
AOL Awarded Millions in Spam Case 256
c.derby writes "MSNBC.com is running a story that says: " A Virginia federal court awarded America Online nearly $7 million in damages as part of the Internet service providers' legal victory over a junk e-mail operation, AOL said Monday."
The company said the legal decision should send a warning to junk e-mailers.
"This is an important legal victory in the fight against spam," Randall Boe, AOL general counsel, said in a statement. "It sends a clear, distinct message to spammers: AOL is prepared to use all of the legal and technological tools available to shut down spammers."
" 145 pieces of spam so far today. Can I have a piece of the 7 million? (oops, duplicate. Oh well. It's still good ;)
I never thought I'd say this... (Score:3, Funny)
Re:I never thought I'd say this... (Score:2, Interesting)
Re:I never thought I'd say this... (Score:2, Insightful)
Re:I never thought I'd say this... (Score:5, Insightful)
That's, to me, decidedly not a Good Thing.
Re:I never thought I'd say this... (Score:2)
What does AOL have to do with hotmail?
Re:I never thought I'd say this... (Score:2, Informative)
Re:I never thought I'd say this... (Score:2, Insightful)
When you've got that many mail accounts and that many clueless users who don't know how to avoid spam, the costs (bandwidth/storage/administration/etc...) are a massive figure. It's just good business sense for cutting a huge expense.
Re:I never thought I'd say this... (Score:2, Funny)
AOL is a court winner (Score:5, Funny)
Re:AOL is a court winner (Score:2)
How to fight back (Score:5, Informative)
1. Get a cheap discarded PC and install Linux on it. Get one of those 'always-on' net connections to your home, like DSL or a cable modem. You'll need a service plan that gives you a static IP address. Register a domain name of your very own, and use dyndns.org to point your domain name at your PC. This has the added benefit of letting you host your own web site on your own domain name if you want to.
2. Download the Exim [exim.org] mail server and install it on your PC, and set it up to accept email for you. You'll also want to set up an IMAP server so that you can fetch your email from the PC. Now you can make up any address you want on your new domain, and have mail sent to it reach you. This is great for when you need a one-time throwaway address for something.
3. Install SpamAssassin [spamassassin.org], and also install SA-Exim [merlins.org] to link SpamAssassin with the Exim mail server. This will let the mail server identify and reject spam instead of only dealing with it after it's been accepted.
Once you run this for a while to make sure it's doing a good job of identifying spam, turn on Sa-Exim's teergrube ('tarpit') feature. Now, when someone tries to send you spam, your mail server will hold the spammer's connection open indefinitely by sending it occasional 'keepalive' messages without ever sending an accept or a reject. Once the spammer stumbles across enough teergrubes, the mail relay he's using will hit a process limit and be unable to continue sending spam until the spammer notices and resets it or moves on to another relay.
Teergrubing is a passive way of tying up a spammer's resources, or the resources of an open relay that's being abused by spammers. It has a negligible hit on your own resources. The more teergrubes (and honeypot web pages which feed spamtrap addresses to address harvesters) pop up out there, the harder it will be for a spammer to simply spam millions of people with the touch of a button.
Re:How to fight back (Score:3)
Another way to fight back? (Score:3, Insightful)
Date: Sat, 14 Dec 2002 13:18:16 -0500
I declare December 2, 2004 to be "the end of spam" day.
As of December 2nd, everyone has to use a new e-mail protocol which fixes the fundamental problem of SMTP: untrusted sources.
The new protocol isn't "new". It's just that on Dec 2, 2004, everyone should stop accepting SMTP connection that don't use the STARTTLS extension to SMTP as described in RFC2487.
STARTTLS has the benefit of creating Received: headers that are cryptographically signed, and therefore meaningful. Internet email is sent like a bucket-brigade... you send your email to your ISP, which passes it on to another ISP, which passes it to another mail server, which sends it to final receiver's mail "Inbox". With STARTTLS, there is an audit path of who passed the email alone each "hop". There is still a possibility that you won't know who the original sender is, but you know the first ISP that let that message into the system. That's good enough.
After Dec 2, 2004: when you receive email that is spam, you will be able to identify which server let the spam into the Internet. That site can be punished, by starting a DoS attack against it, or by declaring the site to be "terrorist" at which point the Bush Administration, which will have just won re-election (and being in its last term will have no need to follow any laws) will bomb the email server. They will be given 24 hours notice, 48 if it is a 3-day weekend. Bombing will not happen if the owner of the mail system can demonstrate which user sent the spam, and that they have been removed from the system. With the threat of being bombed, mail system administrators will be under extreme pressure to make sure that all email that leaves their systems is certifiably marked by the actual creator. (Thus fixing the "but who was the original sender?" issue). Then we can arrest the user that sent the spam.
I encourage all countries to make it illegal to send email that is unreplyable. Thus making it possible to use "active filtering" systems, which accept email from "known good parties" and everyone else receives an automated reply saying, "If you want to get on my 'known good' list, here's how...". With STARTTLS in use, we can track down who is permitting unreplyable email into the Internet, and bomb them.
Before Dec 2, 2004 all mail systems should begin deploying STARTTLS. It is backwards compatible with older mail systems. It doesn't require the risky and dangerous "throw the switch day" conversions like some new computer systems. While I'm at it, Wietse Venema should be gagged and bound to his computer until he merges in the "STARTTLS" patch to Postfix.
Before Dec 2, 2004, email client authors should add features that let users see which email they would have missed if the post-Dec 2, 2004 policies had been in place. (Simply mark the message a special color if any of the Received: lines are from non-TLS systems.) This will encourage users to apply pressure to their friends to move to STARTTLS-enabled ISPs.
Finally, you might be asking, "How did you pick December 2nd?" The answer is quite simple. It's my birthday and I can't think of a better birthday present I could receive than the end of spam.
Can you?
Sincerely,
Tom Limoncelli
Of course, read with tongue in appropriate position, ie. in cheek.
Re:Another way to fight back? (Score:2)
Unfortunately this is not nearly as far along as STARTTLS. I guess STARTTLS would be better than nothing.
Re:How to fight back (Score:2)
There are many ways to better defend yourself against the onslaught of spam, but there are also a few relatively easy ways to take the battle right to their own mail relays!
Re:How to fight back (Score:3, Informative)
If the spammers start bailing after a short time, like 30 seconds, then all you've got to do is set your own mail server to delay that long before it accepts legitimate email. The spammers will bail out after half a minute, you accept the email if the sender sticks around for 45 seconds and never have to worry about those spammers.
Imposing a delay on all incoming mail connections will have a much more devastating effect on someone who sends out a million messages a day than it will on someone who sends out a dozen messages a day.
Adding a delay like this wouldn't work for a large mail server which accepts a lot of email, but for a personal mail server which accepts less than a hundred messages a day, you can easily afford the hit.
Re:AOL is a court winner (Score:2)
Is it my imagination, or are moderation points punishment for posting good stories (since you can't reply to stories you moderate)?
Familiar (Score:2)
Re:Familiar (Score:2)
Re:Familiar (Score:2)
At any rate, you should be happy that the editors let it slide from the front page before duping it... This should be seen as a big improvement
Re:Familiar (Score:2)
Re:Familiar (Score:2)
So I see this case as an improvement
Re:Familiar (Score:2)
You clearly do not remember the case where a dupe was TWO stories over... BOTH of them on the front page.
I can only thank God for that
wow! (Score:2, Funny)
Would you mind saying that again? (Score:4, Funny)
Er... Wait a minute... (Score:2)
Does that mean I can sue them for... er... US$ 3.5m?
This being said, I am glad they won. Did I just say that? OMG... What is the world coming to if the Slashdot crowd is actually cheering AOL?
Re:Er... Wait a minute... (Score:2)
"The enemy of my enemy is my friend."
Tim
In related news (Score:5, Funny)
Re:In related news (Score:2)
hello pot? (Score:5, Funny)
Anybody up for a game of dupe bingo? (Score:5, Funny)
Re:Anybody up for a game of dupe bingo? (Score:5, Funny)
When a story gets posted the second time, it's a dupe. What is it when it's posted the third time--tripe?
Re:Anybody up for a game of dupe bingo? (Score:2, Funny)
No, it can't be, we've always got tripe here. ;)
Re:Anybody up for a game of dupe bingo? (Score:2, Funny)
Good Spam/Bad Spam (Score:3, Interesting)
In Soviet Russia, the stories dupe Slashdot... or something. Damn, this never gets old! Ayahahaha! Um... Nevermind.
Can we moderate stories now? (Score:5, Interesting)
Also, (-1 Troll) and (-1 Flamebait) would be nice, too.
Re:Can we moderate stories now? (Score:2, Interesting)
And let's not forget (-1 Full of spelling errors)...
Re:Can we moderate stories now? (Score:5, Insightful)
I have to sit here and look at dupes like this, and have my own submission rejected; a submission about a new law in Egypt slapping a 3 year mandatory jail term on anyone using encrypted e-mail, and a new law also criminalising wireless networking.
Oh I wholeheartedly agree.
Re:Can we moderate stories now? (Score:3, Informative)
Thanks for your interest; I know grousing about submission rejections is poor form, but this one really smarts...
Re:Can we moderate stories now? (Score:2)
At first I liked this idea, but then I started thinking about it, and it's not practical.
Mainly because slashdot is what it is because of the articles picked for our consumption by the editors, for better or worse.
All slashdot needs is about 1 line of perl code to prevent duplicate articles (or at least, stop them most of the time, or display a warning when a duplicate is likely.
I mean, it's not rocket science!
However, a blog where readers submit the stories and other readers approve the stories, and other readers comment on the stories, and other readers moderate those comments... now THAT is an interesting idea, indeed!
Re:Can we moderate stories now? (Score:2, Interesting)
After all, this is their job, who more than they should have some feedback on -how- they perform their job?
Re:Can we moderate stories now? (Score:4, Insightful)
I'm sorry but this argument hasn't held water since they started receiving compensation for the site well above and beyond the normal running costs. As the product (which we are since this is now an AD based, subscription and "eyes on" site) we are allowing ourselves to be exploited by continuining to approve of this behaviour and even encourage it with statements like the one above.
Not trying to single you out, but this argument gets paraded everytime they do shoddy work. All I know is I would never hire any of these guys (asside from Timothy) to work on any of my critical systems. They just don't care enough about their own work.
Re:Can we moderate stories now? (Score:2)
A "news briefs" kind of thing might be nice -- summaries of summaries -- but make it a real feature, not a random strike of lightning. I missed the spam story, too, but am not going to endorse random recycling.
Set all that aside, the duplicates just don't look very professional. If they aren't doing background work on the stories, what are they doing? Should we trust what we see not to be a hoax? Etc.
A possible comprimise (Score:2)
Let us moderate stories, but leave the default threshold at -1. That way, only the power users who really care about that sort of thing will turn it on, and the more casual users who aren't really bothered won't have to see it.
What do you think?
Re:Can we moderate stories now? (Score:3, Insightful)
Question: (Score:4, Interesting)
Re:Question: (Score:4, Informative)
First question (Score:2)
Re:Question: (Score:2)
Is AOL keeping all the money and doing nothing for it's users?
They should. The spammers connected to AOL without permission and put things on their computer. OTOH, the users voluntarily connected to AOL to download their mail. It would be like getting $.10 every time you read a troll post on Slashdot.
Re:Question: (Score:3, Insightful)
What do you think 7 Million amounts to with AOL? Refunds or discounts for a month (let alone a few) would be more than 7 million. Most presumably money from the legal department gets divied up in several ways, company profits, ongoing litigation and I would bet in this case to the war on spam. So, in that respect even the fact that they won the money IS something for their subscribers, but I doubt they will see a penny of it.
Re:Question: (Score:2, Insightful)
This reminds me abut the "no sales calls" list that I pay $10/year to be part of. If I'm on the list, and I get a sales call, that person is fined roughly $10k per offense, but I see exactly $0.00 of that $10k. Why is that? I'm the one who was inconvenienced by the sales call, right? I'm the one who paid to be on the list, right?
Re:Question: (Score:3, Funny)
they plan on redistributing the funds by providing 1000 free hours to their service, look for your package in the mail.
Mike
Re:Question: (Score:2)
I think the plan is to send out even more free coasters/cd cases. It is so wonderful that they are planning on rewarding even non-customers like me!
What the hell? (Score:3, Insightful)
Re:What the hell? (Score:2)
hmmm... (Score:4, Funny)
Re:hmmm... (Score:2)
Potato sack?!
Over $14 Million in just 2 days! (Score:2, Funny)
Wow, these guys might become profitable through worthwhile, even noble, court actions!
BRAVO AOL! BRAVO FEDERAL COURTS! (this time)
Spam About Spam? (Score:5, Funny)
Next, I'll expect 1,024 identical stories about a Beowulf cluster.
145 pieces of spam? Try zero. (Score:2)
this will (Score:2)
spam overload (Score:2)
There's a lot of people out of a job this Christmas-maybe it's time to change your priorities and lose (not loose) the smug demeanor at least for a few weeks.
Now all we need is... (Score:4, Funny)
Re:Now all we need is... (Score:2)
I live a few blocks away from a 54,000 seat football stadium, and AOL sponsored a match. They handed out a cd to every single person in the sellout crowd.
Now, do you want to imagine what my street, front yard, and local shopping mall + car park looked like? Soooo many friggin CD's littered on the ground, it produced a psychedelic effect that crack smoking Taco couldn't possibly imagine in his wildest dreams.
Burnout (Score:4, Interesting)
The exact same thing happens with magazine editors, who generally burn out and leave within three years of taking the top job. There's just something in the nature of publishing new stuff all the time that, for most people (Lewis Lapham and the top-shelf magazine editors excepted), seems to create all kinds of problems.
Well, enough griping--a solution would be easy. Either:
1) Taco and the other burnouts concentrate on creating a viable business model, and allow some enthusiastic fresh blood in to post stories. This would be harder than it sounds, as finding smart people you can trust to post relevant stuff isn't easy.
or
2) A small group of daily readers is assembled, whose job is to check stories for possible dupes before they get posted on the main page.
A solution to Slashdot's increasing lack of professionalism would be easy. And it's well past time.
Re:Burnout (Score:3, Insightful)
Actually, seeing the complexity of the system they've built already, it would be ABSOLUTELY TRIVIAL TO WRITE A SCRIPT TO DETECT DUPES. The site posts no more than 10 stories a day, that's hardly an overwhemlming amount of data to work with. Start by comparing cited URLs. That'd find 50% of the dupes right away. The rest might be found by (as the editors can't be fucked to scan the list of stories using thei own eyes) running them by news.google and seeing if they come up with any others under the same heading.
A solution to Slashdot's increasing lack of professionalism would be easy. And it's well past time.
Too right. And Taco's "oops, duplicate. Oh well. It's still good" is just insulting to the readers and shows he needs a long holiday, or maybe it's time for him to move on.
Google should take this thing over. (Score:5, Insightful)
Maybe, when VA Whatever finally goes bust, Slashdot will be taken over by Google News and totally automated. That might be an improvement.
It wouldn't be hard. Google News can pick stories and can tell which articles go together. Just provide a set of selection criteria that match previous Slashdot history, and let it feed the Slashdot story engine.
When this machine learns your job, what are you going to do? - bus poster, 1970s
Re:Google should take this thing over. (Score:2)
Re:Google should take this thing over. (Score:2)
If you know it is a dupe, why post it? (Score:2)
Re:If you know it is a dupe, why post it? (Score:2)
On the duplicate issue .... (Score:4, Insightful)
That same story of course would still be "fresh" for the Westies. So, in getting around this whole we-live-left-to-right instead of north-to-south issue, we need to repost some stories from time to time. Naturally, a good, fresh story that has gone "stale", may be, reposted to let those Easties catch up with the rest of us.
I'm sure there is an algorith that could take in the time it was posted, time left to view in the normal working hours, etc.
So the next time
Re:On the duplicate issue .... (Score:2)
This is WEIRD (Score:2)
I thought I was stuck with a cached copy of
Had to walk out with a sheepish expression when I realized that I was complaining about something that was probably a dupe.
Dupe? (Score:2)
Or does it seems that "DUPE!" is rapidly replacing "FIRST POST" around here????
Inquiring minds want to know.
Cut Taco some slack (Score:2)
Divying up the souvenirs he bought us! Thats right.
I look forward to getting my dr_dank keychain from Vegas.
Wouldn't it be ironic (Score:2)
Ah,sweet irony
Now AOL should go on SNL (Score:4, Funny)
think you are "hip" and "cool" and not as bad
as everybody thought you were. It totally worked
for Al Gore. AOL should hire Al Gore's agent.
Re:Now AOL should go on SNL (Score:2)
Someone tell Trent Lott. He thinks he can improve his image by making an ass of himself on BET.
I'm torn... (Score:2)
echo? (Score:2)
OSDN announces new web site (Score:3, Funny)
If you're looking for Old News for bored Nerds. Stuff that's been said already.
Point your browsers to Slashdupe.com [slashdupe.com] All dupes all the time.
First story up at Slashdupe: Amelia Earhart Missing
A suggestion to avoid duplicates (Score:5, Interesting)
Actually.. (Score:2)
Re:A suggestion to avoid duplicates (Score:2)
Glad I'm not a /. subscriber (Score:3)
Enough is enough. Time to check out osnews [osnews.com] and ditch slashdot. I know I'm not the first to get tired of the repetition, but it's time someone starts calling for the mass exodus.
Re:Glad I'm not a /. subscriber (Score:2)
This is not a victory at large... (Score:4, Interesting)
IMHO, this is a victory for AOL users, spammers are going to scramble now to delete %@aol.com from their databases, but that's about the extent of it.
Once a backbone provider (like Level3 or %Bell%) gets up the gusto to throw this kind of lawsuit at spammers (and offshore spammers), we may actually see some reprieve.
Until then... "So easy to avoid spam, no wonder it's number one!"
Can I have a piece of the 7 million? (Score:2)
The next slashdot? (Score:2, Funny)
I could have never fathomed a world where a news site had duplicate articles still on the main page!
How can we think this is anything but a ploy to reduce server load?
How can a site with such popularity have editors that don't even read the site?
c.derby is hammed (Score:2)
If you've got the much spam already today, you've got problems. Either you're giving out your email address to too many p0rn sites, or you haven't figured out to mask your email in newsgroups. Most spammers get email addresses from newgroup post headres. I used to get at least 20 spams a day, or more. Now I changed my email a few years ago, and used -NOSPAM@domain.net in my email address for newsgroups, and I only get about 3 per day (hardly noticeable). And if I'm not sure of a website's credibility, I give them my hotmail address. (which incidentally, now gets tons of SPAM. most likely due to the fact that I give it out all the time).
Fuck you, Slashdot. Burn, karma, burn! (Score:2)
Duplicate stories seem to appear about every other day these days. Is this supposed to make me want to read the site, click on the ads, and post anything but trolls? Crapflooding is for ACs, not editors.
BBC Report (Score:2, Informative)
Here is the BBC's slant on things. [bbc.co.uk]
Dont you read your own friggin' website? (Score:2)
7 million dollars? (Score:2, Interesting)
Boring (Score:2)
Re:OH NOW COME ON (Score:5, Funny)
Comment removed (Score:5, Insightful)
Comment removed (Score:4, Insightful)
Re:damn the frenchies (Score:2)
Hey, it's uninformed platform zealot man!
If Alt-130 is too hard, try AltGr-E.
Tim