Aunty Spam's <br> Slam a Spammer Blog Aunty Spam's Slam a Spammer Blog - Great Stories from the World of Spam en Should Aunty Spam Include Audio in Her Blog? <br /> Dear Gentle Readers,<br /> <br /> Aunty is considering including audio on her blog.<br /> <br /> In fact, Aunty is considering letting <u>you</u> include audio on her blog, by calling on your telephone, and posting an audio post.<br /> <br /> What do you think? Do you like this idea?<br /> <br /> Here is a sample:<br /> <br /> <a href=""><img src="speaker.jpg" width="50"><br>Click here to listen</a><br /> <br /> Kissy kissy,<br /> <br /> Aunty Update on Richter versus World <br /> According to public sources, Scott Richter, who is being sued by New York State Attorney General Eliot Spitzer, and Microsoft, has stated that he is close to reaching a settlement with Spitzer. On the other hand, he says that talks with Microsoft "haven't progressed as far".<br /> <br /> And more than one inside source has told Aunty that they don't expect that Richter's lawsuit against SpamCop, and their parent company Ironport, will be around for very long either.<br /> <br /> Aunty's advice to Mr. Richter is "Run, Forrest, Run"; now is the time for him to ComeCleanRealBig, and give up his spamming ways - all of them, and make an honest man of himself. Agreeing to comply with CAN-SPAM isn't enough - Richter could become the poster child for "going straight and still Making Money Fast" by becoming the King of Confirmed Opt-In, instead of spam. Imagine it.<br /> <br /> <b>Scott Richter SitsTightRealBig</b><br /> <img src="sricht.jpg"><br /> <br /> So, Mr. Richter, wherever you are - if you are reading this - and I'm sure that you are, do it! Like the reformed car thief who becomes a crime risk consultant to the auto industry, you could truly parlay this into a kinder, gentler high volume email deployment business.<br /> <br /> Kissy kissy,<br /> <br /> Aunty Spam 419ing the 419er: In Which a Nigerian Scam Artist is Scammed <br /> Is there anyone here who hasn't been at least a little curious at one time or another - what <u>would</u> happen if someone actually responded to one of the Nigerian 419 scam emails - you know, the ones where the spammer contacts you claiming to represent the fortunes of a deposed ruler, of a deceased distant relative of your own, or of their own dearly departed?<br /> <br /> What would happen if you actually came out to play?<br /> <br /> Well, one person found out recently, responding "just to see", and before you could say "Miriam Abacha", he found himself $39,000 richer - for a while.<br /> <br /> Read how <a href="">here</a>.<br /> Curiouser and curiouser - Scott Richter RejectedRealBig by Ironport's Bonded Sender Program <br /> From the "things which make you go hmmmm...." department, it turns out that Scott "I am a legitimate businessman who is also the King of Spam" Richter, who is suing Ironport Systems over their listing of his IP addresses in their SpamCop anti-spam database, also applied to participate in Ironport's Bonded Sender Program, which was today announced as being implemented by Microsoft, and was roundly rejected. This reported by <a href="">InformationWeek</a>.<br /> <br /> Richter is almost certainly in a position to provide whatever bond Ironport may demand to participate in their Bonded Sender Program, so their rejection of his request to participate is unlikely to be a case of "he wouldn't pay the size of the bond we deemed necessary for someone with his spamming history."<br /> <br /> This adds an interesting dimension to Richter's lawsuit against Ironport, as he may be able to allege that Ironport is functioning as a gatekeeper to the Internet - or certainly, given Microsoft's announcement today, to a substantial portion of it. Not only are they facilitating the blocking of his email (and most likely rightly so), but they won't give him any remedy for the email which he is prepared to bond to prove it is legitimate and wanted. Furthermore, he can claim that even if he wants to go completely legitimate, he is <b>being kept</b> from going legitimate, because he is being prohibited from participating in programs which would allow him to rehabilitate his image (or at least his IP addresses), and to get any legitimate mail delivered.<br /> <br /> And hey, if someone really cares about stopping spam, and cares about wanted email getting through, then what more perfect set up than providing both the stick to use against the spam, and the carrot to facilitate good email getting delivered - why not let Richter pay handsomely to get his legitimate mail through (if there is any) while causing all of his spam to be blocked?<br /> <br /> If all of these things are, in fact, the case, then the question which is begged is this: should any one (or two) entities have the power to keep someone from sending any email at all, even completely legitimate email, to a significant sector of the Internet? If Microsoft is indeed going to only accept bulk mail which comes from a Bonded Sender listed IP address, and Ironport is going to refuse to allow certain senders to list themselves with Bonded Sender even with the money guarantee that only legitimate mail will be sent through those IP addresses, then ... well ... we're back to our old friend Aunty Trust. Of course, if this is the case, Microsoft's MSN and Hotmail users will probably bail to other, less megalomaniacal and more reasonable ISPs, and the whole thing will become moot.<br /> <br /> Microsoft and Ironport's Bonded Sender: Good Sense, or Unholy Alliance? <br /> The industry is abuzz with today's announcement by Microsoft that they are "implementing Ironport's Bonded Sender program" - whatever <u>that</u> means. For those of you not familiar, Bonded Sender is one of the whitelists out there - bulk email senders can post a bond to guarantee that the email they send is not spam, and get their IP addresses listed in the Bonded Sender database. If they then send spam from those IP addresses, their bond can be debited for the infraction. This way receiving systems such as ISPs (such as Microsoft) can accept that email and know with some certainty that it is wanted email, and not spam. (As an aside, given that this site is sponsored by ISIPP, I'd be remiss if I didn't mention that ISIPP's Accreditation Database, "IADB", another list of IP addresses which allows email recipients to check on the background of a sender, also tells the receiving system whether someone participates in Bonded Sender, along with a host of other useful information unique to IADB. Meaning that MS, and anyone else, can get that <u>same</u> information, and much more, with a lookup to IADB. And for free. <a href=""></a>)<br /> <br /> But I digress.<br /> <br /> There are, of course, any number of things that "we are implementing Ironport's Bonded Sender program" <u>could</u> mean.<br /> <br /> Does it mean that they are going to <b>only</b> accept bulk email if it comes through an IP address listed in the Bonded Sender database? That would be a <u>huge</u> mistake, and while it would put the hurt on bulk mailers in the short term, in the end it would likely backfire, and cause MS to lose lots of users - users who can no longer get mailing list email they want because the sender won't kowtow to the MS/Ironport triumvirate (you figure out who the third party is). One might even imagine that there could be the possibility of anti-trust raising its ugly head, if we didn't know that Microsoft would never...<br /> <br /> Or does it mean, as some industry insiders speculate, that MS is about to acquire Ironport, lock, stock, and Bonded Sender? That makes a lot more sense than some might think, even though this move <u>did</u> raise Ironport's bank, particularly as the founder of Ironport was some single-digit-numbered employee at Hotmail. There is definitely already an MS/Ironport bond (no pun intended), and this may well turn into the Microport Bonded Blender program.<br /> <br /> Then again, perhaps it means that MS has been throwing away a lot of email babies with their spam bathwater, and, much as in the inimitable way in which they "announce" a security patch as a big deal without actually first announcing the problem which they created in the first place which the patch is supposed to fix, this announcement is nothing more than "we're going to use Bonded Sender so that we <b>stop</b>throwing away good email which our users actually want.<br /> <br /> Or, is this just one more text-based photo-op for Microsoft, sending out yet one more press release which, once the world really understands what it means, will lead to a collective "so what?", not unlike their <u>huge</u> announcement recently that they had sued some spammers along with AOL, Earthlink, and Yahoo - that release amounting to "hey, we're still doing what we said we'd be doing three months ago", with a collective response which was indeed "so what?".<br /> <br /> So, you decide: Microsoft and Bonded Sender - good sense, or an unholy alliance?<br /> Dear Aunty Spam: Spam with No Unsubscribe Link - What to Do? <i><br /> <br /> Dear Aunty Spam,<br /> <br /> I am getting a LOT of spam that doesn't give you the option to unsubscribe. Is there anything I can do about it, with the new laws that are effective now?<br /> <br /> Kim<br /> <br /> </i><br /> <br /> ---<br /> <br /> Dear Kim,<br /> <br /> Aunty is very sorry to hear that you are getting spam from people who are so rude as to not include an unsubscribe link, let alone a functioning one. It is so unmannered and impolite, that even though I like to think myself a gentle and moderate soul, it really gets my dander up. Why, it causes me to think that there should be even stricter laws against spam, ones where the penalty is "use a spam, get the chair"!<br /> <br /> But that doesn't help you right now.<br /> <br /> The law is indeed that there must be clear, functioning unsubscribe links in commercial email, especially mailing list mail. However, as we all know, if spam is outlawed, only outlaws will use spam. So what's a gentle reader such as yourself to do?<br /> <br /> Complain.<br /> <br /> The first place to which you should complain is the Federal Trade Commission. They are the primary agency vested with enforcement of the new Federal CAN-SPAM anti-spam law. They want your spam. They <u>love</u> your spam. They have a refrigerator full of spam.<br /> <br /> So forward your spam to <a href=""></a>. And in case you haven't read all of Aunty's previous columns (and really, you should), let me remind you that address harvesting - the act of taking an email address from a web page such as, oh, say, this one, is illegal. But I'd sure like to see some spammer harvest the email address <a href=""></a> and send spam to <a href=""></a> because that would mean that when the spam went to <a href=""></a> the FTC could really nail them for harvesting the address <a href=""></a> and sending spam to <a href=""></a>. <br>P.S. --->><<---harvest here<br /> <br /> After sending your spam to the FTC, if you are feeling really motivated, you can read the fine print in the spam's header information to determine from where the spam <u>really</u> originated, and complain to the ISP who is hosting the spammer. That may get the spammer's Internet access turned off. <br /> <br /> Next, you can contact your State Attorney General's office to find out with whom you can file a complaint at your state level, because CAN-SPAM allows State Attorney Generals to sue spammers who violate CAN-SPAM. In fact, <u>your</u> ISP can sue them too.<br /> <br /> Finally, once you have done some or all of these things, delete the spam, and be grateful for small favours - such as the fact that the spam did not contain a <b>bogus</b> unsubscribe link, which when you clicked it, rather than unsubscribing you, alerted the spammer to the fact that they had a warm body at the other end of the line.<br /> <br /> And for goodness sake, get a better spam filter!<br /> <br /> Kissy kissy,<br /> <br /> Aunty Spam<br /> <br /> <br /> Dear Aunty Spam: Love/Hate Relationship with WinXP SP1 <i><br /> <br /> Dear Aunty Spam, <br /> <br /> Time and again I have heard and read that after one installs WinXP SP1, there is a 20% to 40% chance it will damage your computer in one way or another. I did install SP1 in my computer and it crashed. I had to use a floppy to get it started, and then I ran System Restore. It worked, but I am still out SP1, and it seems that SP1 is important to install. So, now what? I really like your blog. I've learned a lot from it. Thanks!<br /> <br /> Matthew<br /> </i><br /> <br /> ---<br /> <br /> Dear Matthew,<br /> <br /> Thank you for your kind words! Even though Aunty is not a Windows expert, but rather a spam expert, your lovely note moved me to do some research on your behalf.<br /> <br /> The WinXP SP1 (Service Pack 1) was released in September of 2002. Aunty hopes that you have only recently installed your WinXP, and that you haven't been having unprotected WinXP for a year and a half!<br /> <br /> Shortly after the release of WinXP SP1, users started to complain that SP1 was making their computers run extremely slowly; many others complained that their systems started crashing, or refused to start at all, after installing SP1. So take heart, dear Matthew, you are not alone.<br /> <br /> Fortunately for those of you who are unlucky enough to have an XP system which doesn't play nice with SP1, Steve Gibson of Gibson Research developed XPdite, which patches the most horrific of the security holes which are supposed to be patched by SP1, without the nasty crashes. You can check out XPdite at <a href=""></a><br /> <br /> Now, go forth and patch your holes, and for gosh sakes make sure that you wear clean underwear in case you get into another accident!<br /> <br /> Kissy kissy,<br /> <br /> Aunty Spam New Sasser Virus Worm Attacks Windows Computers The newest of the sinsister worm types of viruses, Sasser, has attacked Windows-based computers around the world.<br /> <br /> Even more insidious than its earlier siblings, Sasser scans the Internet for computers with the Microsoft security flaw which allows it to do its dirty work, and then Sasser installs a copy of itself there. And <b>Sasser does not need the user to activate it by opening an email attachment, running a program, or anything else like that. It arrives and runs all by itself!</b><br /> <br /> Microsoft announced the security hole in the Local Security Authority Subsystem Service, and an update, last month, but many computers still have not been upgraded.<br /> <br /> Users can get more information about the Microsoft security hole and fix at:<br /> <a href=""></a><br /> <br /> Just one more reason why Aunty is happy to be using only OSX and other flavours of *nix and BSD.<br /> Dear Aunty Spam: Is the FTC Going to Come After Me? <br /> <i><br /> Dear Aunty Spam,<br /> <br /> I just read how the FTC has filed lawsuits against two different groups of email senders (spammers). If these really are spammers, more power to them! But I also read about how a private ISP sued Bob Vila! The man who does "This old house"! Some of my friends have even started putting their home mailing addresses in all of their email, because they say that a new federal spam law, called "CAN-SPAM", requires it!<br /> <br /> Is this right? Do I have to start putting my home mailing address in all my email? Is the FTC going to come after me if I don't? Can I be sued by an ISP if they don't like the email I send? <br /> <br /> Help! I only use email to talk to my family, friends, and online buddies, and I don't really want to tell everyone my home address!<br /> <br /> Signed,<br /> <br /> Worried Average User<br /> </i><br /> <br /> <p><br /> ---<br /> <p><br /> <br /> Dear Worried,<br /> <br /> The CAN-SPAM Act of 2003, which is the new Federal anti-spam (not to be confused with Aunty Spam!) law, only applies to commercial email. It does not apply to the private, personal email which you send (unless, of course, your private, personal email is sent for a commercial purpose, in which case you do need to be careful to comply with the CAN-SPAM Act. But that's another question for another day.)<br /> <br /> Generally speaking, if you use email only for personal use, and especially if you do not run any email mailing lists, then you don't have to worry about the provisions of CAN-SPAM. Similarly, nobody, including the FTC or an ISP, can use the CAN-SPAM act to sue you just because they don't like your email (but this does make Aunty wonder what kind of email you are sending!) You have to have violated the CAN-SPAM law, of which you are in no danger if the email you send is not commercial.<br /> <br /> So relax, write to your friends and online buddies all that you want, and remember, practice safe spam-filtering!<br /> <br /> Kissy kissy,<br /> <br /> Aunty Spam<br /> <br /> Questions may be submitted to Aunty Spam by sending email to "aunty at". Dog eat Dog: Scott Richter's OptInRealBig Sues SpamCop <br /> In a move which surprised many, but others not at all, Scott "I am a legitimate businessman" Richter, and his Evil Twin Scott "I am the King of Spam" Richter, of OptInRealBig, sued SpamCop and Ironport over a recent SpamCop listing of OptInRealBig. Ironport, manufacturers of the Ironport email sending appliance, and providers of the Bonded Sender service, recently purchased SpamCop for an undisclosed sum of money.<br /> <br /> In the lawsuit Richter, himself a defendant in a lawsuit by New York State Attorney General Eliot Spitzer, for ..gosh...whodda thunk it...spamming, accuses SpamCop of interfering with OptInRealBig's contracts and their potential revenue, and of defamation for calling a spammer, well, a spammer, and reporting them to their ISP, leading to their ISP cutting off their Internet access.<br /> <br /> The amount of damages alleged, "not less than $150,000" according to the complaint, is but a drop in the Kentucky Fried Chicken bucket compared to the amounts which Richter has claimed to pull in for even a single month's worth of his high volume email deployment services. Yet Richter complains that the issues with SpamCop started in <u>2003</u>, meaning that the issue has been going on for at least 4 months (and, let's face it, probably much longer), and yet then goes on to ask for injunctive relief, which is, particularly at the TRO stage, to be granted only if the plaintiff would suffer irreparable harm if the defendent wasn't forced to stop the offending behaviour <u>immediately</u>. <br /> <br /> So, let's see, the "issue" which OptInRealBig has with SpamCop has been going on for at least 4 months, but has cost Richter only a tiny fraction of his substantial income from, and yet all of a sudden <u>now</u> he complains about it, and <u>right now</u>, today, he needs injunctive relief. <br /> <br /> Something doesn't smell right in Denmark. Could it be that Richter needs to Lose Money Fast because he made so much money sending millions of pieces of spam per month that he Added 6 Inches to his tax bracket? <br /> <br /> Or perhaps he simply wants to Fire His Boss, and to Work From Home, and sees Ironport's recent multi-million-dollar infusion of VC cash as a quick way to achieve that end.<br /> <br /> Or, who knows, maybe he'll surprise us all, and show us that he's as educated and savvy about the legal system as he is about the female anatomy, and that he can demonstrate to a judge or jury that he's a clean, opt-in emailer just as easily as he can find a woman's clitorious. <br /> <br /> On the other hand, between Attorney General Spitzer's lawsuit against Richter, and the amount of perjury which would likely be necessary to make the suit against SpamCop stand half a chance, perhaps he'll just DoTimeRealBig.