Brightmail Denies "White List" Deal With Spammer 226
ThePretender writes "From the InfoWorld article: 'A spammer's claim to his clients that he had an agreement with anti-spam technology vendor Brightmail to not block his traffic was contradicted by Brightmail officials today.' From the sounds of it, Scott Richter (apparently a notorious spammer) might just be looking for some media attention, he even goes as far saying he has similar agreements with some major ISPs. Ouch! May the drama unfold..."
sure, I believe him (Score:5, Funny)
They both must be right, would either one lie? (Score:3, Interesting)
Re:They both must be right, would either one lie? (Score:5, Insightful)
From the Reuter's article linked to in the story..
"Scott Richter, a bulk e-mailer who ranks No. 3 on Spamhaus's list, told Reuters he was not worried by the arrest because he said he does not break any laws.
"I'm happy to see law enforcement cracking down on people who use false headers and I wish they could get all of them," Richter said. He added that he sends large amounts of commercial e-mail but does not disguise routing information and takes pains to comply with Internet providers' policies.
"I was just at AOL's office a month ago," Richter said.
AOL officials declined to comment on their relationship with Richter or say whether he had visited their offices. "We are aware that he follows the legal developments (of anti-spam laws) very closely," AOL Assistant General Counsel Charles Curran said."
What do you do when you know you've screwed up, but can't say so?
Decline to comment of course!
Re:They both must be right, would either one lie? (Score:2)
Maybe he's lying or delusional? Remember, anyone can go to AOL's offices (jump in plane to Virginia, get in a car, drive, walk up -- tada!); it doesn't mean he has any business dealings with AOL corporation.
Touchy, aren't they? (Score:5, Informative)
OptinRealBig.com, LLC ("Optin") has been informed that the New York
Attorney General and Microsoft have announced a press conference for
December 18, 2003. Optin has not been informed by either Microsoft nor
the New York Attorney General as to what the purpose of the press
conference is. Through other sources Optin has been informed that the
purpose of the press conference is to announce that a civil complaint
has been filed alleging violations of New York law by numerous
defendants, including Optin and Scott Richter, its President. Optin and
Scott Richter vigorously deny any violations of New York law and ask
that their clients and friends make no decision regarding any liability
on their part until they have the opportunity to respond to any
allegations made against them. Neither Optin nor Scott Richter will
have any further comment regarding this matter until they have had the
opportunity to read and review the Complaint. Any inquiries regarding
this matter should be addressed to Optin's legal counsel, Linda Goodman
(619-233-3535). Ms. Goodman is currently out of the office and will not
be available for comment until December 19, 2003.
Re:Touchy, aren't they? (Score:2)
The Rocky Mountain News is the more conservative of Denver's two mainstream, treeware newspapers. The Denver Post probably also has coverage.
Re:Touchy, aren't they? (Score:5, Funny)
But, to be "goatsed" is definitely something this Scott Richter guy (as well as other spammers) deserves.
Re:Touchy, aren't they? (Score:2)
Weasel words.
blah (Score:4, Funny)
Re:blah (Score:3, Funny)
Re:blah (Score:2, Funny)
Re:blah (Score:5, Funny)
That's nothing... (Score:5, Funny)
I've got a deal with Microsoft and the big AV companies to not do anything about the email virus I'm about to let loose.
Enjoy suckers!!!
Re:That's nothing... (Score:5, Interesting)
Tell me, does this involve Microsoft's decision not to issue any patches for a month?
Re:That's nothing... (Score:4, Insightful)
<sarcasm>
And this is different from standard Microsoft policy, how?
</sarcasm>
Why not revise email standards? (Score:4, Interesting)
Sure it's possible (Score:2, Informative)
I'm not saying "it's impossible"... it's certainly not.. but the more layers of authentication, and the beurocracies needed to manage them, the less workably any system becomes.
Re:Why not revise email standards? (Score:5, Informative)
You have a forwarding service like Mail.com,
The sender is using an open relay.
In either case, you can still find out the spammer's location by scanning down the "received:" list until you find the first exchange that took place. This guy is apparently a real AOLer as there is no other server in between. It doesn't matter how crafty he is- he can even modify the header of his outgoing emails with some special SMTP client software, but I'll still know what IP delivered the mail to me. It gets more confusing with ass-clowns running open relays, but the info's still there.
Re:Why not revise email standards? (Score:5, Informative)
While that used to be true, nowadays a lot of spam is sent via open proxies. In this case, the proxy will not show any other "received" lines, except for the fake "received" lines that the spammer has deliberately inserted in order to divert tracking attempts.
Re:Why not revise email standards? (Score:2)
I know a guy who claims this happened. Personally, I think it's more likely he got "partnered" by this free email provider. I do remember when EVERY email from email.com (and several other domains that mail.com owns) were 100% spam.
Comments, anyone?
Re:Why not revise email standards? (Score:4, Insightful)
One thing that seems consistent lately is that domains what are linked in the spam have been created in less than a month, more likely in the past week.
Do a whois on linked <a href="..." <img src="..." <script src="..." domains, and if (registration date < 1 month) add-to-spamminess(+1);
Yes I know, whois servers aren't meant for this
Re:Why not revise email standards? (Score:2)
First of all, define "bogus" - is that "anyone can write anything they want" or "anyone can forge headers"?
No, the problem is that there are people who want something for nothing, and don't care who they annoy or steal from to get it.
There is no technical solution to this problem.
Take your perception to it's conclusion: there is a way to prevent spammers from forging headers - then what? How exactly will it stop sp
spammer fraud? (Score:5, Insightful)
If it's true that Brightmail made no special deal with him, it looks like he could be prosecuted for consumer fraud as well as spamming. Indeed, his clients could presumably sue him too. If Brightmail did make a special deal with him, assuming that they advertise that they block spam, then they comitted consumer fraud. Somebody's in trouble here one way or the other.
Re:spammer fraud? (Score:2, Interesting)
Re:spammer fraud? (Score:2)
Re:spammer fraud? (Score:2)
Address (Score:5, Informative)
Scott Richter
1333 w 120th Ave suite 101
Westminster CO 80234
Srich10195@AOL.COM
303-5509828
OR
Richter, Scott srich10195@al.com
SaveRealBig
p.o.box 21316
denver, co 80221
usa
303-428-3600
Re:Address (Score:2, Funny)
However, we could organize a "field trip".
Re:Address (Score:2)
I'd probably manage to get myself arrested for either trespassing, assault, or perhaps something more sinister if I did pay them a visit, tho.
Re:Address (Score:3, Interesting)
But a lot of "passive" justice can be done. You just have to be creative.
Re:Address (Score:5, Funny)
Re:Address (Score:5, Funny)
From the Article (Score:5, Funny)
Re:From the Article (Score:3, Funny)
does this sound to you as if they were testing a certain enlargement product that they had received in their mail
Re:From the Article (Score:2)
Re:spending the holidays in Nigeria (Score:2)
Actually, He is being honest (Score:4, Interesting)
Most of the spam that everybody thinks is coming from overseas is not. It is here, but the large ISPs are willing to hide it for a large price.
Re:Actually, He is being honest (Score:5, Interesting)
It's amazing how many people run unpatched boxes on broadband with neither a router or AV software.
With what I know now, I wouldn't consider running a Windows box on a broadband modem without a router AND AV software. Change the gateway address to someting other than 192.168.1.1 or 192.168.0.1. Lots of machines configured the same make easy targets for exploitation. Make changes to reduce the number of easly infected machines.
Re:Actually, He is being honest (Score:2, Interesting)
Actually, it is not. The validity of this counts on the backbone being honest. It is not. From what I learned, MSN will allow the spammers to use the IPs of their customers. But obviosly, if used to heavily, it would be bad. So thay play with Local servers/routers to make it appear to be from overseas.
When you think about it, it is brilliant. The overseas links would be horrible expensive. So instead use modified local servers.
Re:Actually, He is being honest (Score:3, Interesting)
Actually, it is not. The validity of this counts on the backbone being honest. It is not. From what I learned, MSN will allow the spammers to use the IPs of their customers. But obviosly, if used to heavily, it would be bad. So thay play with Local servers/routers to make it appear to be from overseas.
When you think about it, it is brilliant. The overseas links would be horrible expensive. So instead use modified local servers.
If you've got
Re:Actually, He is being honest (Score:2)
Any actual user experiences to report? (Score:4, Interesting)
For quite some time their filtering has been effective. Brightmail won't say how they do it, but human screening, and subsequent filtering of emails containing links to spamvertised domains seemed to be a part of it.
Lately I have just been spammed silly. Looking at the spams (what choice do I have) the same spamvertised domains are represented over and over. This had not happened in the past.
This spam continues after desperately hitting the "Report Spam" button (available on their webmail interface only).
This supports the theory that either ATT or their contract spam filtering with Brightmail are passing or inserting certain mails.
With this development, I am not inclined to extend this service contract with ATT. I will be certain to pass on this information when the contract is terminated.
Re:Any actual user experiences to report? (Score:2, Interesting)
Re:Any actual user experiences to report? (Score:2)
Re:Any actual user experiences to report? (Score:2)
I use a service through my ISP that is quite effective...yet, one specific spam I report sometimes daily is in Italian and it never gets blocked. Why, I don't know, though I doubt that it has anything to do with the ISP or the filter service allowing the spam through.
That reminds me...it's time to dump the couple hundread spam messages I've recieved in the last day or two.
RICHTER (Score:3, Informative)
Michael, by definition you cannot call yourself an editor unless you actually edit the stories.
the irony (Score:3, Interesting)
The spammer rules (Score:5, Funny)
Rule #1: Spammers lie.
[(Proposed) Sharp's Corollary: Spammers attempt to re-define "spamming" as that which they do not do.]
Rule #2: If a spammer seems to be telling the truth, see Rule #1.
Chrissman's Corollary: A spammer, when caught, blames his victims.
Rule #3: Spammers are stupid.
Krueger's Corollary: Spammer lies are really stupid. Pickett's Commentary: Spammer lies are boring. Russell's Corollary: Never underestimate the stupidity of spammers.
I say see rule #1 when listening to a spammer.
AngryPeopleRule [angrypeoplerule.com]
Re:The spammer rules (Score:2)
That right there is part of the problem. The truth is, spammers aren't stupid. Sure, a lot of them certainly are, but not all of them.
See the Sobig virus, for example: Write a virus that will install a proxy server on infected machines and spam through them with impunity, knowing that the proxy server will appear to be the point of origination. If no one can trace it back to the spammer's actual network connection, he doesn't have to worry about his ISP ever finding out. See
Re:The spammer rules (Score:2)
Is this an attempt to hold customers? (Score:4, Interesting)
I think that's the key phrase here. Apparently Scott is losing customers, and in order to retain them, or gain new ones, he has to tell clients he is "whitelisted". What reputable business would want to pay an email broadcast company, when that company is blocklisted. He couldn't possibly think to use this as a defence, saying that if Brightmail whitelists him, he must not be a spammer. But then again, from what I've seen regarding him, I wouldn't be surprised.
As far as I'm concerned, any business that uses Optin is just as sleazy as Scott.
Re:Is this an attempt to hold customers? (Score:3, Insightful)
Proving a negative... (Score:5, Insightful)
Therefore, anti-spam laws will always have a hole that a truck can be driven through. Since proving that you've never accidently tripped over a "universal opt-in" is nearly impossible to do, successful prosecutions will be tough.
The only way we're ever going to fully kill spam is to abandon SMTP and get a better way to verify that e-mail really came from the claimed sender and leaves a valid return address...
Re:Proving a negative... (Score:2)
Aside from that one small point, perfect.
SMTP has got to go. It was great while it lasted but obviously the human race, or some small percentage of it is incapable of not screwing something sweet like this up. We need something that can literally put an end to this before it begins.
Re:Proving a negative... (Score:2)
Feel free to stop using it at anytime. Go use your better solution. I'll be glad to join you when I see it works. But just saying that "SMTP has got to go" isn't helping anyone.
Honestly, there's already a 100% full proof solution to spam that no one wants to use -- sign ALL your email with your PGP (or gpp) key. Once everyone starts doing that, then you can start rejecting email (or assigning it a higher spam rating) that isn't signed. At the very least, it makes spammers spend CP
Re:Proving a negative... (Score:2)
I'm not a programmer and I don't have a "better solution" waiting in the wings to spring on the world. I can see that the present way of doing this has been compromised and that it won't be much longer before something better will be needed.
You can spot a bad actor without being an actor (good or otherwise). It doesn't take someone who
Re:Proving a negative... (Score:3, Interesting)
We could have an authority that you pick a username and password for, and a list of e-mail addresses, and then allow you to make records with three data items:
1) Key itself
2) Company
3) The e-mail address used
If there is only one such authority, and each e-mail address can only be registered once, then spammers would be forced to illegal action. Companies wouldn't be allowed to sell e-mail addresses, because only they would have the right to use them, NOT whoever they wou
Re:Proving a negative... (Score:2)
Of course, the problems are
a) I only get spam to an address that was harvested off the web, and occasionally "webmaster" or "sales" at my domain; and
b) none of the spam I get comes from the EU or EU-based companies. It's all sent by or on behalf of US companies.
Thankfully, I don't get spa
A note on Brightmail (Score:5, Insightful)
Re:A note on Brightmail (Score:3, Insightful)
Brightmail? Awesome? Not for me it ain't, at least not right now. My ISP (AT&T Worldnet) uses it and it is letting through sooo much obvious spam recently that I'm beginning to think the spammers must have figured out a way around Brightmail's rules.
FWIW, both Yahoo! and the new Hotmail filters are performing much better than brightmail for me now
Regardless, I download all my mail through a SpamAssassin [spamassassin.org] POP3 proxy, which just plain knocks em dead.
Balam
Re:A note on Brightmail (Score:2)
Re:A note on Brightmail (Score:2)
Re:A note on Brightmail (Score:2)
to SpamAssassin's "local.cf" file. Some other good ones are:
Re:A note on Brightmail (Score:2)
Brightmail sucks. My employer uses Brightmail to keep company email inboxes clean from spam. It does not work. Everyday I still receive about 10 "Microsoft admin network patches" virus emails, Japanese spam, and pr0n spam with OBVIOUS keywords like "15 inch horse cock", "teen girls", and "3 inch anus". Most of this spam has obviously forged To: and From: headers, too.
Out of lying spammers, Scotty takes the cake. (Score:3, Interesting)
Of course, just for saying this, he'll threaten to get his dad (who's a lawyer!) to come after me, except of course that he's a tax lawyer.
Out of spammers, this guy is the lowest of the low.
sure (Score:5, Insightful)
Why is everyone so focussed on the spammer? (Score:4, Interesting)
Brightmail has so few false positives and allows so little spam through that any noticable continuous stream of spam caused by such an alleged "arrangement" between Ritcher and Brightmail would be bound to get noticed by savvy end users/administrators, if not Brightmail post-installation tech support.
Same with alleged "whitelists" at ISPs - enough people have eyes on MTA configs that there would be questions.
This is bullshit and I'm sorry Brightmail had to stoop to a public answer.
So who are these guys http://www.ileads.com (Score:5, Interesting)
I was told by a friend of mine (mortgage broker) that his company stopped using ileads.com because they were getting too many "bad quality" leads.
It seems that some people are starting to fill out these forms and having the brokers contact them and then after taking all the contact information from the broker, they inform them that if they don't a) divulge the information of where they got the lead and b) agree to stop using companies that use SPAM to generate leads that they will hand their contact details to the foaming at the mouth public.
Is this legal ? Souds like sweet justice to me.
Re:So who are these guys http://www.ileads.com (Score:5, Interesting)
The buisness that was spamming was then listed on his credit card statement. He sued them and won something like $1,000 from them for ignoring his opt-out requests. He had a statement about his technique for finding the spammer that went something like "They could hide from me, but nobody can hide from American Express"
I wish credit card companies had fake numbers to give to these spammers and paypal fraud artists that would automatically trigger alarms when they ran through for verification. This would be a great way for people to track down who is actually profiting from the spam. A good-guy version of the trojan horse, if you will.
Re:So who are these guys http://www.ileads.com (Score:5, Interesting)
Hey, that's a great idea! It's like that honeypot thing I read about a while ago (can't find a link, sorry).
Anyway, I don't know anything about credit cards (not having one, and all), but I heard that for security reasons, you can have the credit card company put limits on your account, like if you work 9 to 5, have the card raise red flags if it's used between 9 and 5, since you're not likely to be using the card while you're at work and any use at that time is likely fraudulent. So just sign up for a credit card and say something like "I only use it sundays, flag everything else", and then buy into a bunch of spam stuff on monday.
And then, just never use the card for anything but spam. I guess that's a little extreme, but if you really wanted to hunt down these spammers...
Re:So who are these guys http://www.ileads.com (Score:2)
Re:Mod parent up, "once in a lifetime" (Score:2)
I'll let you have eight eights, though, if you want.
Re:So who are these guys http://www.ileads.com (Score:2)
Assuming a spammer/fraud artist puts through more than one false credit card number per month, they would have no way of knowing *which* of the umpteen credit card numbers was the fake one that triggered the alarm. Sure, they could form an organization and track what numbers they put through, but even still -- do you think credit card companies would find it difficult to generate unique numbers? Hardly!
One-use credit card numbers (Score:3, Informative)
Another approach is to get a small bank account with a debit card, and never put more money in it than you're willing to risk losing
Re:I gotta say it (Score:4, Interesting)
You would need to use a "CREDIT" card not a "DEBIT" card. I had one company in the past mess with me on a warranty issue. I simply called the bank I had the credit card with and the company finally resolved the issue, but not after having the money ripped out of their hands while they messed around trying to fix things.
When MC/VISA/AMEX start loosing money on spammers, you can bet that they will shut down their merchant accounts.
The thing I fear the most however is dangerous criminal activity from spammers to people who choose to do this. This can only be safe if lots and lots of people do this.
The other danger is bad guys deciding to do this to a legitimate buisness. Say I was an unscrupulous nasty SPAMINAL and I wanted to take out the competition, you could easily generate lots and lots of spam and then link to your competitions web site and watch them go down in a sea of bad transactions. This is what concerns me the most with this scheme.
Me too I've got an agreement, the Iron Bar (Score:2, Funny)
Rumours are that I have agreements with other spammers too, they just love my Iron Bar(TM).
Iron Bar(TM), the ultimate solution to construtive talks with spammers.
Anti-spam Software and Spammers (Score:5, Interesting)
Not only do some anti-spam software companies make deals with spammers (according to the article), but some also are among the worst spammers.
I talked to a few different anti-spam software companies over the last few months. With each of them, I told them that once we made the decision on which (if any) software to go with, I wanted absolutely no further phone calls or emails trying to sell me their product. We made our decision just over 3 weeks ago and informed the software venders.
Two weeks ago, I received a spam from one of the venders we didn't purchase from. (Yes, the software we decided on caught it, but still, it's the priniciple of the thing.) I followed their procedures to opt-out and also sent an email to the salesperson whose name and email address appeared in the email. I informed her that I told them that I wanted no emails from them trying to sell me their software. I explained how disappointed I was in them and asked to receive no further emails.
A few days later, I received another spam from them. This one was "signed" by a VP of the company. Again, I opted out and sent an email to the VP explaining the entire situation. I explained that I was beyond disappointed and was now getting angry. I demanded that I not receive another sales email from them and explained that if I did, I would be passing the word about their tactics to friends that might be in the market for such software.
Guess what? I got another one. This time, I called the salesperson I was dealing with and explained that I was going to tell everyone I know about how Intellireach [intellireach.com] is an anti-spam software company that spammed me, did not honor my request to not get spammed in the first place and also did not honor several opt-out requests when the requests followed the instructions in the spam.
Re:Anti-spam Software and Spammers (Score:2)
Re:Anti-spam Software and Spammers (Score:2)
Anybody using it should be charged money for stuff everybody else gets for free.
Re:Anti-spam Software and Spammers (Score:4, Interesting)
Running Exchange and Windows, doesn't completely rule out free SpamAssassin. I've set up a free SA based filter on the Exchange system at work. It's a debian box running SA-Exim that sits in front of the Exchange box. Since we don't get that much volume, it can be handled by an old 266MHz PII box that's useless for any recent version of Windows, but is great for Linux.
I drop mail at a score of 20 (mostly dictionary attacks, Viagra ads...) and flag anything over 6. Outlook Rules can then be used to further act on the flagged messages.
BalamRe:Anti-spam Software and Spammers (Score:2)
Between a few good blacklists and SA, almost no spam is getting through. In fact, the only crap slipping in is very short spams (not enough keywords to get a decent score) coming from open relays that haven't been listed and
report the assholes to spamcop.net (Score:4, Informative)
Re:Anti-spam Software and Spammers (Score:2)
Hell, Staples -- yes, that Staples: the office supply store on every corner in the US -- has spammed me through Doubleclick's email service for over a year. Multiple emails, phone calls, and use of the (now defunct?) web chat function did little good.
The last time I talked with them about 6 months ago, I told them that each and every spam they sent would be reported to multiple locations. So, the FTC (uce@ftc.gov), Spamcop, and a service my ISP provides each get a CC whe
Re:Anti-spam Software and Spammers (Score:4, Insightful)
A lawsuit would be good. (Score:3, Interesting)
Then if any spam filtering companies are whitelisting spammers, then go after the companies for fraud.
Re:A lawsuit would be good. (Score:2)
His Brightmail claim not plausible (Score:5, Informative)
1) If they were ever caught (and they probably would be, because their software integrates with your MTA, which means someone could reverse-engineer it or snoop traffic between the MTA and Brightmail), their competitors' sales departments would have a field day stealing their customers. The anti-spam business is growing rapidly, but it's very competitive. If any of the companies in this field cut a whitelist deal with a spammer and got caught, the others would eat their lunch;
2) Even if they didn't get caught, lowering their spam prevention effectiveness would cause complaints from their customers and make it harder to beat the competition in comparisons and they'd lose out in the marketplace. Competition is huge, and Brightmail is somewhat limited in that their system only works with some MTAs, whereas some other systems (such as ours) are completely MTA-agnostic, which means we can sell to anyone. They wouldn't dare take such a chance, nor would they trust the spammer to keep his mouth shut if he got in a tight spot. Spammers, after all, are fundamentally unethical people, and an anti-spam company would never trust one.
I don't believe his claim at all.
How it could be plausible but still bogus (Score:2)
Maybe he's just claiming that Brightmail doesn't block 127.0.0.1 ?
Confused post - Richter's going down! (Score:5, Informative)
Re:Confused post - Richter's going down! (Score:2)
So Scott Richter says he *is* asking for publicity, but he certainly *isn't* doing it by lying about Brightmail, and that's *not* how the Brightmail insinuations made it into the public domain.
Posting the story as it appeared on
Might be something to it (Score:5, Interesting)
They deny the possibility and called me a liar. We no longer use that service.
There is always the possibility that one of their employees is not so honest and the company has no knowledge of this activity but something is amiss.
Bulkmail pass-through agreements are comment (Score:2, Informative)
a publicity artist (Score:2)
and getting it... If his name was misspelled, good! -- spammers should be ignored, really, though. Otherwise, we'll just create more of them.
Comment removed (Score:5, Insightful)
Re:What will be the result of the Anti-Spam Law ? (Score:2)
Well said. Don't play by our rules? Fu** off, we're not listening. Let's see what happens then.
Re: (Score:2)
Buzzzzzz.....Wrong (Score:3, Interesting)
Re:What will be the result of the Anti-Spam Law ? (Score:2, Funny)
Re:What will be the result of the Anti-Spam Law ? (Score:2)
The same logic is applied to the War on Drugs. No drug users = no drug problem.
However, drug users are addicted to intoxication (particular substance notwithstanding) and spam customers are just plain gullible fools (of which there are legion; just ask the Republican Party)
The downside is that wishing upon a star won't help.. neither will (further) bankrupting the US economy.
Re:What will be the result of the Anti-Spam Law ? (Score:2)