Planet Antispam
November 20, 2009
Word to the Wise: Troubleshooting the simple stuff:
“We’ve been having an ongoing conversation recently about the utterly stupid and annoying questions some senders ask…too stupid or lazy to do their own troubleshooting.”
November 20, 2009 09:03 PM
46147 patterns, 11515 right anchor strings, 190116 test IPs.
Some more contribs and updates from a new feed. Working through a big
set of outmx pats now, as well. There were several minor releases on
11/19.
There is a new tech, 'borderware'. Also, 'interscan', for Trend Micro
InterScan servers.
Also note that the rbldnsd zone file now has support for 'cloud', using
response code 127.0.0.12. Currently only a few of these, but the field
is growing, so expect more to come. This may be used via the most recent
sendmail package, and I've updated the SpamAssassin plugin to support it
as well.
Download them here:
sendmail:
http://enemieslist.com/downloads/sendmail_access_db
http://enemieslist.com/downloads/rightanchors
postfix:
http://enemieslist.com/downloads/postfix_regexp_table
http://enemieslist.com/downloads/postfix_regexp_table-20091120
exim:
http://enemieslist.com/downloads/exim_hosts
http://enemieslist.com/downloads/exim_hosts-20091120
November 20, 2009 08:45 PM
Washington Post Security Fix: FDA targets rogue Internet pharmacies:
“The U.S. Food and Drug Administration is pressuring a number of Internet service providers to shut off nearly 12 dozen Web sites alleged to be selling counterfeit or unapproved prescription drugs.”
November 20, 2009 07:05 PM
Messaging News: Mega-D/Ozdok Botnet Take Down:
“…actions included taking down domain names, cutting off the command and control servers, and hosting providers actually shutting off machines.”
November 20, 2009 06:04 PM
The Email Wars: Anyone Can Do It – But Should They?:
“…I am quite tired of the free ESP services. Why? Well they are giving anyone with the ability to upload a list the ability to email me. It opens up the just because you can does not mean you should debate I often have with people new to email marketing (yes there are always people new to it).”
November 20, 2009 05:04 PM
Here's some simple code to parse a JSON document and the transform it into an HTML document using the Google Go packages json and template.
If you've done anything in a scripting language then you'll probably be surprised by the generation of fixed struct types that have to match the parsed JSON document (or at least match some subset of it). Also because of the way reflection works in Google Go the struct member names need to be in uppercase (and for that reason I've used uppercase everywhere).
import (
"fmt";
"os";
"json";
"template"
)
type Row struct {
Column1 string;
Column2 string;
}
type Document struct {
Title string;
Rows []Row;
}
const a_document = `
{
"Title" : "This is the title",
"Rows" : [ { "Column1" : "A1", "Column2" : "B1" },
{ "Column1" : "A2", "Column2" : "B2" }
]
}`
const a_template = `
<html>
<head><title>{Title}</title></head>
<body>
<table>
{.repeated section Rows}
<tr><td>{Column1}</td><td>{Column2}</td></tr>
{.end}
</body>
</html>`
func main() {
// The following code reads the JSON document in
// a_document and turns it into the Document structure
// stored in d
var d Document;
ok, e := json.Unmarshal( a_document, &d );
if ok {
// This code parses the template in a_template places
// it in t then it applies the parsed JSON document in
// d to the template and prints it out
t, e := template.Parse( a_template, nil );
if e == nil {
t.Execute( d, os.Stdout );
} else {
fmt.Printf( e.String() );
}
} else {
fmt.Printf( e );
}
}
All the real work is done my
main() by calling
json.Unmarshal,
template.Parse and then
Execute.
Here's the Makefile and output:
$ cat Makefile
P := template
all: $P
$P: $P.6
6l -o $@ $^
%.6: %.go
6g $<
$ make
6g template.go
6l -o template template.6
$./template
<html>
<head><title>This is the title</title></head>
<body>
<table>
<tr><td>A1</td><td>B1</td></tr>
<tr><td>A2</td><td>B2</td></tr>
</body>
</html>
November 20, 2009 04:58 PM
CIO.com: The Six Greatest Threats to U.S. Cybersecurity:
“It’s not a very good day when a security report concludes: Disruptive cyber activities expected to become the norm in future political and military conflicts. But such was the case today as the Government Accountability Office today took yet another critical look at the US federal security systems and found most of them lacking.”
November 20, 2009 04:04 PM
I came across an article today written last week that proclaimed “We won the war on spam”. The general thrust of the article is that “despite continued hysteria, unwanted e-mail is largely a thing of the past”.
This is an interesting point of view which I happen to disagree with, but in thinking further I realize that this is mostly a matter of perspective – business vs personal, or big vs small.
The writer, Mark Gimein, approaches the matter from his own personal experience. Mark has a slightly more complex email setup than the average person – a series of email addresses for various purposes all forwarding into a Gmail account. In Mark’s experience spam has all but vanished from his inbox, although a few false negatives remain.
I’m not disputing Mark’s account, I don’t see very much spam slip through the filters into my inbox either, but the war on spam is most definitely not won. Mark hints at what I’m about to say with this paragraph in his article:
Stopping spam does take effort—without a doubt Yahoo and Google devote resources to it. But that’s just part of their business, no different from all the other things they need to do to keep their e-mail systems running. What matters is that from the point of view of users like me, what’s going on under the hood to keep junk out and legitimate messages in needn’t concern us.
For an email user in a business what goes on under the hood shouldn’t concern them, but it most certainly concerns the business. Businesses spend thousands of dollars each year on protecting their email systems from spam and malware. This is not a trivial expense and in itself stands as solid proof that the war on spam is far from over.
In Australia the ACMA report for 2008-09 stated a 21% rise in email spam complaints from the previous year. They also reported a 71% jump in SMS spam complaints.
If the war had been won then today’s spam filters serve us for decades to come, and further innovation in the field would be unnecessary. One thing is for sure, if the war is over then no one has told the spammers, because they continue evolving new spam techniques and bombarding email systems around the world with billions of spam messages every year.
For a single user receiving a few dozen emails per day spam probably does appear to be a problem that has been solved. For a business of thousands of users who collectively receive hundreds of thousands of emails per day even a 0.5% miss rate on spam is a lot of staff productivity lost dealing with them. And don’t forget the potential for security breach if someone falls for one of the more serious spam variants.
Declaring the war won is premature. As businesses spend hundreds of millions of dollars around the world every year on prevention, as well as costing millions more in breaches, the spammers continue to profit from even the small percentage of spam that slips through. Until that is stopped, the war goes on.
Liked this post? Get more anti-spam related news from AllSpammedUp.com!
We Have Not Won The War On Spam
November 20, 2009 03:41 PM
Authorities in the UK have arrested two people suspected of distributing the Zeus Trojan. The arrests were made by the Metropolitan Police’s Central e-Crime Unit and are the first ever in connection with the Trojan, which has infected hundreds of thousands of computers across the globe.
Detective Inspector Colin Wetherill of the PCeU said: “The Zeus Trojan is a piece of malware used increasingly by criminals to obtain huge quantities of sensitive information from thousands of compromised computers around the world. The arrests represent a considerable breakthrough in our increasing efforts to combat online criminality.”
Zeus records banking account numbers, logins and other personal info and adds the infected computer to the ZBot botnet, which then uses the computer to pump out malicious spam designed to spread the infection.
Authorities would not identify the two suspects, saying only that they are a man and woman in their 20’s. They are being charged under the 1990 Computer Misuse Act and the 2006 Fraud Act.
Security experts say Zeus is spreading so fast because there is a toolkit available that allows anyone to customize the malware, create their own versions, and use it to commit bank fraud.
Liked this post? Get more anti-spam related news from AllSpammedUp.com!
Zbot Trojan Ring Busted
November 20, 2009 03:36 PM
This morning I received three separate “invitations” (each to a different email address) from InfoAxe.com. Here is the text of one message (html formatting and links stripped out, my friend’s name removed): 7b1d91231a87fb75e0054e886a0dea57
“Friend’s Name” has added you as a friend
Is “Friend’s Name” your friend?
Click Yes if “Friend’s Name” is your friend, otherwise click No. But you have to click!
Please respond or “Friend’s Name” may think you said no 
Click here to block all emails from Infoaxe Inc., Sunnyvale, CA. 94085. Privacy Policy
There is so much wrong with this email:
- The link on the “Yes” and the “No” responses to the question ‘Is “Friend’s Name” your friend?’ both go to the same page at InfoAxe.com.
- The message is not CAN-SPAM compliant, there is not a full mailing address in the message.
- The link in the footer labelled “Privacy Policy” is actually just a link to the site’s home page.
- The use of the word “friend” is deceptive. It isn’t a social networking site. This is simply an attempt at using my friend’s name as an endorsement of their service.
I wrote back to my friend:
It looks like you gave InfoAxe permission to email all of your contacts listed in your aol address book. It is really really dangerous to give any third party access to your account. Never give out your account’s password. You never know what some other company is going to do with the info they “borrow” from your account. The privacy policy for Infoaxe is extremely light on details. They don’t address the legal ramifications of giving them access to your entire browsing history for example. Their site is also a bit sketchy in that it looks to not have been updated since at least summer 2008. I’d have to recommend you not use their service. Mike
Looking through the InfoAxe web site, there really isn’t anything there that is encouraging. Their abouttheteam page is a joke. The site is copyright 2008, which is an eternity in web-time. Their job page says you need to be able to start by August 2008. Only five blog posts in a year. Taken as a whole, why would you allow this company’s software to track your web browsing, and to access your address book? Stay away.
Update: 11/20/2009 7:06am: I got a reply from my friend that used the InfoAxe service:
Mike…i didnt fill it out when i reealized what ir was….i cancelled mid way…but it must have spammed everyone….so sorry…
That really says it all. InfoAxe isn’t being very clear and/or up-front with their users about how they are going to treat your address book. Basically, the rule is: you should never give out your password to anyone! Facebook, AOL, Hotmail, Gmail, Twitter, etc… There is never a reason to give your password to any third party site.
216.180.243.10 20/Nov/2009:11:11:29
Copyright © 2009
PlanetMike's Technology Journal. This Feed is for personal non-commercial use only. If you are not reading this material at http://www.planetmike.com or in your news aggregator, the site you are looking at is guilty of copyright infringement. Please contact copyright@planetmike.com so we can take legal action immediately.
InfoAxe Spam
November 20, 2009 12:03 PM
46016 patterns, 11512 right anchor strings, 189946 test IPs.
Some more contribs and updates from a new feed. Working through a big
set of outmx pats now, as well. There were several minor releases on
11/18.
There is a new tech, 'borderware'.
Also note that the rbldnsd zone file now has support for 'cloud', using
response code 127.0.0.12. Currently only a few of these, but the field
is growing, so expect more to come. This may be used via the most recent
sendmail package, and I've updated the SpamAssassin plugin to support it
as well.
Download them here:
sendmail:
http://enemieslist.com/downloads/sendmail_access_db
http://enemieslist.com/downloads/rightanchors
postfix:
http://enemieslist.com/downloads/postfix_regexp_table
http://enemieslist.com/downloads/postfix_regexp_table-20091119
exim:
http://enemieslist.com/downloads/exim_hosts
http://enemieslist.com/downloads/exim_hosts-20091119
November 20, 2009 12:05 AM
November 19, 2009
Internet Evolution: The Money Pit of Enterprise Security:
“There’s good reason CFOs (and everyone else who signs off) chafe when it comes to enterprise security spending — it’s not just a cost center, it’s a gigantic, budget-sucking vortex.”
November 19, 2009 10:57 PM
Koobface started life compromising Twitter accounts. It then diversified to attack various social networking sites including Facebook, MySpace, Bebo, hi5, GeoCities, Friendster among the prominent ones.
Recently I came across what could possibly be the next iteration of Koobface, W32/Koobfa-O, which came with Skype hacking functionality and some additional promises for the future. The new variant of Koobface attacks Skype accounts on the compromised machine to get various pieces of information about the victim using the different Skype API commands. The following screenshot demonstrates a few:
W32/Koobfa-O collects information about the user such as HOMEPAGE, ABOUT, PHONE_MOBILE, PHONE_OFFICE, PHONE_HOME, CITY, COUNTRY, BIRTHDAY, FULLNAME, PSTN_BALANCE etc. The collected information is dumped into a file which is packed as a RAR archive and either emailed or uploaded to a remote server. The worm then logs on to Skype chat as the user and starts a conversation with friends online. In the body of the worm there are snippets of conversation in 18 different languages including some Asian languages. The following screenshot shows a snippet of available conversation items in English:
I initially expected that there might be some lexical analysis being done to talk somewhat intelligently with the person at the other end of the chat, but it seems the worm pastes conversation pieces fairly randomly. This will be because the worm supports conversation in 18 languages, and it is too complicated to do a lexical analysis for the different languages. It is easier to just randomly chat. The worm will also paste a link to a compromised domain in the chat conversation, visiting which will download W32/Koobfa-O.
W32/Koobfa-O also does something which promises upcoming functionality in the future.
Koobface already attacks Facebook and MySpace, so those two on the list are no big surprises. The list contains new additions: blogger.com, wikipedia.org, youtube.com, yahoo.com and google.com. The worm doesn’t do much except look to see if some information (possibly credentials) exists for these domains. But is this a promise for the future? Clearly as social networking and collaborative sites/tools multiply in number and become bigger, more malware will attempt to take advantage of them.
November 19, 2009 05:31 PM
The Email Delivery Guru: Require a login to opt-out?:
“If you’re wondering if it’s OK to require that recipients must log into your website before they can unsubscribe from your emails, the answer to that is no— it’s prohibited under US Federal law.”
November 19, 2009 04:03 PM
Russian spammers are in the process of cashing in on the swine flu pandemic. Shady pharmacies are advertising Tamiflu for rock bottom prices using massive spam campaigns and search engine manipulation. Hundreds of fake “Canadian pharmacy” sites exist, many run by cybercrime gang Glavmed, whose “affiliates” rake in tens of thousands a day from the sales. The Tamiflu being offered is usually fake or out of date. Sometimes plain old sugar pills are provided, and in some cases, they are made of disturbing and downright dangerous ingredients like rat poison. Glavemed also runs SpamIt, a group of email spam affilates that is thought to be behind the Conficker, Waldec and Storm botnets.
The spammers are exploiting the news that global production of flu fighting drugs like Tamiflu is unable to keep up with demand. They are trying to appeal to those who may be likely to order out of panic, and they are finding success. The top countries ordering the fake flu medication are the US, Canada, France, the UK and Germany.
The gang, known as “THE PARTNERKA” has found such success because they are using a mix of methods to deliver their message. In addition to floods of email spam, they are using Black Hat SEO, social networking, and malware, and there are all kinds of software to help them, such as “John22” which generates HTML content for websites at an alarmingly fast rate, links them together, uploads them, and notifies Google. The pages are so good it’s near impossible to tell they were computer generated. Then there’s ZennoPoster, which generates webmail accounts on services like Gmail and Yahoo, and accounts on social networking, free web hosting and blog sites. It also sends text, email and forum/blog spam. This recipe ensures that spam filters and anti-virus programs won’t have much impact on their bottom line.
Security and Health experts alike are advising everyone to stay away from any pharmacy advertised in spam messages or affiliate marketing. If you need medication, get it from your licensed and educated doctor.
Liked this post? Get more anti-spam related news from AllSpammedUp.com!
Russian Spammers Trying to Cash in On Swine Flu
November 19, 2009 03:14 PM
I decided to have a go with Google Go since I'm an old fogey C/C++ programmer. Any new innovation in the C/C++ family gets me excited and Google Go has quite a few nice features (garbage collection is really nice to have and channels make me think of all the work I did in CSP).
I decided to go with the 6g compiler since gccgo doesn't have garbage collection implemented yet and hence there's no way to free memory. The only way to get 6g is to mirror its Mercurial repository. So...
Step 1: Install Mercurial
For that I used prebuilt packages from here and got Mercurial 1.4 for Mac OS X 1.5 (no, I haven't upgraded to Snow Leopard yet).
Step 2. Set GOROOT
I just did a quick cd ; mkdir go ; export GOROOT=$HOME/go to get me started.
Step 3. Clone the 6g repository
That was a quick hg clone -r https://go.googlecode.com/hg/ $GOROOT followed by the hard part: compiling it. You need to have gcc, make, bison and ed installed (whcih I do since I do development work on my Mac).
Step 5. Set GOBIN
This points to where the binaries will go, for me that's $HOME/bin since I'll be doing local development using Go. And I updated PATH to include $GOBIN.
Step 4. Compile 6g
You first need to set GOARCH and GOOS. For me that's amd64 for the architecture (the Intel Core 2 Duo in my Macbook Air is a 64-bit processor) and darwin for the OS (since this is a Mac).
$ export GOARCH=amd64
$ export GOOS=darwin
Then you can actually do the compile:
$ cd $GOROOT/src
$ ./all.bash
This does a build and test of 6g and it was very fast to build (although I'm used to building gcc which is a bit of a monster).
Step 5. Write a Hello, World! program
Here's my first little Google Go program (filename: hw.go) just to test the 6g compiler.
package main
import "fmt"
func main() {
fmt.Printf( "Hello, World\n" );
}
To simplify building I made a minimal Makefile:
all: hw
hw: hw.6 ; 6l -o $@ $^
%.6: %.go ; 6g $<
And then the magic moment:
$ make
6g hw.go
6l -o hw hw.6
$ ./hw
Hello, World!
And now for a real project... get SQLite to interface to it.
November 19, 2009 02:44 PM
Leaving my SO in bed at the hotel with a nasty bacterial infection and some antibiotics, I went with timely irony to visit the home and laboratory of Louis Pasteur at the Institut Pasteur. (It's pretty easy to find since it has a conveniently named stop on the Paris metro: Pasteur).
At the Institut Pasteur there's a wonderful museum that covers the life and work of Louis Pasteur (and his wife). It's housed in the building (above) where the Pasteurs lived. There's a single room of Pasteur's science and the rest of the house is Pasteur's home; so a visit is partly scienfitic and partly like visiting any old home. I was mostly interested in the laboratory (although seeing how he lived---pretty darn well!---was also worth it).
Pasteur wrote standing up at a raised table (much like old bank clerks used to use) and his lab is full of specimens that he worked on. There's a nice display about chirality which Pasteur had initially worked on while study tartaric acid in wine. (Pasteur determined that there were two forms of tartaric acid by painstakingly sorting tiny crystals by hand).
The rest of the lab covers immunization, pasteurization and the germ theory of disease. There was a nice display of Pasteur's bottles of chicken broth that he used to demonstrate the germ theory of disease. The bottles contain boiled broth and have a long tapering curved neck. Although the neck is open the shape prevents dust from entering and the broth sits undisturbed (as it has for 150 years).
In the same room there's also a big bottle of horse's blood that looks fresh despite its age, and there are detailed displays about immunization (and especially Pasteur's rabies vaccine).
The museum also has a lot of equipment used by Pasteur, such as vacuum pumps and autoclaves. It all has that lovely Victorian feel of wrought iron and brass.
The oddest part of the museum is the Pasteurs' burial chamber built beneath the house and in a totally over the top Byzantine style.
Note that the museum is only open in the afternoons during the week and that you must bring photo ID with you to get in since it is inside the Institut Pasteur.
November 19, 2009 10:59 AM
My friend Mickey Chandler mentioned to me that TAG44 emailed him yet again.
They're apparently still putting a stupid "this is not spam" disclaimer in their email. As with last time, they reference a law that doesn't exist.
"Note: We respect your Online Privacy. This is not an unsolicited mail. Under Bills 1618 Title III passed by the 105th U. S. Congress this mail cannot be considered Spam as long as we include Contact information and a method to be removed from our mailing list. If you are not interested in receiving our E-mails then please reply with a “remove” in the subject line and mention all the E-mail addresses to be removed with any E-mail addresses which might be diverting the E-mails to you. I am sorry for the inconvenience" -- the dumb, factually inaccurate footer from TAG44's email messages.
Free clues for TAG44:
- A bill is not a law. Did you catch that? That was a bill from years ago. A proposed law. It never became law, because it never passed the House of Representatives. It has no legal standing. You might as well replace it with This email is not spam because my grandmother wears a fancy hat for all the legal standing it carries.
- You're "murking" your own emails? On purpose? That is, uh, how do I put this? That is not a sign of intelligence. Don't take my word for it -- ask anybody who has ever written about the Murkowski disclaimer. What you're actually doing is making your email look like spam, and you're acting like a spammer.
- That bill (the one that never became law) is from 1998. That's eleven years ago, friends. Your email marketing expertise is just a tiny bit out of date. Maybe you should hire Mickey, instead of spamming him.
I'm guessing that TAG44 never searches for their company name on Google, or else they would have run across Mickey's post about them, since
it's the first hit you find after their own website. Let's see if this one ends up right behind Mickey's post in Google's search results.
November 19, 2009 08:04 AM
ICANN has opened their new fast track
process for "countries and territories that use languages based on
scripts other than Latin" to get domain names that identify the
country or territory in its own language.
It's not clear to me what the policy is supposed to be for countries
whose languages use extended Latin with accents and
other marks that aren't in the ASCII set.
Any country that uses an extended Latin character set can use extended
characters in 2LDs right now, and I can't offhand think of any whose
current unaccented two-letter ccTLD isn't an adequate mnemonic for
their name. But let's say that Serbia feels that .RS is kind of lame,
so they apply for and get .Србија which is perfectly reasonable, since
that's the Cyrillic character set.
Then Romania decides that .RO is too generic, so they ask for .România
with the circumflex over the â, as it is properly spelled in Romanian.
That's an IDN, so how can they say no?
Hey, say the Hungarians, they got their country names, we want
.Magyar. Oh, no, that's ASCII, that will be $185,000 and a highly
uncertain multi-year process. Really?
November 19, 2009 06:41 AM
November 18, 2009
Starting early this morning, we have seen a major uptick in the use of Twitter links inside spam messages. Here are a few different variants of them. Most of the spam refers to online med sites although a few campaigns tout making lots of money:
Following the links will lead a user to arrive at “making-money-with-Google” or Online Pharmacy sites:
The Twitter accounts themselves appear to be legitimate and do not look to be bot-registered. They contain normal-looking tweets in the previous days and months. We’re still looking into how the accounts are compromised. Certain malware such as koobface would steal Twitter credentials. There is also the possibility of the accounts credentials being compromised through phishing.
As for regular users, it’s important now more than ever to scrutinize the links you receive through Twitter. Today these links point to spam sites. Tomorrow these links could be pointing to malware.
November 18, 2009 11:32 PM
Techdirt: Crackdown On Loyalty Program Scams Shows How Ridiculously Sucessful They Were:
‘Many of these are incredibly sneaky, such that many users have no idea they signed up for it until they get their credit card statements. Even worse, many of the “tricks” involve getting legitimate sites to offer these “services” to their users — and those included Continental Airlines, Classmates.com, Priceline, 1-800-Flowers and many others.’
November 18, 2009 10:37 PM
The Database Diva: Ditch Me-Me-Itis with Business Email Marketing:
A computer-generated video conversation about email marketing best practices, with only one thing missing: the “blast” guy should’ve been bitch-slapped every time he opened his mouth.
November 18, 2009 06:14 PM
45903 patterns, 11505 right anchor strings, 189747 test IPs.
Some more contribs and updates from a new feed. Working through a big
set of outmx pats now, as well.
There is a new tech, 'borderware'.
Also note that the rbldnsd zone file now has support for 'cloud', using
response code 127.0.0.12. Currently only a few of these, but the field
is growing, so expect more to come. This may be used via the most recent
sendmail package, and I've updated the SpamAssassin plugin to support it
as well.
Download them here:
sendmail:
http://enemieslist.com/downloads/sendmail_access_db
http://enemieslist.com/downloads/rightanchors
postfix:
http://enemieslist.com/downloads/postfix_regexp_table
http://enemieslist.com/downloads/postfix_regexp_table-20091118
exim:
http://enemieslist.com/downloads/exim_hosts
http://enemieslist.com/downloads/exim_hosts-20091118
November 18, 2009 05:06 PM
threatpost: Security Metrics Are Useless Without a Plan:
“There has been a big push in recent years in the security community toward metrics, and measurements of all types have become a hot topic in certain corners of the industry. But measurement for measurement’s sake is useless-and perhaps even counterproductive….”
November 18, 2009 04:13 PM
Telegraph: Stephen Fry says Twitter lets celebrities bypass media:
‘While many brands are working hard to have a credible presence on Twitter, in an attempt to make consumers engage more with their products, Mr Fry stressed that the essence of Twitter was “human-shaped” and not a marketing tool for businesses.’
(via tech.blorge, which adds some additional colour)
November 18, 2009 03:13 PM
A CAN-SPAM court decision may hurt the private domain registration business.
Spammers hiding behind private registration of domain names to spread junk email received a slap in the face recently by a federal district court in California. In their attempt to nullify the U.S. CAN-SPAM Act the garbage pedlars argued, among other things, that the law was unconstitutionally vague because anyone trafficking in private domain registrations could be held liable for materially falsifying an identity under the statute.
Ironically, private domain registrations were created to protect domain owners from spammers, scammers, telemarketers and other unsavory types. Under the process, domain owners who want to keep their personal information private enlist another company, a proxy registrar, to register their domain for them. The domain owner retains control of the domain, but for public purposes, such as listing in the WHOIS directory, the proxy’s contact information is listed as the owner of the domain. The rub to the process, though, is that anyone can use it–even spammers seeking to hide ownership of their domains. It’s a pair of such spammers that found themselves appealing their prosecution before the Ninth Circuit Court of Appeals.
The case, U.S. v. Kilbride, involved a pair of porn spammers operating through a company based in the small African nation of Mauritius. Their spam, which generated 662,000 complaints with the U.S. Federal Trade Commission, violated CAN-SPAM in a number of ways including forged headers, fake email addresses and phony contact information. A jury, after a three week trial, convicted the defendants of criminal CAN-SPAM violations and other charges. One smut circulator received a 6.5 year prison term; the other, five years in the Big House.
In their arguments before the court, the skin merchants asserted that CAN-SPAM is too vague in its definition of material falsification to meet constitutional standards because it criminalizes private registration of domain names. The court, however, wasn’t buying that contention. “We fail to perceive any vagueness on this point,” the judges opined.
Passed in 2003, CAN-SPAM provides penalties for anyone, among other things, who “materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages” or “registers, using information that materially falsifies the identity of the actual registrant, for five or more electronic mail accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names…”
The court also rejected the notion that the material falsification definition allows innocent people to be investigated for violating the law until their intent can be determined. That, the spammers asserted, invited law enforcement officials to abuse the law. “This may be so, but it does not make the statute
unconstitutionally vague,” the court said.
“As we recently noted,” it continued, ” ‘[w]hat renders a statute vague is not the possibility that it will sometimes be difficult to determine whether the incriminating fact it establishes has been proved; but rather the indeterminacy of precisely what that fact is.’”
“While determining as a factual matter whether the requisite intent for culpability under [CAN-SPAM]exists may prove difficult, this does not demonstrate
that the concept of intent as used in the statute is an entirely indeterminate, subjective one,” it added. “Hence, the problem Defendants identify is irrelevant to the vagueness inquiry.”
Of course, the Ninth Circuit is only one court, and its decisions don’t necessarily carry any weight outside its jurisdiction. Another court could very well find that CAN-SPAM’s falsification provisions are unconstitutional and send the whole issue to the Supreme Court.
For now, however, the question remains will court decisions that discourage netizens from using private registrations or registrars from offering them make a dent in the spam volumes which are consistently over 90 percent of all email on the Internet? Probably not. If the government gets tough in probing private registrations, it will probably discourage the innocent from engaging in the practice while Black Hats, who live by subterfuge, will continue to keep it in their bag of dirty tricks.
One thing is certain, if the courts continue to crackdown on private registrations, it won’t favorably impact the registrars who turn a buck on them. As one attorney waggishly observed in his blog, “I don’t see the domain name proxy business as a growth industry.”
Liked this post? Get more anti-spam related news from AllSpammedUp.com!
Private registration no defense for spammers
November 18, 2009 08:21 AM
I am going to be traveling in Peru for the next little while, but fear not! I shall still be blogging!
I have written a few posts in advance to entertain you all that shall become publically visible over the next few days. Enjoy.
November 18, 2009 01:27 AM
November 17, 2009
45734 patterns, 11505 right anchor strings, 189435 test IPs.
Some more contribs and updates from a new feed. There were several minor
releases on 11/16. Working through a big set of outmx pats now, as well.
There is a new tech, 'borderware'.
Also note that the rbldnsd zone file now has support for 'cloud', using
response code 127.0.0.12. Currently only a few of these, but the field
is growing, so expect more to come. This may be used via the most recent
sendmail package, and I've updated the SpamAssassin plugin to support it
as well.
Download them here:
sendmail:
http://enemieslist.com/downloads/sendmail_access_db
http://enemieslist.com/downloads/rightanchors
postfix:
http://enemieslist.com/downloads/postfix_regexp_table
http://enemieslist.com/downloads/postfix_regexp_table-20091117
exim:
http://enemieslist.com/downloads/exim_hosts
http://enemieslist.com/downloads/exim_hosts-20091117
November 17, 2009 07:53 PM
PC World: DNS Problem Linked to DDoS Attacks Gets Worse:
“…the growing number of consumer devices on the Internet that are configured to accept DNS queries from anywhere…can be used in what’s known as a DNS amplification attack.”
November 17, 2009 05:31 PM
