“SPAMIS.COM/.ORG/.CC/.INFO”, a/k/a Robert Soloway, has continued to send out spam containing the text of my monthly column for eSecurity Planet. It was not sent by me. It was not sent with my permission or authorization.

And please don’t send me complaints, copies of the spam, etc. I’m getting enough as it is, thanks!

In fact, looking at the spams that I have personally received (yes, the twit is spamming me with my own article…), he’s using a network of “spam zombies” — virus-infected and hacked PCs that are hijacked to relay spam. It’s a sign that this guy is a pretty sophisticated criminal. I’m sure his mother is very proud.

According to the SpamHaus “Registry of Known Spam Operations” here’s his latest info:

Mr. Robert Soloway
1200 Western Avenue
98101 Seattle
Washington
Tel: +1 (206) 226-9558 (206)223-1270
email: nim@cyberservices.com

Robert Alan Soloway
SPAMIS, PO Box 1259, Seattle, WA 98111, USA
Fax: (206)260-2409 or (503)213-6416

As of Nov 6, 2004, Robert Soloway’s NIM/Newport Internet Marketing is an active corporate entity in Washington State. This corporate name was registered in WA in Dec, 2003. Soloway’s “corporation” is run out of his apartment at the Harbors Apartments in Seattle.
–
Washington State Dept of Revenue
State Business Records Database Detail

TAX REGISTRATION NUMBER:…6024226472
UBI:…………………..6024226472
LEGAL ENTITY:…………..NEWPORT INTERNET MARKETING CORP
DOING BUSINESS AS:………NIM CORPORATION

MAILING ADDRESS:
1200 WESTERN AVE APT 17E
SEATTLE, WA 98101-2964

BUSINESS LOCATION:
1200 WESTERN AVE STE 17-E
SEATTLE, WA 98101-0000

OWNER TYPE:…………….CORPORATION
ACCOUNT OPENED:…………12/01/2003
ACCOUNT CLOSED:…………OPEN
STD INDUSTRIAL CODE:…….5961

Have fun!

According to Russian news agency Interfax (reported via MosNews.com), notorious Russian spammer Vardan Kushnir was found beaten to death in his Moscow apartment yesterday.

It’s not exactly the sort of penalty you wish on even the most incorrigible of spammers, but there must have been something more going on here. Even in what, by many accounts, is a lawless and out-of-control Russia, it’s difficult to believe that people would be so infuriated by spams for English-language training courses (the main business of Mr. Kushnir, apparently) that they would beat someone to death. A nickel says we’ll learn later that there was some Russian mob connection… just you watch.

Thank goodness that I live in America, where the morons who have been blaming me for spamming them this past week (which, of course, I didn’t!!!), are content to simply send whiny emails.

Spammers at “SPAMIS.COM/.ORG” have been sending out an email message containing the text of an article I wrote. It was not sent by me; it was not sent with my permission or authorization. Complaints have been filed; it’s not necessary to complain to me… I’m not happy about this either.

Update: I’m told that the spam may have originated from Robert Soloway, a spammer who recently lost a court battle to Microsoft. The folks at About.com have some more info about Robert Soloway. All I know for certain is that the spam originated at a cable-modem connection by Shaw Cable.

PS: To whoever felt the need to leave me that ranty voicemail at my office, you need to switch to decaf, man…

Pulling together two of my recent blog postings, my monthly article for eSecurity Planet discusses recent moves by Microsoft that raise some significant questions about their efforts to promote trustworthiness and authentication in computing.

I was quoted in today’s CNet article about Microsoft’s deployment of Sender ID.

I’ve been working on email authentication issues for many years, including helping to develop a technology that Microsoft was once a beta-tester of. That technology, called Trusted Sender, turned out to be tremendously effective, which must be why Microsoft torpedoed it in favor or their lame “Caller ID for Email” scheme, which morphed into Sender ID.

Lest you think my complaints are just sour grapes, I’ll just say this. I’m not the only one who thinks Sender ID is a bad idea, and that Microsoft’s tactics in this space have been counter productive. I also note that we revoked the patent applications on our Trusted Sender technology and publicly released the standard for anyone to use.

Parenthetically, Sender ID has largely been pushed by the Exchange team at Microsoft, a group of well-meaning engineers who have, unfortunately, designed one of the most dysfunctional email infrastructure technologies to ever be foisted on the world. Not only is Exchange a resource pig, but it is designed to thumb its nose at many critical email standards. For example, it commits a cardinal sin: it rearranges and occasionally even rewrites email headers. For those who aren’t steeped in email technology, just understand that fiddling with headers is like randomly changing numbers on your tax return… there’s just no telling how it’ll screw things up.

But the larger issue is that during the course of my many years of work on email authentication issues, I have constantly watched Microsoft attempt to bully and coerce the world into adopting its myopic view of email authentication. Microsoft started out its involvement in the authentication space by attempting to organize a consortium of companies that would collaborate on a common standard, but Microsoft insisted that the standard be patented and owned by the collaborating companies.

This would have assured that they, as the only real enterprise software company in their hand-selected consortium, would have had the corner on the market. Seeing through the ruse, few of the participants wanted anything to do with Microsoft’s vision of how to control email. So Microsoft was on its own.

In considering which of the various authentication schemes Microsoft could actually support, they seem to have decided to crib from Meng Wong’s “Sender Policy Framework” (SPF), only they instead chose to make it even more cumbersome and obtuse. At one point SPF and Microsoft’s original “Caller ID” proposal were merged into what became known as Sender ID. Unfortunately SPF has its own problems, most of which are unhelped, and in some cases exacerbated, by the combination with Caller ID.

The current morass that is the email authentication debate is too long and convoluted to detail here. Suffice to say, the world still isn’t very close to a workable standard. My gut reaction to the Microsoft move is that they’ll make this big announcement, find out that tons of legitimate email is getting marked as spam, and have to make drastic modifications to the plan. Of course they’ll never admit that it was a mess, claim it’s all working beautifully despite any evidence that they realized their screw up, and continue to obstruct real progress in the space.