David Ritz Story Gets Press

My recent post on Sierra vs David Ritz got picked up by CircleID (with my permission), and then by Slashdot!

Don’t forget to surf on over to the CircleID copy to see the ongoing discussion in comments. Lots of good stuff, plus a couple of trolls. Pretty typical, as these things go. My favorite quote: “I think there is something that people are missing. In the eyes of the court, Mr. Ritz is a menace to Sierra.” Uh, no, we actually get that that this is apparently the court's opinion. That’s the point here – the court got it wrong.

One guy took issue with me taking a swipe at North Dakota ("the one lone technology professional in ND") and (I assume, jokingly) invited me to visit the Microsoft campus there. Hey, if he's not kidding, and he makes a big donation to David's legal defense fund, I'm game.

Reminder: Donate! The handling of the money is being done by Ed Falk (who has had his own run-ins with this same plaintiff), and he assures me that every dime is going to the right place.

North Dakota Judge Gets it Wrong

....WAY wrong. This is just mind blowing.

Ever been prosecuted for tracking spam? Running a traceroute? Doing a zone transfer? Asking a public internet server for public information that it is configured to provide upon demand?

No? Well, David Ritz has. And amazingly, he lost the case.

Here are just a few of the gems that the court has the audacity to call "conclusions of law." Read them while you go donate to David's legal defense fund. He got screwed here, folks, and needs your help.

"Ritz's behavior in conducting a zone transfer was unauthorized within the meaning of the North Dakota Computer Crime Law." You might not know what a zone transfer is, but I do. It's asking a DNS server for all the particular public info it provides about a given domain. This is a common task performed by system administrators for many purposes. The judge is saying that DNS zone transfers are now illegal in North Dakota.

"The Court rejects the test for "authorization" articulated by defendant's expert, Lawrence Baldwin. To find all access "authorized" which is successful would essentially turn the computer crime laws of this country upside down."
That's untrue. The judge is trying to hang David out to dry, even when provided evidence of what actually constitutes hacking or cracking. Accessing a server on the public internet that is set up to provide that public info is not a crime, and saying that it is not a crime doesn't suddenly damage computer crime law. The judge just amended the definition of "unauthorized" to include public internet servers that were expressly configured to provide info to anybody who asks for that info.

"Ritz has engaged in a variety of activities without authorization on the Internet. Those activities include port scanning, hijacking computers, and the compilation and publication of Whois lookups without authorization from Network Solutions." I'm not touching the "hijacking computers" statement -- who knows what the judge means, and I don't think it's wise to assume that the judge's definition matches the common one. But what really jumps out here is this: Publication of WHOIS information. You know, business records. Who owns a domain. Public information. The judge has arbitrarily decided that it is illegal to take information from WHOIS data -- necessary information when compiling a report on a company or activity, to make sure you're talking about the right person -- and put it in a spam report or on a website.

Mickey Chandler calls the court documents in this case "12 pages of bad law," and I couldn't agree more.

Gmail's Taking Care of Me

So, a long time ago, I signed up to receive Ken Magill's "Magilla Marketing" email updates from Direct Magazine. I really enjoy reading Ken's articles, and though I have occasionally disagreed with his take on things in the email industry, I do think he's smart and sharp. He gets it, and even on those occasions I disagree, I find his take on things to be interesting and insightful. I consider every one of his articles a "must read" and have for years, going back all the way to my time at MAPS back in 1999/2000.

Good to leave your Wifi open?

There's a lot of buzz lately about Bruce Schneier's new essay on how great it is to run an open wireless network at home.

My take on this is going to be short and sweet: You're crazy if you leave your wifi open. Here's what can or will happen if you don't secure your wifi:
  • Your own download speeds suffer as neighbors' infected laptops find a new vector to spew spam and malware.
  • You'll find your home IP address blacklisted and receiving spam complaints over bad stuff people send via your connection.
  • The buck stops with you. Your ISP can trace it as far as you and no further. This means that if somebody uses your wifi network to send spam, or traffic in kiddie porn, you're the one whose door the feds or the FTC are going to knock on.
  • Running a mail server? You'll get blacklisted due to all of the above.
When I lived in Minnesota, I inadvertently left my wifi access point unsecured for a period of time -- and I did find mail server blacklisted. A neighbor's infected laptop used my connection to send spam. I was pretty embarrassed about it at the time -- an anti-spam guy's IP address was being used to send spam! It just highlighted for me how it's not wise to tempt fate.

It might be really neat to leave your car unlocked, with the keys inside, so your neighbors can borrow it as needed. But, is it wise? C'mon, people!

Alan Ralsky indicted

Spamhaus writes: "The US Department of Justice went public today with the indictment of Alan Ralsky and 10 others who helped him. Alan Ralsky topped our Top 10 Worst Spammers list for quite some time and was involved in almost any sort spam activity that's being done. His gang frequently sent millions of spam messages per day. In recent years his focus has been on stock spam, and that's a key part of what the US DOJ indicted him for."

Others can cover this much more capably than I, so I'll skip the insight and just link to posts on the topic from various smart folks.

(I recall Ralsky being the guy who cried foul when, a few years ago, his home address was made public, and people signed him up for hundreds-to-thousands of junk mail postal lists.)

My Prediction For 2008

I've only got one prediction for 2008, and it's this: Spam is going to be even less tolerated by internet service providers than it is in 2007.

ISPs are continually tightening up their sending guidelines and acceptable use policies, and things you might have gotten away with in 2006 or 2007 will no longer be kosher.

Opt-out append? Purchased lists? Third-party lists? Mailing to the same, tired list forever? Forget about it. You're going to the bulk folder, if you get through at all.

ISPs are belt-tightening; automating sender-review and spam-prevention processes. Spam isn't a profit center for them; it sucks up their resources that they feel are better spent elsewhere. They're taking less and less time to individually review every whitelist request; they're relying more on automated, statistics-driven processes to keep more of the spam out, and they're catching more and more edge case senders in their new mechanisms. ISPs aren't making any money from the mail you're sending, they don't have a financial responsibility to accept that mail. And in a lot of cases, they firmly believe that their users are happier without the mail

It's up to you if you want to stay ahead of this problem, and stay in the inbox. The way to do it is avoid becoming that edge case. Maintain clear permission. Don't buy or sell lists. Avoid email append. Re-confirm your lists. Send people only what they expect.