Michael A. Persaud, a California man profiled in a Nov. 2014 KrebsOnSecurity story about a junk email purveyor tagged as one of the World's Top 10 Worst Spammers, was indicted this week on federal wire fraud charges tied to an alleged spamming operation.
According to an indictment returned in federal court in Chicago, Persaud used multiple Internet addresses and domains – a technique known as "snowshoe spamming" – to transmit spam emails over at least nine networks.
The Justice Department says Persaud sent well over a million spam emails to recipients in the United States and abroad. Prosecutors charge that Persaud often used false names to register the domains, and he created fraudulent "From:" address fields to conceal that he was the true sender of the emails. The government also accuses Persaud of "illegally transferring and selling millions of email addresses for the purpose of transmitting spam."
Persaud is currently listed as #8 on the World's 10 Worst Spammers list maintained by Spamhaus, an anti-spam organization. In 1998, Persaud was sued by AOL, which charged that he committed fraud by using various names to send millions of get-rich-quick spam messages to America Online customers. Persaud did not contest the charges and was ordered to pay more than a half-million dollars in restitution and damages.
Source:
https://krebsonsecurity.com/2017/02/top-10-spammer-indicted-for-wire-fraud/
(Score: 0, Disagree) by Anonymous Coward on Monday February 13 2017, @01:42AM
It does point to how crap the protocol is that that can be spoofed that easily.
-- OriginalOwner_ [soylentnews.org]
(Score: 2) by c0lo on Monday February 13 2017, @02:25AM
This is unfair, as it assumes that the protocol was intended to guarantee the identity of the sender.
Assumption which I not consider reasonable - the identity of an actor in the electronic world is not a simple problem; other - more complex - protocols are necessary.
I.e. try raising a customer support over the phone with a person you never met - how do you demonstrate to that person you are indeed you?
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 4, Interesting) by edIII on Monday February 13 2017, @03:33AM
No, it's not. When it started the protocol was about serving email to a much smaller world. Like universities and researchers. They were not thinking about how to construct a protocol capable of billions of messages and the creep of greed and profit into the protocol.
The fact it's held up means it's a good protocol. Modern additions like SPF and DKIM can help verify the integrity of the sending mail server and domain at the very least. Establishing the identity of the sender is the responsibility of the sending mail server, which is usually accomplished by an authenticated connection. So as long as you verify the sending server it's not that easy to spoof anymore.
What absolutely sucks is the apparent ratio of competent sysadmins to email users. Sometimes it is zero to many. Actually using SPF/DKIM these days does go a long way, plus a couple of good rbls. By using SPF that means setting the flag for hardfail, not softfail where the option to let the email in still exists.
Then you have the addition of DMARC which makes information sharing bi-directional between mail servers. For any big outfits being spoofed is just absolutely pathetic, and if a receiving mail server is ignoring the SPF/DKIM/DMARC messages, then they deserve what they get.
We have the technology. It just needs to be embraced.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Monday February 13 2017, @03:45AM
it's a good protocol
...but the *default* config is seriously dated.
We have the technology. It just needs to be embraced.
Aye, there's the rub.
-- OriginalOwner_ [soylentnews.org]
(Score: 0) by Anonymous Coward on Monday February 13 2017, @06:59AM
Let's start with a hug and whatever happens, happens.
(Score: 2) by sjames on Tuesday February 14 2017, @06:07PM
There's the problem though. Even if the default config is secure, spammers will change theirs to allow spamming. Disallow that and they'll hire someone to hack that out.
SPF can help prevent someone from spoofing your domain, but it doesn't stop spammers from using junk domains registered under false ID and then dropping them.