A Weblog About Topics and Issues Discussed in the Book Spam Kings by Brian McWilliams

« Spam from Iraq | Main | Another house that spam built »

November 10, 2005

Unmasking a John Doe spammer

John DoeEver noticed that Microsoft seems to sue a lot of spammers named "John Doe"?

It's actually just a standard legal tactic companies use when they want to file a lawsuit against unidentified individuals. The goal is to unmask the defendants by serving discovery on Internet service providers, domain registrars, online payment processors, etc. With any luck, Microsoft (or whoever's doing the suing) eventually amends its lawsuit to name the spammers.

Well, looks like Microsoft had such luck in a John Doe lawsuit it filed a year ago against some spammers pushing kits that supposedly train people to "Earn HUGE Profits On eBay.ā€¯

In October 2004, Microsoft sued "JOHN DOES 1-50 d/b/a Myauctionbiz.biz" in a U.S. District Court in Washington state. The lawsuit alleged that the spammers inundated MSN Hotmail users with illegal messages for the eBay kits.

Often these lawsuits can hit a brick wall, but in February 2005, Microsoft investigators identified San Diego, California resident Kevin Hertz as head of the Myauctionbiz.biz spam network. Hertz turned over a database including a list of his marketing affiliates and their corresponding affiliate identification numbers.

Last September, Microsoft deposed Hertz, who confirmed that his spammers were the ones who sent the deceptive emails to Hotmail.

Soon, Microsoft's investigators were able to identify the 38 or so affiliates responsible for most of the Myauctionbiz.biz spam sent to Hotmail. Microsoft then filed an amended complaint naming them on October 31, 2005.

The defendants include residents of around ten states and a couple of provinces in Canada.

MORE: Hertz appears to be connected to a San Diego company called Progressive Media Group, Ltd., but it's not named in the complaint. Someone named "Robert Hertz" at the same street address owns a block of IP addresses, including one that hosts a network of websites.

Posted by brian at November 10, 2005 12:31 PM


In an interesting twist, many people have started using spam to send resumes for themselves, which is kind of dumb when you realize that your resume generally has a name, address, phone number, and email address.

For example, I just received a resume for:

144 Wood Dale Drive, Ballston Lake, NY 12019
(518) 877-5630 Residence, (518) 441-4984 Mobile, RosenFourL@aol.com.

Not a very bright spammer if you ask me, I doubt he'll get a good job!

Posted by: Lewis Rosen spam recipient at January 13, 2006 4:16 PM


Weblog authors are solely responsible for the content and accuracy of their weblogs, including opinions they express,
and Oā€™Reilly Media, Inc., disclaims any and all liability for that content, its accuracy, and opinions it may contain.

All trademarks and registered trademarks appearing on spamkings.oreilly.com are the property of their respective owners.

O'Reilly Home | Privacy Policy

© 2004 O'Reilly Media, Inc.
For assistance with this site, email: