Oh Sweet, Sweet Justice

Chances are, you know Alan Ralsky. Or at least, you know his work. Ralsky is one of the big-time spam operators, sending out millions of e-mails promising to make you thinner, richer, and better-looking. He doesn’t do porn, but that’s about the limits of his ethical concerns when it comes to sending spam. A few months ago, the Detroit Free Press ran an interview with Ralsky, describing his move into a new 8,000-square-foot luxury home in West Bloomfield, MI, from where he plans to run his spam empire. That was all the information some enterprising Slashdotter needed to go on–pretty soon, Ralsky’s address was posted on Slashdot, and a sneaky plan was hatched to get even.

Seems Slashdotters started using that address to subscribe to magazines, catalogs, and other junk mail, in Ralsky’s name. Unlike e-mail spam, in which the recipient bears much of the costs involved, junk mail is paid for by the sender. But it’s annoying, just as annoying as all those come-ons Ralsky fills our inboxes with every day.

Within days, Ralsky’s mail box started filling up. And Ralsky was heartily annoyed. When the Detroit Free Press talked to him a couple weeks later, Ralsky complained “These people are out of their minds. They’re harassing me.” He had even retained a lawyer to file suit–against who, I’m not sure. The same man who said of his job, annoying people through e-mail, “I’ll never quit. I like what I do. This is the greatest business in the world.”

Of course, nothing this good could happen without a down-side. Bruce Schneier’s “Cryptogram” describes a study by a team of security analysts showing how this kind of attack could be automated. With a fairly simple Perl script and use of the Google API, a bad person could harvest postal addresses and automatically subscribe them to hundreds, even thousands of mailing lists. The catalog and ad companies have no real interest in preventing it, as it a) doesn’t break any current laws, and b) gets addresses into their databases. Eventually, I suppose, a critical mass could be acheived, in which direct-mail advertising had no visible effect, and then the money these companies spend on such mailings would outweight their benefits, but in the meantime, there’s not much hope of any action on their part. And as anyone who’s ever tried it knows, it can be a real pain in the behind to get yourself removed from mailing lists once you’re on them. For now, we’re stuck with “hope and pray”, which is not much of a defense. In the middle-term, a legislative solution seems the best course of action, making direct-mailers responsible for verifying opt-ins before sending mail. But given how ineffective legislators have been so far in dealing with low-lifes like Alan Ralsky, this is going to be one heck of a difficult fight.

No comments yet to Oh Sweet, Sweet Justice

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>