![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List] Re: [media] "FTC says federal spam law has worked"
Philippe Verdy (n.o-s.p.a.m+abuse)
verdy_p at wanadoo.fr
Wed Dec 28 17:32:20 EST 2005
Porpoise <porpoise1954 at yahoo.co.uk> posted:
> "Philippe Verdy" <verdy_p(n.o-s.p.a.m+abuse)@wanadoo.fr> wrote in
> message news:dotjg8$l2q$1 at news.spamcop.net...
>
>>
>> Well, it worked because now a significant number of spamshave
>> magically been made legal withthe CANSPAM Act. Needless to say,
>> legal opt-out is still spam for me, because I don't want to opt out
>> from any list that I have note subscribed myself.
>
> I agree.
>
>>
>> This is true even if the spam was relayed by "respectable" mailing
>> list host, where any one can upload some large mailing list, and
>> create unlimited number of lists or accounts at very low rate, and
>> then use this service to relay their spew.
>>
>> An ISP that accepts unlimited number of lists and allows uploading a
>> large address book without prior explicit proof of identity for the
>> account owner (beside the simple anonymous credit card transaction)
>
> A credit card transaction is anything BUT anonymous......
It is a nonymous enough when the credit card holder is most often a personal
name unrelated to the business name used to create adomain, and no other
proof of identity and address is requested by such malicious ISP for mailing
list hosting. This is worse once you know that spammers use fake stolen
identities, and too often stolen credit card numberstopay their domain
registration and temporary hosting (for small payments, manyof theseuses are
left unreported, because many people, often forget to verify so precisely
every small payment on their bank billing, when they are already used to
make small payments over the Internet.)
When the ISP does not even have a safe way to contact its own customer
because all it knows from him is the credit card number used (and sometimes
it may be worse, because even that identity is unknown, when it delegates
the payment to a partner bank or it accepts Paypal payments), certainly that
ISP is bogous. Before hosting any mailinglist, the ISP should have a proof
of receipt of his confirmation letter using physical delivery, and not a
weak email address.
So the first stepfor spammers is to buy a domain name (this is avery
ridiculous price which can get unnoticed onstolencredit cards) and register
it with the stolen identity, and then put the domain on hold for 3 or 4
months to see if it is canceled (when someone complains at its bank and the
bank informs the registrar that will park the domain).
If this does occur the domainname and the credit card is reused later to
host spamvertized websites or to relay spam, or to host a new blackhat DNS
server, or used as a new fake identity to request services from another ISP
that also does not verify the physical identitiesbysomething else than a
contact email (now this email is hosted on a domain whose owner apparently
matches the credit card owner and the company name...)
A snail mail confirmation, or at least a geographical phone number
registered in yellow pages, and confirmed vocally should be required by all
ISPs to create and validate any email account (except if the ISP is very
large and operates an efficient and fast abuse desk with a worldwide spam
surveillance through many "honeypots" subscribed secretely on other
concurrent ISPs to detect proof of abuses as fast as possible, for example
Hotmail and Google Mail which may use simplified procedures with extreme
care for clients connecting from known respectable ISPs).
More information about the SpamCop-List
mailing list