This has prompted a majority of IT departments to employ some sort of anti-spam, or spam filtering, solution to assist in keeping the inboxes of their users as spam free as possible.

But notice that the word assist is used in that previous sentence.

This is because no spam filter is going to completely eliminate spam. There are some out there that will do a great job of drastically reducing the amount of junk email that is successfully delivered, but despite the anti-spam solution’s best efforts there are users in every organization that will find a way to attract spam like ants to a picnic.

To help reduce the number of pharmaceutical advertisements and promises of great riches that fill the inboxes of your co-workers, try these hints to help involve them in the fight against spam:

1. There is no one giving you a iPad for free.

When you click on those advertisements that proclaim you the lucky winner of an iPad, XBox, smart phone, etc. understand that they are just collecting your email address and other personal information to sell off to spammers.

Instruct your users to avoid clicking on any advertisements when they using computer resources at work to avoid falling for scams that collect their email addresses and to stay away from sites that may install malware on their computer.

2. Social games harvest more than virtual crops.

When a game boasts over 70 million players, people take notice. Some of those people are spammers.

Social games are fun ways to pass the time, and most are free to play. And while the makers of these games will often charge for level-ups or other premium services they also make money other ways. When you register, you provide your email address, your age, your income and a host of other information that can help advertisers (and spammers) better target you for mass mailings.

Users should understand that they should only play games on sites that legitimately protect their personal information and that their work email should never be used to register on any site. Also, they can cut down on spam and advertisements by reading the fine print when signing up and opting not to receive product information from the company or its partners.

3. Unsubscribing tells spammers you are alive.

According to the CAN-SPAM Act, all email marketing must contain a way for recipients to remove their name from the mailing list. Spammers know this and use this for two things. First, it helps legitimatize them. People see this and think that it is merely an innocent advertisement. Secondly, it lets the spammer know that they have found an active email address instead of one that has long been abandoned.

Teach users how to block emails so that when they receive newsletters and advertisements that they don’t pay attention to, they can simply block them rather than opt-out.

Make it easy for users to help identify spammers. One organization I work with has an email address set up for users who receive spam or other suspicious mail. They simply forward the email message in question to that account and someone from the IT security team addresses the problem. Not only does this help feed the spam filter with more data to use, but it brings the users into the fight. They feel like they are helping to solve the problem.

Users can be one of the best weapons in fighting spam, if you make it easy enough for them to help. A simple email address where they can forward suspicious emails beats having them fill out a form or filing a formal report.

4. Never register for forums, websites, chats or newsletters using your work email address.

Many times, we sign up for things with our work address because it is something legitimately used for work. This can lead to users being comfortable with this process and eventually, they will post that address to a less than ethical site.

Make it a policy that company email addresses should not be used to register for anything other than with a trusted vendor, customer or partner.

5. Clean out your inbox regularly.

When forced to clear junk mail out of their inbox, most people will be more cognizant of how much spam is sent to them on a daily basis. When they find this process to be tedious, they will likely do a better job at managing their email address out in the wild.

Most companies have policies that address email inboxes, and just as many don’t really enforce these policies. Make sure that users know that this, or any other policy regarding email, will be enforced.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

5 Ways Your Users Can Help You Fight Spam

Whether it arrives in the form of a junk email advertising for prescription drugs or a shared post in Google+, spam is one of the most annoying and costly things we have to deal with every time we log onto our computers.

However spam can be kept under control. By understanding some of the fundamentals about how spam, and spammers, work you can reduce the amount of junk you receive to a minimum.

1. Spammers are in this business to make money.

Most spammers will try to legitimize their emails by including the disclaimer stating you can be removed from future mailings by replying to the message with a specific subject line or message content.

Understand that if they obtained your email illegally or illicitly then politely asking them to remove you from their list isn’t going to stop them. It is simply telling them that the email address they have is one that is actively monitored by you. This means more spam.

Spammers are also creative in how they deliver spam. They understand that once a market dries up, they have to move on to something more lucrative.

Take email for example; for a long time, email was the preferred delivery method of spam. Once spam filters became more effective, the spammers moved on to comment spam. Akismet and other tools have worked to fight spam on comment enabled websites so the spammers turned their attention towards social networks like Facebook and Google+.

2. Spammers are good at social engineering.

The reason spam is so successful is that spammers know exactly what to say, or promote, to make people fall for their schemes.

Take the Nigerian 419 scams. Those actually worked. People fell for those scams because the spammers knew to tap into the driving force of greed. The mass advertisements for Viagra also make spammers a nice chunk of change. Why, because men are too embarrassed to go to their doctor or pharmacy to get this drug. If they order it online from an advertisement promising discreet ordering and delivery then the embarrassment factor is removed.

These skills have followed them to the social networking world as well. Spammers know that the more followers or friends a person has, the more popular, important or relevant they appear to others. They simply weasel their way into as many social circles as they can.

3. Spam is not going anywhere.

There are always reports that the amount of spam is reducing or that we are winning the war on spam. This is simply not true. In fact one company that recently claimed spam was down has just turned around to state that the number of spam messages has increased.

The truth is, spam is a see-saw battle because the battlefield changes so often. For a while email spam might be down but social network spam up. Then comment spam takes over until people catch on and concentrate their efforts on fighting it there. Spammers might move to SMS spam at that point. But as long as money can be made, spam will continue.

4. Spam is cheap to produce.

The reason spam is so effective is that it is so cheap to send. Spammers rent huge networks of computers, or botnets, that flood email inboxes with spam for as little as 9 dollars an hour or 67 dollars for 24 hours according to a report from ZDNet.

Even as spam filters learn how to better identify mailings sent from botnets, humans in developing countries can be hired to send spam through various channels. Log into any number of freelance worker sites and see how many people are bidding on jobs that look eerily similar to spam.

For a couple of bucks a legion of foreign workers can be hired to post comments, send or retweet messages, post to a wall, etc. None of which is meant for real interaction or adding value. It simply exists as spam.

5. Spam costs money to fight.

The truth of the matter is, spam is costly. These messages cost money to filter, to store, to read, to delete, etc.

But if you go into the fight thinking that you can simply download a bit of free software and your problems will disappear then you may be adding to the problem because some of the things you get for free actually spreads the malware that builds bigger botnets.

To effectively fight spam you have to be diligent. Research the tools that fit your organization’s needs and make an educated decision based on what solution can provide you with adequate protection while also fitting into your budget.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

5 Things You Need to Know About Spam

This arrogance about his business practices probably won’t win him any friends as he faces 11 new counts – six for electronic mail fraud, three for intentional damage to a protected computer and two for criminal contempt. All of which he pleaded not guilty to in his most recent court appearance on August 4, 2011. If found guilty of these charges, Spamford faces up to 40 years in prison and up to a 2 million dollar fine.

The charges stem from Wallace compromising roughly 500,000 Facebook accounts between November 2008 and March 2009 and using them to send over 27 million spam messages to other users.

And just how did he manage to capture this many accounts? By sending phishing messages out on compromised accounts he was able to trick more victims into giving up their user information. These accounts would also be used to capture more compromised accounts to send out even more spam.

Released on a 100,000 dollar bond, Sanford is due back in court August 22. Of course these charges haven’t prevented him from creating a Google+ account to take the place of his court ordered ban from accessing Facebook or MySpace.

Didn’t reports say spam levels are at an all time low?

Stories like these often get buried by stories with a bit more flair. That is unfortunate because if more people were to read up on this story it could be a significant weapon in the fight against spam. Need a bit more explanation?

Other recent spam related news boasts on how spam is on the decline. When the public hears this, they immediately look for a new boogey man to worry about. I have written quite a few posts here explaining why I think that thinking we have won in the fight against spam is dangerous. Sanford Wallace’s recent indictment proves that.

Spam levels may be down when it comes to email spam, but as we all know this is only one way spammers are able to make money. As the playing field shifts, so will their tactics.

And should we let our guard down and think less of protecting our inboxes rest assured, they will pounce back to using email more frequently.

The story of Sanford Wallace should be used to show people that the threat of spam remains, regardless of reports that it is fading away.

Are people still that oblivious?

Something else that we can use in the fight against spam is the knowledge that people are still willing to give up their account credentials without question.

Wallace was able to con half a million users out of their passwords. Granted, it is a drop in the bucket when you consider Facebook has over 700 million users. But still, that number represents a large number of people who trust things on the Internet far too easily.

According to the Internet World Statistics site there are 2,095,006,005 Internet users worldwide. If just over 7 percent of Facebook uses were willing to fork over their credentials to a phishing attack, then 149,583,429 people could logically fall for a similar con.

There is still money to be made

Wallace had formally retired from the spam business in 1998 but has since been linked to pop-up advertising and scareware scams before jumping back into the game.

In 2004 he was ordered to pay over 5 million dollars in fines for his SmartBOT marketing scam and in 2008 he was ordered to pay 230 million dollars in fines for a later spam campaign using MySpace. In 2009, a judge ordered him to pay 711 million dollars to Facebook for compromising their servers. The order also prevented him from accessing Facebook.

This didn’t stop the Spam King from trying his hand at sending spam via the world’s largest social network gain creating the account called “David Sinful—Saturdays Fredericks”. Why? Obviously because there is still money to be made if you job is to send spam.

So spam fighters, users and curious onlookers beware. If nothing else, the tale of Sanford Wallace shows us that spam is still a problem we face every time we access any communication device. Be it our email, cell phone, mobile device or social network.

So will spam ever stop? Not as long as there is enough money to be made allowing you to pay close to a billion dollars in fines. But it can be controlled.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Sanford Wallace Back in Court: A Win For Spam Fighters?

Don’t spam

Better spam filtering technique has seen to a decline in the number of spam messages that are making their way into inboxes.  Unfortunately, this positive development is at times offset by inconsiderate or overenthusiastic users who fail to realize that their frivolous sending of email messages is akin to the sending of spam.

For example, I’ve seen more than my fair share of emails resent several times in the same day in a misguided bid to “update” a limited group of interested recipients on trivial developments such as the commencement of an in-company event or talk.  What these users fail to realize is that many users link their smartphones to their email accounts, and each irrelevant incoming message saps a measurable amount of time required to read and delete them.  The annoyance factor is even greater in certain circumstances such as for sales executives engaged in important negotiations outside the company, or senior executives on overseas business trips.

Fortunately, this is an issue that can be addressed with an updated and enforced usage policy.  One suggestion for organizations would be to limit the number of email messages for a particular event or topic to just one or two per day.

Make use of the BCC field

My work with a number of IT blogs means that my contact detail is captured by more than one media contact list. Amidst the flurry of press releases and marketing messages that I receive on a daily basis will be the occasional one that makes me cringe – such as when greenhorn PR folks sends an email blast by placing all the recipients in the “To” field.

Not using the BCC field in such circumstances immediately devalues the content of the message while at the same time making the sender appear computer illiterate and foolish.  The advice here is simple: remember to use the BCC field when sending out emails to a group of recipients that do not know one another.

Check before sending to an address group

Those of you who work in an enterprise will know that email address groups are both a blessing and a curse.  While greatly simplifying the task of reaching out on a department- or company-wide level, it is also one of the most commonly abused email addresses.

Because so many users are affected upon hitting the “Send” button, my advice would be to apply greater scrutiny before sending a message addressed to an address group.  This may include rereading it to ensure that the message is coherent (So as to avoid time-wasting follow-up messages), and ensuring that file attachments and embedded images are correctly added to the email.

Finally, users hailing from education institutions and larger companies are likely to be familiar with messages enquiring, or volunteering information about lost and found items. One advice here would be to create a portal to host announcements relating to lost and found items.

Consider signing off your email personally

Embedding contact information as a footnote in an email is a great idea for business correspondence.  Rather than stating your full name however, I would advocate signing emails off personally.  This adds a more personal touch, and also gives the other party an idea of how they may address you.  This is particularly helpful when you have an unusual name, or are dealing with those hailing from countries such as Asia (or vice versa) with slightly different ways of writing their first and last names.

One-click unsubscribe

Companies that send out electronic newsletters should definitely implement the ability for a one-click unsubscribe.  While it is reasonable to solicit feedback upon unsubscribing a user, I’ve come across my fair share of convoluted unsubscribe procedures that refuses to let me do so until after I submit some feedback.  This is counterintuitive in my opinion, and is unlikely to glean anything meaningful.  In addition, unsubscribe links that require users to logon are not only annoying, but could prevent users from doing so if they’ve forgotten their passwords.  This will only result in them adding your company’s newsletter to their spam list – which is a hardly desirable outcome.

Do you have any other tips for better email etiquette?  Feel free to chip in below.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Five Tips for Better Email Etiquette

Myths pervade every society and ours is no different. There are things that we hear, or read on the Internet, that we take as gospel truth because we fail to understand the truth behind the statements.

When it comes to spam, there are many different myths that surround it. None so epic as people flying too close to the sun or men fighting Cyclops on their way home from a far away land; however they are stories that shouldn’t be trusted none the less.

Myth 1 – If I include an unsubscribe link, I am not a spammer.

If you send unsolicited marketing messages indiscriminately, you will be considered a spammer. Including an unsubscribe link is only one of the requirements that marketers must do to be compliant with CAN-SPAM Act laws. Simply placing a link, and even honoring unsubscribe requests, will not help you shed the label of spammer.

To legitimately send bulk marketing messages, your recipients need to opt-in to receive messages from you. A double opt-in process is actually considered a best practice here so that people can confirm that they want to hear from you.

Myth 2 – Anti-spam software or appliance will stop phishing attacks.

While phishers use similar methods as spammers, the differences between the two are quite complex. Enough so that traditional spam filters have a hard time catching phishers who know what they are doing. Since phishing attacks are more sophisticated and targeted rather than random, anti-spam filters have a hard time finding these attacks.

Most quality anti-spam filters, both software and hardware based, include some type of anti-phishing engine that protects users against these attacks. Installing, and properly managing, anti-phishing technology can help prevent users from falling victim to these scams.

Myth 3 – If I click on unsubscribe, I won’t get any more spam.

When a legitimate marketer sends you a message and you unsubscribe, odds are they will remove you from their list. But remember, spammers aren’t legitimate marketers. And if they cared about CAN-SPAM they wouldn’t be sending you junk messages in the first place. What happens when you click unsubscribe is that the spammer realizes that they have an active email address. Knowing this, they will send you more spam. Worse than this, these links sometimes take you to a malicious website where malware will infect your computer so now you have something worse to deal with.

Only click on unsubscribe links from mailers that you know you subscribed to. Everything else you should add to your spam box and simply delete it.

Myth 4 – Spam is an email problem.

When we think of spam we tend to think of email messages offering pharmaceuticals, European lottery winnings or promises of instant riches from a Nigerian prince. But spam keeps up with technology and as we use more and more tools to communicate, spammers have more tools at their disposal to get their messages out. Text messaging, search engines, social networks and blog comments are just some of the newer targets for spammers.

Using appropriate spam fighting techniques for the various ways spam is sent can be a big factor in reducing the amount of junk messages you are sent.

Myth 5 – Educating users is the best way to fight spam.

Even the most technology-wise user will still be sent spam. Once a spammer has a way to contact them, efforts will be made to send them spam. While educated users are less likely to fall for the scams and lofty promises of spam, they are still the recipients of these messages. All it takes is one slip up and they could easily find themselves infected with malware or falling victim to illicit claims.

Education is a key component of any spam fighting strategy but it needs to be complimented with trustworthy anti-spam, anti-phishing and anti-malware technologies.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Common Spam Myths

The United States is the largest source of SPAM in the world, and the ISPs listed above include some of the largest in the United States. (Disclosure: I am a TWC customer). If they are capable of filtering customers’ Internet traffic, detecting the downloading/sharing of copyrighted materials, and then altering the offenders’ traffic as a result, why can’t they do the same for spammers. How much easier would it be for a traffic analyzer to detect hundreds or thousands of SMTP connections coming from a home user than it must be to detect the download of a large binary, which then must be buffered and analyzed to determine whether it is a legitimate ISO or a pirated movie?

I am not advocating piracy; I think copyright holders should be allowed to enforce their rights. But I am distressed that organizations with deep pockets like the RIAA and MPAA can get ISPs to implement complicated filtering systems that can then enforce actions on individual customers, but these same ISPs are apparently not doing anything to prevent spammers from using their networks to send out millions of junk messages every day.

What I would like all of the readers who are customers of the ISPs listed above to do is this: use the contact form on your ISP’s website, or the contact email address, to send your ISP a simple question; ask them why they are able to detect and respond to copyright violations, but not to spammers. Don’t be rude – that never does anyone any good at all. Simply raise the question of why spammers are not being filtered, their bandwidth restricted, their web surfing redirected to sites educating them on the evils of spamming.

As individuals, we will never have the budgets of the MPAA and RIAA, so we may not get the attention of the executives, but if the customer service contacts receive several thousand questions, it might just get a little bit of notice. Ask the question, and if you actually get an answer other than from an autoresponder, post the reply as a comment to this article. Let’s see if there is anyone listening to the customers.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

US ISPs agree to a penalty system for copyright violators – What about spammers?

Robert Soloway, the spammer who made $20,000 a day back in the 1990s and was forced to pay $17 million in civil judgments, made it back into the news cycle when he was recently quoted as saying  that in current times

“(spamming is) not something financially feasible for anyone to even consider”

only months after his release from the Federal Correctional Institute in Oregon for his hand in violating the CAN-SPAM Act.

Over the years, we have seen the takedown of quite a few infamous spammers. So many that we have forgotten some of the pioneers and true dregs of cyber-society. Let’s see how many of this list you remember, or if you can think of any that can be added.

Dave Rhodes

The author of the famous MAKE.MONEY.FAST chain letter that made the rounds in the late 80s.  Legend has it that the letter was uploaded as a text file on a BBS in 1987 and then worked its way around until 1994 when it really became big.

The nature of this scam was that the recipient was instructed to send $1 to six different people via Paypal. Upon doing so, the recipient’s name would be placed on the list to receive money from others, and so on.

The true identity of Dave Rhodes has never been established.

Oleg Nikolaenko

The infamous King of Spam is currently awaiting trial in a detention facility in Milwaukee, Wisconsin for violating the CAN-SPAM Act after being arrested by the FBI in 2009.

Messages advertising counterfeit Rolex watches, herbal supplements and pharmaceuticals was the spam of choice for the 24 year old who was also credited with running the Mega-D botnet.

Davis Wolfgang Hawke

The press called him the spam Nazi because he not only made money from spam, but also use it to spread messages to bolster membership in his neo-Nazi groups.

Hawke started Amazing Internet Products with Brad Bournival in 2003 and the two began grossing roughly $500,000 per month advertising for a Yohimbe product called Pinacle.  He has also been linked to the famous Time Travel Spammer, Robert Todino.

In 2004 AOL was awarded a $12.8 million judgment against Hawke for sending unwanted emails to its subscribers. His current whereabouts are unknown.

Richard Colbert

After searching AOL profiles for keywords like multilevel marketing or business opportunity this Miami based “businessman” would spam the profiles he found to advertise his spam business charging around $900 for one million addresses. In a 2003 interview, Colbert claimed that because he honored unsubscribe requests he was a legitimate marketer.

Colbert retired from spamming in 2003 and was removed from the Spamhaus Project’s list of prolific spammers.

Eddie Davidson

Davidson was an active spammer between the years 2002 to 2007 under the business name Power Promoters. His company, along with several sub-contractors, would advertise the usual gambit of merchandise and pharmaceutical until he was indicted in 2007 for violating the CAN-SPAM Act.

Spam, however, turned out to be the least damaging of his crimes.

After serving a portion of his 21 month sentence and paying over $700,000 in restitution, Davidson was released from prison only to be found dead along with his three year old daughter and wife in a murder-suicide. His 16 year old daughter was also found shot but survived. His 7 month old son was the only member of the family that was left unharmed.

Laurence Canter and Martha Siegel

A modern day Bonnie and Clyde, these two lawyers posted the first massive commercial Usenet spam in 1994. Their Green Card lottery scam came shortly after the National Science Foundation lifted the ban on commercialization on the Internet.

The two went on to advertise their craft both spamming for hire and with a book titled How to Make a Fortune on the Information Superhighway: Everyone’s Guerrilla Guide to Marketing on the Internet and Other On-line Services.

In 1997 Canter was disbarred by the Tennessee Supreme Court for his participation in illegal advertising practices.

Bonus – Gary Thuerk

Gary earns the honor of the “Father of Spam” since he is the one who sent out the first unsolicited mass emailing back in 1978. His target, 600 ARPANet members. Yet while he really didn’t do too much damage compared to some of the others, he did pave the way.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Five Infamous Spammers You May Have Forgotten About

Today, I want to highlight some recent news reports, as well as recent trends to illustrate why administrators need to continue the good fight against spam.

Spam is lucrative business

One of the foremost reasons why spam will not go away soon has to do with the fact that it is a lucrative business.  For example, an investigative report conducted by The Telegraph highlighted a growing industry that was estimated to be worth £175 million revolving in part around the sending of spam text messages.  According to the article, these so called “claims farmers” are spearheaded by communications companies based in India or Easter Europe.  Sent from untraceable pay-as-you-go mobile numbers, they thrive on the referral fees of up to £500 should their spam text messages generate a viable lead for compensation claims for accidents or financial mis-selling.  Ironically, the reported noted that even a negative reply of “stop” to a spam text message spam results in the numbers being sold to lead generators for about £5.  You may have read of how some $15m from the Swiss investment account of an alleged peddler of fake antivirus software.  While not directly related to spam, this does provide a glimpse into the financial incentives of cyber trickery, of which the sending of spam email is a part of.

Rise of phishing attacks

There has been an increase in the number of spear-phishing attacks, as evidenced by reports in recent weeks of security breaches that originated from email messages sent under false pretenses.  What this trend highlights is how phishing emails stand a higher chance of invoking the responses desired by spammers compared to traditional “nondirectional” spam.  Intimately aware of the higher effective rates that phishing attacks generate, more spammers are now resorting to phishing techniques.  Given the additional time required for recipients to read through and identify these messages as fakes, it can be argued that one phishing message can be equated to multiple spam messages of the standard variety.

Weak regulation

Another factor to consider would be how the implementation of anti-spam legislation in some geographical locations may have left inadvertently loopholes.  For example, where I live in Singapore, some detractors argue that an anti-spam law implemented in 2007 effectively “legalized” the sending of unwanted marketing messages.  In a nutshell, businesses are simply required to preface their email or text message advertisements with an “ADV,” and insert the ability to unsubscribe so that recipients can “opt out” of future advertisements.  As you can imagine, this literally gave less scrupulous businesses an open invitation to spam.  Other countries such as Europe and Australia have gone for “opt in” system instead, though as evidenced by the current plague of text messages, is lacking in enforcement.

Email more widely used than ever

Sure, people are starting to favor other forms of communications such as Instant Messaging, and communicating via social media networks.  There is no doubt however, that emails are used more widely in the conducting of business around the world than ever before.  Indeed, everyone from the highest paid executive to the receptionist and clerical staff, has an email account these days.  This means that the email inbox remains an extremely attractive platform for spammers.

Spam migrating to other platforms

Finally, spammers are not sitting still in a world enamored with the use of various analogue and digital communications mediums.  At the moment, spammers have been active in exploiting alternate “marketing” avenues such as fax spam, text messaging spam, comment spam on blogs and online forums, even social networking spam.  Conversely, what is troubling is how spam filters are lagging behind to address the disparate platforms that spammers are already harnessing.  For example, the ability to filter text messaging spam is non-existent at the moment, while controls for reporting social media spam is still relatively weak.

Do you have any comments about the spam epidemic that we are currently experiencing?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Why spam is here to stay

The Citizen Media Law Project has posted an interesting article about a recent court decision that Facebook postings come under the definition of “commercial email messages”, thus making them subject to compliance with the CAN-SPAM Act.

The decision came in response to a lawsuit that Facebook brought against an online marketer called MAXBOUNTY. The site claimed MAXBOUNTY’s ads were misleading and appeared to come from Facebook themselves and claimed they were in violation of the CAN-SPAM Act. MAXBOUNTY denied the allegations and asked that the suit be dismissed, claiming the law only applied to messages and ads sent via email. After the decision regarding the CAN-SPAM Act was reached, the dismissal request was denied.

“A determination that the communications at issue here are ‘electronic messages,’” the court concluded.”… is consistent with the intent of Congress to mitigate the number of misleading commercial communications that overburden infrastructure of the internet.”

This court decision could have far reaching effects for online advertisers looking to cash in on Facebook’s huge audience. Under the CAN-SPAM Act, companies must provide a clear and easy way to opt out, provide a postal address, and ensure the sender information is accurate. Anyone who spends time on Facebook knows that many ads are designed to look like they are coming directly from the site and not from a third party. Now that it appears advertisers on the site must comply with CAN-SPAM regulations, do you think the amount of misleading ads and scams will go down? It will be interesting to see if the ruling is expanded to include advertising on other sites like Twitter.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Social Media not Immune to CAN-SPAM Law

The Russian spammer who is allegedy the mastermind behind the massive Mega-D botnet is facing 17 years in prison and a $250,000 fine. Oleg Nikolayenko, who lives near Moscow, was arrested at a car show in Las Vegas last November and has pled not guilty. He’s charged under the CAN-SPAM Act of sending commercial email with false contact and sender info and also accused of sending at least 2500 spam messages a day.

At its peak, Mega-D has over half a million zombies and sent over 1o billion spam messages a day. It was brought down by a security company last December. The botnet was named after one of the male enhancement products its spam promoted.

The judge in the case refused to grant bail, saying he agreed with the prosecutors that Nikolayenko was a high flight risk.

“He is a citizen and resident of Russia and the government believes, if released, he would seek to return there and the government wouldn’t be able to prosecute him,” prosecutor Erica O’Neil said.

Nikolayenko was busted thank to information two of his fellow spammers provided to the FBI.  Convicted spammer John Smith and accused spammer Lance Atkinson both cooperated with the investigation. Atkinson is believed to have paid Nikolayenko $459,000 for allowing him to use the botnet to send spam.

For reasons unknown, the judge also ordered documents in the case to be sealed and said they can not be made public unless the prosecutors agree. So far they haven’t.  Nikolayenko will return to court on May 27th.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Mega-D Mastermind Facing Nearly 20 Years In Prison

The Rustock botnet was estimated to control over one million zombies (infected computers) and was capable of sending billions of spam messages per day.

Operation b107 was a cooperative effort between the DCU, the Microsoft Malware Protection Center and Trustworthy Computing. After several months of investigation, cooperation with legal authorities, and a hearing before the U.S. District Court for the Western District of Washington state, U.S. Marshalls accompanied DCU staff to serve warrants at multiple hosting providers. Servers were taken off-line and seized after Microsoft files suit against the anonymous person or persons responsible for operating the Rustock botnet.

In Case C11-022 “Microsoft Corporation v. John Does 1-11 Controlling a computer botnet thereby injuring Microsoft and its customers,” Microsoft alleged several violations of computer related laws and the abuse of Microsoft’s trademarks. Laws cited included the Computer Fraud and Abuse Act (18 U.S.C. § 1030,) CAN-SPAM Act (15 U.S.C. § 7704,) and multiple violation of the Lanham Act (15 U.S.C. § 1114 and 1125) made possible by the number of spam messages that purported to be from Microsoft or offering Microsoft software.

The 48 page PDF of the complaint opens with this

Plaintiff MICROSOFT CORP. (“Microsoft”) hereby complains and alleges that JOHN DOES 1-11 (“Defendants”) are controlling an illegal, notorious, and world-wide computer network known as the “Rustock botnet,” made up of end-user computers connected to the Internet, which Defendants have infected with malicious software, and which Defendants consequently can and do direct and control for nefarious and illegal purposes through servers connected to the Internet.

The suit goes on to describe the laws violated, and asserts jurisdiction based on the damages done to residents of Western Washington state and the costs incurred by Microsoft both to protect customers and to assist with disinfecting those machines which we infected. It also includes a detailed description of the muti-tier architecture of the Rustock botnet, and shows the traffic generated by a ‘baseline’ Windows computer connected to the Internet and idle, then compares that to the traffic generated by a Rustock infected zombie, which includes hundreds of DNS lookups and over a thousand email messages sent in a 24 minute period.

The complaint goes on for a total of 35 paragraphs before getting to the meat, which includes eight claims for relief to include compensatory and punitive damages to be determined at trial. It also includes an appendix listing all of the Internet Service Providers hosting servers that controlled the botnet, and a listing of the domain names involved, which goes on for 18 pages three columns each.

It is actually a fascinating read if you have any interest in the legal working of such an action, and I recommend it to you if you do. If you want a little more technical information, and a little less legalese, the DCU maintains a website at http://www.microsoft.com/presspass/presskits/DCU/. On that site you can read more about the DCU’s activities, as well as learn more about how they took down one of the largest sources of SPAM on the Internet.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Takedown: Microsoft’s Digital Crimes Unit helps take down Rustock

A spokesperson for the company blamed the issue on a computer glitch that caused their website to ignore unsubscribe requests, and said it has been repaired. The company did admit their email marketing system was flawed and has agreed to hire a third party to assess it, train employees and implement a complaint resolution plan, and audit 10% of its email campaigns for at least 1 year.

This case highlights the importance of making sure the unsubscribe or opt out tools on your website actually work. Make sure to test them regularly and if you find they aren’t functioning properly, be sure to have them repaired ASAP. The US’s CAN-SPAM law is similar to Australia’s Spam Act and requires all companies to provide functional and easy to find/use unsubscribe instructions. As Virgin Blue found out, not doing so could be very, very costly,

This is the second month in a row that Virgin Blue has made news for something negative. Last month they angered travelers and consumer groups when they announced a 30% hike in their credit card surcharge fee.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Virgin Blue Slapped With Fine for Spamming

Domains are generally blacklisted if high volumes of spam or suspicious activity are detected as coming from it and the domain owner or host does nothing when they are notified, but sometimes mistakes are made and sometimes you’ll find yourself blacklisted due to the activities of someone else-a pitfall of dynamic IP addresses.

Here are some tips to help you resolve the problem and keep it from happening again:

1. The first thing to do is to determine exactly which blacklist you’re on. Read any notices or bounce back messages carefully as they often contain instructions and URLs to visit. AOL for example will point you toward its postmaster page while other ISPs may have a special email address that your email administrator will have to contact.
2. If you find yourself on a major blacklist like Spamhaus, visit their site and look for an FAQ or other instructions and follow them carefully.
3. To avoid getting blacklisted in the first place, make sure to be responsive to any notices or warnings you may get.
4. If you’re not sure if you’re blacklisted but have received complaints from customers about not getting emails, you can use this tool to check: http://www.emailtools.co.uk/tools/blacklistcheck.htm
5. If you use a third-party company to send mailings for you, check them out very carefully and make sure that they are compliant and secure, or you could end up like McDonalds, DeviantArt and other customers of third party emailer SilverPop who had to deal with a data breach that exposed their email lists to spammers and possibly other cybercriminals.

In short, do your homework and monitor carefully. Being blacklisted isn’t pleasant but it is usually temporary if you know what to do.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

5 Tips For Getting Off and Staying Off Blacklists

1. Send promotional e-mails to your customers without permission

Otherwise known as spamming, this could get you in trouble with the FTC as well as with your customers. Always make sure any mailing lists you use are opt-in and only send ads to customers who’ve indicated they want to receive them.

2. Ignore opt-out requests

If a customer requests that they no longer want to receive emails from your company anymore, honor it. Not only are you required to by the CAN-SPAM act, but it’s simply good business practice. Sending ads to customers who don’t want them isn’t likely to garner you any sales.

3. Sell customer info to other companies without permission

This is a surefire way to annoy customers. The buying and selling of mailing lists is pretty common but it’s important to let your customers know you engage in this practice and give them the opportunity to choose to not allow their info to be sold.

4. Cover up data breaches or other security issues

If your company falls victim to a security issue that has or could have resulted in customer’s private info being compromised, you must let them know. Having an open line of communication is crucial if you want to preserve your customer’s trust in you. Let them know what happened and what you are doing about it, and offer to pay for credit monitoring if their data has been compromised.

5. Make it impossible for customers to unsubscribe from your mailings

The CAN-SPAM Act clearly states that you must provide a clear and easy way for customers to request that you stop sending them mailings. Again, this is also simply good business sense as it is a waste of time and resources to send ads to customers who aren’t interested.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Top 5 Ways To Annoy Your Customers and Violate CAN-SPAM

Nikolaenko, who lives in Moscow, Russia, was arrested while attending an auto show in Las Vegas. The FBI and FTC had been investigating him for over three years. He came to their attention after a manufacturer of counterfeit Rolex watches told investigators he paid spammers over $2 million to promote his products and pointed him to an associate in Australia who was linked to Nikolaenko.

Mega-D sent out over 10 billion spam messages a day and had over 500,000 zombies before it was crippled by the loss of its ISP last year.  Its spam pushed male enhancement products, shady pharmaceuticals, and counterfeit designer goods.

Nikolaenko is the latest in a string of spammers and botnet operators who have been nabbed by authorities. I hope other spammers out there are taking notice. Unlike the practice of suing spammers that companies like Facebook and Microsoft have engaged in, I think prosecuting and jailing spammers will prove to be a pretty effective deterrent. For years cybercrooks have operated on the assumption that they are pretty untouchable because they were untraceable. Hopefully now they will start to realize that they can and face a higher likelihood of being found.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Mega-D Botnet Mastermind Arrested

Needless to say, sending your customers emails that they haven’t asked for, no matter how good a deal you may be offering them, is a very bad idea. Sure, you’ll get their attention, but it won’t be in a good way.

If you haven’t reviewed your company’s email marketing policies lately, now is a good time to do it. It’s important to make sure your customers have a choice of whether to receive emails from you and also that they have an easy way to take themselves off your mailing list should they change their mind in the future. In the US, the CAN-SPAM Act makes not doing so against the law.

Even if you do have a solid email marketing policy, allow your customers to opt in or out, and make it easy for them to remove themselves from your mailing list, complaints will still happen. That’s why it’s also important to make sure you have a system in place to deal with them promptly and professionally. Doing so could mean the difference between a happy customer who will continue to do business with you, and an unhappy one that may badmouth you on the internet and maybe even file a CAN-SPAM complaint against you.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Online Retailers Are Spammers Too

I wonder though, of all the spam messages they collect what percentage originates from somewhere other than the U.S. Most hardcore spamming operations are safely overseas on bullet proof hosts in countries that don’t investigate or prosecute cybercrime either due to lack of understanding, lack of resources, or law enforcement corruption. Since these spammers can be convicted and fined without having to actually appear in court, yet can’t be made to pay up unless they enter the U.S., it seems such investigations could all be done in vain. Suing spammers doesn’t work well either – they just declare bankruptcy and move on to a new scam. There have been a few cases lately about spammers who’ve gotten themselves pretty hefty jail sentences but again, it doesn’t really work when the spammer is overseas somewhere.

So yes, the FTC is doing a great thing by investigating spammers and holding them accountable under the CAN-SPAM Act, but fighting spam will only be truly effective when all countries do so together and have similar anti-spam laws.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

The FTC gets over 200,000 Spam Messages a Day

Federal authorities say two men accused of running a spam campaign in Columbia Missouri that targeted college students reaped in the profits to the tune of over $4 million.  Investigators say Amir Shah, Osmaan Shah, and Paul Zucker began their spamming activities in 2004. They created programs designed to harvest the email addresses of students at over 2,000 colleges, starting with those at the University of Missouri at Columbia.

The spam messages hawked products such as tooth whiteners and a social networking site called Noog.com and claimed to be from officially authorized campus representatives and alumni owned businesses. To avoid detection they used a bullet proof hosting company in China that ignored take down requests and bought proxies. They also faked the headers and reply-to addresses in their messages, a blatant violation of CAN-SPAM laws. When a college complained, the addresses of their students were simply taken off the list.

The men made their money by both selling the products they offered in their spam messages and by affiliate marketing, using their spam to inflate their referrals. They tried to hide their profits by buying properties and funneling it to overseas accounts.

The Shahs and Zucker were indicted on 35 counts of fraud in connection with email, 6 counts of fraud in connection with a computer, and 1 count of conspiracy. All three charges are felonies and they face over 60 years in prison if convicted. Zucker pleaded guilty last week. The Shahs had originally entered a not guilty plea but were expected to change that to a guilty plea last week, but cancelled their hearing after Zucker pled guilty.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Feds Say Missouri Spam Operation Netted Over $4 Million

Terry Zink, at his Anti-malware blog, argues that the reason spammers aren’t prosecuted is they locate themselves in jurisdictions that tolerate the junksters for various motivations. “Some of the worst criminals in [the] spamming underworld are located in [E]astern Europe and Russia,” he writes. “Many of them are known to the authorities but they are not pursued by [those] authorities.”

A quick look at the latest Spamhaus list of the world’s Top 10 Worst Spammers shows that Zink’s analysis is right on the money. Seven of the top 10 junko artists are from Russia or one of its former republics.

Among the culprits fingered by Spamhaus were three from the Russian Federation–Leo Kuvayev, of Bad Cow, which deals in pirated software, knock-off pharmaceuticals, porn spam and payments collections, and botnet viruses; Peter Severa/Peter Levashov, a partner with a number of spam gangs; and Ruslan Ibragimov, of send-safe.com, creator of stealth spamware and operator of a spam distribution network from compromised computers and hijacked open proxies.

Spammers based in the Ukraine were Canadian Pharmacy, which operates a botnet spam distribution network and a number of spam websites; Alex Blood/Alexander Mosh/AlekseyB/Alex Polyakov, a massive botnet operator and purveyor of child porn, pharma and mortgage spam; and Yambo Financials, a distributor of child, animal and incest porn, as well as pirated software and pharma spam.

In the former soviet republic of Estonia, there’s Rove Digital, which runs a gamut of Black Hat activities–botnets, malware, pharming and denial of service attacks.

Other regions represented on the Spamhaus list were India (HerbalKing), Hong Kong (Vincent Chan/yoric.net) and Australia (Nikhil Kumar Pragji/Dark-Mailer).

Zink argues that spammers behind the old Iron Curtain can operate unimpeded because they take advantage of the legacy of corruption in their countries. While hoary cold warriors are inclined to heap the blame for corruption on communism, the practice, at least in Russia, can be traced back to the 10th century when a ruler’s subject were expected to keep his representatives fat and happy when they showed up in town to collect tribute from the locals. That payoff, called the korm, became institutionalized and public officials count on it as income, much as Wall Street investment bankers expect their bonuses, whether earned or not, every year.

In addition, Zink maintains that countries turning a blind eye to spammers see the junksters as a potential resource that could be tapped for cyber warfare exploits. “[W]hen the government decides that spammers might be useful for a geopolitical purpose, there is low chance indeed that western officials will ever get their day in court,” he observed.

That seems to me to be a bit of a stretch. Spammers have one motivation and it isn’t patriotism. What’s more, Russia already has its own corps of Web delinquents to do its dirty deeds on the Net. Called Nashi, the youth group, which operates with the imprimatur of the Russian government but is funded by businesses currying favor with the Kremlin, has claimed responsibility for cyber attacks on Estonia, been accused of mounting denial of service attacks against newspapers unfriendly to the current ruling regime and has spied on other youth groups considered “provocateurs” by Moscow bigwigs.

What Zink and others bemoaning the weak prosecution of spammers ignore is how laws like the CAN-SPAM Act can be used by opportunists to injure innocents, innocents like Azoogle.

Azoogle got trapped in a broad CAN-SPAM net tossed by a backwater ISP named Asis. Asis filed 20 lawsuits against alleged spammers. Not all the lawsuits were based on the strongest evidence of spamming, as a federal district court found last week.

“[I]t is apparent that Asis sued Azoogle based on little more than speculation that there might be a connection between those emails and Azoogle,” Magistrate Judge Joseph C. Spero of the US District Court of Northern California wrote in his opinion on the case.

“Asis then continued to litigate even as its discovery efforts turned up no evidence in support of its claims against Azoogle,” he continued. “Having initiated over 20 similar actions, and sued over 20 defendants in this action alone, an award of attorneys’ fees here is necessary to deter Asis and other plaintiffs hoping to profit under the CAN-SPAM Act from casting such a wide net.”

A judgment of $806,978.84 was awarded Azoogle by the court. While that’s a hefty sum for the parties involved, since Asis has already reaped a $2.6 million settlement from one of its CAN-SPAM lawsuits, it seems the rewards for outfits like Asis far exceed the risks in these kinds of cases, especially if a wide net is cast that traps lots of little fish with shallow pockets.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Why spammers slip through jaws of legal beagles

When you’re competing against the ruthless efficiency and trustworthiness of the ‘report spam’ button, your email opt-out process needs to be friction-free and provide options ISPs can’t give their users,” said Chad White, Research Director at Responsys and author of the study. “But an examination of the unsubscribe processes of the largest online retailers shows plenty of room for improvement on both those points.”

The study also found that 4% of the top 100 online retailers refuse to honor opt-outs, a blatant violation of the CAN-SPAM Act. Passed in 2003, the CAN-SPAM Act makes it unlawful for retailers to ignore opt-out requests and mandates that they make the process as clear and easy as possible and specifically says a user who wishes to unsubscribe must not have to do anything more than sending a reply email or visiting a single webpage.

It’s crucial to make sure your company is in compliance with CAN-SPAM. Not only could not doing so land you in legal hot water, but making unsubscribing from your mailings a hassle could lead to frustrated customers flagging your messages as spam. If their ISP gets enough such reports you could find your mailings blacklisted all together and that will keep untold numbers of customers who actually want your info from seeing it!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Retailers Testing CAN-SPAM By Making Unsubscriptions More Difficult