, 2004 (gmt 0)

I don't think that this is an issue for the government. First off, the protocols for sending email make it too anonymous.. it's too difficult to trace it back anyway. Second, huge amounts of spam come from outside of the US, so trying to legally enforce this would require a global effort.

I think the last suggestion of rewriting the protocols is the best bet. There's two ways I've thought of to do this. The problem right now is that the from address can be easily spoofed, just as easily as you can write a fake return address on a piece of snail mail. The from address of spam is useless.

So the first protocol rewrite method would involve some way to verify identity. Some spam filters do it a little differently. I've seen challenge-response systems that create a whitelist. When someone sends you an email, if their address isn't on the whitelist, it will respond to them automatically with a request to fill out a short form asking why they are contacting you. This form is then sent to you, where you can accept or deny it. The idea here is that a spammer will never fill out that form, and if they did, you'd never accept it. This can be bad for business email, because you don't want your customers having to go through this process.

But I think the easiest and most entertaining fix would be a spam filter with a retaliation module. Let me explain. I use SpamAssassin on my own network and it works great. It finds particular characteristics of spam that are each assigned a certain point value. Once the point value breaks a certain threshold (I've set mine to 5.0), it's marked as spam.

But let's set another threshold; the retaliation threshold. On my system, I'll set that at 7.0. If an email is marked as 7.0, then it's obviously spam, no questions, not a false positive. My spam filter would instantly go out and perform a DoS attack on the originating IP address. Of course, it's likely that my network alone is no match for the spammer's network if they are sending out such quantities of email. However, if others implemented a similar system, that spammer could experience a DDoS attack from various people that they were spamming. After they sent out enough emails, they would be taken down -- Hopefully the number of emails they sent that would cause this would be only a small percentage of those that they would be able to send otherwise.

But there's another possibility here. Sometimes the sending IP address has been forged, which means that the spammer is using someone else's network to send their spam. If this is the case, it means you'll be DDoS'ing some innocent bystander. However, this will accomplish two positive things:

1) The system will go down, and the spam will still be stopped (or interrupted at least), and
2) The innocent bystander would be made aware that someone has compromised their system and it's being used to send spam, in which case it should be taken down.

Once this system is implemented on enough networks, it would make increase the cost of sending spam since any network used for sending spam would be under attack within minutes, the effort needed to send 1,000,000 emails may now equal the effort to send 100 emails. And that's always been the real solution -- Make it so that spam is not cost-effective, and it goes away.


 5:23 pm on Dec 20, 2004 (gmt 0)

Nick, you've got to be kidding. Didn't anyone learn anything from Lycos [internetnews.com]? What you're proposing would be illegal in many countries.


 7:52 pm on Dec 20, 2004 (gmt 0)

Who was the judge, Austin Powers?

I am sure that anyone who has been around for a little time has been contacted by the 'same' company that contacted them six months prior. The company has renamed itself for "better branding".

These outfits aren't even down for a couple of days. New shell corp... move on. Think they have any assets in the corp.? I highly doubt it.



 7:53 pm on Dec 20, 2004 (gmt 0)

Well, where I come from, if you can't pay the fine ...
you do the time!

Hopefully, these charming folks using legitimate email addresses to send their crap around the world will have time to think about the real damage they have caused to millions of people.

Because of spam, AOL cut off my entire country from sending email to any of their customers for more than 6 months this year. I would estimate the damage to be quite substantial. I know it must have cost me at least $20,000 to $30,000 (if not more) alone. I received legitimate requests for info and was denied access to supply that info to any and all AOL customers. As a result, I lost a lot of sales.

Spam doesn't just cost in the obvious ways (time to sort through and delete the junk) ... there is a huge amount of collateral damage as well.

Let them rot in jail if they can't pay! They are directly or indirectly responsible for taking money out of my pocket ... and there are millions of others just like me.

I have no pitty or compassion for spammers whatsoever. In fact, I wish I could condemn them to the worst possible jail in the world where they would be placed in a chain gang and fed dry, mouldy bread and tainted water for the rest of their lives! Unfortunately, they'll likely end up bunking with Martha Stewart and learning how to knit pretty little doilies .. if they get any jail time at all! :(


 6:04 am on Dec 21, 2004 (gmt 0)


<Nick, you've got to be kidding.>

Nope.. I think it's a good way to go. You can't legislate spam out of existance; it's just not going to happen. There has to be a way to make it logistically expensive. Passing a lot to charge a tax or make sending spam illegal isn't going to work.

<Didn't anyone learn anything from Lycos?>

Yes.. don't use hostnames (which can be redirected to other IP addresses) as the target; use the source IP :-).

<What you're proposing would be illegal in many countries.>

Perhaps, but that doesn't mean that it's morally wrong; nor does it mean that it isn't the right or best solution.


 6:40 am on Dec 21, 2004 (gmt 0)

There are a number of ideas, here are mine:

1] Make it absolutely illegal to forge / spoof / falsify the sending address.
It MUST come from the originator, whether a company, ad agency whatever.

2] Seek cooperative international legislation so other countries do the same.

3] Set up a time-table to restrict, and finally BAN emails from
countries that refuse to do enact these uniform laws.
Individual countries could set their own time tables and allow exceptions.

4] Enact stiff penalties for forged / spoofed sending addresses and enforce them.

Commandeering other people's machines to send SPAM is the by far the
worst case of false addressing. It should be made a felony.

Honest addressing is only one step in the war on spam, but a highly important one.
I'm surprised it isn't brought up more. - Larry


 10:23 am on Dec 21, 2004 (gmt 0)

Chasing spammers may be tricky but there is an old adage in law enforcement - follow the money.

If spamming is illegal then paying others to spam on your behalf is illegal. Go after the companies - open their books and if money can be traced to spammers fine them big bucks.

The threat of this would cut email spam enormously.



 12:42 pm on Dec 21, 2004 (gmt 0)

Kaled: I agree completely.
My suggestion would something to charge the perps with, once caught.
Your idea is best for chasing then down. - Larry


 4:20 pm on Dec 21, 2004 (gmt 0)


<1] Make it absolutely illegal to forge / spoof / falsify the sending address.
It MUST come from the originator, whether a company, ad agency whatever.>

The problem here is that this can't really be enforced with current technology.


 1:08 pm on Dec 22, 2004 (gmt 0)

I know this seems naive of me ... but a phone line can be traced, why on earth can't they trace an e:mail address to the phone number?

This is something I have just never understood about spamming. Why can't they trace spammers through their phone numbers?

Yes, I know that really clever people can reroute phone numbers, I watch television! But how many are that clever and doesn't the technology exist to find them anyway?


 1:22 pm on Dec 22, 2004 (gmt 0)

> through their phone numbers

Liane, I suspect that most major spammers aren't utilizing phone lines for connection purposes.
[ot] love them boats; wish I had time & $ to
nab one for aspell [/ot]


 1:27 pm on Dec 22, 2004 (gmt 0)

Oh ... as I said, "naive"! :(

I forgot that people in other parts of the world have more sophisticated ways to connect to the internet than we do! Most of us in the BVI are still on dial up!


 2:45 pm on Dec 22, 2004 (gmt 0)

I understand that, in this case, the ISP found the spammer by responding to the spam, providing contact information, and had the spammer contact him. That contact may have been by phone. As a result of the contact the ISP was able to trace the spammer.

I wonder if spammers can be traced by ordering something from them, paying by credit card, and tracing the information through the credit card transaction.


 5:04 pm on Dec 22, 2004 (gmt 0)


<I wonder if spammers can be traced by ordering something from them, paying by credit card, and tracing the information through the credit card transaction.>

I think that would be a very good idea.. as long as you can verify that they are in a jurisdiction that will enforce this.


 1:14 am on Dec 23, 2004 (gmt 0)

<I wonder if spammers can be traced by ordering something from them, paying by credit card, and tracing the information through the credit card transaction.>

I think that would be a very good idea.. as long as you can verify that they are in a jurisdiction that will enforce this.

If the investigator is in a jurisdiction where the credit card information is supplied to the purchaser, can be obtained by from the credit card company voluntarily, or can be obtained through court order, then the identification and information about the spammer should be obtainable. If the spammer is in a country that does not cooperate with international law enforcement, then the receiver of the spam may be able to block the credit card company from sending payments to the spammer. I don't know if this can be done in the US or other countries. If not, we may need laws that would allow receivers of spam, or ISPs receiving spam, to get a court order blocking the credit card transactions with the spammer/merchant.

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved