A Weblog About Topics and Issues Discussed in the Book Spam Kings by Brian McWilliams

� November 2005 | Main | January 2006 �

December 28, 2005

Site claims $3.5M damages from spam blacklist

COMPLAINT.gifChapter 9 of Spam Kings gets into some of the back story on the 2003 lawsuit against a group of anti-spammers known as the Nanae Nine. Since then, there have been a number of other lawsuits against spam blacklist operators and the like (e.g., Spamcop, Joe Jared, et al.) But the latest litigation seems especially ironic.

Richard M. Scoville, editor of a site called the Free Speech Store, is suing the operators of the Abusive Hosts Block List (AHBL) for $3.525 million.

On December 17, Scoville got a Texas county court to issue a temporary restraining order, forcing the AHBL to remove his site's IP address ( - Road Runner Commercial) from its anti-spam blocklist until the case is litigated.

I haven't seen the complaint yet, but Scoville apparently alleges that the AHBL operators have caused him "emotional distress" and "continuing damages to personal business credit," among other harms.

Scoville has apparently been on a personal vendetta against one of the AHBL operators, Brian Bruns. There are currently some 152 articles at Scoville's site that mention Bruns. Like all the other articles at FreeSpeechStore.com, you'll have to pay to view them. (As Scoville has explained, "Speech is Free, only information or data has a cost.")

Over the years, Scoville has earned lots of detractors in the anti-spam world for his online behavior.

Operators of the AHBL are asking for donations to offset costs of lawyering up. But Scoville has threatened to sue (as a "co-conspirator") anyone who donates to the AHBL legal defense fund.

Scoville certainly posts a lot of messages to Usenet, garnering himself a reputation as a Usenet Kook. And he apparently sends some unsolicited emails to a variety of people. But it's probably a huge stretch to call this guy a spam king.

Posted by Brian at 1:49 PM | Comments (8)

December 27, 2005

Joe-job on Blue Security

head.jpgSome trickster is trying to hit a spammer (Robert Soloway) and an anti-spammer (Blue Security) with a single stone.

Someone recently placed an order at the web site of spammer-for-hire Robert Soloway. Using a stolen credit card, the unidentified person signed up for Soloway's $149 "Custom Broadcast Emailing to 2,500,000 People" service. The trickster, who claimed to be with Blue Security, wanted Soloway to broadcast a message with the subject line "Do away with unsolicited ads" and the following message body:

Learn how to wipe out unsolicited advertisement snders. Our active approach allows for eye for eye justice. We poison the databases of those who send out these unsolicited ads in order to cause them to run afoul of the law and cost them money in wasted billing efforts, phone calls, etc .

Soloway faxed me a copy of the order last week, and I passed it along to Blue Security. The people at Blue were, as you might expect, a bit miffed at this apparent attempt to give them a black eye. But this isn't the first time that's happened. Last August, a someone forged a bogus email ad in an effort to Joe-job the fledgling company.

Don't know if it's cause and effect or not, but the bogus order submitted to Soloway happened just a couple days after I pointed out that Blue Security had begun reporting spam sites to various authorities. (If spammers truly want Blue to leave them alone, wouldn't it be easier just to download and use the Blue Frog remove lists?)

I asked Blue Security for a copy of the opt out complaint they post in the order forms of spammers who send unsolicited ads to Blue Frog members. For the record, the message begins like this:

An unsolicited commercial email advertising your website was sent to me. I am currently not interested in receiving such unsolicited email. I kindly ask that you or anyone on your behalf cease sending me such emails and remove me from your mailing list.

I'd post the full opt-out message, but some clever spammer (or militant anti-spammer?) would probably use it to perform another Joe-job on Blue Security.

Posted by Brian at 2:51 PM | Comments (4)

December 24, 2005

Charlie Crist's lax email etiquette

crist.jpgI've talked about the anti-spam work of Florida attorney general Charlie Crist a couple times in recent weeks. (Here and here.)

But now it seems that Crist, who's running for governor of Florida, is accused of spamming voters.

Crist's unwelcome campaign emails may not violate the CAN-SPAM law, but his campaign web site certainly does a shoddy job of email etiquette.

Subscriptions for Crist's email updates are not confirmed. In other words, it's possible to add a third party to Crist's distribution list without authorization or verification.

The Tell a Friend option at the site is also broken. Individuals are able to add the email addresses of "friends" to Crist's distribution list. But if recipients of the email click the unsubscribe link in the message, they're taken to an error message page at the Crist site that says "Input string was not in a correct format."

Even worse, the site's privacy policy says users can opt-out from campaign communications by emailing info@charliecrist.com. But when I tried to unsubscribe from the list using that method, my email bounced back with the message:

Permanent Failure: 550 info@charliecrist.com is_invalid.

Crist's site says he is "the best person to uphold Jeb Bush's legacy." Did Crist mean Jeb's questionable email tactics too?

Posted by Brian at 2:22 PM | Comments (1)

December 23, 2005

My new career ... as a cyber mule?

got_mules.jpgSome cybercrooks have apparently harvested a bunch of email addresses from the New York Times online resume database. Mine was among them. (Yes, I'm looking for a full-time job.)

The criminals then spammed the addresses with emails written to look like they came from a legit company seeking what they called couriers. "We have read your resume and application on NYtimes.com, and believe that you may suit our standards," said the emails.

The messages said the company's "correspondance department" (sic) wanted to hire couriers to receive packages ("usually electronic devices") via US mail and then re-ship them to a new address using mailing labels provided by the company, SDSolutions Inc. Payment ($30/package) would come via Western Union.

Apparently these scam artists didn't take the trouble to read my resume real closely.

It's pretty clear that I and other people in the NY Times database were being recruited as "mules." The equipment we would be re-shipping undoubtedly would be purchased by the crooks using stolen credit card numbers. We mules would help the scammers turn those stolen cards into cash, by shipping the goods to them for sale on the black market. Or perhaps by mailing the items to someone who had won them in an eBay auction hosted by the crooks.

The emails included a link to the company's web site, which looks fairly convincing. (Check out the page listing the company's management.) Except that much of the site's text is borrowed from a real company's site. And somebody left an "author meta tag" in the home page's HTML source code, indicating that the dummy page was created by "Nemesis Lab." (For what it's worth, I'll be reporting the scam to the NYT and to the ISP hosting the site.)

I doubt that the scammers read this blog, so I'll keep you updated if and when my new career as a mule unfolds further. In the meantime, you can peruse a USA Today story from this past summer that describes in more detail how scams like this work.

Posted by Brian at 9:41 PM | Comments (3)

FTC opts out of Spamhaus input

I haven't yet finished reading the U.S. Federal Trade Commission's 116-page Report to Congress on the 2003 CAN-SPAM Act. But I've already spotted a conspicuous omission.

The FTC conducted wide ranging interviews with scores of smart people. (Transcripts of some of the interviews are available online.) Yet for some reason, Spamhaus director Steve Linford was not among those interviewed. Nor was Spamhaus cited once in the agency's report.

Ask any spammer, "Who's done more to make your life difficult, The Federal Trade Commission, or Spamhaus?" I'm pretty sure the spammer won't say the FTC.

Linford and his associates at Spamhaus probably know as much about spam trends as anyone in the world. Why wouldn't the FTC consult them?

Now, maybe the FTC decided to leave England-based Linford out because he isn't American. (Then again, the FTC interviewed a Canadian, Chris Lewis of Nortel Networks.)

Or maybe the FTC didn't really want to hear what Linford had to say. He has been an outspoken critic of CAN-SPAM from the start. He was even quoted as saying the law may have worsened the spam problem.

Interesting that the FTC did get input from Jerry Cerasale, senior vice president for the Direct Marketing Association. Linford and others have accused the DMA of lobbying Congress to weaken CAN-SPAM.

The FTC report concludes that CAN-SPAM has been effective, which pretty much ensures there won't be any changes to the law or any new federal anti-spam legislation.

Posted by Brian at 12:39 PM | Comments (1)

December 16, 2005

Wipe out for Dr.Rik

drNick.jpgThe allure of effortless wealth -- that's what drives many people to become spammers. One Sebastian, Florida junk emailer named Rik Rodriguez even created a web site with that name. A fan of surfing, Rodriguez officially called his spam operation Wavemaster Consultants.

If life was a beach for the 47-year-old Rodriguez, things got real gnarly this week. The attorney general of Florida filed a lawsuit against him for sending out illegal spam for a product called Fuel Saver Pro. Rodriguez is facing potentially $10-million in penalties. The AG also wants Rodriguez to post a $1-million bond to ensure he complies with the proposed injunction. (Rodriguez allegedly sent the spam as an affiliate in a spam network run by Mark C. Ayoub, who was sued by the FTC earlier this year.)

Rodriguez referred to himself online as "Dr.Rik" -- usually leaving no space between the period and his name. I'm not sure what qualifies him as a doctor. (For some reason, the image of Dr. Nick Riviera of the Simpsons comes to mind.)

An online bio says Rodriguez was a "surgical assistant" for 20 years, but I couldn't find a listing for him in the health professionals database maintained by the Department of Regulation & Licensing in Wisconsin, where he apparently lived before moving to Florida. (Maybe he's a PhD "doctor"?)

I do know that in 2003 Rodriguez spammed Pinacle penis pills as Affiliate #79 for Amazing Internet Products, the spam operation profiled in detail in Spam Kings.

Kind of strange behavior for a doctor, but Rodriguez also sent spam in 1998 advertising a multi-level marketing scheme for cigarettes.

Posted by Brian at 11:37 PM | Comments (1)

December 14, 2005

Bulletproof telephone hosting

explosion-proof phoneAlmost all junk email tries to drive recipients to purchase something from a web site. But sometimes the "call to action" in a spam requires purchasers to go offline.

Alert reader Jonathan Lansey wrote in to observe that a slew of recent fake-diploma spams list a phone number (206-338-3579) with a working voice mail inbox. (I'll save you the long distance call. Here's an MP3 file of the recorded greeting.)

Web sites are obviously a great way to conduct spam-generated transactions. But even supposedly bulletproof sites hosted by spam-friendly ISPs often can be tracked down by anti-spammers and nuked.

Conducting spam-generated sales by telephone may seem like a big inconvenience for both seller and buyer. But, as I discovered, there are some big advantages for the spammer.

I consulted a reverse phone-number database and determined that the 206 number above was leased from a Seattle telecommunication service called International Telecom, Ltd. ITL offers a free voicemail-to-email service called K7 Unified Messaging. For no charge, the company will assign you a (toll) phone number and enable you to record a greeting. Any messages left by callers are shipped via compressed audio file to your email account and/or can be reviewed at the K7 web site.

Turns out lots of podcasters use the K7 service to inexpensively gather broadcast-ready feedback from listeners. Besides being free, the K7 service also has some especially spam-friendly features. According to spokesman Gregory Van Tighem, ITL doesn't collect any personal information from users aside from an email address. "There is nothing to prohibit the user from signing up for another number after we have terminated their account," admitted Van Tighem.

What's more, ITL's terms of use do not specifically prohibit use by spammers. In an email, Van Tighem told me "it is virtually impossible to monitor or restrict how anyone distributes a telephone number, including email." He also revealed that the company generally only cancels K7 accounts for "non-use" -- in other words, if the number no longer receives calls or if the user stops retrieving his messages. Van Tighem said the company has flagged the diploma spammer's account and may terminate it if the spammer doesn't retrieve his messages.

A quick check of spam reports shows a number of spammers using the K7 service. Some of the many recently spamvertised numbers include 206-338-3863, 206- 338-5780, and 206-984-4134. (There was also a recent phishing spam that listed a K7 number, 206-338-5773.)

Jonathan Lansey suggests the way to combat such spammers is through phone-bombing. "Take a minute to drop a message in their inbox, then tell your friends to do the same ... revenge is sweet," says Jonathan.

I'm not a big fan of fighting abuse with abuse. Next thing you know, we'll be seeing telephone joe-jobs. Anti-spam programmer Joe Wein suggests filing complaints with ITL, as well as with the Washington State Attorney General and the Washington Utilities and Transportation Commission.

What do you think?

Posted by Brian at 11:03 AM | Comments (2)

December 9, 2005

The Blue Frog has new teeth

frog with teeth.jpgIn my discussions with spammers, I am surprised to learn that many have not heard about the Blue Frog anti-spam service from start-up Blue Security.

The service generated a lot of publicity at its launch last July, with some respected anti-spammers accusing Blue Frog of fostering vigilante action against junk emailers or "spamming the spammers." (Others have responded that the system is perfectly ethical and legal.)

The controversy was over Blue Frog's active deterrence feature. In a nutshell, Blue Frog tries to get bulk emailers to stop spamming its 50,000-plus members by posting opt-out requests in web forms at web sites advertised by spam. The goal is to encourage spammers to use the Blue Frog remove lists, while empowering Blue Frog members.

Blue Security insists the "eye for an eye" approach has been very successful, and some members report significant reductions in spam. But the company nonetheless has decided to up the ante.

Since last September, Blue Frog isn't just filing complaints directly to spammers. The service has also begun compiling and submitting reports to entities including the Federal Trade Commission, the Drug Enforcement Agency, the Securities and Exchange Commission, and even the FBI and Interpol. The service is also alerting Internet service providers who host the websites advertised in spams received by Blue Frog members.

Is this move an admission by Blue Security that its controversial "active deterrence" strategy was a bust -- and that spammers were ignoring the opt-out complaints?

Eran Aloni, Blue Security's director of marketing, insists that the service's goal is unchanged: to convince spammers not to spam people who don't want it and are willing to actively fight it.

Aloni says that the new reports have forced the recent shutdown of several Brazil-based websites used by a mortgage spammer. The service also has had some success getting Yahoo and Lycos to pull the plug on spammers' sites. (Sample reports are posted on the Blue Frog Blog.)

"This is the first time any anti-spam solution succeeded in reducing spam levels by persuading spammers to stop sending it rather than filtering spam after it arrives to the user," Aloni recently told me via email.

Posted by Brian at 3:29 PM | Comments (18)

December 6, 2005

No chain gang for Florida spam duo

chain-gang.jpgA judge has ruled against two Florida spammers who called themselves the Dotcomboiz.

Scott J. Filary, 25, and Donald E. Townsend, 34, were sued by the Florida attorney general last April. At the time, AG Charlie Crist said the spammers faced a penalty of $24M for violating Florida's 2004 spam law.

Under the judgment, however, the two men will get off by paying $50,000 to cover the cost of the state's investigation.

That much smaller figure was apparently arrived at based on financial statements provided by the defendants last August. They'll be subject to a $1.1M fine if they fudged the records, or if they break the terms of the permanent injunction, which prohibits them from further violations of the Florida spam law.

Crist, who is running to be Florida's republican nominee for governor, evidently earned the nickname "chain gang Charlie" for his efforts to cultivate a tough-on-crime image.

Posted by Brian at 11:09 PM

December 1, 2005

Blacklist stats suggest anti-spam progress

spewsHave we turned the tide in the battle against spam? Experts fling around a lot of contradictory statistics about overall spam volumes. But here's one figure that might give cause for cautious optimism.

For four of the past five months, the number of addresses on the SPEWS anti-spam blacklist has declined. According to figures compiled by David Bolt, there are currently 27,082,798 Internet protocol (IP) addresses on the controversial list of spam sources.

That's down nearly 350,000 IPs since the start of November 2005. The SPEWS list also shed nearly 120,000 addresses in October.

There was a slight uptick in September 2005, following huge drops in August 2005 (-540,000) and July 2005 (-1,082,000).

Now, here's the bad news. In December 2003, when Bolt first began publishing his analysis, the SPEWS list contained a total of just 12,635,013 IP addresses. In other words, since CAN-SPAM went into effect, the SPEWS list has more than doubled in size.

Meanwhile, the percentage of the total Internet space being blacklisted by SPEWS has more than doubled as well. In December 2003, SPEWS blocked 0.294 percent of total IP space. Currently, around 0.631 percent of overall IP space is being blocked.

What's more, the recent gains could be easily wiped out if SPEWS decided to make another one of its radical statements about rogue ISPs.

Clearly, it's too soon to declare that spammers are being driven off the Internet. Still, stats from the last few months suggest a trend in that direction. And compared to this time last year, when there there were 27,907,148 IP addresses on the list, the size of the blacklist has shrunk three percent. Woot.

(For those who want to crunch the SPEWS numbers themselves, Bolt provides software.)

Posted by Brian at 10:42 AM

Weblog authors are solely responsible for the content and accuracy of their weblogs, including opinions they express,
and O’Reilly Media, Inc., disclaims any and all liability for that content, its accuracy, and opinions it may contain.

All trademarks and registered trademarks appearing on spamkings.oreilly.com are the property of their respective owners.

O'Reilly Home | Privacy Policy

© 2004 O'Reilly Media, Inc.
For assistance with this site, email: