intimidation from spammer

[Rob McEwen <ro...@powerviewsystems.com>]

I have an e-mail address of a former employee of a client of mine that I use
(with permission) to monitor spam since this address receives MUCH spam. Of
course, it is within the realm of possibility that some of this was actually
subscribed to, but most of it is spam. Therefore, this account has value to
me, but is not to be confused with a real spam trap.

Today, this address received a spam which claimed that it was subscribed to,
but it...

(1) looks spammy

(2) contains spammy obfuscation... if they are so legit, why do they have to
obfuscate? That has always been a red flag

(3) and... the spam contains threats to anyone who might blacklist them (and
I take offense at the tone of these threats... especially since the text of
the actual thread is full of obfuscated words... wouldn't you take offense?)

Of course, if my recipient address was a true spamtrap address, this would
be a no-brainer... but since it wasn't a true spamtrap address, am I
actually putting myself at legal risk if I were to list this spammer on
SURBL and URIBL?

Also, another idea is to contact them and challenge them to provide the IP
address and date/time stamp of the supposed request from my client's former
employee. If the date/time stamp they provide is **recent**, they'd be
caught "red handed" as well... but the problem here is that I would then
have provided this e-mail address to the spammer for listwashing...
something I'm reluctant to do.

Any comments/suggestions welcome!

Rob McEwen
PowerView Systems
Rob@PowerViewSystems.com
(478) 475-9032


HERE IS THE SPAM:
(I replaced some text with "ANOMOMIZED" anywhere where the original message
might have given away the original recipient e-mail address)

Received: from mail7.mdx.safepages.com ([216.127.133.22])
        by ANOMOMIZED (ANOMOMIZED) with ESMTP (SSL) id ANOMOMIZED
        for <ANOMOMIZED>; Sat, 4 Mar 2006 ANOMOMIZED
Received: by mail7.mdx.safepages.com (Postfix, from userid ANOMOMIZED)
	id 82BB91BCBFA; Sat,  4 Mar 2006 13:35:05 +0000 (GMT)
Received: from walla.com (71-214-97-102.ptld.qwest.net [71.214.97.102])
	by mail7.mdx.safepages.com (Postfix) with ESMTP id ANOMOMIZED
	for <ANOMOMIZED>; Sat,  4 Mar 2006 13:35:04 +0000 (GMT)
Message-ID: <ANOMOMIZED>
From: moonlit5@walla.com
To: ANOMOMIZED
Subject: This is Lisa Sorensen, trying to reach you?
Date: 04 Mar 2006 ANOMOMIZED
MIME-Version: 1.0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<HTML>
<HEAD>
<TITLE>Is it working for you?</TITLE>
<META NAME=3D"generator" CONTENT=3D"ToniArts EasyHtml v.2.2">
</HEAD>
<BODY>
<font color=3D"#0000A0" face=3D"verdana" size=3D"2 pts"><b>
Hello<br><br>
<p>
I want to talk with you on a personal level.<br>
About the company you're currently involved with,<br>
or the online program you're working.</p>
<p>Or, maybe you're just tired of your J.O.B. (Just Over Broke).</p>
<p>
I'm just going to come right out and ask you.</p>
<p>
<font color=3D"#FF0000">IS IT WORKING FOR YOU?</font></p>
<p>
Are you fed up with the LIES and the Get Ri*ch Quick Sch*emes,<br>
Or tired of working to put mo*ney in someone ELSE'S pocket?</p>
<p>I know how you feel. I have been there too.</p>
<p>There is HOPE.</p>
<p>
If you're ready to make some real mo*ney and work with a real </p>
<p>
Heavy Hitter, Follow Me! I help my downline. In fact,</p>
<p>
this mai*ling is for them:-) I will do it for YOU TOO!</p>
<p>Cl*ick The "Help Me Succeed Lisa Below to get started now</p>

<a href=3D"http://xoomaworldwide.com/lisalisa"><font color=3D"#FF0000">Help
=
me Succeed Lisa!</font></a><br>
<a href=3D"http://xoomaxooma.com"><font color=3D"#FF0000">Visit our Support
=
Site for Testimonials</font></a><br>

<br><br>
Moonlit Enterprises<br>
POB 2726<br>
La Pine, OR<br>
97739<br><br>

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br>
If you no longer wish to share infomation,<br>
and followup from me, please re*ply with NoThankYou in the subject,<br>
or click this self re*moval link: mailto:moonlit_removes@walla.com?subject=
=3DNoThankYoualpha<br><br>

<font color=3D"#FF0000">W*ARNING: There will be a $500 fine PER INCIDENT
for=
 False Sp*am accusations,<br>
resulting in loss of bu*siness for us. This is a serious offense.<br>
All of our ma*iling files include recipients ma*iling address, telephone,
me,<br>
and IP address at the time they requested more information from a 3rd party
=
vendor.<br>
Can and will be provided upon request.<br>
To find out what sp*am IS and what sp*am is NOT, please visit:<br>
<a href=3D"http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.htm">Federal
=
Can Sp*am Act</a><br>
We do NOT ha*rvest e*mails, use false headers, mislea*ding subjects, and we
=
do<br>
provide re*moval instructions. This is NOT SP*AM.<br>
I am a real person helping real people everyday. Please just hit your
de*let=
e key or follow re*moval info<br>
if not interested.</font>
<br>
Please be patient, it may take up to 24 hours for me to receive your
request=
.<br>
Thankyou,  ALL requests honored.<br>

</font></b>

</BODY>
</HTML>

Re: intimidation from spammer

[mouss <us...@free.fr>]

Rob McEwen a écrit :
> Mouss said:
> 
> 
>>...or you serve other people.
> 
> 
> Don't mean to change the subject... but I do provide e-mail services for
> other companies... should I have something in writing from them making me
> explicitly NOT to be held liable or legally responsible for blocking
> messages that I deem as spam? Any suggestions there? (I confess, I haven't
> given this much thought!)
> 
> 

if you are serving other people, you must at least inform them that not
all mail is accepted (you don't want them to sue you if they loose a
very important contract because of filtering). if they don't agree, you
need to deliver all mail. unless of course that uses too much resources,
in which case you can rediscuss that with them (and possibly asking'em
to pay for the "effort"). but it wouldn't be good to block mail without
recipient consent, and it is unacceptable to block mail without
recipient knowledge.

>>If in doubt, you can click on their link to opt out (that will confirm
>>the address. so what? the address already gets a lot of spam!).
> 
> 
> Of course, but that is besides the point.

well, that would give you a kind of proof if they later sue you.

> 
> If I were merely annoyed at having received this e-mail, I'd have blocked
> them locally and stopped there. But where/when appropriate, I prefer to
> punish spammers more so than to accommodate them. (But of course I also
> don't want to punish legit marketing e-mail that really was subscribed to.)
> 

Punishing spammers is a lot of work.

> Moreover, I think this might be a "textbook example" of a situation where
> this former employee probably did subscribe to something years ago where
> there was a "receive special offers from partners" checkbox... next thing
> you know... this e-mail address was sold and passed around to many
> spammers... many of whom live in that slimy gray area where it is more
> difficult to classify one way or the other.
> 

This is indeed a "classical" example. the other being: I register to
some list/service/whatever. then after sometime, I no more want to get
their mail.

This is why the use of disposable addresses should be encouraged and
made easy in mail setups (users should be able to "get" a disposable
address for use in some "realm").

> One solution to all of this is to have some kind of legal standard where
> opt-ins that are "passed" to a 3rd party expire after X number of months
> unless reconfirmed... and, of course, this passing of an address to a 3rd
> party is a questionable practice to begin with, even if the client left that
> checkbox checked on that form they filled out... probably 5 years ago!
> 

Unfortunately, this is too complex for both users and marketers. you can
hardly enforce your rules once you gave the address. As far as addresses
are just a way to reach the destination (they contain no information on
source, preferences, ... etc), you can't control the situation.

RE: intimidation from spammer

[Rob McEwen <ro...@powerviewsystems.com>]

Mouss said:

>...or you serve other people.

Don't mean to change the subject... but I do provide e-mail services for
other companies... should I have something in writing from them making me
explicitly NOT to be held liable or legally responsible for blocking
messages that I deem as spam? Any suggestions there? (I confess, I haven't
given this much thought!)

>If in doubt, you can click on their link to opt out (that will confirm
>the address. so what? the address already gets a lot of spam!).

Of course, but that is besides the point.

If I were merely annoyed at having received this e-mail, I'd have blocked
them locally and stopped there. But where/when appropriate, I prefer to
punish spammers more so than to accommodate them. (But of course I also
don't want to punish legit marketing e-mail that really was subscribed to.)

Moreover, I think this might be a "textbook example" of a situation where
this former employee probably did subscribe to something years ago where
there was a "receive special offers from partners" checkbox... next thing
you know... this e-mail address was sold and passed around to many
spammers... many of whom live in that slimy gray area where it is more
difficult to classify one way or the other.

One solution to all of this is to have some kind of legal standard where
opt-ins that are "passed" to a 3rd party expire after X number of months
unless reconfirmed... and, of course, this passing of an address to a 3rd
party is a questionable practice to begin with, even if the client left that
checkbox checked on that form they filled out... probably 5 years ago!

--Rob McEwen

Re: intimidation from spammer

[mouss <us...@free.fr>]

Rob McEwen a écrit :
> I have an e-mail address of a former employee of a client of mine that I use
> (with permission) to monitor spam since this address receives MUCH spam. Of
> course, it is within the realm of possibility that some of this was actually
> subscribed to, but most of it is spam. Therefore, this account has value to
> me, but is not to be confused with a real spam trap.
> 
> Today, this address received a spam which claimed that it was subscribed to,
> but it...
> 
> (1) looks spammy
> 
> (2) contains spammy obfuscation... if they are so legit, why do they have to
> obfuscate? That has always been a red flag
> 
> (3) and... the spam contains threats to anyone who might blacklist them (and
> I take offense at the tone of these threats... especially since the text of
> the actual thread is full of obfuscated words... wouldn't you take offense?)
> 

That's yet another spam sign! honest companies don't make such threats.

> Of course, if my recipient address was a true spamtrap address, this would
> be a no-brainer... but since it wasn't a true spamtrap address, am I
> actually putting myself at legal risk if I were to list this spammer on
> SURBL and URIBL?
>

If your network is private, you can block anyone, unless you have a
contract that says otherwise or you serve other people.


> Also, another idea is to contact them and challenge them to provide the IP
> address and date/time stamp of the supposed request from my client's former
> employee. If the date/time stamp they provide is **recent**, they'd be
> caught "red handed" as well... but the problem here is that I would then
> have provided this e-mail address to the spammer for listwashing...
> something I'm reluctant to do.
> 
> Any comments/suggestions welcome!

If in doubt, you can click on their link to opt out (that will confirm
the address. so what? the address already gets a lot of spam!).

Re: intimidation from spammer

[Loren Wilton <lw...@earthlink.net>]

Personally I'd forward it to the FTC/FBI and let them decide if this is
mabye spam.

    Loren

Re: intimidation from spammer

[mouss <us...@free.fr>]

Rob McEwen a écrit :

> and followup from me, please re*ply with NoThankYou in the subject,<br>
> or click this self re*moval link: mailto:moonlit_removes@walla.com?subject=
> =3DNoThankYoualpha<br><br>
> 
> <font color=3D"#FF0000">W*ARNING: There will be a $500 fine PER INCIDENT
> for=
>  False Sp*am accusations,<br>
> resulting in loss of bu*siness for us. This is a serious offense.<br>

Note that they say ".... false spam accusation". blockig isn't an
accusation. Many people block dynamic IPs. They don't mean users of
dynamic IPs are criminals!

Also, $500 isn't much. I would even go and really accuse them of spam,
just to see. Just provide a rejection message that refers to a web page
which states that

- spam attempts risk a $50K fine
- some of the addresses you accept mail for are delivered to children
(so they are responsible for controlling the content or getting the
parents consent)
- mail to your site is delivered to many countries and many states (so
they can be sued even if they send from other countries if the recipient
happens to be in their country)

Re: intimidation from spammer

[Jeff Chan <je...@surbl.org>]

On Saturday, March 4, 2006, 6:29:27 AM, Rob McEwen wrote:
> I have an e-mail address of a former employee of a client of mine that I use
> (with permission) to monitor spam since this address receives MUCH spam. Of
> course, it is within the realm of possibility that some of this was actually
> subscribed to, but most of it is spam. Therefore, this account has value to
> me, but is not to be confused with a real spam trap.

> Today, this address received a spam which claimed that it was subscribed to,
> but it...

> (1) looks spammy

> (2) contains spammy obfuscation... if they are so legit, why do they have to
> obfuscate? That has always been a red flag

> (3) and... the spam contains threats to anyone who might blacklist them (and
> I take offense at the tone of these threats... especially since the text of
> the actual thread is full of obfuscated words... wouldn't you take offense?)

> Of course, if my recipient address was a true spamtrap address, this would
> be a no-brainer... but since it wasn't a true spamtrap address, am I
> actually putting myself at legal risk if I were to list this spammer on
> SURBL and URIBL?

FWIW Outblaze already blacklisted this domain on ob.surbl.org.

Jeff C.
-- 
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/