Many of you already know the backstory of this tale. Namely:
Periodically for the past couple of years, I and other readers of newsgroups like comp.graphics.apps.photoshop, alt.graphics.photoshop, and the like have been spammed by a particularly slimy spammer named Art Schwartz, who collects email addresses from graphics-related newsgroups and spams his Web site, www.perfect-shareware.com, where he says one can get Photoshop and other high-ticket graphics apps for $29.95. It’s a scam, of course; he’s a credit card fraudster, not a pirate, and those dumb enough to fall for the bait get (1) a list of pirate Web sites and (2) big credit card bills.
He’s been hosted by an outfit called Cove Software Systems (“Covesoft”) for years. Covesoft has for years ignored LARTs and permitted him to spam. Recently, as these sorts of outfits do, Covesoft went titsup and got bought by Superb Internet, the retail marketing arm of Hopone. So when some spam showed up in my main email address and one of my spamtrap addresses, I sent ’em along to Superb’s abuse address.
The next day, I get a rash of threatening emails, as documented here, from the spammer. Okay, that’s not cool–so I pick up the phone and have a nice long chat with a person at Superb who identified himself as the head of their abuse department.
The good bits:
The person I spoke to claimed Superb/Hopone have strict zero-tolerance spam policies. Okay, I ask, why is this Web site still up? We haven’t received any complaints, he says. Ah, but you have, I tell him, from me, on thus and such a date, with these headers–would you like me to send you the spam again? Oh, yes, we have received complaints, he says, but our policy is not to take any action unless we receive a number of complaints from different people. You have, I say–I can give you the email addresses of about a half-dozen Usenet readers who’ve LARTed you, there’s a conversation on one of the Photoshop newsgroups about it right now.
So then he says, Well, the official policy of my bosses is that as long as our customers pay their bills, they can do anything they want, so long as what they’re doing is not illegal and doesn’t get us into SPEWS or Spamhaus. Sez I, spamming addresses scraped from newsgroups is illegal, the CAN-SPAM law is right on point about this. You’re right, it is, I’ll pull the site right now, he says, and sure enough, Perfect-Shareware.com stops resolving that afternoon.
Fast forward to earlier this week, when I get an email from abuse@hopone.net in my mailbox. The email says We have put www.perfect-shareware.com back online. If you feel this customer is doing something illegal, contact the police, not us. The business relationship between Hopone Internet and this customer is none of your business. Do not email us again.
So, just for the record: Hopone/Superb Internet are black-hat spam supporters. No reasonable person should touch them with a ten-foot pole–which is, of course, why you’ll find criminals like Art Schwartz using them.
The normal course of a spam-supporting business is to go bankrupst. When it happens to Hopone, it can’t be soon enough.
Sez I, spamming addresses scraped from newsgroups is illegal, the CAN-SPAM law is right on point about this.
Wouldn’t that give you legal recourse to report both the spammer and his ISP/hosting site?
…also, maybe you can get a link to his site posted on /. (that should take it down right quick).
😉
CAN-SPAM does not allow private citizens to take action; only ISPs or service providers have legal recourse under CAN-SPAM.
Which sucks. Basically, what it comes down to is that CAN-SPAM is a worthless and ineffective law designed to protect the very spammers it supposedly goes after.
And Hopone’s policies are pretty clear: We don’t care what they do so long as they pay their bills.
Sez I, spamming addresses scraped from newsgroups is illegal, the CAN-SPAM law is right on point about this.
Wouldn’t that give you legal recourse to report both the spammer and his ISP/hosting site?
…also, maybe you can get a link to his site posted on /. (that should take it down right quick).
😉
That sucks major ass!! MAJOR ass!
Have you heard from the criminal himself since you had his site yanked for a bit?
What kind of recourse do you have at this point? Can you get them into SPEWS or Spamhaus? How do you plan on proceeding?
They’ll end up in SPEWS or Spamhaus if they permit people to spam from their IP space, which they don’t; Art spams from Bellsouth servers. Just hosting a spammer’s Web site is less likely to get them blacklisted.
I haven’t heard directly from Art recently, though I’m sure that’ll change. He still spams some of my spamtrap email addresses that he doesn’t know are connected with me occasionally.
So what is there to do? I really think we need to have some large online community action group that focuses there collective efforts on taking guy’s like Art down. A little social engineering maybe.
Maybe I’ll talk to Johnyx about that next year at Dragaon*Con.
on another topic…
What do you do with your spamtrap email addresses?
Those sound like excellent ideas.
Think about it. Imagine if a group like say, the slash.dot user base were to all get together to end Art’s crime wave. How long would it take? Remember what happened to that guy who wanted to steal a Powerbook and ended up with a p-p-p-powerbock instead?
http://www.p-p-p-powerbook.com
We have the motivation. We have the intelligence. We have the people. We have the will. What we need is the organization.
That sucks major ass!! MAJOR ass!
Have you heard from the criminal himself since you had his site yanked for a bit?
What kind of recourse do you have at this point? Can you get them into SPEWS or Spamhaus? How do you plan on proceeding?
CAN-SPAM does not allow private citizens to take action; only ISPs or service providers have legal recourse under CAN-SPAM.
Which sucks. Basically, what it comes down to is that CAN-SPAM is a worthless and ineffective law designed to protect the very spammers it supposedly goes after.
And Hopone’s policies are pretty clear: We don’t care what they do so long as they pay their bills.
They’ll end up in SPEWS or Spamhaus if they permit people to spam from their IP space, which they don’t; Art spams from Bellsouth servers. Just hosting a spammer’s Web site is less likely to get them blacklisted.
I haven’t heard directly from Art recently, though I’m sure that’ll change. He still spams some of my spamtrap email addresses that he doesn’t know are connected with me occasionally.
So what is there to do? I really think we need to have some large online community action group that focuses there collective efforts on taking guy’s like Art down. A little social engineering maybe.
Maybe I’ll talk to Johnyx about that next year at Dragaon*Con.
on another topic…
What do you do with your spamtrap email addresses?
Those sound like excellent ideas.
Think about it. Imagine if a group like say, the slash.dot user base were to all get together to end Art’s crime wave. How long would it take? Remember what happened to that guy who wanted to steal a Powerbook and ended up with a p-p-p-powerbock instead?
http://www.p-p-p-powerbook.com
We have the motivation. We have the intelligence. We have the people. We have the will. What we need is the organization.
Fraud
I don’t remeber if this was covered, but won’t the credit card companies do anything since it is credit card fraud??
Re: Fraud
In theory? Sure, if you could identify the bank that provides his merchant account.
In practice? In the past, Art has made a habit of threatening people who report him for credit card fraud; generally, he threatens to publish their card numbers on Usenet newsgroups, or report them for software piracy. The person dumb enough to fall for his charade in the first place is probably dumb enough to believe the threats.
And it’d likely be difficult to get his merchant account to close him down unless one could prove in court what he was doing.
Fraud
I don’t remeber if this was covered, but won’t the credit card companies do anything since it is credit card fraud??
How to Make a Federal Case Outta This
You probably have done this already, but consumers can file complaints about CAN-SPAM violations directly with the FTC by emailing spam@uce.gov.
The FTC Consumer Complaints Site has more info.
Re: How to Make a Federal Case Outta This
I routinely send everything to spam@uce.gov, but it’s really more of a statistical logger than anything else. The FTC seems reluctant, or perhaps unable, to take real action against far worse spammers and criminals than Art.
How to Make a Federal Case Outta This
You probably have done this already, but consumers can file complaints about CAN-SPAM violations directly with the FTC by emailing spam@uce.gov.
The FTC Consumer Complaints Site has more info.
I love how their policy changes so frequently in the conversation. “Our policy is zero-tolerance on spam. And by that, we mean full-tolerance on spam.”
If I had to guess, I would guess that Perfect internet shut down the site, and then Art Schwartz called and threatened legal action if they didn’t bring him back up, making false claims about you and his site.
I am kind of amazed that anyone takes Art’s email seriously. He makes a vocation out of not following up on his promises, so it’s hard to consider anything he says as representative of his actual intentions.
In any case, I sure wouldn’t touch Superb Internet.
However, if they kowtow that easily, maybe another angry call could get them to change again.
I love how their policy changes so frequently in the conversation. “Our policy is zero-tolerance on spam. And by that, we mean full-tolerance on spam.”
If I had to guess, I would guess that Perfect internet shut down the site, and then Art Schwartz called and threatened legal action if they didn’t bring him back up, making false claims about you and his site.
I am kind of amazed that anyone takes Art’s email seriously. He makes a vocation out of not following up on his promises, so it’s hard to consider anything he says as representative of his actual intentions.
In any case, I sure wouldn’t touch Superb Internet.
However, if they kowtow that easily, maybe another angry call could get them to change again.
Re: Fraud
In theory? Sure, if you could identify the bank that provides his merchant account.
In practice? In the past, Art has made a habit of threatening people who report him for credit card fraud; generally, he threatens to publish their card numbers on Usenet newsgroups, or report them for software piracy. The person dumb enough to fall for his charade in the first place is probably dumb enough to believe the threats.
And it’d likely be difficult to get his merchant account to close him down unless one could prove in court what he was doing.
Re: How to Make a Federal Case Outta This
I routinely send everything to spam@uce.gov, but it’s really more of a statistical logger than anything else. The FTC seems reluctant, or perhaps unable, to take real action against far worse spammers and criminals than Art.
That’s disgusting. *throws a fireball*
That’s disgusting. *throws a fireball*