Dear David,
I am an attorney in California. Our firm represent ISPs and have begun to
actively pursue SPAMMERS under the California fraud laws and the Federal Can
SPAM act. I have been following yours and your colleague's messages on
[SURBL-Discuss]. Our primary problem is identifying SPAMMERS in a way that
we can start a federal action against them. "Redirect" problems add to our
other problems of identifying SPAMMERS. Currently we are trying to Identify
defendant's by tracking them to the retail site they represent. We then
include the owner of the retail site, the registrar of the domain (in almost
every case this is YES NICK LTD), and any technicians we identify along the
way. Ignore the arguments you have heard about what can and cannot be
brought under the current law - I really think this has been produced by
attorneys who are defending SPAMMERS to get ISP's and federal/State
prosecutors not to bring actions, or to set up some kind of future defense.
I am looking for any help you or your associates might be able to provide.
I realize you must be skeptical. Therefore you can check my credentials at
the CA State Bar site (look it up on google) by doing an attorney search on
my name - Richard Grabowski. I am located in Eureka, CA. In addition to
being an attorney I have over 30 years experience as a technician in the IT
and Telecommunications industry. I worked for GTE, DMR and BusinessEdge as
a senior enterprise architect.
I am looking for tools, freeware or paid, that help track domains, email
servers, senders, etc. Anything that will help identify the actual source of
the SPAM in a quick and efficient manner. I am working with high end
technicians that have extensive experience in this area, but I am always
looking for more help.
We will bring actions against SPAMMERS in foreign countries. We do not
actually expect them to respond to a federal complaint, so we will end up
with default judgments. These are relatively cheap to pursue. We will then
try to make a deal with the legal agencies in the foreign country, a
percentage, to try and recover on the judgment. This may eventually make it
too expensive for the SPAMMERS to continue, or it may incent the local legal
agencies to actually pursue the SPAMMERS, rather than protect them.
As I have said we are actively pursuing this tactic now. I am hoping that
you and your colleagues will want to help. The enforcement of SPAM laws is
currently being left to the FTC and State prosecutors. These agencies have
little or no budget to pursue these activities. I unfortunately believe
that the laws were set up limiting enforcement primarily to the FTC in order
to prevent any real prosecutions. This is a tactic of some politicians to
support their contributors without actually having to oppose legislation.
In this case it has made enforcement of the SPAM laws very unlikely. The
only case I know of is a joint action by the FTC and CA State Atty Gnl.: FTC
and People of CA v. Optin Global, Inc. and Vision Media Limited, Corp. You
can find the federal filing at:
http://www.ftc.gov/os/caselist/0423172/050413comp0423172.pdf
We are using this filing as the template for our filings.
If you can help I would really like to hear from you.
Thanks,
Richard Grabowski
rgrabows(a)pacbell.net
W - 707 441-1487
C - 707 771-9585
Good day, all,
(Summary - the sa-blacklist content is moving to new machines. If
you're downloading any of the 15 versions of this list, you'll need to
change the hostname you use in your download; see "What you need to do"
below for instructions.)
I had a chat with my ISP last week. They've known for a long time
that the bandwidth spike at the top of very hour was my web server, but
since they knew the sa-blacklist was hosted there and it was a public
service project, they told me not to worry.
Fast forward to last week. *smile*
When I asked this new contact what amount of bandwidth my hosting
contract would normally allow and how much bandwidth I'd actually been
using over the last few months, he told me that I should be around
10G/month, but I've been using 1000G/month. Woah. Luckily, he wasn't
asking me to pay 100X my current contract. *smile*
They really have been great about it (I mean that sincerely), but
both they and I know that's an unreasonable drain on their bandwidth and
unfair to the other customers. To fix that, I'm transitioning the content
to new machines with more available bandwidth.
I owe a heartfelt thanks to Raymond, David, Panagiotis, Rob, Wim,
Jeff, and Chris for offering to host the content at no cost on much faster
lines than mine and offering suggestions on how to make the process more
efficient. Their generousity makes it possible for me to continue
providing this content.
==== What you need to do ====
I've already set up new hostnames (*) from which the sa-blacklist
files can be pulled. If you're getting any sa-blacklist files over http,
please change the hostname you use to "www.sa-blacklist.stearns.org". If
you are using rsync to pull content, please use
"rsync.sa-blacklist.stearns.org". If you're using ftp, please use
"ftp.sa-blacklist.stearns.org". In other words, the exact same content
should be viewable at
http://www.sa-blacklist.stearns.org/sa-blacklist/ftp://ftp.sa-blacklist.stearns.org/pub/wstearns/sa-blacklist/rsync://rsync.sa-blacklist.stearns.org/wstearns/sa-blacklist/
(although this last one is commonly used by the rsync application
and won't work in a web browser.)
There's a real benefit to you in taking the time to make this
switchover. My server was getting pegged for multiple minutes at the top
of the hour, so you'll find your downloads are much faster. Because of
the way the files are distributed, the content on the mirrors should
always be as current as the ones on the main server.
At some point in the near future, I'll be limiting access to or
completely shutting down the old URLs, so it's to your advantage to
switch over sooner rather than later. *smile*
I'd sincerely appreciate it if you could check any automated
download scripts or cron jobs and point them to these new hostnames.
Sorry for the inconvenience, but because these URL's are only used for
this content, you won't need to make this change again.
As one last suggestion, you might want to consider using the
ws.surbl.org dns lookup service which performs the same checks as
sa-blacklist.current.uri.cf , but _much_ faster and with a _lot_ less
memory. More information about this dns-based service is available at
http://www.surbl.org/ .
Cheers,
- Bill
* These aliases will transparently pick a random server out of the
available machines, spreading out the load. As more mirrors come online
you'll be sent to them automatically.
---------------------------------------------------------------------------
(Referring to the 32 bit system that feeds out files for
kernel.org) "We learned that the Linux load average rolls over at 1024.
And we actually found this out empirically."
-- Peter Anvin
--------------------------------------------------------------------------
William Stearns (wstearns(a)pobox.com). Mason, Buildkernel, freedups, p0f,
rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org
--------------------------------------------------------------------------
Greetings:
sc2.surbl.org and xs.surbl.org are not mentioned on
http://www.surbl.org/lists.html
What's the criteria for being listed in these two new ones?
Are there any changes to implementation and usage of them?
Thank you.
The attached email hit URIBL_OB_SURBL -- it's a normal marketing email
from EmigrantDirect.com, for which I signed up at the recipient email
address. I've never seen any spam from EmigrantDirect.
Please check into this OB entry ... should probably be removed.
Bob Menschel
This is a forwarded message
From: EmigrantDirect(a)emigrant.com <EmigrantDirect(a)emigrant.com>
To:
Date: Tuesday, September 20, 2005, 5:05:54 PM
Subject: Rate increase - EmigrantDirect races to 4.0% APY
===8<==============Original message text===============
Return-path: <return(a)fire2.sumnet.com>
Envelope-to: emigrant(a)menschel.net
Delivery-date: Tue, 20 Sep 2005 17:13:34 -0700
Received: from pascal.ctyme.com ([69.50.226.20])
by newton.ctyme.com with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.52)
id 1EHsEq-0004hA-9k
for emigrant(a)menschel.net; Tue, 20 Sep 2005 17:13:30 -0700
Received: from mail by pascal.ctyme.com with ctyme-spam-scanned (Exim 4.52)
id 1EHsEm-00061R-ND
for emigrant(a)menschel.net; Tue, 20 Sep 2005 17:13:27 -0700
Received: from broadcast5.sumnet.com ([206.139.137.83] helo=sumnet.com)
by pascal.ctyme.com with esmtp (Exim 4.52)
id 1EHsEl-0005yz-JW
for emigrant(a)menschel.net; Tue, 20 Sep 2005 17:13:23 -0700
Received: (from return@localhost)
by sumnet.com (8.11.7p1+Sun/8.11.7) id j8L05s917331;
Tue, 20 Sep 2005 20:05:54 -0400 (EDT)
Date: Tue, 20 Sep 2005 20:05:54 -0400 (EDT)
Message-Id: <200509210005.j8L05s917331(a)sumnet.com>
From: EmigrantDirect(a)emigrant.com
Subject: Rate increase - EmigrantDirect races to 4.0% APY
Bcc:
X-Sumid: H0000AE4
X-Mailer: Email Broacaster 1.2
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="-----00000AE3_0000001A_4330946D_000835SUM.ALT"
X-Mail-from: return(a)fire2.sumnet.com
X-Spamprobe: neutral ***** 0.3518373 OK
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on pascal.ctyme.com
X-Spam-Level: **********
X-Spam-Status: Yes, score=10.4 required=5.0 tests=CT_APPLY,HTML_40_50,
HTML_MESSAGE,LINK_PHRASE,MAILTO_LINK,MISSING_HEADERS,NO_FEE,
NO_REAL_NAME,URIBL_OB_SURBL autolearn=no version=3.0.4
X-Spam-Report:
* 1.0 NO_REAL_NAME From: does not include a real name
* 2.0 LINK_PHRASE Phrase within link
* 1.0 MISSING_HEADERS Missing To: header
* 1.0 NO_FEE BODY: No Fees
* 0.1 CT_APPLY BODY: Apply for Something
* 0.0 HTML_40_50 BODY: Message is 40% to 50% HTML
* 1.0 HTML_MESSAGE BODY: HTML included in message
* 1.0 MAILTO_LINK RAW: Includes a URL link to send an email
* 3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
* [URIs: emigrant-direct.com]
X-Spam-filter-host: pascal.ctyme.com - http://www.junkemailfilter.com
X-Spam: [SPAM] - LOW
X-Spam: [SPAM] - LOW
[INLINE]
We are pleased to announce that effective today, Tuesday,
September 20, your American Dream Savings Account from EmigrantDirect
now yields 4.0% APY, the highest rate in the country with no fees and
no minimums, FDIC insured. Responding immediately to the most recent
news from the Federal Reserve, EmigrantDirect is pleased to be able to
offer this unmatched rate to our loyal customers.
You may wish to take this opportunity to put all your available funds
to work for you. If you have deposits earning less interest at other
institutions, now is a good time to consolidate those savings at
EmigrantDirect. Electronic transfers into and out of your account are
free and our new 4.0% APY is guaranteed through December 31, 2005
(subject to upward adjustments only).
Additionally, we are also pleased to announce the upcoming launch of a
no-fee credit card from EmigrantDirect offering the highest cash back
rebate in the country on all your purchases - from the first dollar
spent on your card to the very last. This revolutionary credit card
featuring platinum-level benefits will be offered only to
EmigrantDirect customers and be available before yearend. Cash back
amounts will be deposited into your American Dream Savings Account
automatically not once, but twice a year for added convenience. If you
would like to be sent a priority invitation to apply for the card once
it becomes available, please send a quick email with your name and
email address to [1]emigrantdirect(a)emigrant.com. We hope that you will
become a cardholder and discover yet another way that EmigrantDirect
serves and rewards its customers with outstanding value.
Sincerely,
[INLINE]
Howard P. Milstein
Co-Chairman, President and CEO
Emigrant Savings Bank
Emigrant Bancorp, Inc.
[INLINE]
Subject to applicable terms and conditions and account disclosures as
set out at EmigrantDirect.com.
No minimum balance required. All rights reserved.
You are receiving this email in accordance with the terms and
conditions of your account with EmigrantDirect. If you do not wish to
receive general informational or promotional emails from
EmigrantDirect about products and services that might be of interest
to you, [2]click here.
References
1. mailto:emigrantdirect@emigrant.com
2. mailto:emigrantdirect@emigrant.com?subject=Unsubscribe
===8<===========End of original message text===========
Hi,
AddictionReport (dot) com is listed in ws & jp, however, I just
received a legit mail including a (supposedly pay) advertisement by
them.
The mail is Randy Cassingham's newslatter "This is True"
(http://www.thisistrue.com/), which includes plain text advertisement,
and one of these hit badly.
The advertisement read like this:
----------==========**********O**********==========----------
HOW CAN ANYONE BE SUCH AN IDIOT? What's the connection between suicide
bombers, New Orleans thugs, half the people you read about in This is
True, financial abuse, emotional abuse and the need to blame everyone
else for one's problems? Doug Thorburn explains destructive behaviors
and more, including how to AVOID being caught up in their games.
Fascinating books, FREE monthly Addiction Report newsletter:
http://www (dot) AddictionReport (dot) com
----------==========**********O**********==========----------
Regards.
--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com
Good afternoon, all,
(One kind responder said)
>> Try to get people to grab the file at different
>> times, not all at the same time of the hour.
>
> Not that Jeff mentions it, I'm now fearful the hourly surge would tax my
> server too much at certain moments???
>
> Is there any way that these updates could be spread out more?
I actually tried to do that from day 1. The instructions on the
web site encouraged people to put in a random pause in the cron line
before downloading. It's a little hard to tell whether people are doing
that or not, as I'm pegging the line starting at the top of the hour for a
number of minutes. :-)
Cheers,
- Bill
---------------------------------------------------------------------------
Weinberg's Law: If builders built buildings the way programmers
wrote programs, then the first woodpecker that came along would destroy
civilization.
(Courtesy of David E. Vandewalle, vandewal(a)prairienet.org)
--------------------------------------------------------------------------
William Stearns (wstearns(a)pobox.com). Mason, Buildkernel, freedups, p0f,
rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org
--------------------------------------------------------------------------
Good day, all,
I'm running into a problem with the sa-blacklist content I host at
http://www.stearns.org/sa-blacklist/ . The box (*) is hosted at pa.net, a
colo facility once employing a good friend. A new guy was going over the
bandwidth stats and noticed that that machine hogs the available bandwidth
on its ethernet segment for a few minutes after each hour as people
download the sa-blacklist.
I asked him what kind of bandwidth he'd ideally like that system
to use, and how much I'm using at the moment. I should be using around
10G/month. I'm currently using 1TB/month. Oops.
I'm not in imminent danger of being kicked off their cable, but
both they and I agree that I need to do something differently. I could
put another physical box at another ISP with unlimited bandwidth, but I'm
already paying around $1500/year to host the site, and am reluctant to
double that. Because that box hosts 27 virtual machines, moving it is a
project that would need a few months of lead time to arrange, and would be
a nightmare in itself.
It would be great if someone already has enough bandwidth to host
the content on a different cable, but I think people with a terabyte/month
to spare may be rare. *smile* If you've got some bandwidth you could
share, would you consider doing round-robin with me with the content? 10
sites spreading the load would have 100GB/month, or an average of about
300 kilobits/sec. 20 sites sould be half that each, and so on.
I'd need to upload content via rsync over ssh. The actual content
is published via web, rsync, and ftp, although I could easily set up
www.sa-blacklist.stearns.org for the sites willing to share over http,
rsync.sa-blacklist.stearns.org, for the sites willing to share over rsync,
and ftp.sa-blacklist.stearns.org.
If you can spare some bandwidth, please respond. Let me know what
you can spare in average kilobits/sec. That way, if only 10 people
respond and one of them can provide 100 kilobits/sec, I'll know not to
include that person in the mirror until I can get 30 people.
If you can take part, I'd be forever grateful. *sincere smile*
Cheers,
- Bill
* http://www.stearns.org/slartibartfast/uml-coop.current.html
---------------------------------------------------------------------------
(Referring to the 32 bit system that feeds out files for
kernel.org) "We learned that the Linux load average rolls over at 1024.
And we actually found this out empirically."
-- Peter Anvin
--------------------------------------------------------------------------
William Stearns (wstearns(a)pobox.com). Mason, Buildkernel, freedups, p0f,
rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org
--------------------------------------------------------------------------