FC: Replies to "David Scott Anderson, spammer" and bad blacklists

[Declan McCullagh <declan () well com>]

Previous Politech message:

"David Scott Anderson: An unapologetic resume spammer, and a twist"
http://www.politechbot.com/p-03730.html

---

From: "Dave Steer" <dsteer () truste org>
To: <declan () well com>
Subject: RE: David Scott Anderson: An unapologetic resume spammer, and a  twist
Date: Tue, 9 Jul 2002 09:12:11 -0700

Good action, Declan. A close friend of mine has said that Spam is,
potentially, the most destructive of plagues to descend upon the
Internet. I am compelled to agree. After all, most of the other problems
(ID Fraud, Slow uptake of broadband, etc.) have plausible, working
solutions (free market, government, and other).

Spam is different. Despite filter technologies and black lists, the
problem is getting worse -- evidenced both by the volume of my inbox and
the share of complaints received by TRUSTe's Watchdog -- and the
solutions are not working (falsely identifying Spam is only one of
them...). It is my belief that the cure will be the result of the cross
functioning of technologies, oversight and dispute resolution. In short,
the elimination of bad email AND elevation of responsible email.

Until then, the delete button is my best friend.
Cheers,
Dave Steer

---

Date: Wed, 10 Jul 2002 09:13:47 +0100 (BST)
From: James Sutherland <jas () spamcop net>
To: Declan McCullagh <declan () well com>
Subject: Re: FC: Three tales of firsthand problems with "anti-spam" blacklists

On Tue, 9 Jul 2002, Declan McCullagh wrote:

> Previous Politech message:
>
> "David Scott Anderson: An unapologetic resume spammer, and a twist"
> http://www.politechbot.com/p-03730.html
>
> As a brief followup to my earlier message, I give the SpamCop folks (some
> of whom subscribe to Politech) high marks for responsiveness, although they
> also incorrectly listed my mail server as spam for 18 hours on Feb. 11. But
> the relays.osirusoft.com admin never explained why my server was
> blacklisted last week without a check performed first.

Spamcop's own blacklist is automatically generated, based on the number of
complaints received recently ("recently" being "within the last 3 days",
with reports from the last few hours being most heavily weighted) and the
volume of mail handled (so a handful of reports would list the average
open relay, but listing AOL's server farm would require a huge number).

It's important to remember HOW Spamcop use this "blacklist": unlike most,
"blacklisted" mail is NOT rejected - just diverted into a "this might be
spam" folder on the server. They also point out that the Spamcop blacklist
is not for use as an auto-reject filter, only for information: even if
your server were listed, this would just divert mail from you into another
folder - and I can "whitelist" you at the click of a mouse when I realise
you aren't spamming me.

Certain other blocking services, however, can be rather trigger-happy -
not to mention assuming they are always correct in listing you!


James.

---


Date: Tue, 09 Jul 2002 16:42:26 -0400
From: "Paul Levy" <PLEVY () citizen org>
To: <declan () well com>
Subject: Possible claims against careless blackholers

I take it that Clinton Fein is implicitly suggesting that, when an 
anti-spam group adds someone to a list of alleged spammers,, merely upon 
the receipt of a report but without any independent checking, there is an 
instance of defamation.  Perhaps one could say that the group's practice 
reflects negligence, which is a sufficient basis for a defamation claim 
where the person added is not a public figure.  OTOH, it is hard to see a 
viable cause of action for trademark dilution; the "tarnishing" that 
follows from criticism is generally not a basis for a dilution claim....

Paul Alan Levy
Public Citizen Litigation Group
1600 - 20th Street, N.W.
Washington, D.C. 20009
(202) 588-1000
http://www.citizen.org/litigation/litigation.html

---

Subject: Re: FC: David Scott Anderson: An unapologetic resume spammer, and a
        twist
From: Billy Harvey <Billy.Harvey () thrillseeker net>
To: declan () well com
In-Reply-To: <5.1.1.6.0.20020708212540.02db2ae0 () mail well com>
Date: 08 Jul 2002 22:25:33 -0400

> Excerpts from a representative email:
> - "I will be contacting an attorney..."
> - "Is it possible that you are a racist. Did you go to my site and see that
> I am African American, and have a problem with that?"
> - "The resume was sent to you by a service, not me personally..."

This could be rewritten as:

1. It didn't happen.
2. If it did happen then it wasn't me.
3. If you can prove it was me, then I'll sue you for racism.

Hell, Declan, you'd better just send him an envelope full of money right
away and save yourself the trouble later.

Billy

---

From: "Magdalena Donea" <maggy () kia net>
To: <declan () well com>
Subject: Re: Three tales of firsthand problems with "anti-spam" blacklists
Date: Tue, 9 Jul 2002 15:27:21 -0600

Declan wrote:
> But
> the relays.osirusoft.com admin never explained why my server was
> blacklisted last week without a check performed first.
Paul Bort wrote:

> If I found two bad address ranges in just that one record, how many false
> positives are scattered throughout their database?

The SPEWS system is unapologetic about false positives, and even regard them
as a plus (they've taken the "ends justify the means" argument way farther
than I've seen anyone else take it).

Their philosophy appears to be that if innocent businesses and individuals
on the periphery of spam-house blocklists are affected, then those innocents
will have no other choice but to pressure their upstream provider to remove
the spammers from their blocks, thereby solving the spam problem bit by a
bit. Draconian, yes. Effective? Sure.

My story is similar: a couple of weeks ago, this SPEWS record included, as
part of the IP address range, the main IP of our shared mail server:
http://www.spews.org/html/S969.html

Like Paul, I spent several days on Usenet, trying to fight the listing:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=8b22a437
.0206102335.6c063861%40posting.google.com&rnum=1
(sorry for the length of the URL)

... and eventually, after promises to move my servers ASAP away from my
upstream provider, I obtained a whitelist for our base IP, and went on with
my moving plans.

The move isn't completed, however, and as of a couple of nights ago, the
previous listing has been expanded to include not just the few dozen IP
addresses that were previously listed, but a whole *3 class-C blocks* which
includes not only the original server, but our secondary and a few of our
dedicated servers. One of those dedicated servers belongs to our favorite
client, the Libertarian Party.

All because of 1 or 2 possible addresses in those blocks that may belong to
marketingontarget.net

Based on previous "conversations" on nanae, I have absolutely no hope of
getting this resolved again. Coercion seems to be the name of the game among
these folks. As I said, they're unapologetic about collateral damage, going
so far as to justify their practices with "well, goodness, we don't FORCE
anyone to use the SPEWS list..."

The SPEWS list is different than others precisely because of what they
attempt to do - they *know* their lists include collateral addresses. The
problem is, of course, that so many servers out there subscribe to
relays.osirusoft.com and their ilk, and use the SPEWS data, or are
automatically subscribed to the SPEWS data by their dial-up ISP or other
access provider, that the SPEWS "optional" argument is moot. The fact of the
matter is that they *are* causing severe monetary damage to others, and no
amount of anti-spam self-justification will change that.

Sorry for the annoyance level I'm displaying. I'll now get back to my
jam-packed server admin day.

--Maggy

Magdalena Donea
KIA Internet Solutions, Inc.

---

Date: Mon, 8 Jul 2002 20:34:56 -0700 (PDT)
From: Chris Caputo <ccaputo () alt net>
To: Declan McCullagh <declan () well com>
Subject: Re: FC: David Scott Anderson: An unapologetic resume spammer, and
 a  twist
In-Reply-To: <5.1.1.6.0.20020708212540.02db2ae0 () mail well com>

I am finally getting around to setting up TMDA (Tagged Message Delivery
Agent - http://software.libertine.org/tmda/) to deal with my spam woes
(avg. of ~133 per day in the last month).  The main feature I will be
using is the confirmation requirement from people who are not yet on my
"whitelist".  Yes this means I may miss some messages occasionally from
people who don't know how to handle the confirmation process, but time
wasted due to spam has gotten bad enough that this risk is worth the gain
in productivity.

Taking back ownership of my inbox,
Chris

---

Date: Mon, 8 Jul 2002 21:05:31 -0700
To: declan () well com
From: Tom Collins <tom () tomlogic com>
Subject: Re: FC: David Scott Anderson: An unapologetic resume spammer, and
 a   twist

Washington Post on resume spamming:
http://www.washingtonpost.com/ac2/wp-dyn?pagename=article&node=&contentId=A34840-2002Jan24

Slashdot story on resume spamming:
http://slashdot.org/article.pl?sid=02/01/09/0346217

Followup:
http://slashdot.org/article.pl?sid=02/01/25/1622242

-Tom

---

From: "G. Waleed Kavalec" <greg () kavalec com>
To: <declan () well com>
References: <5.1.1.6.0.20020708212540.02db2ae0 () mail well com>
Subject: Re: David Scott Anderson: An unapologetic resume spammer, and a  twist
Date: Tue, 9 Jul 2002 07:40:09 -0500

Declan

You made a common error in dealing with Anderson, one you noted:

> One obvious minor solution is not to reply to spammers and send mail
> only to the abuse@ address. But in my experience, copying both
> addresses works better: Some abuse admins aren't quick to respond,
>  while spammers seem to be more willing to delete you from their lists
> if they know they've already been reported.


"Delete you from their lists" != stop spamming.

We "antis" call the former "listwashing" and it really doesn't reduce the
traffic at all.

G. Waleed Kavalec
-------------------
What if there were no hypothetical questions?

---

From: "Michael H. Frese" <Michael.Frese () NumerEx com>
To: "Declan McCullagh" <declan () well com>
Cc: "Robert Hettinga" <rah () shipwright com>
Subject: A Modest Proposal on Spam
Date: Tue, 9 Jul 2002 07:18:49 -0600

Declan,

If every mail client contained a Spam-Reply button, then no one would send
out a million messages to people they don't know.

The button would activate an automated reply function against the valid URL
included in the message.  A thousand false mouse clicks or a hundred false
form replies should do it.

If 1% of the people receiving the message hammered each spammer, then they'd
not be able to find the true responses in the false.

Since the number of false messages from each source would be modest, it
wouldn't be distinguishable from real traffic.  The network itself would
mount the counterattack so to speak.

The key is to make the software for the counterattack widely available, the
individual attacks small, and the number of replies much smaller than the
denial-of-service threshold.

It would stop spam by destroying its value.

Outlook Express plug-in, anyone?

Mike

---

Date: Tue, 09 Jul 2002 09:35:06 -0500
Subject: Re: FC: David Scott Anderson: An unapologetic resume spammer, and
        a twist
From: Shawn Yeager <shawn () shawnyeager com>
To: <declan () well com>

Declan:

First, a jaw-agape "wow," at the pure absurdity of this exchange between you
and Anderson.  It's staggering how some people can be so misguided, yet so
convinced they're in the right.  I commend you for the objectivity with
which you were able to pass along this story.

Secondly, it is for the many reasons you note that I believe a collaborative
approach like Vipul's Razor (now Cloudmark, commercially) looks very
promising.  I believe you've covered one or both on your list, so I'm likely
telling you nothing you don't already know.  What may be new to you is that
version 2 of Razor now incorporates the concept of a "trust index," which
will purportedly better the system with an historical rating of one's
reporting of spam.  I have no involvement with Vipul or Cloudmark, so you'd
obviously want to go to them for details.

Thanks for the list.  I've really enjoyed it.

Best regards,

Shawn

--

shawn yeager                   |    http://shawnyeager.com/insight
emerging technology insight    |    630 689 4031

---

Date: Tue, 09 Jul 2002 19:17:25 -0700
From: Joachim Feise <jfeise () ics uci edu>
Reply-To: jfeise () ics uci edu
Organization: University of California, Irvine
To: declan () well com
Subject: Re: FC: David Scott Anderson: An unapologetic resume spammer, and
 a  twist

Declan McCullagh wrote:

> David Scott Anderson is not merely a resume spammer -- he's a singularly 
> unapologetic one.

He's not the only one. I think Bernard Shifman is the most notorious:
http://petemoss.com/spamflames/ShifmanIsAMoronSpammer.html

-Joe






-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------