A friend of mine wrote to ask: "The Supreme Court overturned the Jaynes conviction on First Amendment grounds, yes? I'm wondering what that could mean from the spam filtering perspective." Spam filters, and in particular DNS blacklists are intended to prevent e-mail from being delivered. Doesn't the First Amendment make it illegal to block speech? The short answer is no, but of course it's slightly more complicated than that in practice. more
The California Supreme Court issued its opinion in Kleffman v. Vonage, a case certified from the Ninth Circuit. The California Supreme Court held that the transmission of "commercial e-mail advertisements from multiple domain names for the purpose of bypassing spam filters" does not violate California's spam statute. more
More than 420,000 scam emails are sent every hour in the UK according to a report published by Card Protection Plan Limited (CPP). The study estimates that Britons were targeted by 3.7 billion 'phishing' emails in the last 12 months alone. And a quarter of people admit to falling victim to e-fraudsters, with the average victim losing over £285 each. more
A federal court granted a request for attorney's fees (in the amount of $806,978.84) against prolific CAN-SPAM plaintiff Asis Internet. I thought things were looking good for Asis - whose lawsuits have generated substantial blog fodder - when it recently obtained a 2.5 million dollar default judgment in a spam case. more
As Reddit recently learned it's not a great idea to use the Amazon EC2 cloud to host mailservers. There are a number of reasons for this, most of them related to the reputation of mail coming from EC2 servers. When you're using machines in the cloud, changing IP addresses is as simple as initializing a new server. Spammers discovered this almost as soon as the EC2 cloud became public. more
Gary Warner over at Cyber Crime and Doing Time has a good post up this week about the CallService.biz website being shut down. I have posted a few good excerpts and added my comments to the end. ... Warner's take on the world of spam, malware, hacking and phishing is that unless people actually go to jail because they are spamming, the problem of spamming will never get better. That's because when the security industry fixes the latest hole or comes up with a new technology to stop the newest threat, spammers simply move onto another. more
Earlier this year Okpako Mike Diamreyan was found guilty of wire fraud. The district court recently denied his motion for judgment of acquittal. Diamreyan "was charged with devising a scheme to defraud known as an 'advance fee.'" As the court describes it, this is a "scam . . . where a person asks an individual to pay an advance fee in order to obtain a larger sum of money, which the individual [victim] never receives." ... Two things about the case struck me... more
Google, which through its Postini email security and archiving service processes over 3 billion email connections a day, reports that despite recent series of major botnet takedowns, spam levels during the first quarter of 2010 have held fairly steady. "This suggests that there's no shortage of botnets out there for spammers to use. If one botnet goes offline, spammers simply buy, rent, or deploy another, making it difficult for the anti-spam community to make significant inroads in the fight against spam with individual botnet takedowns." more
Bennett Haselton, who runs the Peacefire anti-censorship site, is one of the more successful anti-spam litigants. He says he's filed about 140 suits, mostly in small claims court, and has won the majority of the suits that got far enough to be decided on the merits. But last month, in Federal court in Seattle, he lost a suit against Quicken Loans that he should have won, partly because of his own mistakes, but largely because of the pernicious effect of Gordon vs. Virtumundo. more
Brian Krebs has a post up the other day on his blog indicating that the amount of spam ending in .cn has declined dramatically due to steps taken by the Chinese government making it more difficult to get a domain ending in .cn... A cursory glance seems to confirm that the amount of spam from .cn as opposed to .ru has switched places. Indeed, if the CNNIC requires people to start writing in application forms, with a business license and identity card, that is seriously going to slow down the rate at which spammers can sign up and register new domains. more
A study conducted by RIPE Labs indicates that about 1.89% of spam are received over IPv6. "With the increased deployment of IPv6, we were curious to see how much the amount of spam sent over IPv6 increases. We looked at the e-mail system of the RIPE NCC and produced some statistics that could be seen as an indication for the overall trend of spam sent over IPv6," says RIPE in a blog post explaining the analysis. Group also notes that the study was based on one week’s worth of data and that it excluded messages already rejected by blacklisting and greylisting. more
A court in Illinois rejected a motion to dismiss case filed by defendants in a class action brought on behalf of plaintiffs who received SMS spam marketing for an animated film called "Robots". The court's ruling is not surprising, given the other cases which have come to a similar conclusion. more
The 2010 version of the now-annual Messaging Anti-abuse Working Group (MAAWG) 'Email Security Awareness and Usage Report' was released yesterday. While un-belied by the title, the vernacular name might get a bit more attention: "The MAAWG Consumer Email Survey". ... Consumers were surveyed in North America and across Europe with variety of questions from computer expertise and savvy, to their preferences of email. more
In my consulting and working with clients, I rarely use the word spam. There are so many different definitions of spam, I have no way to know if my clients understand what I am saying, so I avoid the term as much as humanly possible. An example of some of the few definitions of spam I've seen used over the years... more
Following in the footsteps of Lethic, Waledac and Mariposa, yet another botnet has been taken offline. Not completely, though, it was only a partial disconnect. The Zeus botnet, also known as Zbot, is a trojan password stealer that captures passwords and sends them to the attacker. more
A World-Renowned Source for Internet Developments. Serving Since 2002.