Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Spam Government The Courts News

Spam and the Law Conference Report 145

Cowards Anonymous writes "The Guardian has a story about a spam and law conference, recently held by the Institute for Spam and Internet Public Policy, in San Francisco. The conferences are usually attended by anti-spammers, from the major ISPs, and spammers; and are an attempt to bring the two sides together. The article's author notes 'It's oddly intimate, watching the spammers and the anti-spammers mill around each other like this. It feels like a temporary ceasefire in a vicious war that to most of us seems to be a stalemate.' Also in attendance was infamous spammer Scott Richter, or 'high volume email deployer' as he wished to be called on his recent Daily Show appearance. Surprisingly the anti-spammers didn't tear Richter to pieces with their bare hands."
This discussion has been archived. No new comments can be posted.

Spam and the Law Conference Report

Comments Filter:
  • by Jason Straight ( 58248 ) on Thursday April 08, 2004 @08:41PM (#8810751) Homepage
    And I'm waiting for spammer season! :)
  • by Anonymous Coward
    Scott wants to hear from you. Drop him a note [mailto]!
    • Yeah, I do... (Score:2, Insightful)

      by Anonymous Coward
      What's the future of spamming? There's enough effort now being expended that spamming won't continue. So where's the future? What's the sustainable model?

      A lot of bad shit happens in this world. For some reason, it never makes the front page. Hell, it's unusual for it to make any page in the US papers.

      What's the story on 9/11? Sounds like the US really fucked up. We knew about the threat in advance. Just didn't respond to it. You can read all about it in the UK papers, back long before the US pap
    • I tried that address during the broadcast - I sent him my spam folder (a dozen or so, cleaned it out earlier that day). For some reason his account was over quota...
  • by Anonymous Coward
    This letter and proposal has been sent to Google, Microsoft, and

    I get too much SPAM!!!

    It came upon me that there is a SIMPLE SOLUTION to the 180 or so e-mails I receive every day and have to spend several hours
    determining which are important and which ones are junk. This is a PERFECT SOLUTION with NO WORKAROUND BY SPAMMERS

    This is an invasion of privacy and I have the solution that provides pretty good privacy: it is to include a KEY ACCESS ALPHA-NUMERIC (includes HEXADECIMAL CODE) NUMBER within th
  • by Slashdot Hivemind ( 763065 ) on Thursday April 08, 2004 @08:43PM (#8810767)
    Wow. Spam AND bullshit management speak. How many reasons to kill(sorry, terminate with extreme prejudice) him do we need?
  • i let it gather to about 100 emails in my inbox, then i forward each of them individually to every address that sent it.
    • I set up my machine and everyone elses I know who I maintain to automatically bounce back every spam I have when it gets to a large amount to each of the addresses it comes to

      for example if I have 100 spam emails then I send ALL ONE HUNDRED OF THEM back to each address in each of the 100 mails. It takes some time but eventually they will all get the message.

    • by ObjetDart ( 700355 ) on Thursday April 08, 2004 @08:57PM (#8810884)
      I don't understand...what good does this do? Virtually all reply-to email addresses in spam are bogus. The only thing in the entire message that is real is the link to the site they are promoting. If you want to DOS the spammer, go after the site, not the bogus email address.
      • by azav ( 469988 ) on Thursday April 08, 2004 @09:08PM (#8810952) Homepage Journal
        As long as SOME reply-to addresses are bogus, it means that the method is useless.

        Also, since these spammers are proceeding with illegal activities in the first place, why would we even THINK that they would obey the new opt out rules and not resort to "they replied so it's a valid address to spam"?

      • Even the link to the site isn't perfectly real. If it comes to pass that people start DoS-ing the sites mentioned in spam, then spammers will start to put sites in there which are not their own, to get people to DoS other sites, like maybe some anti-spam site. The only piece of information you can really trust is the IP address your (ISP's) mail server had the SMTP session with to get the mail from, and the reverse DNS name only if the forward lookup returns a matching IP address. Everything else is unde

    • i let it gather to about 100 emails in my inbox, then i forward each of them individually to every address that sent it.

      No you don't. You don't know the address that sent your spams.

      All you can do is reply to some forged address that the spammer wants you to think the email is from.
    • its funny that i wrote this hoping to get a funny mod point...and so far its got 70% Insightful 30% Interesting anyone with a mod point want to achieve a goal of funny,interesting,and insightful?
    • if the return addresses were actually valid and the person who's e-mail address you just blasted had any possible means to prevent someone from "spoofing" their e-mail address.

    • i let it gather to about 100 emails in my inbox, then i forward each of them individually to every address that sent it.

      Unfortunately this just increases the spam that an innocent bystander gets. A lot of spammers use forged but real e-mail addresses they have picked-up as the sender address. You would now spam that unrelated person and not the spammer.

      Secondly, if the spammer uses his own address as sender than you have just confirmed to the spammer that you exist, and they have even more reason t

    • What you need to do is forward all of them to If you live in the US, let your taxes work for you. They have filed charges against some spammers.
  • I'd be interested in still pics or short video clips of Richter and his buddies. Did anybody snap any?
  • by LostCluster ( 625375 ) * on Thursday April 08, 2004 @08:46PM (#8810796)
    Well, true, spammers are among the lowest forms of human life and deserve the status. However, at least Scott Richter is willing to do something that most other spammers won't... admit that he does it and is willing to talk about it.

    Let's face it, he's willing to explain his motivations and disclose his tactics. Most spammers take great lengths to hide their identity, and are scared to even tell their family what they do for a living. Even if we don't like what he does, at least he's willing to help us attempt to understand the problem. If anybody proposes an anti-spam system, he'll at least do us the favor of pointing out how it's not going to work before we waste our time on it.
    • by Naffer ( 720686 ) on Thursday April 08, 2004 @08:50PM (#8810829) Journal
      Yesterday I received 144 pieces of Spam. Taking into account that there are 1440 minutes in every day, I get a piece of spam every 10 minutes.
      My current total is 18,212 pieces since 11/19/2002. 8,000 of which arrived just since the begining of January. If it wasn't for SpamBayes, I probably would have abandoned email altogether by now. These guys are rubish.
      • > Yesterday I received 144 pieces of Spam ... If
        > it wasn't for SpamBayes, I probably would have
        > abandoned email altogether by now. These guys
        > are rubish.

        Ho ho! You should consider yourself lucky, my good fellow. According to my procmail.log file, I'm averaging upwards of two thousand instances of spam mail per day. You can't *possibly* imagine the trauma that this sort of thing can cause.

    • Ok they need to be able to send spam... Make them pay for it... fire up a mail hub that spammers user to relay mail from... charge them for bandwidth and "remote" storage of their mail to be givin to ISP's that do not reject spam in general (Wanting it to stop because it takes up significant resources rather than for customer service reasons)... Right now its a Screw the ISP deal for sending Spam... ISP's loose out in the spam war from costs to "deal" with it.. Would he object to this rational? Probably bec
    • However, at least Scott Richter is willing to do something that most other spammers won't... admit that he does it and is willing to talk about it.

      What are you talking about? Lots of spammers are willing to admit what they do, to an extent. They admit that they send unsolicited email advertising. They won't admit, however, that they break a number of laws when doing it, because they don't care that they're breaking the law. They won't admit that they deliberately circumvent spam filters so that people
      • I don't like spammers anymore then you do, but are you sure you want to make a death threat? That just opens you up to a huge host of problems that you might not want to deal with. If I was Scott Richter, and I read this, then I would not take a death threat lightly. It wouldn't matter how many I got, I would still report it to the cops, just in case. If he died, how would you like the cops knocking on your door the next day?

        Think carefully about what you post, this will stay around for a long time.
        • I'm sick of pussying around with spammers. They've enraged me to the point where I will make serious statements like that. I mean it. I do believe that he and all other email spammers deserve to die. However, I am not going to actively seek out Mr. Richter, Alan Ralsky or any other known spammer. I have better things to do with my life.

          Yes, I'm a little psychotic about it. I have my reasons.

          As for what happens if he dies tomorrow, I'm never in a situation where I wouldn't be able to show that I was
    • In some ways (SOME!) I actually see spam as something that could be useful ... in a weird way. See, I classify spam as good, bad, and ugly. Ugly is easy, it's the viruses and phishers. Bad is the stuff with forged headers, misleading subject lines (account canceled, your resume). These two deserve no sympathy whatsoever. They are fraudulent and ought to be dropped in the ocean and fed to the fish.

      But the other spam, well, calling it good is pretty optimistic. I would say only that it is not as bad as
      • You know, if I only got 10 legit spams a day

        Parse error: Oxymoron.

        Spam results in a net theft of billions of dollars per year. It doesn't matter if a spammer is selling penis pills or computer parts, it's still theft of service and trespass to chattel.
      • I wish spam actually were a useful, cheap advertising medium. I might actually see something once in a while that was useful. But hundreds a day, for pills or porn or loans, that is not useful.

        So, 50 spams a day for mortgages, free university degrees and loans would be OK?

        The current state of spam activity is deplorable. Should Joe User respond to the reponsible spammers who promise to take him off "the list" or is he better off just deleting the crap? How can one tell the difference?

        Something has to
    • by Jade E. 2 ( 313290 ) <slashdot.perlstorm@net> on Thursday April 08, 2004 @10:15PM (#8811436) Homepage
      Most spammers take great lengths to hide their identity, and are scared to even tell their family what they do for a living.
      <<Cue violins>>

      Man: Mom... I... I'm sorry. I can't hide it anymore. I... I'm a spammer.

      Mom: I... was afraid of that. I mean, I suspected but... I just didn't want to find out. Didn't want to be sure. I had hoped... it would never come to this. I'm sorry.

      <<She reaches into her handbag, pulls out a revolver>>

      Man: Mom! No! NO!


    • But did you hear the kind of talk he used? He said that anti-spammers are terrorists because they hide their identity when they flood his box and harrass him.

    • If you find the tactics and motivations of professional spammers interesting, you may find a recent white paper published by Vircom, "Why Spammers Spam", interesting. s. asp

      Anne M.
  • by hambonewilkins ( 739531 ) on Thursday April 08, 2004 @08:46PM (#8810798)
    Scott Richter, or 'high volume email deployer' as he wished to be called on his recent Daily Show appearance.

    Where, it might be noted, it became clear he didn't have a whole lot of experience with the "clitorious."

    The best was hearing Rob Corddry say "clitorious" back to him, and Richter not batting an eye. Perhaps the solution to getting this guy to stop spamming is to get him some lovin'? Preferably human?

    • I think money is his main motivation... and he's realized that there's more money in the anti-spam industry than the actual spamming industry. He's willing to go turncoat if there's money in it... being a spammer is already lower than being a turncoat. :)
  • How to avoid spam. (Score:1, Informative)

    by rkz ( 667993 ) *
    1) Have a good adress for personal email.
    -> only give this to real people
    2) Have a shopping adress for websites who ask for it when you buy shit
    3) Have a registration email for websites you sign up to like slashdot.

    2 and 3 will get spammed to hell but you wont miss anything important if you redirect them to /dev/null unless you know you have a order confirmation. or a welcome email coming for you.
    The one for friends wont get spammed.
    • Even better: Have a domain. When you own a domain, you can forward all mail not addressed to a valid email address into a common mailbox. I give email addresses based on who I am giving them too, for example: yahoo-list@... microsoft-seminars@... symantec@... When/if I get spam to an address, it is much easier to figure where the leak was. Once an address is completely compromised, I create an actual mailbox for that address, set a size limit of 1, and let the messages bounce.
      • by Dwedit ( 232252 )
        That's a nasty thing to do, sending Bounce messages to random innocent people who happen to be in the forged From address. Getting lots of false bounced junk messages myself, I say you are part of the problem.
    • I only maintain two post offices. I have one that I don't care about that I give out to people who run MS Outlook/Express, since I know that their address books are going to get heisted on a fairly routine basis. Then I have another one that I give out to fellow Linux users. The former is constantly full of get-rich-quick penis-pill mortgage contest car job ads, while the latter remains virtually empty except for the occasional message conveying worthwhile information from people I care about. I'm almos
  • by macdaddy ( 38372 )
    I don't think I could possibly control myself at such a conference. I'd love to serve court papers at a gig like that. :)
  • by Slashdot Hivemind ( 763065 ) on Thursday April 08, 2004 @08:49PM (#8810822)
    Is admitting it comes from America. A quick glance at any spammer blacklist shows a clear majority of them live in Florida, but American politicians and lawmakers still push the line that it's an African and Asian problem.
    • by LostCluster ( 625375 ) * on Thursday April 08, 2004 @09:05PM (#8810943)
      Florida has an interesting power of attracting rich-yet-lowlife characters who have managed to be declared scum yet have avoided being put in jail.

      The key is that unlike other states, Florida has no value limit on what you can claim has your "homestead" [] when you are claiming bankruptcy. That is to say, you could own a multi-million dollar home and have billions in unpaid debt. You won't be able to own much else in your own name, but you can keep your homestead. With only a few exceptions, creditors simply can't force you to sell your homestead in that state.

      That's why spammers live in Florida. Pass all the civil liabity laws you want... you can't touch anything they have. You have to make spamming a crime in order for them to be worried.
    • Lots of spam comes from lots of places. America is probably the biggest source of spam, and Florida is probably biggest source within America. Part of the problem of this is because there is a mentality among lots of business people, and politicians that run the country, that the prime purpose government is here to support is business, with people just being a source of labor to support business. While spam programs from other countries is a genuine problem, too, American politicians tend to think it is

  • Where's the fuzz? (Score:4, Insightful)

    by k4_pacific ( 736911 ) < minus caffeine> on Thursday April 08, 2004 @08:52PM (#8810841) Homepage Journal
    If spammers have connections to virus writers and do all these malicious things, why weren't there cops waiting to arrest them when they showed up? Were they granted immunity to visit the conference or something?

    • Unless the virus takes down a major website, like Yahoo or or a government website, the feds could care less. They don't care if a known criminal hijacks your computer and uses it for criminal activity, so long as no businesses or government agencies are inconvenienced.

      Think I'm joking? Look up reports from people who have reported known computer breakins to the FBI. The FBI ignores them, the police ignore them.
  • by stecoop ( 759508 ) on Thursday April 08, 2004 @08:54PM (#8810860) Journal
    Surprisingly the anti-spammers didn't tear Richter to pieces with their bare hands

    I wonder if Richter is bigger than they expected or will there be a mysterious freak mishap in San Francisco involving rapidly expanding gases in a container when he start his car? All in all he is funny for going ya know...
  • Sometimes... (Score:4, Insightful)

    by Bishop, Martin ( 695163 ) on Thursday April 08, 2004 @08:57PM (#8810892)
    Sometimes I wonder just how much money these spammers really make from the spam. I've never even looked at a piece of spam in serious contemplation of buying whatever "product" they are selling
    • Re:Sometimes... (Score:3, Insightful)

      by LostCluster ( 625375 ) *
      Spam now falls into two categories:

      A: To sell something illegal/immoral. Any doctor who is writing any perscription for somebody who has never been to his office is on the wrong side of the ethical line, and in most cases steps over the legal one as well. Scammers love the lack of tracablity.

      B: Lead generation. There's no actual product, but they collect the list of signups to send direct mail or phone marketers your way from more-legit companies. Of course, the more-legit companies don't want leads creat
  • Next time (Score:5, Interesting)

    by azav ( 469988 ) on Thursday April 08, 2004 @09:12PM (#8810987) Homepage Journal
    Next time we know a meeting like this is coming up, we send a representative and photograph each of the spammers and post a "Most wanted" web page with each spammer's photograph and address.

    Then put up forms that can be printed out ala "wanted poster" style and have volunteers post the wanted posters all over the spammers' towns.

    Expose them and run them out of where they live. Make their lives as hard as they make ours.

    • Suggestions (Score:2, Interesting)

      * get a free domain so that it's easy for people to find this & so that it won't cost you
      * don't have any email addresses [or as few as possible], so that it is easy to reject spam
      * list their credit card info & banking info, if possible
      * list their phone numbers if possible
      * list their fax numbers if possible
      * make the whole thing searchable, in case somebody wants to verify whether or not a particular person is a spammer
      • YES! Searches on words without vowels would match viagra and v**gr*

        Something to think about. Thank you!

        But we gotta bring these assholes out into the public eye.

        Oops. Just got some spam I must report.

        We GOTTA do this.

  • Well? (Score:3, Funny)

    by Chris Acheson ( 263308 ) on Thursday April 08, 2004 @09:16PM (#8811014) Homepage
    Surprisingly the anti-spammers didn't tear Richter to pieces with their bare hands.

    Well, what kind of weapons did they use, then?
  • Byond the typical laundry list starting with "opt in," and ending it "don't sell illegal items" I'd like to suggest "clean house".

    I've opted in to some spam and had to opt back out again.

    Let me make myself perfictly clear. UCE* is what we are bitching about. With the huge volume of UCE the few items of SCE* are lost in the wake.
    I have to set up filters for each type of S?E* and a few UPE*.

    The fact of the matter is UCE is hurting SCE by flooding it out of existence.

    Back in the start Spamford made a play
    • I've opted in to some spam and had to opt back out again.

      From that one line, it's clear that you don't understand what spam is. So I feel no need to learn all the new terminology (U?E and such) that you just made up.

  • by KalvinB ( 205500 ) on Thursday April 08, 2004 @09:20PM (#8811042) Homepage
    Aside from from the bandwidth (which who knows what kind of bulk rates they get on that) the most expensive part of spamming is buying domains.

    And the kicker is that HTML doesn't allow you to obfuscate an URL. The best you can do is character codes but that's one to one so not effective.

    What I do is harvest URLs from spams and then add them to the rule file for my mail server. It's a mostly automated process to avoid accidently filtering out non spam domains like or yahoo or whatever that occasionally end up in spam e-mails along with real spam domains.

    You can click the link on my sig and then there's a link from there to see the current rule file my server uses. Since I added in web-mail with spam reporting, this is going to be even easier since spams will have a unique subject line and a to address that has no legitimate uses.

    Instead of trying to sort out which e-mails to my real addresses were spam or not, I just log in, report them and then it's a simple sort by to address to find all the spam to filter links out of. There's probably around a thousand filtered domains which equals several thousand dollars worth of domains.

    If you're worried about people snooping around on your connection, OpenSSL is comming soon for web-access.

    If you have a fully TLS enabled e-mail client you can do secure POP3 and SMTP already. Thunderbird has TLS capabilities for SMTP but not POP3 for some reason. Pegasus Mail is fully compatible. Apparently there's no clear standard as to whether the client should just use the standard 110,25 ports with encyption (what my server supports) or use alternate ports. Thunderbird is quite convinced you absolutely must use a fixed alternate port for POP3.

    For most people, it'll probably end up that the web access is the most secure way to use Indie-Mail.

  • "Surprisingly the anti-spammers didn't tear Richter to pieces with their bare hands."
    Because that would've let him off the hook to easily...
  • I frequently see The Daily Show posted on suprnova... anyone know what date to look for?
  • I use TMDA. Sure, it sends one e-mail back to the alleged sender of the message, attempting to verify their authenticity, but it's effective. I went from ~1000 spam messages a day, and a virtually unusable e-mail account, to 0 spam messages a day. And to anyone that worries about the complexity of TMDA from the end user's point of view -- my own 80 year old grandmother figured out how to get an e-mail to me by following TMDA's instructions. Then I whitelisted her... oops :-)
  • I talked it over with my partner this week. We are going to pick a few companies that have sent spam to me (and my three-year-old son) and we are going to sue the bastards.

    Our plan is to sue those companies which are pitching products that will make them more amenable to suit in California, and that may have some assets to go after. I am thinking the companies that are pitching mortgage loans ("Mor|tgage rates tumble - Refinance today ozg w9l") and insurance are prime targets. I realize, of course, that t

    • And IANAL, but what will the grounds for your suits be? And how will you determine, apparently before the fact, if they have assets to go after?

      As I said, I'm not a lawyer but I am a Banker; there are lots of ways to hide assets in the US and even more if you start to park stuff offshore.

      Is there alimit to the funds you plan to devote to this activity? I'm assuming (perhaps erroroneously) that you have to pay to file a lawsuit.

      Don't take this the wrong way - I'm supportive, just curious how you
    • All the best dude, ill be cheering for you.

  • >Surprisingly the anti-spammers didn't tear Richter to pieces with their bare hands

    Why would they? He keeps them in business. Anti-spam is big money. Without spammers, they're out of a job.
    • Why would they? He keeps them in business. Anti-spam is big money. Without spammers, they're out of a job.

      There's a large number of anti-spammers who do everything for free, as volunteers. Steve Linford is a prime example. "Giblet, USA resident" is another.
  • I'm amazed that his consistant lies and illegal activities haven't caught up with him yet:

    • His messages are opt-in (they are not)
    • People WANT to receive it (they don't)
    • He abides by CAN-SPAM (he doesn't... and his OptInRealBig bots are consistantly harvesting the subscribe address to a listserv I'm on, which is a federal crime, and subscribing themselves to the list)

    Heck, I have one client that gets 20 spams a day (to a single account, harvested from the website, of course) just from OptInRealBig.

  • DOS the SPAM urls. (Score:1, Interesting)

    by Anonymous Coward
    Not the spammer, but the advertiser who paying the spammer. The spammer hides his identity, but the spam has the url to the ones who bought the 'service'. Take the sites down who bought the spam and let them know why.
  • I sat here at work reading this thread, seeing the comments of people equating spam to "junk mail", telemarketers, etc.
    Then I realized that the best comparison to spam are unsolicited(junk) faxes....

    Spam costs real dollars to most people who recieve it. If your email provider is filtering spam for you, you are paying for that as well through your monthly charges. Next, some people will say how does it cost you real money by recieving spam? Most people pay a flat rate for unlimited use of the internet

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!