The spam war is getting very personal indeed. While you can argue (even in court) over the definition of spam, some things obviously cross the line. Mass mailings on behalf of stock fraud, pornography, and phony merchant accounts clog the Internet and victimize anyone stupid enough to click on them. Dana tells you about a new case that begs the question: How far can a private individual go in driving a spammer out of business?
Last Friday I wrote about how the war over spam was heating up, with direct mail companies suing to get off the Realtime Blackhole list run by MAPS.
The day that story came out I got an email showing that, in some cases, the spam war is getting very personal indeed.
While you can argue (even in court) over the definition of spam, some things obviously cross the line. Mass mailings on behalf of stock fraud, pornography, and phony merchant accounts clog the Internet and victimize anyone stupid enough to click on them. The question this new case asks is how far can a private individual go in driving a spammer out of business?
Someone, who is keeping his or her identity a secret for now, obviously went pretty far. “Behind Enemy Lines” started early this year when a spammer doing business as Premier Services Inc. in Clarksville, Tenn., repeatedly forged a domain on his or her messages, causing someone untold grief.
Forging a domain is common among spammers who don’t want to deal with the anger of their victims. If someone else’s domain is the return address of the spam, that domain owner will get the angry notes and threats of cancelled ISP service intended for the spammer. The spammer doesn’t want return messages. The spammer wants victims to click a link inside the spam that eventually sends money out of their wallet and into the spammer’s.
The victim with the forged domain used hacking techniques to get inside the spammer’s computer and compile massive amounts of evidence of who the spammer was and what he or she was doing. By invading the spammer’s home computer, this victim caught the spammer in the act of spamming and retrieved a note sent about a spam-friendly ISP. The victim even found a picture of the spammer in the shower and splashed that on the web.
Our victim shared this new web site with the folks who fight spam in the news.admin.net-abuse.email (NANAE) newsgroup. Much of the reaction that followed the posting of the web site was anger at the spam-friendly ISP that was revealed to be doing business with the “dark side.”
Rodney Joffe of White Hat, who forwarded me this story, added that NANAE insiders have been following the victim’s adventures from the beginning and predicted that law enforcement action (along with the unmasking of our hero) will come soon.
The antispam community is broad and deep. Its members range from corporations who favor legislation and lawsuits against spammers to more extreme factions who think I’m in favor of spam to outright vigilantes.
The legal papers that finally emerge from the Premier Services case will make interesting reading. How far can a private party go to stop someone from spamming especially in the absence of a clear law that makes spam illegal?
Personally I’m thrilled that someone flushed out this spammer and brought all the spammer’s activities into the harsh light of day, but would I want this person in my computer? Would you like to risk this person coming into yours if he or she decides you’re against him or her? And what if the government was using these tactics?
Stay tuned.
