The voluntary code of conduct, called the iCode, was developed by a partnership between the Australian Government and the Internet Industry Association in Australia. It sets out four main points Internet Service Providers should follow around security:

1. A notification and management system for dealing with compromised computers connected to an ISP’s network,
2. A collection of resources ISPs can use to access current information on threats,
3. An information portal for end users,
4. A reporting process to alert CERT Australia (the Australian Government’s CERT) of severe incidents.

One of the first announced actions under iCode took place last month when an unnamed Internet Service Provider in Australia essentially disconnected a customer from the Internet after repeated attempts to contact her about her infected computer. The customer, also unnamed, had a computer connected to the Internet that was infected with malware, and was participating in a botnet as a zombie. The ISP tried numerous times to contact the customer about their infected machine, sending a total of 42 emails notifying her of the problem and offering assistance. Apparently the customer had tried on her own to disinfect the machine, but was unsuccessful. She also did not respond to the ISP’s messages, so they had no way of knowing whether or not she was aware of the problem.

As the action of last resort, the ISP essentially firewalled her connection to a single web page that notified her of the issue. They then were able to contact her by telephone to assist with cleaning the system. These actions, which some might consider extreme, served several purposes that were good for all. The infected computer, cut off from the botnet and the rest of the Internet, stopped spewing spam and other malicious traffic to the rest of the world, the user was definitely made aware of the problem, and received technical assistance to resolve the problem. If I had an infected machine, I would love it for my ISP to cut it off the Internet before an attacker was able to suck all of my private information off the hard drive.

Membership in the IIA is voluntary, but several Australian ISPs belong to the association and have signed on to the iCode. Some speculate that this is a preemptive measure to avoid threatened government regulations that would hold ISP accountable for the security of their customers’ systems. Whatever the reason, iCode seems to be a sound way to reduce the overall problem posed by botnets, and to make sure that customers are made aware when they have a problem. The model is being considered for implementation in the United States with the support of the US Department of Homeland Security, and South Africa will begin trialing it soon. It is also being considered for adoption in Japan. You can read more about iCode at http://iia.net.au/images/resources/pdf/icode-v1.pdf

What about you – if you had an infected machine at home, would you rather your ISP let it run unhindered, or cut it off until you could fix the issue?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

iCode at work: Australian ISP disconnects zombie

In a shocking development for anyone still living in 2009, this week the U.S. Government has decided to tackle botnets head-on. Some have speculated that a high-up mucky-muck over at DHS thought it would be ‘a pretty neat thing to do,’ considering the timing (Hugh Jackman’s Rocky reboot robot revival Real Steel also hit theatres this week). While government spokespeople deny rumors that Optimus Prime is involved in this radical move, most ISPs are groaning, rolling their eyes, and wondering where they put their contact information for Megatron.

Sigh. In a world of the mundane, the lamest is the King of nothing special. Once again this week, the U.S. Government proved that axiom and their incessant ability to underwhelm when it comes to the ever-heated battle of the botnets. Multiple reports have cited the Department of Homeland Security (DHS), National Institute for Standards and Technology (NIST), and others as generating a wormhole in space-time this week and stepping back into 2009, when and where they encouraged ISPs to adopt a code of conduct for preventing, detecting, and dealing with botnet activity.

Okay, the wormhole may be a stretch, but perhaps you now understand the tone of this article. This baffling move on the part of the government is strange, uncomfortable and highly inappropriate, for several reasons. First, it’s not and never should be the role of government to ‘gently suggest’ (i.e., threaten to legislate) best practices in a business and technology they know nothing about. Let’s face it: the U.S. Government has problems of its own without pointing out to someone else that their fly  is open. If you doubt me, look here, here, and here.

Second – and not to sound like a conspiracy theorist – but any time there’s a threat of the government sticking its fingers into people’s personal information, one cannot help but feel uncomfortable. In a request for information on the Federal Register on a voluntary ‘Code of Conduct,’ DHS said that one possible suggestion was to “encourage ISPs to send consumer support queries to a centralized consumer resource center that could be supported by a wide number of players. Such a resource center could reduce the burden on corporate customer support centers by pooling resources.” If you’re anything like me, reading that passage is probably giving you an irritating twitch in your right eye just now.

Finally, and most importantly, if one is to take a leadership role, one actually must…uhm, how can I put this delicately? Lead. There it is. The fact is, what the U.S. Government is trying to do seems like a severe act of self-deprecation, if the purpose of the meeting this week was to point out to the world that they weren’t aware that the ISPs have been doing just fine, thank you very much, in dealing with botnets over the past few years. Writes Kelly Jackson Higgins on Dark Reading: “ISPs such as Comcast, which two years ago was one of the first to employ a bot-notification service, notify customers whose machines they spot as bot-infected. Comcast’s free Constant Guard Security program directs the infected user to the antivirus center, where he follows directions to remove the bot malware.”

Fortunately, I’m not the only one who sees it that way. In fact, there’s a long line of private sector organizations who are ready to tell the government to keep their greasy paws off of something they know nothing about: “The Messaging Anti-Abuse Working Group (MAAWG), which is made up of ISPs, email providers, and security vendors including AT&T, Cisco, McAfee, Facebook, and Verizon, sees the federal effort as unnecessary and redundant, and is balking at the idea of the government legislating how ISPs handle bot-infected customers.”

Boo-yah! No kidding. No one can blame the ISPs for getting antsy when government suggests a central repository (it incites thoughts of a suppository. Just saying.) for information on their clients – us – and I can’t see this one going too far, based on early reactions from the non-government players.

So where does that leave us? Well, we can’t dismiss some of the information that came out of this event. According to press release from NIST, there are an estimated 4 million new botnet infections each month. The White House’s Cybersecurity coordinator pointed out in his keynote address that fighting these infections “requires a combination of efforts in which everyone has a role to play.”

Great, now get out of the way and let the ISPs do what they do best.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

U.S. Gov’t Time Travels to 2009 to Fight Botnets; No One Cheers

Today, I want to highlight some recent news reports, as well as recent trends to illustrate why administrators need to continue the good fight against spam.

Spam is lucrative business

One of the foremost reasons why spam will not go away soon has to do with the fact that it is a lucrative business.  For example, an investigative report conducted by The Telegraph highlighted a growing industry that was estimated to be worth £175 million revolving in part around the sending of spam text messages.  According to the article, these so called “claims farmers” are spearheaded by communications companies based in India or Easter Europe.  Sent from untraceable pay-as-you-go mobile numbers, they thrive on the referral fees of up to £500 should their spam text messages generate a viable lead for compensation claims for accidents or financial mis-selling.  Ironically, the reported noted that even a negative reply of “stop” to a spam text message spam results in the numbers being sold to lead generators for about £5.  You may have read of how some $15m from the Swiss investment account of an alleged peddler of fake antivirus software.  While not directly related to spam, this does provide a glimpse into the financial incentives of cyber trickery, of which the sending of spam email is a part of.

Rise of phishing attacks

There has been an increase in the number of spear-phishing attacks, as evidenced by reports in recent weeks of security breaches that originated from email messages sent under false pretenses.  What this trend highlights is how phishing emails stand a higher chance of invoking the responses desired by spammers compared to traditional “nondirectional” spam.  Intimately aware of the higher effective rates that phishing attacks generate, more spammers are now resorting to phishing techniques.  Given the additional time required for recipients to read through and identify these messages as fakes, it can be argued that one phishing message can be equated to multiple spam messages of the standard variety.

Weak regulation

Another factor to consider would be how the implementation of anti-spam legislation in some geographical locations may have left inadvertently loopholes.  For example, where I live in Singapore, some detractors argue that an anti-spam law implemented in 2007 effectively “legalized” the sending of unwanted marketing messages.  In a nutshell, businesses are simply required to preface their email or text message advertisements with an “ADV,” and insert the ability to unsubscribe so that recipients can “opt out” of future advertisements.  As you can imagine, this literally gave less scrupulous businesses an open invitation to spam.  Other countries such as Europe and Australia have gone for “opt in” system instead, though as evidenced by the current plague of text messages, is lacking in enforcement.

Email more widely used than ever

Sure, people are starting to favor other forms of communications such as Instant Messaging, and communicating via social media networks.  There is no doubt however, that emails are used more widely in the conducting of business around the world than ever before.  Indeed, everyone from the highest paid executive to the receptionist and clerical staff, has an email account these days.  This means that the email inbox remains an extremely attractive platform for spammers.

Spam migrating to other platforms

Finally, spammers are not sitting still in a world enamored with the use of various analogue and digital communications mediums.  At the moment, spammers have been active in exploiting alternate “marketing” avenues such as fax spam, text messaging spam, comment spam on blogs and online forums, even social networking spam.  Conversely, what is troubling is how spam filters are lagging behind to address the disparate platforms that spammers are already harnessing.  For example, the ability to filter text messaging spam is non-existent at the moment, while controls for reporting social media spam is still relatively weak.

Do you have any comments about the spam epidemic that we are currently experiencing?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Why spam is here to stay

Well, it seems like people in the United Kingdom have found that it doesn’t take long to keep a good spammer down.

Just recently, companies that run large call centers in Eastern Europe and India began sending nuisance text messages to millions of mobile phone users advertising legal services that offer no-win, no-fee representation for accident claims.

How it works

The operation works in the same way an email spam campaign does. First, the call center sends out millions of unsolicited SMS messages to their victims’ mobile devices telling them that they can receive compensation for their “accident” claim by responding. The messages are sent out using prepaid phones with unlimited messaging plans and cost the call center two pence to send, or the equivalent of three cents. After sending thousands of messages, the SIM card for the phone is simply discarded and replaced with a new one.

The call center then sells each response to a claims farmer in the United Kingdom for 5 pounds, which is close to 8 dollars, who then contacts the victim and decides if the claim is worth pursuing. Those claims that the farmer feels are legitimate are then passed onto lawyers who pay up to 500 pounds, just shy of 800 dollars, for the information.

Once the law firm has the information, they go through the normal procedures of filing an accident/injury claim on behalf of their new client bringing the firm thousands of dollars.

There are even cases of the call centers being paid for responses asking the recipient to be removed from the messaging list. Why? Because it is a legitimate number that can be used in later spam campaigns.

The numbers

So just how troublesome is SMS spam becoming? If you look at some of the recent numbers, you can see that it is actually quite profitable for the spammers.

• 1 in 3 mobile customers in the UK report having received one of these messages last month
• Over a month there was a total of 12.75 million nuisance text messages sent by these call centers
• The industry is estimated to be worth just over 280 million dollars
• It is estimated that only three percent of the people who received these messages actually responded

So looking at these numbers, it costs only 382,500 dollars to send out spam messages that in the end make over 280 million. With a profit margin like this you can see why this trend has grown to include other popular spam topics like debt management.

Fighting back

Since there is a lack of solutions to filter SMS spam on a mobile device people who receive spam this way have to take matters into their own hands if they want to fight back. Most mobile carriers allow their customers to report text messages they believe to be spam by forwarding the message to the short code 7726, which spells out spam on a telephone’s keypad. Individual carriers also provide different tools to block specific numbers and set up aliases to help reduce the amount of SMS spam.

In addition to the carriers fighting this battle, two organizations the GSM Association made up of mobile operators and the Open Mobile Alliance are both in the process of piloting ways for mobile users to report suspected spam.

China mobile carriers have also entered the fight by limiting the number of messages that can be sent from phones. Currently, a phone on one of the three major carriers in China can only send up to 200 messages an hour and up to 1000 per day.

Of course the user can also help prevent their number from being harvested by spammers. Just like we have learned to protect our email addresses online, security through obscurity is currently one of the best ways to prevent your number from being a target. Avoid submitting your number to sites that offer free ringtones, backgrounds or and other giveaways. Also, it is recommended that you are careful about sending messages to short codes when you don’t know who is on the other end.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

SMS Spam on the Rise in the UK

Andrea Rosen, the Chief Enforcement Officer for the Canadian Radio-television and Telecommunications Commission, made some statements recently at the Canadian Telecom Summit that make me wish the United States would adopt similar legislation and enforce it with as much vigor as it appears the CRTC will the Canadian law.

In case you missed our earlier articles  here on AllSpammedUp, Bill C-28, also known as Canada’s Anti-spam Law – CASL,  is intended to reduce spam by setting certain requirements for the sending of commercial emails, and sets strict penalties for violations. In summary, the bill includes provisions for

1. Sending commercial emails is prohibited unless the recipient has opted to receive such messages.
2. Commercial messages must have a clearly defined sender, provide a way for recipients to unsubscribe if they wish, and the sender’s contact information.
3. Certain commercial messages, such as those containing account or subscription info, warranty or recall notices, related to employment, or that deliver upgrades or security patches are exempt.
4. Text messages and phone calls are also exempt from compliance.

The law lays out very specific conditions for when commercial emails can be sent, and includes provisions for violations that include installing malware, or using someone else’s computer to send messages without their consent. Penalties are stiff. Violators can be fined up to $1 million dollars for individuals, or up to $10 million dollars for businesses.

During her address to the Canadian Telecom Summit, Ms. Rosen stated that the CRTC will help service providers and enterprises to fight spam, and pointed out that many service providers might be providing connectivity to spammers unknowingly, and that the law protects them. She cautioned though that any who are “willfully turning a blind eye to the practices  that facilitate abuse is not an excuse. Nor is it a free pass from an investigation.”

The Commissioner continued on, stating that the CRTC has added staff for investigation and enforcement, and that they will work with the federal privacy commissioner as well as the Royal Canadian Mounted Police, businesses, and ISPs to combat malware. Ms. Rosen did indicate that violators who come clean may receive leniency, stating “Those who walk through our doors first will be treated with more leniency than those who wait for us to show up at their door.”

My favourite quote from Commissioner Rosen’s address has to be this one, which conveys to me that she means business. “Anyone not part of the solution will be considered part of the problem, and I assure you we will go after them.” With a history of strict enforcement, including a recent $500K penalty recently levied against another company that violated telemarketing practices, it seems to me that the CRTC has the right person at the helm to make C-28 a law with real teeth. I hope the US takes note, and considers making CAN-SPAM more effective as a result.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

C-28′s Top Enforcer Seems Ready to get the Job Done

Federal authorities are accusing a Texas man of hiring a botnet to carry out a pump and dump spam campaign. Cedar Park resident Christopher Rad also allegedy paid Russian hackers to break into brokerage accounts. The compromised accounts were used to buy penny stocks, artificially driving up their worth. Rad, along with co-conspirator James Bragg, then used the botnet to send out spam hawking the stocks. Rad and Bragg would then sell their stock for steep profits while the duped buyers were left to watch their money disappear as the worthless stocks crashed and burned.

According to a federal indictment unsealed on Monday, “Rad acted as a middleman between stock promoters seeking to pump shares of stock, and computer experts located inside and outside of the United States who used various means, including ‘spam’ email campaigns, ‘botnets,’ and hacking to pump the stock. The perpetrators further hacked into the brokerage accounts of unsuspecting third parties, liquidated the existing holdings and used the balance to trade in a particular stock, thereby pumping up the stock price.”

Prosecutors say they were able to make profits of over $100,000 a month from the scheme. Pump and dump spam is nothing new and preys on people’s trust, greed, and in these shaky economic times, desperation.

Rad has been charged with conspiracy to commit securities fraud along with several offenses under the CAN-SPAM Act and faces up to five years in prison. James Bragg pled guilty to his charges last October. The other men accused of taking part in the scheme, which ran from November 2007 to January 2009, have yet to be charged.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Texas Man Charged in Multi-Million Dollar Stock Spam Scheme

In a new email system, dubbed DE-mail, the German government is backing a new system of email servers being set up to run as an alternative to traditional SMTP systems on the Internet today.

Using the two letter country code for Germany (Deutschland) DE-mail offers users (both personal and business) a system that provides digitally signed and encrypted emails between dedicated servers. These servers will not accept or send messages to any systems other than members of the system, which are controlled by ISPs, but are subject to stringent rules for their operation as well as regular security audits. Anyone can become a user of the service, but they must prove their identity by presenting an application with government issued identification. Clients will use standard TLS protocols to sign and encrypt mail, with both webmail and plugins for popular mail clients being developed.

Email sent through DE-mail is being extended the same legal status as registered mail sent through the post, meaning that this can be used as a method for exchanging legal documents like contracts which require confirmed delivery. ISPs must send all email delivered into the system, just like the postal service must deliver all paper email, but since all email sent is from an authenticated sender, and ISPs are welcome to charge for this service, it is expected that spammers will find this service unpalatable. Users are welcome to filter/block/delete any messages that are sent to them, just like they can throw away snail mail delivered by the post.

Germany’s phone company Deutsche Telekom, one of the largest Internet Service Providers in the country, United Internet, and Mentana Claimsoft, a provider of corporate email services, are all participating in the initial service offering and promoting the services this week at the Cebit trade show in Hanover. Germany’s Ministry of the Interior is also promoting the service.

Initially, this service will be limited to German residents, but EU law requires than service providers in other member nations be allowed to participate, and other countries are developing or have already passed laws according similar legal recognition to such messages.

You can read more about the service at the following links.

http://www.telekom.com/dtag/cms/content/dt/en/767802

http://www.deutschetelekom.com/dtag/cms/content/dt/en/895858

http://www.bmi.bund.de/EN/Themen/OeffentlDienstVerwaltung/ModerneVerwaltung/DEMail/demail_node.html

If such a service was offered in your country, would you want to use it, and how much would you be willing to pay to participate? Would a monthly flat rate be more appealing than a per message fee? Do you see any privacy implications, even though it will employ digital signatures and encryption?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Is Germany’s email system the answer to anti-spam?

The man who federal prosecutors once dubbed a spam king has been released from prison. Robert Soloway left an Oregon prison on February 26 after serving just over 3 and a half years. In his career as a spammer he sent over a trillion spam messages and raked in millions. In addition to using spam to sell Viagra and other pharmaceuticals, he ran a program that taught others how to spam for a fee of $150.  While he’s never given details of his methods he has admitted to using botnets.

Soloway was just the second person ever to be prosecuted and convicted under the CAN-SPAM Act. Before then nothing deterred his spam operation, not even judgements levelled against him. Microsoft won $7 million and an Oklahoma man $10 million. Today however he claims to be a changed man who will never spam again.

“If I send out spam e-mails, that’s a violation of my probation. End of story,” he says. “I’m being very careful. If I send out an e-mail, I’m not even going probably to CC it. I’ll send a unique e-mail to each person.”

As part of his probation, federal authorities will be monitoring every email he sends and every website he visits. Soloway doesn’t mind and says he wants to start a new career as a consultant, teaching businesses and consumers how to fight spam.

“I would like to assist in some way by basically revealing what went on inside the cybercrime industry,” he says. “If you don’t know who you’re up against, like in any war, you don’t know what you’re facing.”

Infamous hacker Kevin Mitnick has made a career out of being a security consultant to businesses, teaching them how to protect themselves from hackers doing the very same things he ended up in prison, for, so it’s not unreasonable to assume Soloway could end up down a similar path.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Spam King Released From Prison

A New Zealand man is facing up to $700,000 in penalties for spamming. The New Zealand Department of Internal Affairs’ Anti-Spam Compliance Unit told the country’s High Court that Brendan Paul Battles and his company, Image Marketing Group Limited, are accused of sending out over half a million spam emails and over 40,000 spam texts during 2009. This type of activity is in violation of New Zealand’s Unsolicited Electronic Messages Act of 2007.

Battles isn’t the first spammer they’ve hauled into court. In 2008 they got Lance and Shane Atkinson and their partner, Roland Smits. The three were accused of being part of a massive international spam network that pumped out millions of emails hawking male enhancement products, fake prescription drugs, and diet pills.  The High Court ordered  the Atkinsons to pay $100,000 and Smits to pay $50,000.

The U.S. also went after Lance Atkinson. The FTC prosecuted him under the CAN-SPAM Act and a judge ordered him to pay $15 million in fines. Not surprisingly, Atkinson has refused and because he is not a U.S. citizen, the FTC can’t make him pay unless he steps foot on U.S. soil, something it doesn’t appear likely he’ll ever do.

Most spammers who are taken to court and hit with steep fines never pay up. Either they are in some foreign country and are convicted and fined in absentia, or they turn around and immediately file for bankruptcy. It brings into question whether suing or fining spammers is worth the expense since the chances of collecting are slim to none. What do you think? Would your company go through the expense of suing a spammer just to make a point?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

New Zealand Spammer Facing Steep Fines

As blogged about earlier the week by my colleague Sue Walsh, Canada finally joined the rest of the G8 nations in passing legislation intended to help fight SPAM. Bill C-28 (complete text here in pdf) should go into effect in September of this year, and contains some provisions that, frankly, I find rather alarming. In reading the bill, an arguement can be made that C-28 provides individuals a license to spam. Read the law yourself, especially sections 6(1)a and 10(9)b, and then see if you agree with me on this.

As mentioned in Sue’s post, one of the first provisions of the law prohibits the sending of commercial emails unless the recipient has opted to receive such messages. In case you don’t have time to read the full bill yourself, here are a couple of excerpts from C-28. As mentioned above, the specific wording that disturbs me the most is found in section 6(1)a.

           6. (1) It is prohibited to send or cause or permit to be sent to an electronic address a commercial electronic message unless (a) the person to whom the message is sent has consented to receiving it, whether the consent is express or implied…

when combined with section 10(9)b

          (9) Consent is implied for the purpose of
section 6 only if
(b) the person to whom the message is sent has conspicuously published, or has caused to be conspicuously published, the electronic address to which the message is sent, the publication is not accompanied by a statement that the person does not wish to receive unsolicited commercial electronic messages at the electronic address and the message is relevant to the person’s business, role, functions or duties in a business or official capacity;…

Consider how many places on your corporate website an email address appears. Consider how many places your own email address appears. Now, I am not a lawyer, and I did not stay at a Holiday Inn Express last night, but as an IT professional, I think I need to go update EVERYWHERE my email address might appear with a disclaimer or the floodgates of Canadian spam will be opened and my inboxes will be filled by SPAM for a range of products that could arguably be considered as “relevant to my business.” I may need to add a statement that I do not wish to receive unsolicited commercial electronic messages to the signature of every email.

The problem with this law, as with so many others relating to Information Technology, is that it appears to be written by people whose understanding of the law far exceeds their understanding of the technology. And while my own understanding of the law is considerably less than my understanding of technology, as a potential juror on a case involving this law, that wording is open enough that I would have to acknowledge any argument that says the defendent got my email address off of my blog, and on my blog I had a post about getting older, so the emails touting hairloss products were relevant to my business.

What do you think? Am I overreacting, or does the way the bill reads sound to you like it does to me? Leave a comment with your thoughts and let’s get a dialog started on this law and how many ways it could be interpreted, and what we as IT professionals may need to do to ensure that its intent is not circumvented.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Is Canada’s new Law a License to Spam?

1. Sending commercial emails is prohibited unless the recipient has opted to receive such messages.
2. Commercial messages must have a clearly defined sender, provide a way for recipients to unsubscribe if they wish, and the sender’s contact information.
3. Certain commercial messages, such as those containing account or subscription info, warranty or recall notices, related to employment, or that deliver upgrades or security patches are exempt.
4. Text messages and phone calls are also exempt from compliance.

The law says consent is implied if a recipient has conspicuously posted their email address, has an existing business relationship with the sender, or has given the sender their email address without making it known that they don’t want to receive commercial messages.

The law also prohibits individuals from installing software or sending messages from another person’s computer without their consent. The penalties for not complying with the new law are substantial. Fines of up to $1 million for individuals and $10 million for companies, and individuals have the right to sue anyone who violates the law for up to $200 per unsolicited message.

What do you think about the new law? Do you think it will be effective or enforceable? We want to know your thoughts, especially if you are Canadian. Please leave a comment!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Canada Passes New Anti-Spam Law

          “Consent is key to the operation of the Spam Act,” ACMA chairman, Chris Chapman, said. “If you intend to promote your business by email, it is your responsibility to ensure that consent of the recipients has been obtained before sending the message—no matter where the email address came from.”

Bulk lists of email addresses are available for anywhere from $39.95 for 1 million to $799 for 98 million. The purchase of such lists is not recommended since there is no way to know for sure if the people on them have consented to having their addresses sold, and if you can’t prove consent your company will be in trouble if a spam complaint is filed against you.  

If you want a mailing list for your company, it’s best to create one yourself that allows people to opt in to it and makes it easy for them to opt out if they desire at a later date. Most companies do this by offering a checkbox during registration that allows users to decline marketing messages from them. Those that don’t check it are added to an internal mailing list. Just make sure this option is clearly presented and not buried in small print. Creating your own mailing list this way ensures that your message will go out to people that actually want to hear it.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Australian Web Designer Fined $11,000 for Spamming

Pump and dump schemes have been around for a long time. Typically they involve massive amounts of spam being sent hyping a particular penny stock as being the next hot thing, hoping people will be tempted by the promise of big profits to invest. This causes the value of the stock to rise artificially, and once it gets to what the spammers consider a profitable level, they sell their stock and disappear, leaving the investors with worthless stock and empty bank accounts. Recently an Indian man was handed a 6 year prison sentence for a similar pump and dump scheme.

Bragg was previously sentenced to a year in prison for a similar case involving infamous “Godfather of Spam” spammer Alan Ralsky. That Michigan based operation netted an estimated $2.7 million dollars in profit and got Ralsky over 4 years in prison.

Just how much Bragg may have profited from his latest scheme and how much spam he pumped out is unknown. He also faces a $250,000 fine.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Arizona Man Pleads Guilty in Pump and Dump Spam Scheme

Guerbuez insists he is not a spammer and has done nothing wrong, saying if people don’t want a particular email, they should use their delete key. It doesn’t look like the court ruling will be of much help to Facebook as Guerbuez has filed for bankruptcy and listed the site as one of his creditors-a common tactic used by spammers who have had huge judgments levied against them.

His lawyer said the judgment was excessive and that his client had no choice but to file bankruptcy because there is no way he could ever pay such a huge amount, which equals $1 billion in Canadian funds.

Guerbuez says he is a highly skilled internet marketer and says the whole Facebook issue has helped him gain attention and helped his business. He also claims to have both a book deal and a movie in the works.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Canadian Court Upholds Facebook Spammer’s Verdict

Under the proposed law, spammers could be slammed by fines imposed by the Canadian Radio-television Telecommunications Commission (CRTC) of up to $1 million for individuals and $10 million for businesses.

What’s more, the legislation creates a right to private action that allows citizens and businesses to recover damages in the courts from spammers violating the act. Courts could require junk mailers to pay compensation to victims equal to actual losses or damages they suffer at the hands of the spammers or expenses they incur attributable to spam. In such cases, a court could impose penalties of $200 per violation up to $1 million a day.

The bill (C-28) known as the Fighting Internet and Wireless Spam Act (FISA), which has received initial approval in the House of Commons, would bar sending unsolicited commercial electronic messages–including emails and test messages to mobile phones–unless there is expressed or implied consent from a recipient.

However, the legislation does fall short of banning all unsolicited electronic messages. For example, a recipient’s request is not required where the purpose of a message is to provide a quote or estimate, or is intended to facilitate, complete or confirm an existing commercial transaction.

In addition, consent would be considered implied if the recipient has an existing business relationship with a sender or if they provide the sender with their address without indicating they don’t want to receive unsolicited communications from the sender.

Even if an unsolicited electronic communication is permitted by the law, senders are still required to identify themselves in the missive, provide contact information and include a procedure for unsubscribing to future communiques from them.

The act also takes a shot at tightening the screws on spyware artists. It prohibits the installation of any software on a Canadian citizen’s computer without his or her consent. Even if consent is given to install a program, the law requires the installer to apprise a computer’s owner of any potentially undesireable consequences of the install, such as collecting personal information about him or her.

Phishing, too, is targeted by the proposed law. The measure bans altering data in an electronic message or causing it to be altered in order to divert the message to an unintended destination without consent from the recipient or a court order permitting the alterations.

The bill also expands and alters other Canadian laws in order to attack electronic communication shennaigans. For instance, it extends the reach of the country’s Competition Act so its provisions relating to false and misleading marketing include electronic messages.

What’s more, it reins in some exceptions in the nation’s Personal Information Protection and Electronic Documents Act (PIPEDA). Tinkering with those exceptions contributed to the demise of last year’s anti-spam legislation. The Canadian Chamber of Commerce argued that provisions in that bill would limit PIPEDA exceptions in a way that they would interfere with a business’s ability to use the Internet to investigate cases of fraud and identity theft.

Recognizing that the spam problem is one that extends beyond the borders of Canada, the proposed law also opens the door for cooperation with other countries in combating spam. It allows the Maple Leaf state’s Competition Bureau and its Privacy Commissioner to share information and evidence with other nations in order to pursue violators of the proposed law residing outside Canada.

There’s also an education component to the measure. Under the act, a spam reporting center would be created to identify and analyze online threats and raise public awareness on the issue.

The proposed legislation is meant to “deter the most damaging and deceptive forms of spam from occurring in Canada, creating a more secure online environment,”” Lynn Meahan, press secretary to Industry Minister Tony Clement, told The Lawyers Weekly.

She added that the proposed bill does this by addressing the sending of spam, the undesired installation of spyware and malware on computers and the alteration of transmission data.

These threats, she said, “disrupt online commerce and reduce business and consumer confidence in the online marketplace, congest networks, impose heavy costs on network operators and users, threaten network reliability and security and undermine personal privacy.”

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Canada mulling anti-spam law

The 419 scam has been around for many years and if you have an email address chances are you’ve gotten at least one. By sending messages claiming to be lawyers representing long lost relatives who’ve died and left a huge inheritance, exiled family members of royal families from obscure countries, dying missionaries, officials from foreign lotteries and other individuals who need help transferring millions to a U.S. bank, the scammers behind these spam messages have snared both CEOs and ordinary people in their webs. They count on their messages hitting gullible people who let their greed overrule their common sense.

No matter the message, the scam is always the same. They either need your help transferring their fortune to an American bank or want to award you money they claim you won or inherited. If you bite, they’ll ask for small processing fee, and then another. Then they’ll claim they need more money to bribe officials or get copies of important paperwork. The minute you refuse to pay they disappear. Some people have poured their whole life savings into these scams and some have even traveled overseas to get the money they still believe they are due. Sadly, this has resulted in kidnappings, disappearances, and in a few cases, murder.

There’s no word on if or when Diamreyan’s accomplice will be tried. Diamreyan was also ordered to pay his victims $1 million in restitution but prosecutors admit the chances of that happening are slim.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Man Gets 12 Years in Prison for Nigerian Spam Scam

          “We have taken this action to shut down an organised criminal network running an online phishing and account take-over operation,” said the Met’s Detective Inspector Colin Wetherill.”A great deal of personal information was compromised and cleverly exploited for substantial profit. By disrupting the operation we have hopefully prevented further loss to individuals and institutions across the UK.”

The group sent out fake emails made to look like they came from legit banking institutions in an attempt to trick them into going to the lookalike sites they created and turning over their login info. Once the info was in their hands they went to town cleaning out bank accounts and maxing out credit cards. Detective superintendent Charlie McMurdie of the Police Central eCrime Unit (PCeU) said they are also trying to determine if the gang distributed malware as part of their operation.

          “In high-volume phishing, malware infection goes on,” said McMurdie. “One million emails through various channels and in various forms will get a certain percentage of response.”

The accused remain in custody in London on suspicion of conspiracy to commit online banking fraud and violations of the Computer Misuse Act.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Six Arrested in UK Phishing Operation Bust

I wonder though, of all the spam messages they collect what percentage originates from somewhere other than the U.S. Most hardcore spamming operations are safely overseas on bullet proof hosts in countries that don’t investigate or prosecute cybercrime either due to lack of understanding, lack of resources, or law enforcement corruption. Since these spammers can be convicted and fined without having to actually appear in court, yet can’t be made to pay up unless they enter the U.S., it seems such investigations could all be done in vain. Suing spammers doesn’t work well either – they just declare bankruptcy and move on to a new scam. There have been a few cases lately about spammers who’ve gotten themselves pretty hefty jail sentences but again, it doesn’t really work when the spammer is overseas somewhere.

So yes, the FTC is doing a great thing by investigating spammers and holding them accountable under the CAN-SPAM Act, but fighting spam will only be truly effective when all countries do so together and have similar anti-spam laws.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

The FTC gets over 200,000 Spam Messages a Day

InNova claims the patent was granted to mathematician Robert Uomini in 1995. Unomini is credited as the founder in the lawsuit while InNova takes credit as the patent licensing company he went through. The technology is called “System for Adding to Electronic Mail Messages Information Obtained from Sources External to the Electronic Mail Transport Process” but few details have been given about how it actually works, other than the very vague “helps determine what emails are spam and which are legit”. However that hasn’t stopped the company from declaring that if it weren’t for them, the entire email system would fall apart.

          “More than 80 percent of email is spam, which is why companies use InNova’s invention rather than forcing employees to wade through billions of useless emails. Unfortunately, the defendants appear to be profiting from this invention without any consideration for InNova’s legal patent rights,” said patent-infringement attorney Christopher Banys.

The suit lists everyone from Bank of America to Frito-Lay, Dr. Pepper and RIM. It’s not yet known why InNova and Uomini waited so long to sue or why they chose the companies they did. The suit was filed in the U.S. District Court of East Texas. Texas has long been known as extremely friendly to those filing patent suits.

None of the companies named in the suit have yet commented.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Apple Facing Lawsuit Over Spam Filtering

Federal authorities say two men accused of running a spam campaign in Columbia Missouri that targeted college students reaped in the profits to the tune of over $4 million.  Investigators say Amir Shah, Osmaan Shah, and Paul Zucker began their spamming activities in 2004. They created programs designed to harvest the email addresses of students at over 2,000 colleges, starting with those at the University of Missouri at Columbia.

The spam messages hawked products such as tooth whiteners and a social networking site called Noog.com and claimed to be from officially authorized campus representatives and alumni owned businesses. To avoid detection they used a bullet proof hosting company in China that ignored take down requests and bought proxies. They also faked the headers and reply-to addresses in their messages, a blatant violation of CAN-SPAM laws. When a college complained, the addresses of their students were simply taken off the list.

The men made their money by both selling the products they offered in their spam messages and by affiliate marketing, using their spam to inflate their referrals. They tried to hide their profits by buying properties and funneling it to overseas accounts.

The Shahs and Zucker were indicted on 35 counts of fraud in connection with email, 6 counts of fraud in connection with a computer, and 1 count of conspiracy. All three charges are felonies and they face over 60 years in prison if convicted. Zucker pleaded guilty last week. The Shahs had originally entered a not guilty plea but were expected to change that to a guilty plea last week, but cancelled their hearing after Zucker pled guilty.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Feds Say Missouri Spam Operation Netted Over $4 Million