Deterrent effect...
730,000 messages netting $555,850 is $0.76 per message, do people really pay 76 cents for each spam message?
I had no idea the pay was so good.
MySpace has won a $230 million anti-spam judgment against notorious spammer Sanford Wallace and his partner Walter Rines. US District Judge Audrey Collins made the order - reckoned to be the largest ever in an anti-spam case - after the duo failed to appear in court. The pair were found responsible for orchestrating a phishing …
$4.7 Million for Lawyers is OBSCENE. These clowns should be in jail until the sun freezes solid, plus another 100 years. Preferably somewhere that makes Devil's Island look like the Ritz Carlton. Vlad Tepes had the right idea.... ;)
That would be Vlad the Impaler, aka Vlad Dracula......
I left myspace a while back {to join stalkerbook haha} because of all the scams going on there.
If their users weren't so fucking stupid then phishing wouldn't exist and I for one congratulate people who profit out of the users stupidity.
Hopefully anyone who has been phished {if they even know they have} will have had such a bad experience they'll stop using our interweb and it can finally be returned to us geeks.
I wish I was a lawyer though, $4.7million for stating the blindly obvious !!
>"Wallace moved to Las Vegas in 2004 in an effort to get into nightclub promotion and DJ work. His present whereabouts are unknown."
If he's been trying to pull the same kinds of stunts on his new "partners" in the Las Vegas nightclub industry as he's become used to during his career as a spammer, the answer will be something like "A few miles outside town in the desert, and several feet down towards the centre of the Earth". Well, maybe that, or maybe he's reformed. Why, he could just as easily be a pillar of the freeway community by now...
If I had a cool $gazillion to obtain from someone (but unlikely to ever collect) I would check my accounts to see if I couldn't offer a nice juicy reward for his whereabouts (although I must admit that I don't know if that's legal or not - anyone?).
It would make life *extremely* uncomfortable for the chaps, which would be part of the fun..
Nah, I'm not vindictive. But creative, yeah..
but they just can't kill the beast... (Copr The Eagles)
Spamford and Rines have kept on keeping on since the beginning, but I'm hoping that someday, some judge will throw them in jail for contempt of court, which seems to be the only thing that will stop these rescidivist scumbags.
As for the $.76 a message, that poster didn't understand the situation. Myspace could actually prove 730,000 messages, but that was probably about a day's worth, there were probably hundreds of millions actually sent. That's how the King of Spam got his name - by sending out hundreds of millions, if not billions.
How insulting and irresponsible.
That's like accusing a rape victim of being at fault for getting raped, except that for the rape victim the consequences are much worse.
We geeks resent that you paint yourself as being part of our enlightened community. Those who are enlightened educate those who are not, they do not belittle them.
How to make Gmail the spam target of absolute last resort.
The goal of this suggestion is to intelligently leverage and focus Google's expertise and credibility against the spammers and their accomplices. But where will the intelligence come from? From me, from you, from *ANYONE* who has a Gmail account and who wants to help oppose the annoying evil that is spam. Aggressively implemented, it could make Gmail into Spammer Heck--maybe to the point where only a fool would send spam to Gmail. (Yeah, there are plenty of fool spammers--but at least we'd get the laughs without the serious spammers.) Less spam = more value in Gmail.
So do you want to fight against spam? You, too, could become a WSF (wannabee spam fighter).
SpamSlam is my 'working draft' label. The idea is roughly based on other anti-spam systems--but with more smarts. Almost all email systems include one level of feedback in a Spam/NotSpam button. (For relative brevity and because it simplifies the draft implementation, I'm focusing on Web-based email here.) Think of SpamSlam as a report-spam-button on steroids. SpamSlam would report the spam, but also do much more. Essentially this Gmail feature would do some of the automatic analysis that any spam fighter has to do, get some intelligent feedback, and hopefully be able to act immediately against the spammer. Speed of action is actually crucial--cutting off the spammers' income is a key goal of this proposal.
Here is an approach to implementing it:
Clicking on SpamSlam would first trigger a low-cost automatic analysis of the email, including the headers. Let's call this Pass 0. Basically this is just using regular expressions to find things like email addresses, URLs, and phone numbers. The results would be used to generate a Pass 0 webform with comments and options (and explanations and links). This pass should also look for obfuscation and ask the wannabe spam fighter (WSF) to help break the spammers' attempts to evade the spam filters. (This is leveraging the spam's features against the spam--if a human can't figure out the spam, then the human can't send money to the spammer.) In many cases, this Pass 0 analysis may be able to suggest answers. If something like "drop@dead.com" appears in the header, then the WSF should just click the option 'fake email'. Perhaps the WSF would only need to click a check box to confirm that "V/1/A/6/R/A" is a drug and categorize the spam. Other times the WSF can actually type in the answer to the spammer's quasi-CAPTCHA, and then the SpamSlam function can do something. At the bottom of the 'exploded email' in Pass 0, there will be the usual submit button.
After the WSF submits that Pass 0 form, more analysis can begin. The data is no longer raw, but partly analyzed, and the system can start checking domains, registrars, relays, fancier types of header forgery, MX records, categories of crime, email routings, and even things like countries hosting the spammer. This kind of analysis will probably take a bit of time, but a new Pass 1 form will be prepared for the WSF to consider. Basically, this would mostly be a confirmation step for the obvious counteractions. That's stuff like complaining to identified senders and webhosts, but also things like reporting open relays and spambots. It also needs more flexibility and 'other' options in the responses at this point--we all know the spammers are constantly going to try to devise new tactics. Again there will be a submit option at the bottom for this Pass 1 form.
That will probably cover most of the responses, but in some cases there may still be a need for a Pass 2 form. I imagine that would be a kind of escalation system, mostly to address new forms of spam. There is no closure on spam, there will always be new kinds of spam, and the responses to spam need to be open and flexible, too--but fast. The spammer is trying to open millions of little windows of economic opportunity--and in an ideal world we should slam all of them before a nickel gets through.
Beyond that? I think Gmail should also rate the WSFs on their spam-fighting skills. Some people are going to be much better at fighting spam. I admit that I want to earn a "Spam Fighter First Class" merit badge. Come to think of it, I also want the system to keep records of the spam I've slammed and how it was dealt with. Maybe they'd even spot cases of lawsuits against "my" spammers? Gosh, I'd love to join in and personally help put a spammer in jail. I know we're supposed to hate the spam, not the spammers--but I confess. I hate the spammers, too.
An earlier version of this idea (SuperReport) had a somewhat different focus and more details, especially for the Pass 0 webform--but obviously none of this is set in stone. If you agree with these ideas--or have some better ones, I suggest you try to call them to Google's attention. Actually, in my pursuit of this idea, I have been surprised to encounter a lot of anti-Google sentiment--though not surprised that much of the ill will was spam-related. However, I think Google is still an innovative and responsive company--and they claim they want to fight evil, too. Will they try harder to fight spam if many people like you and I write to them? I hope so, but it doesn't really matter where ideas come from or who gets credit--what matters is annoying the spammers more than they annoy us.
By the way, thanks to the people who offered thoughtful comments on the earlier draft. I'd like to thank you more personally, but you basically got lost in the flood of hopeless fools and sock puppets. That's a separate SNR problem.
As SMTP exists, we can never eliminate spam or spammers--but we can give them heck. If this suggestion is aggressively implemented, then spam sent to Gmail would almost immediately result in a flood of highly focused and thoughtful complaints against the spammer--before the spammer can get *ANY* money from the spam. Hit the spammer in his wallet *BEFORE* he can pocket anything.
The summary: Do you hate spam? Do you want to help fight the spammers? Yes, we can. If Gmail was the spam target of last choice, then it should be our email service of first choice!
"How much is a Gitmo cracked rock worth exactly?"
It isn't piece work. What you do is you keep going until you crack open a rock that is worth opening. Then you take the nugget and run.
Of course since Gitmo is a coaling station, Cuba might want to know WTF gave the USAnians mining rights.
Come to think of it, as a port of supply, they don't have concentration and torture camp rights there either, do they?
No it's not the rape victims fault because they don't have a choice about being raped.
But to get phished? You have the choice whether you want to hand of your details. I still maintain you have to be pretty stupid to get phished and I have no sympathy for anyone who falls for it.
A log in page at http://www.myspace.com/someguysrandompage would you fall for that? Thought not.
Like bank phishing scams, make a page look like the norm and the idiots flock to it to hand over their details.
Yeah, definately no sympathy.
Personally, I'd like an internet where we CAN enter our details into a site without constantly looking over my shoulder for spoof sites / XSS / Keyloggers
I also want an internet where I can pick up my email without having to trawl through hundreds of spam emails pushing penis and breast enlargement snakeoil and porn sites.
Finally I want an internet which both by parents and my young daughter can visit safely without specialist security training.
So yes AC: you carry on blaming the user for being scammed / spammed / defrauded. I'll blame the criminal. Personally, I think your apprach will ultimately lead to a internet which completely useless to the average joe in the street, and one which will therefore fade into insignificance.
One of the reasons Facebook at al are so popular (IMHO) is that they are effectively "gated communities" on the internet, where spammers have a much harder time infiltrating your inbox. I can understand why MySpace were so keen to get Spamford: he and his kind have bascially destroyed their website's reputation.
I think AC should remember that its optional to post message which combine unthinking arrogance with a misplaced sense of it being considered socally acceptable to exploit the vulnerable. I assume that you also have no sympathy if an elderly relative falls prey to fraud.
Victims of fraud, which is what these phishing attacks are, deserving of sympathy, advice and protection, especially when some sites make it so easy to generate attacks like this.
As far as the phishers are concerned, it's a criminal act, pure and simple. As for those that cheer this particular group of scumbags as AC clearly does, then I have rather less than sympathy. Victims of crime may make themselves more vulnerable, through their actions, but surely the criminal exploitation of such people is all the worse. We don't judge criminals any the better because they prey on the old, or the weak. Rather the reverse, and AC should be ashamed of him/herself for cheering on this form of behaviour.