Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Spam

Dictionary Spammer Fined $55,000 for Spam Attack 184

Posted by michael from the small-price-to-pay dept.
Lawrence_Bird writes "In a first, a Japanese district court has ordered a spammer to pay restitution to NTT DoCoMo for abuse of their imode system. 'The damage caused by large amounts of e-mail not reaching their destinations should be covered by the sender,' said the judge. The fine is about $55,000 and was based on an estimated cost to NTT of 1.2 yen per undelivered spam ($0.01) for the 4 million spams that were undeliverable. What is most startling is NTT DoCoMo assertion that of the 950 million emails they receive each day, 880 million are not deliverable!"
This discussion has been archived. No new comments can be posted.

Dictionary Spammer Fined $55,000 for Spam Attack More

Dictionary Spammer Fined $55,000 for Spam Attack

Comments Filter:

  • Great (Score:5, Insightful)

    by captainclever ( 568610 ) <rj@NoSPaM.audioscrobbler.com> on Wednesday March 26, 2003 @09:10AM (#5597261) Homepage
    If only there were more rulings like this one, maybe it would make spammers think twice if they knew they could be fined.

    I want to see this guy fined per DELIVERABLE message aswell though.
    • I couldn't agree more. I would bet the only people that like spam either a) have some monetary gain to make off it, or b) like it served with a side of eggs and hash browns.
    • Shouldn't he be fined for what he did, and not loaded with huge fines just to set an example? The example to set for spammers is that every spammer will be prosecuted. There's no need to ruin the life of one in order to make him an example. Spammers, believe it or not, are people too, and though they made a bad decision they do not deserve to have their lives ruined with gigantic fines.

      How would you feel if you were jailed for jaywalking to set an example? People ought to be punished for what they did onl
      • The fine was based on the $ amount that the company had to absorb per message he sent that was to a bunk address. How is this unfair, they did not even fine him for spam that got through. Im sorry he is using someone elses resources to run his buisness the fine is more than fair..
      • It's called a punitive fine. It's a "never do this again, and we're making an example of you to others, so they won't do it either". And, just to note, he can always appeal the fine (hmmm... maybe. Not sure how Japanese courts work), and if the appeals court finds that the fine was too high, they can reduce or eliminate it.

        Kierthos
      • I am only sorry they didnt fine him for each delivered message. Spammers should first be fined, and possibly jailed for larger offenses. Especially in the case where the receiver will pay for the spam.
        They should certainly be prevented from engaging in such trade ever again - and given some stiff reasons not to.
        They are people too- so why cant they take responsibility for their actions. Its just governments and large corporations that get to complain about taking responsibility for their actions...
    • The problem with fining him for delivered messages, is that NTT DoCoMo is not injured in that case the person who received the message had to pay. So the person injured in this case is the person who received the message and had to 1.2 yen for the message.
      Now unless you have something like the USA fax law, you are probably would have hard time winning(IANAL).
      Also for your own sake it would take a large amount of messages before it would profitable to collect athat 1.2yen for each message.
    • Don't really get your hopes high.
      This happened in Japan and i-Mode is a telephone service for which customers pay for receiving mail, ie not a free service. Note that the judge based the fine on possible revenue losses and not on howmuch docomo actually spent per invalid email (apparently 1.2 yen/mail). So aa similar ruling will leave out free fonemail services, let alone free webbased mail services. IANAL!IANAL!!

    • Re:Great (Score:3, Insightful)

      by Black Perl ( 12686 )
      If only there were more rulings like this one, maybe it would make spammers think twice if they knew they could be fined.

      Are you kidding? This will encourage more spam. The spammers are saying, "they only got fined $55,000? That's decent ROI. Let's spam DoCoMo!"
  • There definately needs to be more rulings like this.

  • wow (Score:2, Funny)

    by jbellis ( 142590 )
    that's even better than dumping tons of junk snail mail on him!
    • The cost of connecting to the imode service is 300yen[2.5 $]. The cost of sending or receiving a packet of data[128 bytes] is 0.3 yen. Thus the receiver of the spam also ends up paying for it.

  • "880 million" (Score:5, Informative)

    by rf0 ( 159958 ) <rghf@fsck.me.uk> on Wednesday March 26, 2003 @09:19AM (#5597281) Homepage
    I think that it should be clearer that those 880 million are sent to *non-existant* addresses. The slashdot article makes it looks like that their infrastructure can't cope...

    Rus
    • with the slashdotting?

    • Re:"880 million" (Score:2, Insightful)

      by Bendy Chief ( 633679 )
      IANA network admin, but wouldn't all that sending put something akin to a huge glut of SMTP traffic on their routers? CPU cycles and bandwidth are hot commodities even if he's not getting what he wants.
    • Ummm, "not deliverable" is the industry term for email that can not be delivered. A non-existant address is one reason but it could be relay attempts, badly formed headers, etc.

      Learn the lingo sonny -- this isn't your grandmother's news site ...

      • Re:"880 million" (Score:4, Interesting)

        by tomhudson ( 43916 ) <barbara,hudson&barbara-hudson,com> on Wednesday March 26, 2003 @12:49PM (#5598109) Journal
        It was a "dictionary attack". This means trying all sorts of combinations of common names, words, and numbers (cf: /usr/libcrack*). Almost none of them would be deliverable, as there are no subscribers.

        Unfortunately, my cell plan's email addy is my 10-digit phone number+@+my phone company. It's easy for spammers to just send to every possible cellphone number. I would think that they (the cellphone company) would allow you to add either a prefix or suffix to the number, to keep down spam. I guess this is why they don't charge for the first 2500 sms messages received each month - to keep down complaints.

      • non-existant...Learn the lingo

        Oh the irony.

  • Well... (Score:5, Funny)

    by acehole ( 174372 ) on Wednesday March 26, 2003 @09:20AM (#5597283) Homepage
    They tried to email the judgement to him but for some reason thiscouldbeyou@riches.await.com kept bouncing...

  • Nasdaq 5000 Here we come! (Score:1, Funny)

    by Anonymous Coward
    At last, a profitable business model for AOL!
  • as someone who recently had an email server relay raped (we didn't think it was accessible to the open, turns out someone had misconfigured it), and knowing full well the time and stress I had to sort it out, this is great news. Although, i'd have preferred five minutes in a sound proof room with a baseball bat, but hey... It's about time people realise that stuff like this has very real consequences...

    • Re:good (Score:4, Informative)

      by PerryMason ( 535019 ) on Wednesday March 26, 2003 @09:45AM (#5597336)
      ...as someone who recently had an email server relay raped

      Hmmm. Not to come across too harsh or anything, but you _really_ should test these things. Rather than just assuming that it wasnt "accesible to the open", you should telnet to your mail server and test the possible relay methods, or at the very least, register with abuse.net and let their online tester do the work for you.

      As you have no doubt seen, getting a server off ORBS and the like is really a LOT more hassle than testing in the first place. Additionally; as you say "[i]t's about time people realise that stuff like this has very real consequences..." This works both ways. If you don't secure your systems, they _will_ be taken advantage of, and next time it will be Company X suing you for permitting your mail server to be used in spamming them and not just Company X suing the spammer.
      • Very true, and hindsight is a wonderful thing. But since none of the people concerned had ever dealt with mail servers before, it never crossed their minds to test for things like open relays. Or test anything for that matter... But it bl**dy well will now :)

        Incidentally, it took around 10 hours before we were found...

      • Eh, I tested my server, and it was fine. Then suddenly, email wasn't going or coming, and my mail spooler kept filling up it's filesystem... turned out to be a combination of firewall and squid settings (the *default* settings for squid, though... !!!!) that was being exploited to send spam through my server. I sent lots of complaints to the people responsible after I fixed everything; when that didn't work, I kept going upstream until I found an ISP that cared about the millions and millions of spam that
  • A great ruling!

    Basically the spammer was trying to send large amounts of spam to Docomo's mobile phone users. Mobile phone users are charged for receiving emails. Since 1) many of the spammed users don't exist and 2) it was unsolicited commercial email, it only makes sense for the spammer to pay!

    I say we should send these morons a one-way ticket to Iraa muahahahaha!!
  • That's why all my emails to goatse.cx aren't getting there!

  • A great precedent! (Score:5, Interesting)

    by Bvardi ( 620485 ) on Wednesday March 26, 2003 @09:45AM (#5597333)
    Now if only more countries would do this kind of thing - recognizing that spam has a financial impact on ISPs and on the end consumer, and that especially mass "dictionary" based attacks to randomly find accounts are the internet equivilent of dropping millions of leaflets from an airplane for advertising purposes. (In which case they'd be rightly charged with littering and other offences.)

    Plus they got zapped for undelivered email - avoids the whole "opt in/opt out" argument (difficult to prove always that someone didn't accidentally "opt in" at SOME point and you KNOW the spammer is going to claim that they did) AND it also is likely far more costly than targetted spam attacks. (If you send to a 90 percent valid email list chances are you are sending to a few hundred thousand addresses. You do a dictionary attack you are sending to MILLIONS of addresses... which would you rather see them get charged cash for?)

    It's a good start if you ask me (though of course part of me thinks that locking them in a small room with one angry ferret per 1000 emails would be a good way too... but that might be going too far. Probably. I mean, think of the poor ferrets?)

    Bvardi
    • [SNIP!]quivilent of dropping millions of leaflets from an airplane for advertising purposes.[/SNIP!]
      playing devils advocate again - but isnt that exactly what is being used for coelition propaganda, and wasnt this also used in afgan?
      After the humanitarian crisis, someones gonna have to clear away all those damn leaflets..

    • Re:A great precedent! (Score:4, Funny)

      by phorm ( 591458 ) on Wednesday March 26, 2003 @12:50PM (#5598114) Journal
      Probably. I mean, think of the poor ferrets

      How about something more like a reality-TV show? For every 100/1000 spams sent... they spend one day on a deserted island. The island has water... but little food.

      Eventually... we can wait until they turn on each other, or start suffering from malnutrition, whatever.

      Disclaimer: I strongly dislike "reality TV", but I'd buy a dish and PPV just to see a bunch of miserable spammers shipped to some godforsaken remote destination

    • Re:A great precedent! (Score:4, Insightful)

      by override11 ( 516715 ) <cpeterson@gts.gaineycorp.com> on Wednesday March 26, 2003 @12:52PM (#5598127) Homepage
      Thats why I dont understand why ISP's dont get more involved in fighting SPAM, its costing THEM money. You would think that a big backbone like UUNET would spend a chunk of change to create 100% accurate filters and be pro-active on blocking out this bull-crap. It would only benifit them down the road.

      It would even waggle the magic word 'ROI' in front of the exec's, so why isnt it happening yet??
      • Because it's not possible.

        100% accurate filters? It's possible to have software that's pretty damn good, but the best filter is a sentient human, and even they aren't 100%. Nonintelligent software cannot adapt the way humans can; when the spammers think up new ways to disguise their email, the software isn't going to adapt itself. Only when (if) we have sentient, general-purpose AIs will we be able to have something that's close enough to 100% so that we can leave it running and never have to maintain i

  • Not deliverable? How about, not readable! (Score:3, Interesting)

    by dsplat ( 73054 ) on Wednesday March 26, 2003 @09:57AM (#5597360)
    Of the dozens of spam messages I get every day, at least 20% of them are unreadable. I'm not counting the ones that are in languages that I don't know. I'm talking about the ones that are sent in an encoding that isn't properly reflected in the headers. Then there are the ones that are in such poorly formatted HTML that they just won't display.

  • Not on slashdot (Score:2, Insightful)

    by XCondE ( 615309 )
    I long for the day those fines are so common they don't even make it to /.
    • I long for the day those fines are so common they don't even make it to /. I wouldnt hold my breath on that, even if that happens we would still have reposts.
  • That has a nice ring to it here in the states.. It makes perfect sense. I wished I had thought of it first...

    Let the lawsuits begin!

    -ProzacGod

  • Dictionary Spam = DoS Attack (Score:3, Insightful)

    by Michael_Burton ( 608237 ) <michaelburton@brainrow.com> on Wednesday March 26, 2003 @10:27AM (#5597462) Homepage
    This kind of mass mailing should be treated the same as a deliberate denial of service attack. Dictionary spammers tie up target servers without any reasonable expectation that most messages will reach an actual user. It is a consciously malicious act, and should result in criminal penalties, including prison time.
    • >Dictionary spammers tie up target servers without >any reasonable expectation that most messages will >reach an actual user

      Not quite. a DoS has NO intention whatsoever of having the messages get to valid users. This had a small hope of it. Moreover, the intent to make the service unavailable for others wasn't there.
  • DoCoMo investigations found that about 950 million e-mails are sent to i-mode users each day, but about 880 million of these are sent to addresses that do not exist.

    [lounge]
    Now that's what I call a lazy database admin!
    *rimshot*
    [/lounge]
  • Japan has sued the peoples republic of china for 10 trillion dollars - the chineese government says that they were just pursuing japaneese ad makers [slashdot.org]

  • It's about time... (Score:4, Interesting)

    by hafree ( 307412 ) on Wednesday March 26, 2003 @10:32AM (#5597487) Homepage
    It's about time someone set a precedent in determining the cost of spam. Not just in terms of denial of service, but also the amount of time it takes people to deal with it.

    Many people don't realize what a hassle spam can be, until you try to put a monetary cost on it. Let's forget about the resources it uses and just look at how much time it consumes to delete... For the sake of using round numbers, let's say it takes someone 5 seconds to identify a message as spam and delete it. That means in an hour they can theoretically delete 720 pieces of spam. I don't know about the rest of you, but I regularly receive about 100 pieces of spam on a typical day. That means that about 2.6% of your paycheck goes towards you deleting spam. For an employee that makes $50k/year, this comes out to approximately 3.5 cents per piece of spam received, or $1277/year...
    • For the sake of using round numbers, let's say it takes someone 5 seconds to identify a message as spam and delete it.[...] this comes out to approximately 3.5 cents per piece of spam received, or $1277/year

      This is why it's hard to estimate the cost of such things-5 seconds to identify spam?? I'm not a fast reader, but I can pretty easily identify a spam subject header in under 1 second. If I'm using a decent spam-filter, I can reduce the amount of daily spam I see to 5-10. The first observation drops

    • Re:It's about time... (Score:3, Insightful)

      by Kombat ( 93720 )
      it takes someone 5 seconds to identify a message as spam and delete it.

      5 seconds??? Are you insane? Look at your watch. Now wait 5 seconds. That's an eternity. Why on Earth would it take anyone that long to look at an email and determine "Hey, who the %*#@ is this and why are they emailing me about penis creme?"

      Personally, I can scan through a list of email subjects and senders (i.e., the folder - don't even need to see the messages' contents) and identify spam by the dozens. Even still, for the

      • I consider the original post to be spam.

        Estimating 250 posts on this article with 100 times more readers than posters, as well as further posts relating to the parent comment, I figure that there is

        (250 posts + 25000 readers)*7 seconds reading time + (3 posts after this one*25250 readers)*20 seconds reading time
        = 1691750 seconds

        Assuming that I can identify a spam in 1 second and charging you 1 cent per spam, you are directly responsible for $16917.50 in losses. I will forward this total to my Nigerian c

      • Stop the FUD. Spam sucks, but don't pretend it costs us more than a few seconds of our time or a few dollars of extra IT work.

        It costs more than that. I don't particularly want to see pictures of women covered in horse semen when I get home from work and check my email -- or worse yet, when I'm at work and my screen is visible to a half dozen other people.

        If their time is so valuable, how come they spend so much time planted in front of the TV or surfing useless websites?

        Because then they're spendi

  • Dealing with dictionary attacks (Score:3, Interesting)

    by andy@petdance.com ( 114827 ) <andy@petdance.com> on Wednesday March 26, 2003 @10:33AM (#5597491) Homepage
    If their mail servers are swamped with 880,000,000 emails daily from dictionary attack, I'd think the easiest solution would be to throttle the mail servers. "Oh, I got an invalid recipient, I'll pause 5 seconds before I respond." (Adjust 5 seconds to whatever makes most sense) For most legit users, that shouldn't be a problem. For the spammers, it means they can make at most 17280 attempts per day per MTA.
    • Postfix [postfix.org] does [postfix.org] that out of the box.
    • Spammers have already tools to distribute their attacks trough multiple "raped" MTAs, it is an idea for the poor guy spammer - it won't stop hard core bulkers tough I assume.
    • Then your mailserver must keep a connection open for 5 more seconds than required. Each connection consumes system resources (which resources depends on your OS, but likely candidates are RAM, INODEs, extra connections that count toward the limits set at the OS or MTA level, you get the idea), so you would effectively be hurting your own server.

      This is why some busy websites choose to disable keepalives or set the keepalive timeout to something short like 1 second. If the webserver keeps that connection
  • This would happen here. I looked through my sendmail logs the other day only to find thousands of lines of 'unknown user' errors. These fsckers need to be tortured to death over several months.

    Anybody have a link on how to configure sendmail to not log/respond to email destined for addresses that are not on your server?

  • Maybe i'll move to Japan when things get too ugly under the Ashcroft regime! Guess i'd better learn Japanese just in case - time to watch more anime!
  • From the /. post:
    The fine is about $55,000 and was based on an estimated cost to NTT of 1.2 yen per undelivered spam ($0.01) for the 4 million spams that were undeliverable. What is most startling is NTT DoCoMo assertion that ... each day, 880 million are not deliverable!

    If this is true, doesn't that make the cost of spam to NTT DoCoMo around $12M per day, or $4.4Billon per year.

    This seems a bit much, although I agree with the size of the fine - I'm just questioning the way it is rationalized.

    - Bria

  • Say no to excessive "costs" (Score:5, Interesting)

    by morcheeba ( 260908 ) on Wednesday March 26, 2003 @12:13PM (#5597879) Journal
    I like the verdict and think that the fine is appropriate, but I don't like how it was calculated. Maybe the article misrepresented it, but charging $0.01 per spam seems excessive.

    The article says 880 million undeliverable emails are sent every day. At a penny a piece, that's USD$8.8million / day, or $3.2 billion/year. The company does $42 billion [morningstar.com] in sales per year, I doubt that they spend 7.6% of their income on spam. Or, for that matter, give me $3b/yr and I'll provide the equipment to totally filter all of their undeliverable mail -- they'll save their shareholders $200 million!.

    I just wish they said "it cost us 1 man-year of work to stop this guy" and cost it that way instead of making up numbers per message. It's this kind of unjustified damage estimate that "cost" sun $80 million [wired.com] of money that was good enough to tell a judge under oath, but too bogus to tell their shareholders. A doubt NTT has a $3.2b line-item on their annual report.

    (and, as others have pointed out, this 880milMsg/day is misaddressed mail - trivial to filter out and it never consume any expensive RF bandwidth)

  • On a somewhat related note, while we may not see opt-in mandated for a while, I'm sure companies will be quick to adapt:

    By signing up for our free Britney Spears subscription service, you ackwnoledge you have agreed to our draconian privacy policy [127.0.0.1] which allows us to sell your personal data to anybody we want and spam you from now 'till doomsday. To activate your account, we will send you an e-mail shortly. The spamming will begin soon thereafter.

    This is one of the reasons why legislating a technical p

  • Lawrence_Bird writes...

    Who would have thought that Larry Bird would be spending his retirement years posting on Slashdot...
  • DoCoMo has the right idea we need money from spammers

    ... Thats where I want to go
    way down in Do Co Mo ...

    (with apologies, but not royalties to the Beach Boys)
  • You may note thst DoCoMo was quite happy to deliver this spam to their end users and profit from it.

    Had the spammer used valid email addresses I'm sure this would not have ended up in court. :-(

  • Non technical friends typically ask me why they receive spam, if no one ever reacts positivly or reads it. My answer is, that the spammers send spam because it free so even if a very limited number buys a product from them, they've had practically no expenses. Has anyone got an idea, or even better, some statistics about how many positive responses the spammers get? If, at some point, no one ever buys products from spammers, couldn't that be the final solution to the spam problem?
    • It doesn't work that way. Big-time spammers make their money by selling their services to third parties to spam on their behalf. Even if the client doesn't make a single sale, the spammer still has the money. Even if no client ever makes a single sale from now until doomsday, the spammers will stay in business as long as they can find suckers who will believe that it will work.

Slashdot Top Deals

And it should be the law: If you use the word `paradigm' without knowing what the dictionary says it means, you go to jail. No exceptions. -- David Jones

Close