[anti spam] I like this kind of reading.

Valmont · 04-27-2005, 06:46 AM

Long read but nice to see sometimes a difficult subject can be explained easely.

Quote:

MEDIA: Junk e-mail foes target spam king [4 August 2002]
ROK1939
This article and it's quotes needed to be run through the Spamhaus Project comment/translation service
[comments/translations]
__________________________________________________ ______________________________________
W. Bloomfield man, a major sender of bulk messages, lands in center of free-speech battle
By Joel Kurth / The Detroit News
You can reach Joel Kurth at (313) 561-8623 or jkurth@detnews.com

[Center of free-speech battle? The "Battle" was over years ago in the USA, courts decided spam was not "free-speech"; for example: http://www.jmls.edu/cyber/cases/aol-cp2.html]
__________________________________________________ ______________________________________

Alan Ralsky calls himself a commercial e-mailer, not a spammer.
[Translation: I'm an "asset reallocater", not a burglar and thief]

He says he maintains files with 87 million e-mail addresses of computer users who ask to be removed from his blanket solicitations.
[The fact that his spamming has annoyed 87 million email users is not enough to stop him from annoying millions more?]

WEST BLOOMFIELD TOWNSHIP -- The e-mails flow by the millions -- offers for cut-rate insurance, prescription drugs, vacation giveaways and more -- en route to unsuspecting computers from Detroit to Djakarta. Known as spam or unsolicited commercial e-mail, many these days originate from a well-kept colonial in a West Bloomfield Township subdivision. Inside, owner Alan M. Ralsky has become one of the world's largest providers of the much-hated solicitations.

Ralsky claims he is trying to make an honest living in an industry riddled with cons
[Ralsky considers stealing from other's honest? Both by spamming and by relay and proxy hijacking of their mail servers?]

but he is one of the most despised men in some corners of the Internet. On Web chat rooms, the 57-year-old is described as "scum," "sleaze," "vermin" and an "Internet criminal."
[On court documents in Michigan, Ohio and Illinois the 57-year-old is described as a regular criminal]

Death threats aren't uncommon. Many Internet providers won't allow Ralsky to send e-mail on their systems. "I'm not trying to become the poster boy (of spam). But, honest to God
[One would hope God is listening to this "honest" man]

some people think I'm the only one making money off this," he said. Ralsky is a central figure in the international battle over spam, one that pits cleaning up cyberspace of unwanted e-mail against arguments that doing so trods on free-speech rights. A multimillion dollar lawsuit against him is closely watched by the industry because it highlights the legal and practical difficulties of curbing the messages that promise everything from porn to discount software, as well as provide an inexpensive forum for companies to sell their wares. Not only a top frustration among users, spam is gobbling up precious space on the Internet and costing businesses and consumers worldwide $9.6 billion a year in lost productivity and upgrades to fight it, according to a 2001 European Union study. The European Union recently passed laws banning unsolicited junk e-mail, but the United States has yet to follow suit.
[One would hope the US Congress is listening to this]

Instead, Internet providers such as Verizon and Comcast are suing to shut down spammers, filing at least 25 cases in the last five years, said Jon Praed, a lawyer with the Arlington, Va.-based Internet Law Group. Verizon Internet Services has targeted Ralsky, who has fought his way back from bankruptcy, a felony conviction involving fraud and the loss of his insurance licenses in Michigan and Illinois. The company has sued Ralsky and associates at his business, Additional Benefits LCC, claiming they sent enough spam in one day in 2000 to fill all the memory of about 20 personal computers. The suit does not specify total damages, but they could eclipse $37 million based on the amount of e-mail the company claims Ralsky sent. "This was the largest e-mail attack in our history," said Thomas M. Dailey, general counsel of the Reston, Va.-based provider. "It's clear Mr. Ralsky is a major player in this area. What he did to us was tantamount to an attack." Ralsky denies the accusation. The case goes to trial Sept. 23 in the U.S. District Court's eastern Virginia district. "They make me out to be the biggest villain there is, but I want to take this to trial," said Ralsky, who wouldn't divulge his annual earnings.

"I don't do porn.
[No, the bestiality porn is farmed out to his partners in Texas & Canada]

I don't camouflage my e-mails.
[Sure he does]

If you don't want to receive them, I won't send any more." Despite efforts in the courts to fight spam, bulk e-mailers are often one step ahead of Internet providers and can cover their tracks faster than corporations can catch them. The National Spam Mail Abuse Association has spent more than a year trying to get to the bottom of Ralsky's organization, which he said consists of about nine subcontractors. "The deeper we get, the more confused we are," said Greg Blackwell, an Omaha, Neb.-based computer network manager who founded the anti-spam group. "He's like a cactus. Once he takes root, you can never stop him from growing."
[A prison term for the illegal hijacking of other people's computer equipment might make a good herbicide for the Ralsky cactus]

Battle over Internet
Ralsky's lawyer, Robert S. Harrison of Bloomfield Hills, said the Verizon suit -- and actions by the anti-spam "Gestapo"
[Translation: I know my client is in the wrong and a criminal, but equating the people trying to keep the internet free of his pollution with the group responsible for the genocidal slaughter of millions of innocents in the second world war is my best legal and PR strategy]

-- are the first volleys in a fight that ultimately could decide who controls the Internet.
[No one will "control the internet", this is a fight to keep away the people who wish to destroy the internet for their own personal profit gains]

Harrison claims Ralsky is taking advantage of the same freedoms the Internet provides all users and counters that Verizon is trying to restrict his free-speech rights.
[Maybe Mr. Harrison, Esq. could point out where in the US law Verizon became the government and was able to restrict his free-speech under the Constitution?]

Verizon sued in Virginia because the state has one of the toughest laws against bulk e-mail in the nation.

Michigan has no law against spam.
"How is sending commercial e-mail any worse than the annoying phone calls you get during dinner or letters from Publishers Clearing House saying you've won millions of dollars from Ed McMahon?" Harrison said.
[Translation: How is getting your home broken into, vandalized and your property stolen any worse than having a tree fall on it during a storm?]

Even spam critics such as Grosse Pointe Farms attorney Matthew R. Halpin acknowledge the case poses a tough question for a medium built on free exchange: Why is it OK for users to e-mail vacation photos to 100 friends, but illegal for spammers to send thousands of pitches?
[Solicited to people one knows vs. unsolicited to millions? Is this really what Halpin said?]

"I hate spam. It's horrible, but what's the remedy?" asked Halpin, who specializes in Internet issues and operates the Web sites CyberLaw USA and Michigan Cyber Court. "Do we say you can't make someone an offer for services? You're treading on thin ice with the First Amendment."
[Someone does need to brush up on US Constitutional law on the First Amendment, free speech, commercial speech and private property rights - but until then, the Spamhaus Project is sending Mr. Halpin 50 "Spamhaus.org" bumper stickers to place on his car to advertise the organization - His failure to do so might be a violation of our free speech]

Praed and Internet service providers call such arguments ridiculous, saying that sending spam is tantamount to stealing by using others' property for personal gain.
"No one has the right to free speech by using a megaphone that's owned by someone else," said Praed, who is working on the Ralsky case and has become one of the top anti-spam attorneys in the nation.

Lawsuit ramifications
Spam is tough to stop. Twenty-nine states have passed or considered laws to limit bulk e-mails, which account for 20 percent to 50 percent of all Internet traffic. Attacks -- single launches of thousands of solicitations -- jumped to 4.8 million in June from 675,000 in January 2001, according to Brightmail, a San Francisco company that fights spam.

"This type of pernicious activity is only getting worse," said Lih-Tah Wong, president of Computer Mail Strategies, a Southfield company that sells anti-spam software. "It's popular because it's so cheap," Wong said. "There's no postage to lick. There's no ads to print and they get the message across. So 99.9 percent of recipients delete it, but there's that 0.01 percent that look at it and do something with it. That one hit more than pays for itself."

Ralsky agreed. "I put people on the same playing field as Fortune 500 companies for a fraction of the cost," he said. "This is all about who can make money. These (anti-spammers) feel we've infringed on their personal space. They want to own the Internet."
[Translation: The man in that house won't allow me to go in, eat his food, trick his beer and watch his TV - He wants to own his house; that is wrong."

How bulk e-mail works Companies wanting to advertise hire bulk e-mailers, who in turn buy computer disks containing millions of e-mail addresses for as little as $30, Wong said. Software that scours the Internet for e-mail addresses and sends bulk mailings usually costs a few hundred dollars.

Ralsky In about an hour, e-mailers can download the addresses onto their computers, then click send. From there, it's the work of servers such as Verizon or Comcast to sort out the addresses and individually mail all of them. Internet service providers and businesses have spent millions on anti-spam software and filtering devices to block messages that seem suspicious. But e-mailers have become just as creative in circumventing the rules, camouflaging their messages and using foreign servers that have no qualms with spam, Wong said. "It's like a car chase when someone keeps throwing cones in the road," Halpin said. "As quickly as computer software experts develop filters and rules to get rid of spam, you have people on the other end who are just as clever going around those blockades." Most leading Internet providers now limit the amount of e-mails consumers can send in an effort to block spammers, said Dailey, who is president of the Washington, D.C.-based Internet Service Providers Association. Verizon can freeze customers' ability to send e-mail if they send out more than 500 messages in single 60-minute spans, said Bobbi Henson, a company spokeswoman.

Spammer or bulk e-mailer Ralsky may send bulk e-mail, but he said he's hardly a spammer. Ralsky wouldn't name his clients, but Harrison said they include software wholesalers, offers for weight loss and firms that arrange government grants and auto loans. In its suit, Verizon claims Ralsky sent deals promising "Real Las Vegas Blackjack," the "lowest price on your new car" and "free budget and debt counseling."

Unlike spammers, Ralsky said he maintains files with 87 million e-mail addresses of computer users who ask to be removed from his blanket solicitations.
[Unlike burglars, the man who broke into the home and stole said, I always leave any property the home owner has put a "don't steal" note on]

Ralsky has another 150 million active e-mail addresses to which he regularly sends pitches. In most cases, clicking icons to be removed from e-mail lists only invites even more solicitations because the addresses are confirmed -- unlike many of the addresses they send out, Wong said. Disks with valid addresses can cost $300, 10 times more than disks with unverified addresses. Ralsky said he takes a percentage of all sales of his clients. In turn, Ralsky's business sets up Web sites for the companies and markets their products with as many as 30 million daily e-mails. But doing so has incurred the wrath of anti-spam crusaders, whom Ralsky claims are harassing him
[Harrasing him? 87 million people told Ralsky to stop harassing them]

and scaring away clients. "Two or three times a week, people call and say, 'We'll find you and we'll kill you,' " Ralsky said. "I've seen them drive around my house late at night."
[We hope Ralsky provided the reporter with the police report numbers for each time he's called to report these threats on his life?]

Harrison acknowledged some of Ralsky's e-mails may have "inadvertently" slipped through Verizon's servers, but he disputes Ralsky sent millions. Verizon has acknowledged deleting many of the e-mails it claims came from Ralsky and thus far has produced less than 40.
[The burden now falls on the victim to also store all the spam sent to them?]

Verizon vs. Ralsky
Verizon alleged that Ralsky's e-mails were no accident and he intentionally used several methods -- aliases, false domain names and hijacked servers -- to cover his tracks. At least twice in 2000, Ralsky sent enough e-mails to almost paralyze the system for a few hours, said Dailey, who would not divulge many details of the alleged attack in fear that it would put Verizon at a competitive disadvantage. The company's engineers tracked down 56 gigabytes of e-mails, while many more may have escaped before they could find them, Dailey said. The average e-mail takes up about 15,000 bytes, meaning that Ralsky sent at least 3.7 million e-mails, according to the lawsuit. Virginia law -- the one Ralsky's lawyer is fighting -- allows companies to seek $10 per e-mail. Verizon spent about four months tracking the e-mails to Ralsky, court papers show.
[The Spamhaus Project can normally do it in four seconds, but we're glad Verizon took the time]

"The more of these cases you can bring, the more you impose a cost of doing business on (spammers) and have a deterrent effect," Dailey said. "We're not going to let people use our system to adversely affect our customers without the risk of litigation." Harrison counters that Verizon can't prove Ralsky crashed its system and suggested anti-spam zealots or disgruntled employees of a company that almost merged with Verizon may have been behind the attack.
[Translation: We belive the real killers are Dingoes from the world of Faye Resnik]

"Alan is an honest businessman," Harrison said.
[Translation: My dictionary defines "honest" and "businessman" a bit differently than others do]

"The reason he's become so vulnerable to anti-spammers is that he's so wide open. He is who he says he is. His phone number is listed. He doesn't hide. That's made him a chief target."
[Ralsky is a target because he spammed millions and crashed Verizon's systems]

Ralsky's background Ralsky gravitated into commercial e-mail after legal problems stripped his licenses to sell insurance in Michigan and Illinois in 1996.
[Translation: "Alan is an honest businessman," Harrison said.]

A self-made entrepreneur who learned the insurance business during a three-day cram course in Chicago in 1976, Ralsky was making $500,000 a year during the mid-1980s, had a nice home in a tree-lined subdivision with his wife, Irmengard; three children; a country club membership; a John Han**** franchise; and two dogs, Sparky and Candy, court records and depositions show. But things soured after he left the insurance industry in 1988. Ralsky sold real estate, securities and limited partnerships with some success, but the economy tanked. Soon, Ralsky bounced from job to job, at one point selling hallway mats and stereo equipment.

Between 1991 and 1995, Ralsky had declared bankruptcy and been sentenced to three years' probation and $74,000 in restitution on a Michigan felony relating to false bank documents.
[Translation: "Alan is an honest businessman," Harrison said.]

He also had served 50 days in Chippewa County Jail in the Upper Peninsula and been ordered to pay $120,000 restitution on a plea-bargained misdemeanor of failing to deliver on contracts after he reinvested seniors' pensions in a telecommunications company.
[Translation: "Alan is an honest businessman," Harrison said.]

In 1996, Ralsky lost insurance licenses in Illinois, then forfeited his licenses in Michigan.
[Translation: "Alan is an honest businessman," Harrison said.]

Testifying to state regulators, his brother, Stuart, said Ralsky "got off track." "He got away from those things he does best and perhaps just became temporarily enamored with what looked to be a change, a challenge, something new," Stuart Ralsky, an industrial psychoanalyst, told the Illinois Department of Insurance. By that time, Alan Ralsky had already discovered how to make money off the Internet.

Self-taught technology
Broke, Ralsky said he paid his "last $1,000" to a Canadian marketer who promised to multiply the investment on the Internet. Instead, Ralsky got nothing, but emerged determined to learn how to use the new technology. He said he sold his car, bought two computers and taught himself how to use them. "Al Ralsky is a rags-to-riches story," Harrison said.
[Translation: "Al Capone was a rags-to-riches story," Harrison said.]

"Yes, he's had his problems in the past. He's human like the rest of us.
[We reserve the right to contest this statement]

But he's paid his price and has become a pre-eminent commercial e-mailer."
[One would hope the price tag will go up soon]

Ralsky's neighbors have noticed. "I always thought he won the lottery or something because he always did never-ending renovations on his house. I mean, it was just renovations, renovations, renovations," said Janet Walker, a longtime neighbor who recently moved to Arizona.
[Translation: We just had to move 2500 miles away from this guy]

As Harrison sees it, commercial e-mail must be saved to save the Internet.
[Translation: Theft must be saved to save the prison industry]

If servers crack down on users' ability to send thousands of messages, they will soon place other restrictions or charges on cyberspace, he said. "Spamming may be a part of the Internet people don't like, but everything else we like will be gone if (providers) win," Harrison said.
[Why even bother...]

Spam foes and Internet providers hardly buy the argument. "Ultimately, these spammers are exploiting the Internet and everyone's ability to enjoy it for their own personal gain," Dailey said. "It takes up bandwidth. It's annoying. It's stealing."
[Thank you Mr. Dailey!]

Belisarius · 04-27-2005, 07:34 AM

Hehe, I love the comments.

Seriously, there needs to be a new set of mail protocols developed with an eye towards curbing spam and worms. New P2P protocols get millions of users in the matter of a few months - I don't think it would be too bad if a new mail protocol was formed and ran along side smtp, pop3 and imap for a few years while people upgrade from one to the other.

Valmont · 04-27-2005, 08:10 AM

New bulletproofs vests never stopped criminals from shooting.
We need skilled legislators.

Belisarius · 04-27-2005, 08:30 AM

While that would help with spammers in the US, given that worms are a very similar worry, and that there will always be places in the world that relatively lawless, an improvement in the technology can only help.

Doorlocks and laws will always be more effective than laws alone.

Valmont · 04-27-2005, 01:11 PM

Both! Yes we need both. I agree.

sde · 04-27-2005, 01:37 PM

legislation is not free, .. and i don't feel like paying internet taxes. i'd rather have spam than let the government screw up the internet.

DJMaze · 04-27-2005, 02:05 PM

There's a secure email system and it's developed more then 15 years ago already.
In that time nobody wanted to use the system because spam wasn't that big of a deal.
Now that everyone can see that email is a big security hole like M$ Windows people actualy want a secure mail system.

But the issue is that you can't switch to a different mail system nowadays because that needs a massive change of every computer and software to handle the new protocol.

Will you be the one to manage millions of computers to make the switch which is a bigger impact then the millenium issue (which was actualy a joke to see millions be spend)

Belisarius · 04-27-2005, 04:39 PM

They install a new program - corporations install new servers on their machines. This happens all the time. There will just be a transistion period. It's not that big of a deal - it's not like all of the sudden things stop working that once worked. The two will run in parallel for a while, then once everyone has the ability to use the new protocol support for the old one will stop.

Everytime I suggest a new protocol, the same arguments are made "Oh, it's too difficult, too expensive". No, it's not. It's simply next generation. The old stuff will continue to work, it's just that the majority of people will stop using it and switch to the new way. It's not like IPv6, which doesn't look or act like IPv4, and requires massive reworking of countless servers and networks (and many things will break once an IPv6 address is introduced to the code).

We're talking about "Well, we need to install this second generation e-mail server to run along side our trusty old Sendmail server". It ain't that earth-shattering. Did the world expode when ICQ and AIM were introduced? After all, they're a method of message delivery, just like e-mail.

*edit*

And how in the heck can you call it secure? Do you know how smtp works?

Valmont · 04-27-2005, 05:04 PM

Quote:

Originally Posted by sde

legislation is not free, .. and i don't feel like paying internet taxes. i'd rather have spam than let the government screw up the internet.

What are you talking about please?

Belisarius · 04-27-2005, 05:11 PM

There's been talk of adding a tax to all e-mail to make sending in bulk expensive.

teknomage1 · 04-27-2005, 05:17 PM

Well here in the States, laws are passed by buying congressmen, who then write up bills that are voted for by yet more bought congressmen. All this money has to come from somewhere, but after legislation is passed a new agency needs to be created to enforce the law and employ several thousand new buearacrats. The net result of this will of course be a tax on the internet for American citizens. Or something like that...

DJMaze · 04-27-2005, 09:11 PM

Quote:

Originally Posted by Belisarius

And how in the heck can you call it secure? Do you know how smtp works?

Do you know all holes in smtp ???
Your question isn't of any matter while half the world can hack it.

The current protocal (IMAP/POP) doesn't tell exactely where mail is coming from and is forward immediatly thru SMTP.

The other invented protocol doesn't send the email but stays on the first server it reaches or just the sender his computer and includes the real details of the computer that send it.
You get somesort of notification that there's email with subject X from email Y and you approve/deny the email that is send.
If you deny the email it just stays on the computer waiting till the computer is full or a auto-prune deletes them after 1 month or something.

This way you don't get virusses, spam or anything else in your inbox untill you accept that the message will be send to your computer.
As benefits this also doesn't eat all bandwidth of the network and anti spam software can be server installed and have real IP's to get the bastards.

However they wanted to run this improved protocol on the same port (25)

sde · 04-27-2005, 09:53 PM

Quote:

Originally Posted by DJMaze

Do you know all holes in smtp ???
Your question isn't of any matter while half the world can hack it.

The current IMAP/POP doesn't tell properly where mail is comming from and does get send immediatly thru SMTP.

The other invented protocol doesn't send the email but stays on the first server it reaches or just the sender his computer and includes the real details of the computer that send it.
You get somesort of notification that there's email with subject X from email Y and you approve/deny the email that is send.
If you deny the email it just stays on the computer waiting till the computer is full or a auto-prune deletes them after 1 month or something.

This way you don't get virusses, spam or anything else in your inbox untill you accept that the message will be send to your computer.
As benefits this also doesn't eat all bandwidth of the network and anti spam software can be server installed and have real IP's to get the bastards.

However they wanted to run this improved protocol on the same port (25)

u are so vague for knowing so much.

there is email programs that basically allow you to do that if you want it to be that much of a pain in the ass anyway.

1 - someone sends me an email
2- they get a reply from my program that says, 'i don't recognize you, please take a moment to fill out this information so the recipient can allow incoming email from you in the future.
3- i get the request, and say , 'ok, i know this guy', or 'no, i don't'

if it's a robot spamming, and/or if the reply to email addy is bad, then they won't respond, and i will never receive the request.

yes, all on our good old standard email protocal.

valmont, i'm talking about free as in monitary AND free as in FREEDOM. if we allow too much legislation to be passed on the internet, then the government will take control of it just like they do our airwaves, ( radio, television, phone lines, etc... ) .. that stuff is regulated in the US very strongly.

DJMaze · 04-28-2005, 12:23 AM

Quote:

Originally Posted by sde

u are so vague for knowing so much.

there is email programs that basically allow you to do that if you want it to be that much of a pain in the ass anyway.

1 - someone sends me an email
2- they get a reply from my program that says, 'i don't recognize you, please take a moment to fill out this information so the recipient can allow incoming email from you in the future.
3- i get the request, and say , 'ok, i know this guy', or 'no, i don't'

I know this sde but it's not what i ment.
Let me try to explain it better:

If you try to send a email to me then the mail doesn't get send to my mailserver (where the software you explained recides for verification)
Instead it will stay on your server/computer and only send a message to me that you have an email in your outbox that you like to send to me.
When i don't accept the email it will stay on your server/computer and will fill up your outbox untill your box is full.
So a spammer will have 80 million emails on his computer untill the reciever accepts his message.
This results that they need a huge HD to store all email they try to spam untill we accept, else they must delete everything (eventualy they still delete it)

This is a totally different behavior to the current situation where the email does get send to my mailbox first which fills up my HD space.

I hope i made myself clear.

Belisarius · 04-28-2005, 04:42 AM

Yes, I've written smtp clients before, which is why I used it as an example of why the protocols are broken (hacking has nothing to do with it, it's just broken). I think I misread your initial statement - I thought you were refering to smtp as being a secure protocol, and now I see you were talking about something else.

The alternative you described is not allowed for in any of the current protocols, and therefore would require a new one (which is what I was suggesting in the first place!). Further, it would be a pain in the ass, as I would have to approve e-mails from all one-time contacts. Additionally, if I upgrade (or crashed) my computer, I would loose these filters and need to start the process again, which would be a hassle to all my friends. Or, if it's tied to the server, I would need to repeat the process if I changed e-mail addresses. That would be than needing to use a spam filter (which is usually done for me by the server). Finally, it simply wouldn't work. The spammer would simply re-generate the spam once approval was received. They wouldn't store every message they sent out, it wouldn't be practical.

A far simpler solution would be to require an identity check of all incoming emails by the server itself, so as to eliminate spoofing. Simply contact the server listed and ask if that person is a legitimate user, and if that e-mail actually originated from their servers. That would effectively kill spoofing, and ISPs could ban e-mail based on domain rather than IP. All without any sort of action on the part of the user. Spam could still occur, but it would be much easier to track and block.

Quote:

Originally Posted by DJMaze

Do you know all holes in smtp ???
Your question isn't of any matter while half the world can hack it.

The current protocal (IMAP/POP) doesn't tell exactely where mail is coming from and is forward immediatly thru SMTP.

The other invented protocol doesn't send the email but stays on the first server it reaches or just the sender his computer and includes the real details of the computer that send it.
You get somesort of notification that there's email with subject X from email Y and you approve/deny the email that is send.
If you deny the email it just stays on the computer waiting till the computer is full or a auto-prune deletes them after 1 month or something.

This way you don't get virusses, spam or anything else in your inbox untill you accept that the message will be send to your computer.
As benefits this also doesn't eat all bandwidth of the network and anti spam software can be server installed and have real IP's to get the bastards.

However they wanted to run this improved protocol on the same port (25)