Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by WisTex

  1. Good points. But it still illustates my point. The innocent get screwed, once again. Maybe we should just go out and shoot all the spammers.
  2. I contacted Gmail and suggested they identify the IP address of the sender's computer in the header like most other web-based e-mail software / service providers. I even included examples based on their existing headers, and also an example from a web-based e-mail software that includes the IP address of the sender's computer. I also told them without that information, spamcop.net and other blacklists will blacklist their servers instead of the spammers because their IP address is listed at the originator of the spam. I got a response back thanking me for my suggestion and saying they were forwarding it to the appropriate people. So it looks like they are seriously looking into the issue.
  3. True. One in Australia will gladly remove you from their list for a few hundered dollars, for example. Law or not, they should still be responsive and accurate.
  4. ...You seem to me to have misread Miss Betsy's post. Please note the text I bolded -- I believe that is what she is saying, not that you did something wrong (since you, in fact, left the irresponsible ISP).27076[/snapback] We shouldn't have to. That's like asking someone to move out of a neighborhood because their neighbors are bad. We chose to move and it cost us thousands of dollars to do so. Is that fair? No. What about the people who don't have the time or money to make a major move like we did? You are assuming that changing ISPs is that simple, but it is not when you have your own server and dedicated IP addresses and programs and multiple websites, etc. I personally hope that Congress passes a law regulating spam Blacklists as they do Credit Bureaus, requiring them to responsive to the people they serve, and requiring them to remove false information in their files and requiring that IP addresses have compaints against them before blacklisting them. We had a dedicated IP address with no complaints. It wasn't like we were sharing IPs with someone who was spamming. Our IP was banned since the entire ISP was banned. Not fair at all. Who is going to pay us the thousands of dollars it cost us? Who?
  5. You are implying that we did something wrong by not having proper netiquette. Not true. We were blocked simply because the whole range of IP addresses were blocked. We had nothing to do with it other than finding out months later when customers complained they were not getting our e-mails. We never sent out an improper e-mail and never had any complaints against us. And with all the information out there, how is every single business supposed to know there are hundreds of blackhole lists out there and whether or not they are on one? And most of them are not responsive and don't care that their lists have false information in them, as we found out. They had the same problem with Credit Bureaus not being responsive to consumers who had incorrect information on their credit reports, which caused people to be denied credit, denied jobs and denied housing without just cause. So the government passed laws that require Credit Bureaus to fix any incorrect information about an individual or business or face stiff fines. They also passed a law stating that all consumers have a right to a free credit report. The reason why they did this was to protect innocent people from false information on their credit reports. Using your logic, it is okay for credit bureaus to maintain false information on someone just because it protects people and businesses from people who have bad credit. Furthermore you are saying that its excusable to deny someone credit because their social security number happens to be similar to someone who has bad credit or because they happen to live in the same neighborhood as someone with bad credit or happen to be the same race. The courts have found this to be unfair. Let's get real. Credit Bureaus and organizations like SpamCop.net provide much needed services, but they also must be accountable for their actions as well and should avoid including innocent people in their blacklists. Excusing blacklisting innocent people is like excusing credit bureaus from correcting errors on credit reports.
  6. I don't think its such a big issue, especially since most people don't know that the IP address of the sender is included in the header. If they were that smart, they would have probably found other ways to find out who you are already. Everytime you go on the internet, you leave your IP address all over the place. I just checked, Yahoo! Mail identifies the IP address of the sender's computer in the headers. I don't have a hotmail account, but looking at hotmail headers for mail I received, it appears Hotmail also identifies the IP address of the sender's computer as well. The web-based e-mail software we use on our server (CMail Server) also identifies the IP address of the sender's computer in the header. It appears that Gmail is the only one who doesn't.
  7. I think that spam from zombies cannot be effectively blocked by a blackhole list. In today's world, spammers use multiple tactics to get around spam blocks. You really need to use multiple tactics. 1. Use the blackhole list to block spam from known spammers. 2. Use an effective Bayesian spam-filter to catch the rest. Or if you don't have a Bayesian filter, at least use a key-word spam filter. By combining these tactics, you will eliminate much of the spam. One method alone isn't that effective anymore.
  8. It may sounds like a paranoid scenario to you, but with other anti-spam organizations that do not verify or check complaints thoroughly, it is very easy to get someone banned who doesn't deserve to be banned. I have seen it happen and have read about it many times. If fact, the sort of attack I described is common enough to have a name, which I can't recall at the moment. I think its called a "Joe Job" or something like that. Often the attack is done by a spammer or con-artist who is upset with a company or ISP for enforcing their anti-spam policy or for enforcing the company's code-of-conduct or other rules. Since the spammer was banned by the company or ISP, they in turn try to get the company or ISP banned and overwhelmed by complaints. It sounds like you are more responsible than some of the anti-spam organizations out there. Some of them ban IPs without the slightest reason (e.g. they are in the same IP range as a spammer, but spam has never been sent from that IP address ever), and you have to pay to get off, even if you are innocent and have proof that you didn't send any spam, and they admit that spam was never sent from your IP, and third parties document that spam was never sent from that IP. We had to change ISPs once because our IP address was blacklisted simply because it was within a certain range of IP addresses belonging to the ISP we used. One entity blacklisting us even admitted they had no proof we sent any spam and had zero (0) complaints against us or our IP address but refused to unblacklist us anyway. Another entity demanded money from us to be unblacklisted, even though we sent no spam. It cost us thousands of dollars and a ton of man-hours to move everything over to another ISP. It's organizations like those who make enemies of legitimate businesses who don't spam. I don't mind targetting the spammers. I hate spam. It just pisses me off when innocent people are harmed by overzealous people. I've seen it happen many times, and it has personally cost me thousands of dollars, punished for a crime I did not commit. Some anti-spam organizations's tactics amount to the equivelent of: there are gang members in the ghetto, so lets arrest everyone in the ghetto. It sounds like your organization actually cares about justice, which is rare, unfortunately.
  9. Well, on one hand, it would be more anonymous, which in some cases is a good thing. On the other hand, your IP address is given to any website or server you visit on the internet out of necessity. There really is no hiding anyway, unless you go through great lengths to hide your identity. Does anyone know if Yahoo! Mail or Hotmail identify the IP address of the sender in the header?
  10. That's good to hear that spam traps are configured to ignore one-time confirmation messages. And looking at Gmail's headers, they do not look the same as everyone elses' which I think is the problem, and it also omits the senders IP address. The example I pasted above was one that was used in another web-based e-mail application that did track the senders IP address.
  11. True, but I am not talking about suing the ISPs, but suing the person who maliciously filed false complaints. Big difference. You say it is not easy to deliberately send false reports, but I would think it would be very easy. Simply paste the real header from an e-mail you received from the victim, and paste spam as the body. Wa La, instant fake spam with real headers. Or worse, sending out thousands of spam with forged headers that point to the victim, using real headers they pasted from a real e-mail. The victim gets thousands of spam complaints for spam they didn't send, in addition they get blacklisted for forged spam they didn't send, all the while everyone assumes they are guilty until proven innocent, and even then.... The lost sales, lost reputation, overloaded servers.... I have read about it happening many times. And typically people are so filled with hate for spammers that they can't even see the facts for what they are and don't even want to find out the facts. As a result the innocent get stepped on.
  12. In most cases they cannot make perfect forgeries since most e-mail servers record the IP address of who is connecting in its received statement in the header. The IP address of the spammer will almost always be in the header because of this. Any forged headers could be tested, as Wazoo stated, to see if they are real. It could theoretically be possible to trick SpamCop.net into thinking a different server sent the e-mail, I suppose, but that would limit the spammer in what they could put in the header since the forged header entry would have to pass the tests, which means that their e-mails still could easily be tagged as spam since it couldn't vary much. Programs that you describe that are both the client and the server can have legitimate purposes. There are many out there that are very good at sending mailing lists. The legitimate ones produce properly formatted headers and identify the IP address of the computer the program is running on. There is no option to change the headers in most of these programs. It is very easy for SpamCop.net to blacklist spammers who use the legitimate server/client mailers, since they are designed for legitimate e-mails and report the spammers IP in the header as the source. Then there are tons of spam software as well, and many of them forge the headers to mask the source of the spam. SpamCop.net's tests can help determine where it is really coming from.
  13. "Obstructing, interrupting, or in any way interfering with the use of a computer program or data" means in any way. That would include submitting false reports that would result in them being blacklisted that would result in ISPs blocking them if the persons intent was to get the ISPs to block an innocent party.
  14. Instead of playing games, they should have just pleaded the Fifth. They admitted they were guilty, they were just avoiding providing additional proof that shows just how guilty. In the end, it had the same effect. They lost.
  15. Well, that depends on where they are signing you up and how honest the person is running the list. Some mailing list operators will gladly help you, other won't. I've had that happen a couple of times on lists I maintain. I sometimes get screaming mad people claiming I spammed them because they received a confirmation e-mail. In all cases I e-mail back explaining that the confirmation e-mail was sent to protect them from being signed up without their consent and that they should only receive one unless the person who signed up asked to resend the confirmation e-mail (it's actually an activation e-mail for membership to the website). I also ban them so that it is impossible for someone to sign up that address ever again. If I have an IP address, I also send that to them, letting them know that is who signed them up. The problem you may find is that not all mailing list operators are honest, not all mailing list software tracks the IP address of the person who signed up, and even if it did, not all mailing list operators would know where to get that information. Legitimate mailers actually have a vested interest in helping you, although not all of them will or can. If you really think someone is harassing you specifically (i.e. not just spamming you and everyone else, but is maliciously signing you up for newsletters), then you may want to contact some of them and ask to be removed and ask for the IP address of the person who signed you up. I'm not sure about the Yahoo stuff you just mentioned, but if someone is signing you up to regular mailing lists, then that woud be what you need to do to track them down. I lnow that I and some other legitimate mailers are more than happy to assist in cases like this.
  16. You could possibly have some spyware/adware installed. You may have even told them your e-mail address when you downloaded it or they guessed it by scanning your computer. Then the spyware noticed that you surfed some Russian sites so started sending you Russian spam as well. I would recommend scanning for spyware/adware and make sure your computer is not infected with a keylogger or adware that turns your computer into a zombie.
  17. It's interesting that Yahoo's spam filters did not weed it out. But I have noticed that some e-mail services do not properly filter e-mail from forwarded accounts. I had that problem with one web-based e-mail I used. Any e-mail sent directly to the web-based e-mail's account was properly spam-filtered, but when you had e-mail forwarding from another account, they checked the forwarding server's IP address against the blacklist instead of the originating IP address in the header. That meant that mail from the forwarded account was not spam filtered at all!
  18. They use those paragraphs to fool the spam filters. And they are probably are using zombies, making it harder to blacklist.
  19. Well, it sounds like an easy way to harass innocent people then. Just sign up with spamtrap e-mails. Even if they use a confirmation e-mail, they get banned immediately. Fair system, huh? And getting back on topic, I was thinking about how Google could avoid being blacklisted. What if their first received statement looked like this: Received: from sender[at]gmail.com (x.x.x.x) by gmail.com with HTTP; Thu, 21 Apr 2005 12:00:56 -0700 (PDT) where sender[at]gmail.com is the accountholder's gmail e-mail address and x.x.x.x is the IP address of the computer the sender is using. If they did that, the spammer's IP address would be available for banning. Would something like that solve the problem?
  20. Agreed. But it could be very useful in a trial where someone is harassing you in multiple ways. The more evidence, the better. My comments were only directed at the possibility that someone was being malicious, which was mentioned as a possibility by the original poster. If this is the only thing that the person did that was malicious, then you are right, nothing really could be done. But if this was only one thing out of many, then you could easily convince a court that it is harassment, with some libel and illegal computer abuse thrown in as well. If someone was that determined to harass you though, you would probably know who they are though.
  21. Because in some circumstances it is. I looked it up to make sure of the law. In Texas, for example, it is a criminal offense to libel a state trust company or bank or to blacklist or cause to be blacklisted a terminated employee with the intention of preventing them from engaging in or securing employment. Libeling a bank or trust company is a state jail felony, actually, while blacklisting carries a fine and/or imprisonment. In Texas, it would be a tort in all other cases, however. http://www.capitol.state.tx.us/statutes/index.htm Remember, it depends on the state. Libel and slander is actually against state law, and laws differ from state to state. Whether civil or criminal, you could still sue and it is still against state law in the United States and against most other countries laws as well. Maybe it would be better to simply state that it is against the law (which it is) instead of stating that there is a fine or imprisonment, as that would depend on the jurisdiction. Another thing to consider is that even if it is not a criminal offense under libel law in most states, it may be a criminal offense under other state laws. http://www.gigalaw.com/articles/2003-all/h...003-07-all.html Submitting a false report to SpamCop.net would definitely be a criminal offense under Georgia law as it "obstructs, interrupts, and interferes with the use of a computer program or data" by preventing the innocent victim from sending e-mail. Many other states have passed similar laws. That means that it IS a crime to submit a false report in many states and countries, and since you wish to deter false reports yourself, you may want to mention that it is illegal in some jurisdictions. That would do two (2) things for you. It would deter false reports which are counterproductive to the purpose of SpamCop.net and are against SpamCop.net rules. By informing people who make reports that in some jurisdictions it is illegal to submit a false report, you are transferring the legal liability to the person submitting the report. If you were ever sued yourself under one of these laws (such as the Georgia law), you could use that in your defense. It would probably be worth mentioning it just to protect yourself from lawsuits concerning illegally "obstructing, interrupting, or in any way interfering with the use of a computer program or data." You provide a much needed service and it would be best to protect yourself legally by deterring false reports as much as you can. Maybe you could say something like this: "Submitting a false report is illegal in many jurisdictions, and you may be subject to criminal or civil liability by doing so." Or something similar.
  22. No Actually, yes. There is nothing stopping someone from reporting you for spam when you didn't spam. However, if found out, they would be banned from submitting further reports to spamcop.net. Spamcop.net also states that they have the right to fine the person submitting a false report. In addition to that, it is also illegal. You could sue that person for libel and harassment and perhaps other things. You would need a fair amount of proof though to convince a jury, but that wouldn't be too much of a problem if someone is harassing you, since they would probably attack you using multiple means. Most likely, however, this is just a mistake. Unless you really think someone is out to harass you.
  23. I am glad that SpamCop has a policy against people reporting e-mail as spam when it isn't. http://www.spamcop.net/fom-serve/cache/167.html You may want to also mention that it is illegal as well. Filing a false report with SpamCop is not only counterproductive to SpamCop's efforts and against SpamCop's policies, it is also against the law. Filing a false report is considered libel and carries a possible fine and imprisonment if convicted. Let's put spammers away and prevent spammers from using SpamCop against legitimate mailers.
  24. Yeah, I had that happen a couple of times on one of my lists I used to run. I remember one situation. Someone signed up someone else, apparently, or they forgot they signed up. Instead of contacting us or unsubscribing, they contacted our ISP. Since our ISP knows we are legit, they simply asked us to remove the e-mail address, which we did. Actually, we banned his e-mail address so he couldn't be signed up ever again even if he wanted to. We forwarded the IP address of the person who signed up to our ISP. We also sent the person who complained an e-mail stating that we removed him as requested, and that his e-mail has been banned to prevent someone signing them up again. We also gave him the IP address and datestamp of the person who did sign him up and told them if they want to get the real person who signed them up, they should complain to that ISP, not ours. Luckily he didn't report us to SpamCop, otherwise we would have been blacklisted for a crime we did not commit. I hate spam, but I hate being accused of spamming even more, especially since we use safeguards such as double-opt in and recording the IP address of the person who signed up to prevent abuse. I hope you mean that you report the person who signed you up as the spammer, and not the mailing list owner. Legitimate mailing list senders have a vested interest in preventing their list as being used as a spam attack. Instead of alienating potential allies by reporting the wrong people, perhaps you should find out who really signed you up and go after them. Otherwise the guilty go free and the innocent get punished.
  • Create New...