Previous Politech message: "David Scott Anderson: An unapologetic resume spammer, and a twist" http://www.politechbot.com/p-03730.html --- From: "Dave Steer" <dsteerat_private> To: <declanat_private> Subject: RE: David Scott Anderson: An unapologetic resume spammer, and a twist Date: Tue, 9 Jul 2002 09:12:11 -0700 Good action, Declan. A close friend of mine has said that Spam is, potentially, the most destructive of plagues to descend upon the Internet. I am compelled to agree. After all, most of the other problems (ID Fraud, Slow uptake of broadband, etc.) have plausible, working solutions (free market, government, and other). Spam is different. Despite filter technologies and black lists, the problem is getting worse -- evidenced both by the volume of my inbox and the share of complaints received by TRUSTe's Watchdog -- and the solutions are not working (falsely identifying Spam is only one of them...). It is my belief that the cure will be the result of the cross functioning of technologies, oversight and dispute resolution. In short, the elimination of bad email AND elevation of responsible email. Until then, the delete button is my best friend. Cheers, Dave Steer --- Date: Wed, 10 Jul 2002 09:13:47 +0100 (BST) From: James Sutherland <jasat_private> To: Declan McCullagh <declanat_private> Subject: Re: FC: Three tales of firsthand problems with "anti-spam" blacklists On Tue, 9 Jul 2002, Declan McCullagh wrote: > Previous Politech message: > > "David Scott Anderson: An unapologetic resume spammer, and a twist" > http://www.politechbot.com/p-03730.html > > As a brief followup to my earlier message, I give the SpamCop folks (some > of whom subscribe to Politech) high marks for responsiveness, although they > also incorrectly listed my mail server as spam for 18 hours on Feb. 11. But > the relays.osirusoft.com admin never explained why my server was > blacklisted last week without a check performed first. Spamcop's own blacklist is automatically generated, based on the number of complaints received recently ("recently" being "within the last 3 days", with reports from the last few hours being most heavily weighted) and the volume of mail handled (so a handful of reports would list the average open relay, but listing AOL's server farm would require a huge number). It's important to remember HOW Spamcop use this "blacklist": unlike most, "blacklisted" mail is NOT rejected - just diverted into a "this might be spam" folder on the server. They also point out that the Spamcop blacklist is not for use as an auto-reject filter, only for information: even if your server were listed, this would just divert mail from you into another folder - and I can "whitelist" you at the click of a mouse when I realise you aren't spamming me. Certain other blocking services, however, can be rather trigger-happy - not to mention assuming they are always correct in listing you! James. --- Date: Tue, 09 Jul 2002 16:42:26 -0400 From: "Paul Levy" <PLEVYat_private> To: <declanat_private> Subject: Possible claims against careless blackholers I take it that Clinton Fein is implicitly suggesting that, when an anti-spam group adds someone to a list of alleged spammers,, merely upon the receipt of a report but without any independent checking, there is an instance of defamation. Perhaps one could say that the group's practice reflects negligence, which is a sufficient basis for a defamation claim where the person added is not a public figure. OTOH, it is hard to see a viable cause of action for trademark dilution; the "tarnishing" that follows from criticism is generally not a basis for a dilution claim.... Paul Alan Levy Public Citizen Litigation Group 1600 - 20th Street, N.W. Washington, D.C. 20009 (202) 588-1000 http://www.citizen.org/litigation/litigation.html --- Subject: Re: FC: David Scott Anderson: An unapologetic resume spammer, and a twist From: Billy Harvey <Billy.Harveyat_private> To: declanat_private In-Reply-To: <5.1.1.6.0.20020708212540.02db2ae0at_private> Date: 08 Jul 2002 22:25:33 -0400 > Excerpts from a representative email: > - "I will be contacting an attorney..." > - "Is it possible that you are a racist. Did you go to my site and see that > I am African American, and have a problem with that?" > - "The resume was sent to you by a service, not me personally..." This could be rewritten as: 1. It didn't happen. 2. If it did happen then it wasn't me. 3. If you can prove it was me, then I'll sue you for racism. Hell, Declan, you'd better just send him an envelope full of money right away and save yourself the trouble later. Billy --- From: "Magdalena Donea" <maggyat_private> To: <declanat_private> Subject: Re: Three tales of firsthand problems with "anti-spam" blacklists Date: Tue, 9 Jul 2002 15:27:21 -0600 Declan wrote: > But > the relays.osirusoft.com admin never explained why my server was > blacklisted last week without a check performed first. Paul Bort wrote: > If I found two bad address ranges in just that one record, how many false > positives are scattered throughout their database? The SPEWS system is unapologetic about false positives, and even regard them as a plus (they've taken the "ends justify the means" argument way farther than I've seen anyone else take it). Their philosophy appears to be that if innocent businesses and individuals on the periphery of spam-house blocklists are affected, then those innocents will have no other choice but to pressure their upstream provider to remove the spammers from their blocks, thereby solving the spam problem bit by a bit. Draconian, yes. Effective? Sure. My story is similar: a couple of weeks ago, this SPEWS record included, as part of the IP address range, the main IP of our shared mail server: http://www.spews.org/html/S969.html Like Paul, I spent several days on Usenet, trying to fight the listing: http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=8b22a437 .0206102335.6c063861%40posting.google.com&rnum=1 (sorry for the length of the URL) ... and eventually, after promises to move my servers ASAP away from my upstream provider, I obtained a whitelist for our base IP, and went on with my moving plans. The move isn't completed, however, and as of a couple of nights ago, the previous listing has been expanded to include not just the few dozen IP addresses that were previously listed, but a whole *3 class-C blocks* which includes not only the original server, but our secondary and a few of our dedicated servers. One of those dedicated servers belongs to our favorite client, the Libertarian Party. All because of 1 or 2 possible addresses in those blocks that may belong to marketingontarget.net Based on previous "conversations" on nanae, I have absolutely no hope of getting this resolved again. Coercion seems to be the name of the game among these folks. As I said, they're unapologetic about collateral damage, going so far as to justify their practices with "well, goodness, we don't FORCE anyone to use the SPEWS list..." The SPEWS list is different than others precisely because of what they attempt to do - they *know* their lists include collateral addresses. The problem is, of course, that so many servers out there subscribe to relays.osirusoft.com and their ilk, and use the SPEWS data, or are automatically subscribed to the SPEWS data by their dial-up ISP or other access provider, that the SPEWS "optional" argument is moot. The fact of the matter is that they *are* causing severe monetary damage to others, and no amount of anti-spam self-justification will change that. Sorry for the annoyance level I'm displaying. I'll now get back to my jam-packed server admin day. --Maggy Magdalena Donea KIA Internet Solutions, Inc. --- Date: Mon, 8 Jul 2002 20:34:56 -0700 (PDT) From: Chris Caputo <ccaputoat_private> To: Declan McCullagh <declanat_private> Subject: Re: FC: David Scott Anderson: An unapologetic resume spammer, and a twist In-Reply-To: <5.1.1.6.0.20020708212540.02db2ae0at_private> I am finally getting around to setting up TMDA (Tagged Message Delivery Agent - http://software.libertine.org/tmda/) to deal with my spam woes (avg. of ~133 per day in the last month). The main feature I will be using is the confirmation requirement from people who are not yet on my "whitelist". Yes this means I may miss some messages occasionally from people who don't know how to handle the confirmation process, but time wasted due to spam has gotten bad enough that this risk is worth the gain in productivity. Taking back ownership of my inbox, Chris --- Date: Mon, 8 Jul 2002 21:05:31 -0700 To: declanat_private From: Tom Collins <tomat_private> Subject: Re: FC: David Scott Anderson: An unapologetic resume spammer, and a twist Washington Post on resume spamming: http://www.washingtonpost.com/ac2/wp-dyn?pagename=article&node=&contentId=A34840-2002Jan24 Slashdot story on resume spamming: http://slashdot.org/article.pl?sid=02/01/09/0346217 Followup: http://slashdot.org/article.pl?sid=02/01/25/1622242 -Tom --- From: "G. Waleed Kavalec" <gregat_private> To: <declanat_private> References: <5.1.1.6.0.20020708212540.02db2ae0at_private> Subject: Re: David Scott Anderson: An unapologetic resume spammer, and a twist Date: Tue, 9 Jul 2002 07:40:09 -0500 Declan You made a common error in dealing with Anderson, one you noted: > One obvious minor solution is not to reply to spammers and send mail > only to the abuse@ address. But in my experience, copying both > addresses works better: Some abuse admins aren't quick to respond, > while spammers seem to be more willing to delete you from their lists > if they know they've already been reported. "Delete you from their lists" != stop spamming. We "antis" call the former "listwashing" and it really doesn't reduce the traffic at all. G. Waleed Kavalec ------------------- What if there were no hypothetical questions? --- From: "Michael H. Frese" <Michael.Freseat_private> To: "Declan McCullagh" <declanat_private> Cc: "Robert Hettinga" <rahat_private> Subject: A Modest Proposal on Spam Date: Tue, 9 Jul 2002 07:18:49 -0600 Declan, If every mail client contained a Spam-Reply button, then no one would send out a million messages to people they don't know. The button would activate an automated reply function against the valid URL included in the message. A thousand false mouse clicks or a hundred false form replies should do it. If 1% of the people receiving the message hammered each spammer, then they'd not be able to find the true responses in the false. Since the number of false messages from each source would be modest, it wouldn't be distinguishable from real traffic. The network itself would mount the counterattack so to speak. The key is to make the software for the counterattack widely available, the individual attacks small, and the number of replies much smaller than the denial-of-service threshold. It would stop spam by destroying its value. Outlook Express plug-in, anyone? Mike --- Date: Tue, 09 Jul 2002 09:35:06 -0500 Subject: Re: FC: David Scott Anderson: An unapologetic resume spammer, and a twist From: Shawn Yeager <shawnat_private> To: <declanat_private> Declan: First, a jaw-agape "wow," at the pure absurdity of this exchange between you and Anderson. It's staggering how some people can be so misguided, yet so convinced they're in the right. I commend you for the objectivity with which you were able to pass along this story. Secondly, it is for the many reasons you note that I believe a collaborative approach like Vipul's Razor (now Cloudmark, commercially) looks very promising. I believe you've covered one or both on your list, so I'm likely telling you nothing you don't already know. What may be new to you is that version 2 of Razor now incorporates the concept of a "trust index," which will purportedly better the system with an historical rating of one's reporting of spam. I have no involvement with Vipul or Cloudmark, so you'd obviously want to go to them for details. Thanks for the list. I've really enjoyed it. Best regards, Shawn -- shawn yeager | http://shawnyeager.com/insight emerging technology insight | 630 689 4031 --- Date: Tue, 09 Jul 2002 19:17:25 -0700 From: Joachim Feise <jfeiseat_private> Reply-To: jfeiseat_private Organization: University of California, Irvine To: declanat_private Subject: Re: FC: David Scott Anderson: An unapologetic resume spammer, and a twist Declan McCullagh wrote: >David Scott Anderson is not merely a resume spammer -- he's a singularly >unapologetic one. He's not the only one. I think Bernard Shifman is the most notorious: http://petemoss.com/spamflames/ShifmanIsAMoronSpammer.html -Joe ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ ------------------------------------------------------------------------- Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Jul 10 2002 - 12:57:42 PDT