November 5, 2014

A long trail of spam, dodgy domains and hijacked Internet addresses leads back to a 37-year-old junk email purveyor in San Diego who was the first alleged spammer to have been criminally prosecuted 13 years ago for blasting unsolicited commercial email.

atballLast month, security experts at Cisco blogged about spam samples caught by the company’s SpamCop service, which maintains a blacklist of known spam sources. When companies or Internet service providers learn that their address ranges are listed on spam blacklists, they generally get in touch with the blacklister to determine and remediate the cause for the listing (because usually at that point legitimate customers of the blacklisted company or ISP are having trouble sending email).

In this case, a hosting firm in Ireland reached out to Cisco to dispute being listed by SpamCop, insisting that it had no spammers on its networks. Upon investigating further, the hosting company discovered that the spam had indeed come from its Internet addresses, but that the addresses in question weren’t actually being hosted on its network. Rather, the addresses had been hijacked by a spam gang.

Spammers sometimes hijack Internet address ranges that go unused for periods of time. Dormant or “unannounced” address ranges are ripe for abuse partly because of the way the global routing system works: Miscreants can “announce” to the rest of the Internet that their hosting facilities are the authorized location for given Internet addresses. If nothing or nobody objects to the change, the Internet address ranges fall into the hands of the hijacker (for another example of IP address hijacking, also known as “network identity theft,” check out this story I wrote for The Washington Post back in 2008).

So who’s benefitting from the Internet addresses wrested from the Irish hosting company? According to Cisco, the addresses were hijacked by Mega-Spred and Visnet, hosting providers in Bulgaria and Romania, respectively. But what of the spammers using this infrastructure?

One of the domains promoted in the spam that caused this ruckus — unmetegulzoo[dot]com — leads to some interesting clues. It was registered recently by a Mike Prescott in San Diego, to the email address mikeprescott7777@gmail.com. That email was used to register more than 1,100 similarly spammy domains that were recently seen in junk email campaigns (for the complete list, see this CSV file compiled by DomainTools.com).

Enter Ron Guilmette, an avid anti-spam researcher who tracks spammer activity not by following clues in the junk email itself but by looking for patterns in the way spammers use the domains they’re advertising in their spam campaigns. Guilmette stumbled on the domains registered to the Mike Prescott address while digging through the registration records on more than 14,000 spam-advertised domains that were all using the same method (Guilmette asked to keep that telltale pattern out of this story so as not to tip off the spammers, but I have seen his research and it is solid).

persaud-fbOf the 5,000 or so domains in that bunch that have accessible WHOIS registration records, hundreds of them were registered to variations on the Mike Prescott email address and to locations in San Diego. Interestingly, one email address found in the registration records for hundreds of domains advertised in this spam campaign was registered to a “michaelp77x@gmail.com” in San Diego, which also happens to be the email address tied to the Facebook account for one Michael Persaud in San Diego.

Persaud is an unabashed bulk emailer who’s been sued by AOL, the San Diego District Attorney’s office and by anti-spam activists multiple times over the last 15 years. Reached via email, Persaud doesn’t deny registering the domains in question, and admits to sending unsolicited bulk email for a variety of “clients.” But Persaud claims that all of his spam campaigns adhere to the CAN-SPAM Act, the main anti-spam law in the United States — which prohibits the sending of spam that spoofs that sender’s address and which does not give recipients an easy way to opt out of receiving future such emails from that sender.

As for why his spam was observed coming from multiple hijacked Internet address ranges, Persaud said he had no idea.

“I can tell you that my company deals with many different ISPs both in the US and overseas and I have seen a few instances where smaller ones will sell space that ends up being hijacked,” Persaud wrote in an email exchange with KrebsOnSecurity. “When purchasing IP space you assume it’s the ISP’s to sell and don’t really think that they are doing anything illegal to obtain it. If we find out IP space has been hijacked we will refuse to use it and demand a refund. As for this email address being listed with domain registrations, it is done so with accordance with the CAN-SPAM guidelines so that recipients may contact us to opt-out of any advertisements they receive.”

Guilmette says he’s not buying Persaud’s explanation of events.

“He’s trying to make it sound as if IP address hijacking is a very routine sort of thing, but it is still really quite rare,” Guilmette said.

The anti-spam crusader says the mere fact that Persaud has admitted that he deals with many different ISPs both in the US and overseas is itself telling, and typical of so-called “snowshoe” spammers — junk email purveyors who try to avoid spam filters and blacklists by spreading their spam-sending systems across a broad swath of domains and Internet addresses.

“The vast majority of all legitimate small businesses ordinarily just find one ISP that they are comfortable with — one that provides them with decent service at a reasonable price — and then they just use that” to send email, Guilmette said. “Snowshoe spammers who need lots of widely dispersed IP space do often obtain that space from as many different ISPs, in the US and elsewhere, as they can.”

Persaud declined to say which companies or individuals had hired him to send email, but cached copies of some of the domains flagged by Cisco show the types of businesses you might expect to see advertised in junk email: payday loans, debt consolidation services, and various nutraceutical products.

In 1998, Persaud was sued by AOL, which charged that he committed fraud by using various names to send millions of get-rich-quick spam messages to America Online customers. In 2001, the San Diego District Attorney’s office filed criminal charges against Persaud, alleging that he and an accomplice crashed a company’s email server after routing their spam through the company’s servers.

Many network operators remain unaware of the threat of network address hijacking, but as Cisco notes, network administrators aren’t completely helpless in the fight against network-hijacking spammers: Resource Public Key Infrastructure (RPKI) can be leveraged to prevent this type of activity. Another approach known as DNSSEC can also help.


52 thoughts on “Still Spamming After All These Years

  1. Soy Tenley

    ‘ Miscreants can “announce” to the rest of the Internet that their hosting facilities are the authorized location for given Internet addresses. ‘

    Just how hard is it for those who “own” the rights to assign a given Internet address to automate testing their ownership has not been compromised ?

    I remember a story about how the Chinese managed to hijack routing Internet traffic a few years ago …

    http://www.pcworld.com/article/211083/china_hijack_raises_concerns_for_internet_security.html

      1. BrianKrebs Post author

        Heard from Doug Madory over at Renesys. He’s been tracking these hijacked IP address ranges, and has found quite a few of them. According to Madory,
        Bitcanal (AS197426) out of Portugal is a big one.

        “Presently they are squatting on lots of unused address space. One of my favorites they are announcing is 206.218.64.0/22 (Office of the Attorney General, State of Texas) – I even notified the Attorney General’s office in Texas about this. Another highlight is 156.6.0.0/16 (US DoD address space), which is pretty ballsy because I know the DoD watches for this,” Madory told me in an email he okay’d for me to copy here.

        According to Renesys, here’s the list of currently hijacked IP address ranges as of today:

        150.51.192.0/20 Japan Network Information Center Seiyo JP
        150.51.80.0/20 Japan Network Information Center Seiyo JP
        156.6.0.0/16 754th Electronic Systems Group Montgomery US
        160.255.192.0/18 Link Data Group ZA
        170.255.0.0/18 GSCEC Brussels BE
        206.218.64.0/22 Office of the Attorney General, State of Texas Austin US
        210.57.64.0/21 Reach Networks Japan KR
        211.101.64.0/18 China Internet Network Information Center CN
        213.90.128.0/17 Atos Euronext Market Solutions SAS Paris FR
        83.147.200.0/21 Datacenter & IP Services Tehran IR
        83.147.208.0/20 Datacenter & IP Services Tehran IR
        83.147.224.0/20 Datacenter & IP Services Tehran IR
        83.147.240.0/20 Datacenter & IP Services Tehran IR
        89.237.64.0/18 Societe Francaise du Radiotelephone S.A. Paris FR
        94.241.152.0/21 Datacenter & IP Services Tehran IR
        94.244.192.0/18 Aargauische Kantonalbank Aarau CH
        95.212.192.0/18 AYA Internet Service Provider SY
        95.212.200.0/21 AYA Internet Service Provider SY
        95.212.224.0/21 AYA Internet Service Provider SY
        95.212.240.0/21 AYA Internet Service Provider SY
        95.212.64.0/18 AYA Internet Service Provider SY

        1. Bill Waggoner

          Brian,
          I have a question directly for you.
          First let me clarify:
          You’ve been CYBER BULLIED correct?
          You have been SWATTED as well correct?
          You have been attacked from god knows where and from whom correct?
          You want to fix this mess correct or is this simply you just trying to make money off this issue? (sincere question)

          So here is my main QUESTION directly to you:
          If you want to really do something about these PROBLEMS why don’t you contact someone who really has the answers to these problems (NO NOT THE GOVERNMENT). Get ahold of me if you are real, if not I understand, I will am personally doing something about this issue and I tell you guys 1 thing I will win this with your help or without it.
          Brian the same people who have destroyed our beloved internet are the ones mainly talking on this THREAD.

          1. Not Billy Wags

            Oh yes, by all means contact Bill Waggoner, Mr. Krebs. That is, if you want to hear the semi-coherent rantings of a career spammer.

    1. Jason

      Simply automate scripts that connect to BGP looking glasses throughout the world and query them for their own BGP functions. Alert when an address block or AS is advertised from somewhere other than you expected norm.

      There is a free service which does this and will even alert you when your BGP networks and/or AS is doing something other than what you’ve told it is “normal”:
      http://cyclops.cs.ucla.edu/

  2. Ron Guilmette

    Brian,

    Thanks for covering this. I always hope that people will be able to find out who is spamming them, even when the spammers are working overtime to try to make sure that no one can.

    That said, I wish that you had said more… a lot more…about Mega-Spred, and about all of its hijacking activities. This thing, Mega-Spred, whatever the heck it is, and whoever the heck owns it, appears to have only existed for a grand total of about 2 months, and in that entire time, I seriously doubt that it has announced a single
    route to any IP space that it actually owns itself. Also,and perhaps even more importantly, *right now*, as we speak it is *still* hijacking 11 blocks of IP space, from legitimate owners scattered all over the world. And it is apparently getting away with it, and as far asI can tell, nobody is lifting a finger to stop this.

    I was hoping that your article would shed a much needed light on this IP hijacking, which is the bigger and the overriding travesty in this whols story. Persaud certainly is an excellent poster boy for the criminal types that seem to gravitate to the spamming trade, but _somebody_ acquired and then sold him hijacked space, and that somebody is still
    doing this crooked thing, in spades, as we speak. And so far, the Internet Powers That Be seem to be just shrugging the whole thing off
    as if it were a non-event. While the various network operators, in Europe and elsewhere, who should be watching out for this kind of
    thing are all, apparently, asleep at the switch, the spam flows and flows and flows… for around two months now at least, and showing
    no signs whatsoever of being reigned in.

    What other nefarious and perhaps more dangerous and damaging activities are being initiated from those eleven hijacked IP blocks… I mean other than just spamming. No one knows.

  3. Andrew Conway

    Looking at some samples of Mr. Persaud’s current emails (we’re blocking lots of it at Cloudmark) I can confirm that is is absolutely not CAN-SPAM compliant. There is no unsubscribe link or postal address for example.

    Spam Rule #1: Spammers lie
    Spam Rule #2: If there is any question about rule #1, see rule #1.

  4. petepall

    This guy must have Teflon on. Apparently none of these legal actions are able to stick? Why hasn’t he been put away?

    1. Mary

      Jail time for sending spam email sounds like an overreaction to me. Incarceration isn’t a panacea for social ills, and certainly using it as the catch-all for every infraction reduces both the penalty and effectiveness it is supposed to have.

      /soapbox

      1. Kevin

        There comes a point when you have to escalate your punishment though. This guy has been spamming for well over a decade and has been in and out of tons of civil and criminal cases. He clearly has no intention to stop spamming, ever.

        Repeat offenders as serious as him should see jail time. 5 years in federal prison might be enough to finally convince him to find a more productive line of work.

        1. Dave

          Interestingly when I reading some information on offense and reoffense rates among criminals, the white collar type criminals are the most likely to reoffend on release.

      2. Matthew Zaleski

        You are right. Jail isn’t the answer. Catch and release. Catch him in California and release him in the middle of the Pacific. If he makes it back to shore he is free to spam for one more year.

      3. Quinn

        I agree. Making a new class of criminals by putting them is jail is a waste of time & money, and it costs a lot. The U.S. already leads the developed world in the number of prisoners per population, with 748 prisoners per 100K population, which you & I have to support. & they are very expensive to keep. Russia is next with 600/100k then it drops to Brazil <250/100K, Iran ~ 225/100K, Britain 150/100K, China, Canada ~ 120/100K, France <100/100K, Germany ~ 80/100K, Japan ~ 65/100K.
        If you want to punish those stealing, including some businesses, take all their money & make them pay restitution, then rinse & repeat.

      4. Ed Manley

        Jail isn’t enough, I want spammers financially ruined. Take everything they have now or will ever have, every time, and I suspect you would see a lot less spam.

        1. Josh

          You can’t permanently “financially ruin” these guys. They have nothing, other than what they steal. Here’s how the process works from spammers and other scams:
          1) Set up spam operation
          2) Steal money from elderly and other unsophisticated rubes
          3) Spend money on cars, houses, cocaine and hookers
          4) Eventually get caught (maybe). Give back what little money remains from your fast-times cocaine and hooker binge.
          6) Repeat #1

          1. Ron Guilmette

            Change the word “spam” to “bank” and the word “spammer” to “banker” and everything you just said remains true.

            White collar criminals get caught and always have to give back just a fraction of what they stole, or sometimes nothing at all.

            Prosecutors are rendered timid by the well paid defendants bar, which is largely funded by ill-gotten gains.

            Example: In any bankruptcy case, the lawyers always get paid -before- any of the creditors. Those are the rules.

      5. Kaz

        I disagree here. This person is costing businesses and individuals significant money by way of man power and infrastructure to deal with his spam waves.

        This would be like if a group of children went by your house every morning and threw eggs at your house. Sure, if you get outside and spray it all down every day then no property damage was done. But its still a crime and they would still receive punishment.

        Sending bulk spam requires someone to setup a system to clean up the egg and attempts to have methods to stop the egg throwing before it starts.

    2. Ron Guilmette

      Unfortunately, the arstechnica.com web site is down at the moment, but in a while, you should check and see if you can get to this URL:

      http://arstechnica.com/tech-policy/2013/12/the-decade-long-quest-to-stop-spamford-wallace/

      This is an amazing story… and also disgusting. It further illustrates how much the legal system in this country is hamstrung when trying to deal with these kinds of people. Actually, we should have learned this lesson from the 2008 financial meltdown… When it comes to white collar kinds of crooks, if they just refuse to cooperate… as bankers and Spamford Wallace do… then there is very little the authorities can do.

  5. Izzy

    Since we now have some email addresses of at least one spammer, why don’t we all create free email accounts and use them to send stupid emails to him? What’s good for the goose is good for the gander!

    “Karma. She’s a b!tch. So am I.”

    1. Eric

      I thought of that too. But as tempting as this is, the likely result is that we would end up being prosecuted for violations while he would walk away scott free.

      In reality, his email is a gmail address, so if you sent millions of emails, it could be interpreted as a crude denial of service attack on google.

      1. Eric

        The thought comes to mind that one could *forward* any spam from those blocks of IP addresses to the guy’s email address.

        Many of the better ISPs block this sort of spam before it even gets to your inbox however. It is really the ISPs who are on the frontline of this battle, and not the individuals.

  6. Reader

    Would you be able to share a link to the IP spam addresses, so I can add them to my own blacklist?

    “SpamCop service, which maintains a blacklist of known spam sources.”

    1. Ron Guilmette

      As of today, the fllowing blocks of IP addresses are all being hijacked by the owners of AS201640:

      36.0.56.0/21
      41.92.206.0/23
      41.198.80.0/20
      41.198.224.0/20
      61.242.128.0/19
      119.227.224.0/19
      123.29.96.0/19
      177.22.117.0/24
      177.46.48.0/22
      187.189.158.0/23
      202.39.112.0/20

      Note that these blocks are scattered all over the world.

  7. Andree

    BGPmon.net has a recent blog post here http://www.bgpmon.net/using-bgp-data-to-find-spammers/
    It describes 2 different campaigns, each with several Autonomous systems and ISPs involved. research showed that these were used for spamming as well. Interestingly one of the campaigns did indeed register the routes as route objects in the RADB IRR routing database.

    1. Ron Guilmette

      Yes, coincidently, I was just looking at the records within the MERIT RADb that relate to AS201640. There are several. Some of these routes are currently experiencing “squatting”, as the BGPmon people seem to prefer to call the hijacking of otherwise unrouted space. Others of these appear to have been squatted on in the past. but anyway, these are all registered to “MEGA – SPRED LTD” in the MERIT RADb at the present moment.

      41.198.224.0/20
      105.154.248.0/21
      119.227.224.0/19
      202.39.112.0/20
      210.57.0.0/19
      210.57.192.0/20

  8. TheOreganoRouter.onion..it

    The guy is a lowlife sc#mbag spammer, need I say more.

    1. SeymourB

      To be honest, when I started reading this article, I was hoping it was Spamford Wallace.

      I still remember when he misconfigured his servers such that it created it loop condition, where all spam sent from his servers was directed at his servers, which generated more spam, which was sent back to itself, etc. until virtually every server he had connected ran out of disk space.

      These are the kinds of masterminds we’re dealing with.

      1. Bill Waggoner

        SanFord Wallace was a SPAMMER.
        Let’s be damn clear here… EMAIL MARKETING and SPAM are 2 totally different things. You have scum bags all over the USA but you don’t say OH all people who live in the USA are SCUM or do you? LOL Most likely your one of those. (kidding)

        SPAM IS SCAMMING PEOPLE STEALING using others resources. (If you have a email address then what do you expect) I am done… I am talking to a wall… WE WON. I kicked your ass and CONGRESS agreed so please WAKE UP SIT DOWN and SHUT UP.
        My way of emailing back in the day IS THE LAW. Where do you think the law came from… man you people…. (Ya I said “You PEOPLE” lol)

  9. Mike Gale

    I don’t understand the DomainTools CSV file. Domains are repeated. There are 450 uniques.

    What sort of society allows this guy and all those on ROKSO to exist? Not one that cares about the loss of hours of productive time and installation of unwarranted Internet capacity.

    If the proof is clear-cut why aren’t they permanently removed from decent society?

    1. Quinn

      The kind where those in power are focussing on getting re-elected, not on morality.
      They learn to work with human nature.
      Unless a problem becomes large enough to be a re-election issue, it’s generally ignored.
      Once it reaches critical mass, then the politician rides to the rescue like a hero rescuing the maiden in distress, so we’ll all cheer & vote for him/her.
      If they try dealing with problems as they occur, or Heaven forbid being forward looking and try to head them off (at the pass?), they’re not appreciated.
      It’s fondly called “democracy”.

    2. Neej

      Life in jail or death you reckon then?

      Perhaps a little bit of an over reaction.

      1. Prairie Dog

        An over reaction, but only, as you say, a little bit of one. How about graduated mandatory sentences. First offense, 3 years in prison. Second offense, 12 years. Third offense, 48 years, meaning essentially life in prison.

        Still an overreaction? OK then; 2, 10 and 30 years.

    3. Bill Waggoner

      Mike do you even know what ROKSO is?
      90% of the information is total bull.
      Ask yourself this question, why aren’t all of these AFFILIATE NETWORKS like Affiliate.com Godaddy.com etc etc etc on ROKSO those people send out more spam more then anyone I know of.
      What about ClickBank?
      I am on there… Why? Because I won’t pay the 150,000 dollar bribe they want. I exposed these people years ago.
      SPAMHAUS is a disgusting JOKE.

      1. Ron Guilmette

        So, Mr. Waggoner, that’s an interesting claim you’ve made about Spamhaus taking bribes. Of course, you have proof of that, right? So how about posting a link to that, you know, so that the rest of us can all look at it and judge it for ourselves?

        I, for one, have an open mind about this sort of thing. I have frequently criticised Spamhaus for being too lenient with certain parties and for their failure to list certain parties. So I, at least, will look carefully and impartially at whatever you might offer in the way of real, tangible evidence that they are playing favorites in exchange for money. What I *won’t* do is to just simply take your word for it, in the total absence of any evidence whatsoever.

      2. DoctorMemory

        “I am on there… Why? Because I won’t pay the 150,000 dollar bribe they want. I exposed these people years ago.”

        Riiiiiiiiight then.

        Let me guess, is Spamhaus also secretly controlled by the Lumber Cartel, as part of a vast conspiracy to protect the lumber industry’s revenues from junk snail-mail?

  10. IA Eng

    In light of all the breaches that have ocurred, this is a list of “new meat” for the spammers. Sick and tired of the spam? For personal use, create a new email address, then go to the online accounts you have, and put the new email addresses in there, and you ought to receive less spam.

    For corporations, its a bit tougher. Depending on the process, policies and products, some old emails may be aliased to your account. The people in charge of the email at a corporation can clear out any unused emails and limit the attack surface. Sure spam software can be implemented, but some of these spammers change email names quicker than they do their under garments.

    Obviously, the income must be sufficient for this crook to get a decent lawyer that will keep him out of jail. If the Federal Goverment finally has enough of this individual, he ought to go through the ringers at the FBI, plus the IRS and pay current and back taxes on any funds he has not reported.

    No matter how much this crook wants to believe that following a process is all it takes must have a relatively low IQ. Overall the user is responsible for sending the trash and no matter how it is sent, it is still trash.

    He’s comfortable in the location he is at, and the only way to disturb this heap of….. matter is to rip him up from his cozy area and go in with a wide open search warrant. I bet you will find many issues above and beyond what is listed here.

    1. Cesar

      “For personal use, create a new email address, then go to the online accounts you have, and put the new email addresses in there, and you ought to receive less spam.”

      Email is not used solely for online accounts. For instance, if you contributed to a free software project, your email address is usually associated with the commit in the version control system. Even years later, people will try to use that email to contact you.

      1. Cowpoc

        I understand the Burning Man folks have a term for this guy: “MOOP”. Matter Out Of Place… 😉

  11. Josh

    In addition to increasing penalties to spammers, we should also consider penalties for anyone dumb enough to actually buy anything from these spammers. If these people would stop making spamming a profitable enterprise, the spamming would stop.

  12. JimV

    It’s more than an over-the-top notion (particularly in an era of too many far more heinous criminal actions around the world), but thinking “Death to Spammers!” can produce a nice bit of dark humor chuckling when one is cleaning out the in-basket of all the junk they generate…

    1. Ron Guilmette

      I agree completely that as civilized people, it is entirely inappropriate for us to even entertain the notion of the death penality for spammers.

      I would however have no objections to exchanging them, perhaps even on a two-for-one basis, for decent people who have had the misfortune to have become ISIS hostages. 🙂

  13. eddieski

    How great a liar.
    How can you NOT know what and where you are spamming from, and what your content is?
    He generates traffic. ISPs need traffic to justify lower prices for tiers from L3, etc.
    Spam isn’t going away, just like junk mail (PostOffice has to afford pensions) in your real mail…

  14. Bill Waggoner

    Let’s define Spam shall we?
    First off, I cannot believe Kreb you even mention Spampig whoops I mean SPAMCOP in this article.
    That is the ultimate TROLL tool, never accurate complete piece of trash technology unless of course someone wants to destroy someones website or business, (Would you like an example of that?) your anti troll correct?
    Oh btw Hi Ron Guilmette and To quote you “My nuts should be crushed in a VICE” that never happened Ron sorry but I like my personal body parts thank you very much. Anyway this thread about SPAM is not correct.
    I am the SPAM KING remember (LOL Joke) I am also the man who kicked the living crap out of you guys at the CAN SPAM HEARINGS in 2003 (view it here http://www.c-spanvideo.org/program/id/117122 ) remember? Now I am the one stopping spam but you still have me listed on your site SPAMHAUS with FALSE INFORMATION. I thought this site was about cyber security anti bullying anti cyber trolling etc. Ron and all the other Spamhaus crew are the CYBER BULLIES of the internet. The ORIGINAL SWATTERS, The Original Trolls… when I so called SPAMMED.. these CLOWNS would call my house threatening to kill my children and shove things up my girlfriends private area’s. So let’s stop spam ok… I AM STOPPING SPAM in FACT I shut SPAMHAUS down for 3 days with one paragraph. Until the BULLYING from Spamhaus and Spamcop stops there will be SPAM email. Ron you should JOIN ME and the rest of your PEOPLE if you really want to do something to help the internet.

    The NON SPAMMER
    Bill Waggoner

    1. DoctorMemory

      “Let’s be damn clear here… EMAIL MARKETING and SPAM are 2 totally different things.”

      Really? Because the only difference I can see is that the “EMail marketers” are more likely to include unsubscribe links (which sometimes even work).

      “SPAM IS SCAMMING PEOPLE STEALING using others resources.”

      No, spam is defined as Unsolicited Commercial EMail.

      “WE WON. I kicked your ass and CONGRESS agreed so please WAKE UP SIT DOWN and SHUT UP.”

      Well, I suppose I should thank you then – setting up a custom SpamAssassin rule to filter any messages with “CAN-SPAM” disclaimers has been a very effective of blocking spammers-in-denial.

      P.S.
      Your Shift key seems to be sticking.

    2. DoctorMemory

      “Let’s define Spam shall we?
      First off, I cannot believe Kreb you even mention Spampig whoops I mean SPAMCOP in this article.
      That is the ultimate TROLL tool, never accurate complete piece of trash technology unless of course someone wants to destroy someones website or business, (Would you like an example of that?) your anti troll correct?”

      Let me guess, does your example involve a “legitimate” EMail marketer who was listed in Spamcop “merely” because they neglected to do proper opt-in validation of EMail addresses?

      Even though opt-in validation is trivially-easy to do with most newsletter management systems (if not the default setting), I’m sure that’s a totally honest mistake. Despite how often it happens. It’s certainly not as if any EMail marketer would ever think to himself “Hmm, no sane person would voluntarily sign up to receive junk mail from me, so I’ll just buy a list of addresses – and if people complain, I’ll just lie and say that someone must have subscribed their address.”

  15. P Crowley

    First off, I have to say that currently it is not illegal to send commercial email. Until that changes, and there is severe enforcement, there will be SPAM. You see, in the eyes of some folks any use of email for commercial messages is SPAM. Now, if you specifically request a reply from a commercial entity the resulting email probably isn’t SPAM, but you never can tell.

    SPAMCOP is indeed a rather blunt instrument that was firmly in the hands of the folks that believe in guilt until proof of innocence. I do not know what state it is in these days, SPAMHAUS has always been rather leaning in the direction that any commercial email is justification for evisceration of the sender. I tend to discount anything involving either of these groups as they tend to be very self-reinforcing. Both heavily rely on the idea that once you accuse someone of being a spammer they must be a spammer because all you get from spammers are lies. Attempting to work out what the problem is – pointless because it is assumed that you are lying.

    SPAM isn’t going away. It is a marketing tool. The US government basically declared SPAM to be legal – or more or less that they didn’t want to be bothered with it. These days we have both SPAM and malware and it is difficult to tell the difference. The malware just wants you to open the attachment or click the link. SPAM just wants you to click the link and maybe buy something. The good news is the SPAM isn’t out there to corrupt your computer like the malware is. The bad news is that both stuff up the email mailbox. Solution? Abandon email as a communications medium. Today email is about 98.5% spam/malware/virus/phishing – so why do you want any communication to be lumped in with that much noise?

    1. DoctorMemory

      “SPAMCOP is indeed a rather blunt instrument that was firmly in the hands of the folks that believe in guilt until proof of innocence.”

      …AFTER that “guilt” has been established via by reports from multiple sources.

      What, specifically, would you prefer they do?

      “I do not know what state it is in these days, SPAMHAUS has always been rather leaning in the direction that any commercial email is justification for evisceration of the sender.”

      They lean in the direction that UNSOLICITED commercial EMail is justification to consider that sender a spammer. Kinda hard to fault them for that, considering that “unsolicited commercial EMail” is the standard definition of spam – that’s like criticizing the company that makes “Off” for having a bias against stinging insects.

      ” The good news is the SPAM isn’t out there to corrupt your computer like the malware is.”

      No, it’s “just” out to sell you things like counterfeit pharmaceuticals that could potentially kill you.

      “Solution? Abandon email as a communications medium. Today email is about 98.5% spam/malware/virus/phishing – so why do you want any communication to be lumped in with that much noise?”

      In other words, throw the baby out with the bathwater? There’s a simple reason why EMail is still used as heavily as it is: as much as it’s become polluted by spam & scams, it’s still better than any of the alternatives.

Comments are closed.