By Martin Brampton, 9 August 2005 16:25
COMMENT To show how hard it is to track a spammer through legitimate means, Martin Brampton attempts to hunt down some individuals plaguing his website. See how far he gets - and what stands in his way.
In a recent column, I wrote of my frustration at link spamming. The likelihood of resolving this problem through the law looks remote. Consequently I remain sceptical about the prospects for regulation of the internet by traditional legal means any time soon.
First, I would like to get one thing clear. One reader evidently got the impression that I was thinking of murdering spammers. This is not the case. However annoying they are, I have not the slightest intention of murdering anybody. The furthest I would go might be to suggest that a well placed thunderbolt could be welcome.
But I do find that legal or simple practical mechanisms are entirely inadequate when it comes to link spamming. This anti-social practice occurs with websites that make themselves open to change by visitors. While it is always possible to harden such a website, the time and maybe money needed to achieve this may well be beyond what is practically justified.
The spamming of my documentation which I described in that previous column has continued. So I have been looking for ways to block it. This is easier said than done. The system records the IP address from which the unwanted editing was carried out. That is little use, since the addresses point to locations all over the world. The most likely explanation is that computers compromised by Trojans are being used without their owners' consent. Even if I could track them down, the owners are blameless, and there is a practically inexhaustible supply of such machines.
An alternative angle is to look at the sites being promoted and seek to take action, through proper channels, against them. Once again, that is far easier said than done. At least three different domains have been used to spam my site but they all point to exactly the same page. Yet the domains purport to be registered to entirely different people.
One of them remains anonymous. Another purports to be located in Beverley Hills, California but has a telephone number with a country code that suggests they are in South Korea. The third claims to be in Atlanta, Georgia but has a country code of +745, which is so obscure I cannot find any country that lays claim to it.
Chasing the hosting ISP is only slightly more fruitful. It seems that all the domains causing the problem are hosted at the same place. Not surprising, given that they all show the exact same page. The ISP turns out to be Estdomains of Estonia. I have written to them but if they choose to ignore me, I am not at all sure how to start legal proceedings against an Estonian organisation. In any event, they would doubtless deny all responsibility for the actions of their customers.
Persuading them to terminate the hosting of the sites might seem a victory. But it would doubtless be temporary. With the cost of domains now a few pounds per year, and with countless of hosting companies scattered across the world, there is no doubt the operation would be set up again very quickly.
The painful fact is that we have a global system in the internet, which in many ways is extraordinarily beneficial. But we most certainly do not have a global legal system, or even any clear agreement on what such a thing would be like. Without such a system, legislation in countries that are already well-regulated has little point, and will leave us vulnerable to abuse from elsewhere. In those circumstances, the easiest response still looks like retaliation in kind.
Comments
There are 5 comments. Join the discussion
1. Nick Cole
The problem lies with the Registrars. They are the ones who allow people to set up domains, using anonymous contact email addresses, invalid addresses and so on. They all retort that as above they are not responsible for the actions of their clients after the registration has taken place. If they checked that the contact details were valid and remained valid, were able to revoke registration, and took some steps to act responsibly themselves then the beneficial elements (people coming to a website for whatever purpose) would cease.
Lost of spammers seem to use a limited number of registrars who if examined are sometimes the technical contacts and operators of the ISP and domain names.
The system is being abused by a few and the internet managers are allowing this to happen.
2. William Keeley
This is the main reason why spammers continue to steal the service of website operator and email users. They can run to jurisdictions where they are afforded protection. The only weakness that these spammers have is their method of receiving payment from the idiots who order their products. This point of weakness is usually the spamvertised website.
By making the bandwidth costs of this website greater than the revenue garnered from the idiots who order their products, the spammers will go out of busines. This is the reason why I reccomend using tools such as SpammerSlapper, BlueFrog, Spamvampire, spammerslammer.cgi, and the now defunct MakeLoveNotSpam.
Yes, some consider this type of attack unethical and maybe illegal in some cases, but I do not. There are laws on the books that supposedly protect internet users, but only the big companies with huge amounts of reources are able to track down these thieves. I believe that if only 10% of the Internet users used one of these antispammer tools, spam will quickly disappear from the Internet.
Of course, on should verify that the website that is being punished is not the victim of someone who is sending spam out to defame said site. Some ways this can be done is by checking out the registrant information to make sure that it is not misleading and visiting the site to see if it in fact "spammy." Only by make spamming a money losing proposition will spam be defeated.
3. anonymous
At least a good part of Spam is to earn money. Most of this will be spent on-line at the spamers website generally with a credit card. The merchant banks that accept credit card payments and ultimately the card companies both need to be brought into the fight against spam. Yes, it needs to be done in conjunction with other methods but this would possibly be the easiest way of stopping the flow of funds.
Since sending spam is illegal, at least in the US, since most of the main credit card companies have their parent in the US a case might be maid that the card companies are adding and abetting an illegal activity so taken to court. The US Government has, I think, tackled some other activities which it deems illegal (booking holidays to Cuba, online gambling) via telling the card companies to stop payments why not with spam sites.
It shouldn't be that difficult to trace who is cashing the payment (make one purchase - look at who handles the money).
4. anonymous
One solution would be to start demand for an International Court of Cyberspace. There are international courts now for criminal and human rights matters. Of course, this would require that countries sign up to allow jurisdiction over their citizens. Some countries have been reluctant to do so, but may be more willing if jurisdiction were very limited and well defined.
5. Derek Smythe
I think Martin sees the problem, but not fully.
All the mechanism are in fact in palce to stop this type of abuse.
Martin touches on the subject of allowing through to spam domains, seeing who they belong to. Here the trail leads all over the place.
The reason for this is simple. Fake details are being used for the whois details.
ICANN is extremely clear on the requirement for accurate whois details. They make this part of their registrar agreement. As such, you agree to enforce this policy if you wish to become a registrar and pay a hefty deposit.
ICANN also makes provision for immediate suspension of any domain registered with "wilfully supplied inaccurate details", essentially what the parties are doing in the cases mentioned above.
I have on record where a well know spammer hiding out in Europe somewhere has used four sets of whois details interchangeably for his domains. One set is in fact identity theft. I notified the registrar (Yesnic) early in the year already about this situation, with proof.
Nothing was done. (ICANN also requires that any such report to a registrar be investigated) This led to an ICANN escalation.
Today Yesnic is still accepting these details. Another mail to Yesnic and ICANN later and still no reponse.
As such, the mechanisms not being enforced, depriving us of tools that would stop this issue. If they were, we would have far less spam problems.
Interesting fact: Most spammer domains have false whois.
If only ICANN agreements could be enforced.