Brightmail Denies "White List" Deal With Spammer 226
ThePretender writes "From the InfoWorld article: 'A spammer's claim to his clients that he had an agreement with anti-spam technology vendor Brightmail to not block his traffic was contradicted by Brightmail officials today.' From the sounds of it, Scott Richter (apparently a notorious spammer) might just be looking for some media attention, he even goes as far saying he has similar agreements with some major ISPs. Ouch! May the drama unfold..."
Why not revise email standards? (Score:4, Interesting)
What will be the result of the Anti-Spam Law ? (Score:1, Interesting)
Think about it. Once those jobs move over seas America will have even less power to constrain the pread of spam.
There ya go Slashbots.
They both must be right, would either one lie? (Score:3, Interesting)
Re:That's nothing... (Score:5, Interesting)
Tell me, does this involve Microsoft's decision not to issue any patches for a month?
Actually, He is being honest (Score:4, Interesting)
Most of the spam that everybody thinks is coming from overseas is not. It is here, but the large ISPs are willing to hide it for a large price.
the irony (Score:3, Interesting)
Is this an attempt to hold customers? (Score:4, Interesting)
I think that's the key phrase here. Apparently Scott is losing customers, and in order to retain them, or gain new ones, he has to tell clients he is "whitelisted". What reputable business would want to pay an email broadcast company, when that company is blocklisted. He couldn't possibly think to use this as a defence, saying that if Brightmail whitelists him, he must not be a spammer. But then again, from what I've seen regarding him, I wouldn't be surprised.
As far as I'm concerned, any business that uses Optin is just as sleazy as Scott.
Buzzzzzz.....Wrong (Score:3, Interesting)
Out of lying spammers, Scotty takes the cake. (Score:3, Interesting)
Of course, just for saying this, he'll threaten to get his dad (who's a lawyer!) to come after me, except of course that he's a tax lawyer.
Out of spammers, this guy is the lowest of the low.
Why is everyone so focussed on the spammer? (Score:4, Interesting)
Brightmail has so few false positives and allows so little spam through that any noticable continuous stream of spam caused by such an alleged "arrangement" between Ritcher and Brightmail would be bound to get noticed by savvy end users/administrators, if not Brightmail post-installation tech support.
Same with alleged "whitelists" at ISPs - enough people have eyes on MTA configs that there would be questions.
This is bullshit and I'm sorry Brightmail had to stoop to a public answer.
So who are these guys http://www.ileads.com (Score:5, Interesting)
I was told by a friend of mine (mortgage broker) that his company stopped using ileads.com because they were getting too many "bad quality" leads.
It seems that some people are starting to fill out these forms and having the brokers contact them and then after taking all the contact information from the broker, they inform them that if they don't a) divulge the information of where they got the lead and b) agree to stop using companies that use SPAM to generate leads that they will hand their contact details to the foaming at the mouth public.
Is this legal ? Souds like sweet justice to me.
Anti-spam Software and Spammers (Score:5, Interesting)
Not only do some anti-spam software companies make deals with spammers (according to the article), but some also are among the worst spammers.
I talked to a few different anti-spam software companies over the last few months. With each of them, I told them that once we made the decision on which (if any) software to go with, I wanted absolutely no further phone calls or emails trying to sell me their product. We made our decision just over 3 weeks ago and informed the software venders.
Two weeks ago, I received a spam from one of the venders we didn't purchase from. (Yes, the software we decided on caught it, but still, it's the priniciple of the thing.) I followed their procedures to opt-out and also sent an email to the salesperson whose name and email address appeared in the email. I informed her that I told them that I wanted no emails from them trying to sell me their software. I explained how disappointed I was in them and asked to receive no further emails.
A few days later, I received another spam from them. This one was "signed" by a VP of the company. Again, I opted out and sent an email to the VP explaining the entire situation. I explained that I was beyond disappointed and was now getting angry. I demanded that I not receive another sales email from them and explained that if I did, I would be passing the word about their tactics to friends that might be in the market for such software.
Guess what? I got another one. This time, I called the salesperson I was dealing with and explained that I was going to tell everyone I know about how Intellireach [intellireach.com] is an anti-spam software company that spammed me, did not honor my request to not get spammed in the first place and also did not honor several opt-out requests when the requests followed the instructions in the spam.
Re:Actually, He is being honest (Score:5, Interesting)
It's amazing how many people run unpatched boxes on broadband with neither a router or AV software.
With what I know now, I wouldn't consider running a Windows box on a broadband modem without a router AND AV software. Change the gateway address to someting other than 192.168.1.1 or 192.168.0.1. Lots of machines configured the same make easy targets for exploitation. Make changes to reduce the number of easly infected machines.
Re:Address (Score:3, Interesting)
But a lot of "passive" justice can be done. You just have to be creative.
Re:Actually, He is being honest (Score:2, Interesting)
Actually, it is not. The validity of this counts on the backbone being honest. It is not. From what I learned, MSN will allow the spammers to use the IPs of their customers. But obviosly, if used to heavily, it would be bad. So thay play with Local servers/routers to make it appear to be from overseas.
When you think about it, it is brilliant. The overseas links would be horrible expensive. So instead use modified local servers.
Re:So who are these guys http://www.ileads.com (Score:5, Interesting)
The buisness that was spamming was then listed on his credit card statement. He sued them and won something like $1,000 from them for ignoring his opt-out requests. He had a statement about his technique for finding the spammer that went something like "They could hide from me, but nobody can hide from American Express"
I wish credit card companies had fake numbers to give to these spammers and paypal fraud artists that would automatically trigger alarms when they ran through for verification. This would be a great way for people to track down who is actually profiting from the spam. A good-guy version of the trojan horse, if you will.
A lawsuit would be good. (Score:3, Interesting)
Then if any spam filtering companies are whitelisting spammers, then go after the companies for fraud.
Any actual user experiences to report? (Score:4, Interesting)
For quite some time their filtering has been effective. Brightmail won't say how they do it, but human screening, and subsequent filtering of emails containing links to spamvertised domains seemed to be a part of it.
Lately I have just been spammed silly. Looking at the spams (what choice do I have) the same spamvertised domains are represented over and over. This had not happened in the past.
This spam continues after desperately hitting the "Report Spam" button (available on their webmail interface only).
This supports the theory that either ATT or their contract spam filtering with Brightmail are passing or inserting certain mails.
With this development, I am not inclined to extend this service contract with ATT. I will be certain to pass on this information when the contract is terminated.
Re:What will be the result of the Anti-Spam Law ? (Score:1, Interesting)
Re:spammer fraud? (Score:2, Interesting)
Re:I gotta say it (Score:4, Interesting)
You would need to use a "CREDIT" card not a "DEBIT" card. I had one company in the past mess with me on a warranty issue. I simply called the bank I had the credit card with and the company finally resolved the issue, but not after having the money ripped out of their hands while they messed around trying to fix things.
When MC/VISA/AMEX start loosing money on spammers, you can bet that they will shut down their merchant accounts.
The thing I fear the most however is dangerous criminal activity from spammers to people who choose to do this. This can only be safe if lots and lots of people do this.
The other danger is bad guys deciding to do this to a legitimate buisness. Say I was an unscrupulous nasty SPAMINAL and I wanted to take out the competition, you could easily generate lots and lots of spam and then link to your competitions web site and watch them go down in a sea of bad transactions. This is what concerns me the most with this scheme.
Re:So who are these guys http://www.ileads.com (Score:5, Interesting)
Hey, that's a great idea! It's like that honeypot thing I read about a while ago (can't find a link, sorry).
Anyway, I don't know anything about credit cards (not having one, and all), but I heard that for security reasons, you can have the credit card company put limits on your account, like if you work 9 to 5, have the card raise red flags if it's used between 9 and 5, since you're not likely to be using the card while you're at work and any use at that time is likely fraudulent. So just sign up for a credit card and say something like "I only use it sundays, flag everything else", and then buy into a bunch of spam stuff on monday.
And then, just never use the card for anything but spam. I guess that's a little extreme, but if you really wanted to hunt down these spammers...
Re:Anti-spam Software and Spammers (Score:4, Interesting)
Running Exchange and Windows, doesn't completely rule out free SpamAssassin. I've set up a free SA based filter on the Exchange system at work. It's a debian box running SA-Exim that sits in front of the Exchange box. Since we don't get that much volume, it can be handled by an old 266MHz PII box that's useless for any recent version of Windows, but is great for Linux.
I drop mail at a score of 20 (mostly dictionary attacks, Viagra ads...) and flag anything over 6. Outlook Rules can then be used to further act on the flagged messages.
BalamRe:Proving a negative... (Score:3, Interesting)
We could have an authority that you pick a username and password for, and a list of e-mail addresses, and then allow you to make records with three data items:
1) Key itself
2) Company
3) The e-mail address used
If there is only one such authority, and each e-mail address can only be registered once, then spammers would be forced to illegal action. Companies wouldn't be allowed to sell e-mail addresses, because only they would have the right to use them, NOT whoever they would sell them to.
Of course, spammers could register and then opt in other people's addresses, but that would obviously be equally illegal and actually easy to prove.
Re:Any actual user experiences to report? (Score:2, Interesting)
Re:Actually, He is being honest (Score:3, Interesting)
Actually, it is not. The validity of this counts on the backbone being honest. It is not. From what I learned, MSN will allow the spammers to use the IPs of their customers. But obviosly, if used to heavily, it would be bad. So thay play with Local servers/routers to make it appear to be from overseas.
When you think about it, it is brilliant. The overseas links would be horrible expensive. So instead use modified local servers.
If you've got proof, that would make a hell of a front-page story for any news magazine.
Might be something to it (Score:5, Interesting)
They deny the possibility and called me a liar. We no longer use that service.
There is always the possibility that one of their employees is not so honest and the company has no knowledge of this activity but something is amiss.
Re:Proving a negative... (Score:1, Interesting)
Many of the "make penis fast" jokers are using web servers in China (and good luck getting info out if them, Brazil (ditto), with credit card merchant accounts from Tongo, Balize, or other countries, using a fufilment center that only has bogus contact info.
About the only one that's reachable is the fufillment center (the guys that actually pack up and ship the product), and them only if they are whitehats. If they just want to make a buck, forget them too.
So you can go the whole chain and never get any info at all that you can use, even with a court order.
Thankfully, all spammers are stupid and can't keep their mouths shut. They almost always manage to out themselves, and if they don't, some people that are doing the dirty work will tell you off the record. The only exception known at this time is Gavin Stubberfield, whose real name appears to be Jason Jaynes, I think.
For a while, open proxy honeypots were doing well, but the spammers are now using hacked machines to control their open proxy scanners and open proxy zombie masters. Spam fighters have moved on to a more effective technique, but we won't discuss that until the spammers catch on to that one.