\n"; echo $styleSheet; ?>include("http://www.corante.com/admin/header.html"); ?>
SMS.Ac is hoping for a PR boost from a press release offering a cellular customer bill of rights. (The release went out over the signature of CEO Michael Pousti, right. from sms-report.com.)
Here's Oliver's charge:
This is a company about which DOZENS of websites have multitudes of individuals complaining of things such as spamming everyone in their personal address books, which they exposed to SMS.ac during what can only be described as a deliberately deceptive sign-up process where unsuspecting people, many of them young or speaking English as a second or third language unwittingly provide the username and password to their primary email accounts, thus making it possible for SMS.ac to scour their friends and family member's addresses and solicit them with messages that look as if they come not from SMS.ac directly but from the known individual that subscribed to the service.
That's the title of the most "popular" spam in my inbox right now, and maybe in your inbox as well.
It represents a new form of brazenness by U.S. spammers against the Net, because when you input the phone number in the message into Google you find the same message, as comment spam, attached to a host of different topics.
When you publicize a phone number like that, and get away with it, it's pretty obvious that the authorities are simply not interested in pursuing you. The CAN-SPAM act has gone from sick joke to tissue paper, a dead letter, and the entire Internet is now under attack from American spammers.
So am I.
E-mail service here may experience some delays as I undergo a personal trial by spam.
In this case it's a Joe Jobber, most likely a spam gang, that has grabbed both my e-mail address and my server's IP address to illegally sell prescription drugs without prescription.
For the last few days I've been firing off myriad alerts to email@example.com, the government's address dedicated to fighting fraudulent spam, with no response.
A domain registrar called Yesnic is apparently cooperating with this spam gang. They're the registrar of record on every Joe Job in this bunch. Most of the registrations, on investigation by me, seem to be made-up, but two carry the actual name, and a legal address, fo someone in Columbia, SC. This criminal should be easy to find if someone is interested.
Meanwhile, we learned today that the most popular anti-spam technique, like the so-called CAN SPAM Act that enables spam in the U.S., is in fact becoming a spammer favorite.
I was Joe Jobbed again this weekend.
The Joe Job was named for its original victim, a man named Joe Doll of Joes.Com. It means your e-mail address is forged as the "from" address for a spam e-mailing, and you get the bounces.
Sourceforge has an excellent discussion of all this, and reasons why many solutions from individuals don't work, here. The illustration is taken from that discussion. It shows how a "challenge-response" system used by an individual actually increases the cost of spam to everyone.
Today I want to describe the first part of killing this hassle for innocent users, which falls especially hard on those, like me, who have long-lived e-mail addresses and a history of writing against spam.
I just got my first piece of franked spam.
I don't know how, but my Mindspring address somehow landed on her Congressional e-mail list. The spam is filled with news of her efforts on behalf of Colorado's Fourth Congressional District, about 2,000 miles from my home in Atlanta.
You know what I can do about this spam? Absolutely nothing. That's because the federal CAN-SPAM Act (wonderful name, since it means you can spam all you want) states that I must opt-out of this spam, by hitting a link inside the letter.
The law she passed says her spam is not spam.
By the time Paul Winchell died, last weekend at 82, the BBC was only able to point out that he had done the voice of Tigger for Disney.
He was so much more. Like Hedy Lamarr, who created the technology underlying WiFi, he led a double-life, as an intellectual in the fun house.
For starters he was the first TV star I remember, one of many models for what became The Simpsons' Krusty the Klown. He had a morning show with puppets, more entertaining (I thought) than Kaptain Kangaroo, with more brain and heart (I thought) than even Fred Rogers. The puppets, which he made himself, were called Jerry Mahoney and Knucklehead Smiff (right).
What I didn't know at the time was he was also a polymath, with a wide range of interests and a photographic memory. One of his interests was medicine. As an entertainer he manuevered into the worlds of famous physicians, including Dr. Henry Heimlich (then Arthur Murray's prospective son-in-law), and with his help won the first U.S. patent on an artificial heart.
There was even more to his life than that. He sought early funding for the farm-raising of tilapia, He was a skilled painter. And, of course, he was a ventriloquist and a subversive humorist who emphasized the fun of the mind.
Taken directly from his own Web site (he was working on streaming video at the time of his death) is a list of his inventions (remember he was self-taught):
For the last few months I have had a keyword search on Newsgator covering topics of interest here, things like cellular telephony and open source. (Last call to buy the book.)
I have watched as it has gradually become worse than useless.
I'm getting nearly 500 e-mails a day on this feed, but the signal-noise ratio keeps going up. Newsgator has begun designating some of these posts as spam, but they're missing most of them, including this one.
Even some of the "editorial" hits on this list are worse than useless. Here's one. No offense to the writer but it doesn't belong in a keyword feed for cellular, despite the fact that one of the entries in this list is "I have a mobile phone."
It gets worse, but maybe I have a solution.
When we count the costs of spam we usually think in terms of bandwidth, the hours spent clearing it out of our systems, and (sometimes) the cost of our anti-spam solution sets.
But there are other, uncounted costs to spam which dwarf those.
One is the loss in productivity we get from being unable to get in touch with people when we need to. On my ZDNet blog for instance I did a piece today on EFF chairman Brad Templeton (right), based on something he'd written on Dave Farber's list.
I e-mailed him as a courtesy. I had no questions. I just wanted to thank him for his wisdom and let him know I would use it.
What I wound up facing was Brad's spam filter, a double opt-in system dubbed Viking. Apparently I didn't respond quickly enough to Viking's commands, because its response to my opting-in again was to send me a second message demanding an opt-in. (All this was done with the laudable goal of proving I'm a man and not a machine.)
The bottom line. We never connected. I had a deadline, and used Brad's words. Perhaps there was no harm done.
But frequently there is harm done in these situations. I've had occasion to accidentally delete someone's note in my Mailwasher system, and then call the person in question asking for a re-send.
What if they're not in on that call? What if they sent something I needed? What if I were disagreeing with Brad in my Open Source post, or he decided after publication I was twisting his words?
The point is this sort of thing happens every day. People can't be reached in the way e-mail promised they would be, due to spam. This raises the cost of doing business for everyone, and the mistakes that result can be catastrophic -- to people, to companies, to relationships.
Now, in honor of the man formerly known as Deep Throat, I'm going to offer yet-another anti-spam solution.
I'm generally all in favor of anything to fight spam. And regular readers of this space will recall how much I like my own anti-spam tool, Mailwasher from FireTrust.
But this pissed me off.
UPDATE: After posting this I learned the spam database I'm about to describe is not necessary for Mailwasher to work. My complaint here is solely regarding issues of marketing and notice. Mailwasher remains my anti-spam solution of choice.
The latest version of the product, Version 5.0 to be precise, supports a company spam datebase, called FirstAlert! This is a commendable thing, on balance.
But in order to pay for maintaining this database, FireTrust has changed its business model. This is not necessarily a bad thing. Essentially they're going to a subscription model built around FirstAlert!
I was asked to download the "upgrade" to Mailwasher, by FireTrust, roughly a week ago. I did so. It's now a $37 product but, if you want to maintain your own POP3 mailbox and a public e-mail address, it's a necessity. Upgrading was transparent, easy-peasy.
Suddenly this morning I get a pop-up, inside Mailwasher, reading "your subscription to FirstAlert has expired," with a link to renew. The link goes to a page inside the FireTrust site, and they want $9.95 for the subscription. The page doesn't indicate how long this "subscription" lasts.
Because of the way in which this was done, it can look to a consumer like a classic bait-and-switch. I bought this thing just last week and now you want MORE money?
Fortunately it's very easy for FireTrust to fix this:
A few weeks ago we were bombarded with news items claiming spam isn't all that bad, that we don't care about it anymore.
Ferguson is using SkypeOut. He calls the spammer's contact number using SkypeOut and leverages Skype's inherent cost advantage to keep that phone busy, so victims can't get through. No victims, no money to the spammer.
Ferguson can go even further, automating his SkypeOut calling so each call takes just three seconds, barely long enough for the spammer's phone to ring. That line is continually tied-down and Ferguson's SkypeOut charges remain minimal.
Criminals have discovered blogging.
The BBC reports this quite breathlessly, but there's no need to be either surprised or unduly alarmed.
There are two types of scams going on, according to Websense, which was the BBC's source for the story:
In both these cases you can substitute the words "Web site" for "blog" and pre-date the release to 1997. Free Web page companies found this problem fairly early-on in their evolution, and now those offering space to bloggers need to be aware as well.
Today's big lie is a misinterpretation of the latest Pew Internet Survey. We think spam is no big deal.
(The great-tasting pork-shoulder-and-ham concoction from Hormel pictured to the left is still a very big deal in Alaska and Hawaii. They love the stuff.)
Well, nonsense. (I would use stronger language, but I want everyone to get the point.)
Here are some facts from the same study. Barely half of us now trust e-mail, down 11% from a year ago. Over one-fifth of us have cut down our e-mail use because of spam, just in the last year.
As for the rest...users have learned to deal. We have spam filters. I use Mailwasher. We don't get as much as before because more of it is being stopped at the server level.
That doesn't mean we like it. And it's deliberately misleading to say it is. It's like the battered wife syndrome. Why doesn't she leave the jerk? Why don't you just go offline?
It's the same question with the same answer. You find ways.
But if someone would finally arrest the batterer and throw his butt in the slammer for a good long time she'd learn to be grateful.
Which reminds me...
Here is the problem I have with special pleading. Anyone can do it.
But once we let one do it, all do it.
And so I call upon whoever hosts the Tony Alamo Christian Ministries to pull the plug on its ISP account.
And I call on all other ISPs to refuse the pastor's money.
I do this because his site just spammed me from the e-mail address firstname.lastname@example.org.
Good journalism stories have clear leads, a point of view, and publishers have the courage to defend the results.
There is very little good journalism going on today, which may be why the profession's reputation is shot. In today's class we have two examples of this to show you.
It's a solid, workmanlike overview of efforts to free-up spectrum going back over a decade. But it fails to put across any point of view, other than repeating that broadcasters want to keep their frequencies, including those given for HDTV.
It refuses to answer key questions:
In fact, it doesn't even effectively ask them.
What does the FBI have in common with Paris Hilton?
They're both making news this week as victims of hackers. (The image is from a conservative humor site. Some of the stuff is pretty good.)
We wrote about Paris earlier this week. (Here's a poem for the occasion. Ahem. I've seen Paris, I've seen France, girl pull on some underpants.)
As Matt Hines writes, "The mail is disguised as correspondence warning people that their Internet use has been monitored by the FBI's Internet Fraud Complaint Center and that they have 'accessed illegal Web sites.' The e-mails then direct recipients to open the virus-laden attachment to answer a series of questions."
The full story, by Spamhaus' Steve Linford (below) was distributed online today. It charges that MCI knowingly hosts Send-Safe.Com, which sells a spam virus that takes over innocent computers and turns them into spam-sending proxies. Linford tracked Send-Safe to a Russian, Ruslan Ibragimov. Linford estimates MCI earns $5 million/year from its work supporting spammers.
The theft of broadband-connected PCs by viruses, mainly Send Safe and another Russian-made program, Alexey Panov's Direct Mail Sender ("DMS"), is responsible for 90% of the spam coming into AOL and other major ISPs, Linford charged.
Here's the nut graph:
MCI Worldcom not only knows very well they are hosting the Send Safe spam operation, MCI's executives know send-safe.com uses the MCI network to sell and distribute the illegal Send Safe proxy hijacking bulk mailer, yet MCI has been providing service to send-safe.com for more than a year.
Want this made a little more explicit? Read on.
Mainline spam software publishers have added a new worm to their product that not only turns PCs into spam zombies, but runs that spam through the zombies' e-mail server. This on top of an "industry" that already costs legitimate businesses $22 billion.
The result is spam that looks like it's coming from a legitimate address, and despite all the warnings most people still don't update their anti-virals so as to prevent this kind of infection.
There's a joke I make when I'm messing around with my dogs. I call them "dumber 'n dirt," even "dumber 'n dumb dirt."
I don't mean anything by it. They're good dogs. I say it affectionately, knowing they don't understand a word of it. It's our own private joke.
Well there are days when I see a news story and I don't blog it, because it's just, well, dumber than dirt. Instead I get lazy and wait for the other shoe to, inevitably, drop.
Like it did on Lycos Europe, a company whose mascot was once (back in the day, as they say) a dog.
Thanks to those lovely folks at Newsgator, I've been enjoying an RSS feed on topics of interest, sent to my e-mail box, for the last month.
It's useful. It gives me great stories. But here's a dirty little secret. It's also filled with spam.
Want some examples? Let's go to my inbox today and find a few:
There have been several claims on the title of "first mobile virus" during the year. Our first contestant turned out to be a copy protection feature. The second, it turned out, was harmless.
Now we have a "winner," a Russian trojan aimed at phones called Delf-HA. This claim, too, may be open to dispute. The payload itself goes to PCs, which then call Russian mobile numbers and send those phones SMS spam.
But it is becoming clear that firms like Symantec, which are readying versions of their anti-viral tools for mobiles, are no longer just playing on false fears. Whether their stuff works or not will, of course, remain open to testing.
While many in the anti-spam war will applaud this news (see that one hand clapping) it should also be noted that this is a private action filed based on the content of an ISP's network. In other words, the ISPs are being sued for what others are doing.
The war on Comment Spam can be won.
I mention the subject because this blog was inundated last night with comment spam. All of it came from the same IP address -- 18.104.22.168. I wish the solution we were using would simply block comments from being placed once an IP address is on a blacklist, but it take out the trash so I should not complain.
But there are other solutions that can work as well, solutions that don't exist to fight e-mail spam:
Not that there's anything wrong with Microsoft's Caller ID technology.
It's just that the Internet Engineering Task Force (IETF) is not willing to make every Internet user sign a Microsoft loyalty oath. Even if Caller ID worked a treat against spam (which it doesn't).
You can stop arguing over Meng Wong's SPF and Microsoft's attempts to use it as a Trojan Horse for its licensing schemes.
Ciphertrust surveyed e-mail from May-August and its conclusion is conclusive:
It found that 34% more spam is passing SPF checks than legitimate e-mail.
New confirmation that the U.S. remains the world spamming leader comes from Sophos. Sophos, which gets its data from spam-attracting "honeypots," said 43% of the world's spam comes from the U.S., 27% combined comes from China and Korea. (The caricature is from Sophos' French site.)
Earlier this month, readers of this blog will remember, we reported on a CipherTrust study that 86% of the spam it collects at client sites comes from U.S. addresses, although many spoof foreign addresses.
Spam's dirtiest secret is that so-called "legitimate" businesses are footing the bills. (That's CipherTrust's Paul Judge, one of the "good guys" in the anti-spam fight, at right. Read more on him here. And if you see him, buy him a beer, or whatever he wants.)
They seldom do this directly. Mostly it's through "affiliate marketing" agreements, often created by re-sellers. The legitimate companies put stuff into their channel. The re-sellers are part of the channel. If the affiliate gets busted for spam it's "Mission Impossible" -- the secretary disavows any knowledge of their actions.
This is why, not that spam has swallowed the legitimate business of e-mail marketing, it's becoming seasonal. You get sex spam in the summer, financial scams in the fall.
This could, if someone were clever, create a way in which to reduce the spam problem.
I'm on my own blacklist.
My e-mail address has been falsified or "spoofed" on so many spams and viruses over the years that when I get e-mail from myself I automatically set it to be deleted.
This is not uncommon. Anyone who has had their address for some time, especially if they're written articles against spam, faces the same problem.
But now there's hope.
A new study from CipherTrust gives new support to the theory that spam could be greatly reduced by finding, and jailing, a few hundred Americans. (Picture from USA Today.)
Gregg Keizer writes for Information Week that, rather than put up a "honeypot" aimed at attracting spam, CipherTrust measured the actual spam it intercepted for its clients.
Dmitri Alperovitch, a research engineer at CipherTrust, explained that "some spammers are actually targeting specific companies with messages that the honey pots wouldn't see."
USA Today reports that six of Levine's Snipermail employees have reached deals with the government, in exchange for their testimony.
The story below is "hard-hitting," and calls someone a nasty name.
I've written many items about spam over the years, and will continue to do so. But I admit there is a price to be paid.
For the last two days my inbox has been inundated with hundreds of copies of the same spam. Allegedly it's a message from a Katharine Juarez. Allegedly the topic is transvestite (not that there's anything wrong with that). It's like millions of other spams sent out every day, clogging the Internet's arteries, sending it toward a heart attack.
But when you get the same spam hundreds of times, or thousands of times, we have a different name for it. It's called a mailbomb.
Want to know why people don't trust journalism?
Let's go to a headline in today's Washington Post. "Advertiser Charged in Massive Database Theft." (The illustration is from the good people at ISIPP.Com, and if you like it as much as I do, buy yourself some swag displaying it -- coffee mugs, t-shirts, etc. -- right here.)
It's followed by this priceless lede. "Federal authorities yesterday charged an online advertiser in Florida with tapping into the computer system of a large database marketer in Arkansas and stealing "vast amounts of personal information" about Americans in what they described as one of the largest network intrusions in recent memory."
Wrong! What we have is a spammer, people! (If you want to be real, real careful, write alleged spammer.) I spent five seconds Googling the name of this "company," Snipermail, at Google Groups. Take a look for yourself. Or just check the name on the indictment against news.admin.net-abuse.sightings.
You know how veteran cops shake their heads at the naivete and enthusiasm of a new cop? That's how I felt while reading this, a claim by the UN's Internatonal Telecommunications Union (ITU) that spam can be eliminated by 2007. (Image is from Siggraph.)
Here's the money quote. "If we achieve full international co-operation among governments and software companies, this plague which affects so many of us in our everyday life will be defeated in short order," said Robert Horton, Australia's top regulator.
The key word here is if.
But Internet activists fear both campaigns are just bringing up the drawbridges on resources.
First, the spam fight. (The image here is also the solution to your e-mail problems, Whitehat Interactive.)
Spam does not just hurt the spam-ee. It is also destroying the spammers, their customers, and the entire effort to turn e-mail marketing into a legitimate business.
The reason isn't in your cluttered inbox, but in a simple falsehood. The falsehood is that spam costs nothing. (The picture is of a good book on writing for direct marketing, which you may buy here.)
Everyone believes this lie. Spammers certainly believe it. Their customers believe it. So, too, do those brand names that run "e-mail marketing campaigns."
More important, so do very legitimate marketers engaged in very legitimate double opt-in e-mail marketing campaigns.
Even legendary marketers are failing to understand this Clue. Let me give you an example.
The BBC has a story out saying the European Community is demanding the industry have "a united front on spam."
That is simply not possible right now.
The PC causing the spam flood could easily be yours. (You can buy this neat picture of a zombie, by Wayne Renolds, from the OnlineGamesCompany.)
Viruses pushed by spammers have turned millions of home PCs into "spam zombies" which now push 80% of the sludge that is out there.
Sandvine's most radical conclusion is that ISPs filter traffic within their networks, and stop depending on end users to maintain security. (Another option, offered by Network Associates, is "behavior blocking" software.)
I have refrained from commenting on the seven-year sentence handed down to spammer Howard Carmack because, frankly, it depresses me. (The picture, which does not depress me, is from Jerk.Net.)
Carmack was slime. But he was an individual piece of slime, a man who claimed to be running an honest business. He was like a guy with a bathtub in Chicago during the early 1920s, making gin, getting caught, and being made an example of.
Now it's going to get tough.
Not only hasn't the CAN-SPAM act canned spam, it has resulted in an explosion of the stuff across the pond. (The image was cached by Google, but originally published in China.)
Some 70% of all e-mail is now spam, and it's going to be 80% in just a few months. Porn is no longer the big problem. Now it's drugs and finance scams.
Solving the problem is going to be increasingly difficult, however, because the U.S. continues to insist on legalizing "spam-that-is-not-spam."