A Weblog About Topics and Issues Discussed in the Book Spam Kings by Brian McWilliams

« The Blue Frog has new teeth | Main | Wipe out for Dr.Rik »

December 14, 2005

Bulletproof telephone hosting

explosion-proof phoneAlmost all junk email tries to drive recipients to purchase something from a web site. But sometimes the "call to action" in a spam requires purchasers to go offline.

Alert reader Jonathan Lansey wrote in to observe that a slew of recent fake-diploma spams list a phone number (206-338-3579) with a working voice mail inbox. (I'll save you the long distance call. Here's an MP3 file of the recorded greeting.)

Web sites are obviously a great way to conduct spam-generated transactions. But even supposedly bulletproof sites hosted by spam-friendly ISPs often can be tracked down by anti-spammers and nuked.

Conducting spam-generated sales by telephone may seem like a big inconvenience for both seller and buyer. But, as I discovered, there are some big advantages for the spammer.

I consulted a reverse phone-number database and determined that the 206 number above was leased from a Seattle telecommunication service called International Telecom, Ltd. ITL offers a free voicemail-to-email service called K7 Unified Messaging. For no charge, the company will assign you a (toll) phone number and enable you to record a greeting. Any messages left by callers are shipped via compressed audio file to your email account and/or can be reviewed at the K7 web site.

Turns out lots of podcasters use the K7 service to inexpensively gather broadcast-ready feedback from listeners. Besides being free, the K7 service also has some especially spam-friendly features. According to spokesman Gregory Van Tighem, ITL doesn't collect any personal information from users aside from an email address. "There is nothing to prohibit the user from signing up for another number after we have terminated their account," admitted Van Tighem.

What's more, ITL's terms of use do not specifically prohibit use by spammers. In an email, Van Tighem told me "it is virtually impossible to monitor or restrict how anyone distributes a telephone number, including email." He also revealed that the company generally only cancels K7 accounts for "non-use" -- in other words, if the number no longer receives calls or if the user stops retrieving his messages. Van Tighem said the company has flagged the diploma spammer's account and may terminate it if the spammer doesn't retrieve his messages.

A quick check of spam reports shows a number of spammers using the K7 service. Some of the many recently spamvertised numbers include 206-338-3863, 206- 338-5780, and 206-984-4134. (There was also a recent phishing spam that listed a K7 number, 206-338-5773.)

Jonathan Lansey suggests the way to combat such spammers is through phone-bombing. "Take a minute to drop a message in their inbox, then tell your friends to do the same ... revenge is sweet," says Jonathan.

I'm not a big fan of fighting abuse with abuse. Next thing you know, we'll be seeing telephone joe-jobs. Anti-spam programmer Joe Wein suggests filing complaints with ITL, as well as with the Washington State Attorney General and the Washington Utilities and Transportation Commission.

What do you think?

Posted by brian at December 14, 2005 11:03 AM

Comments

Just add 206-338 to your spam filter. This wont last long.

Posted by: BRad at December 15, 2005 3:47 PM

I think they should be leaned on to update their AUP. Then terminate spammers.

Posted by: Spamhuntress at December 15, 2005 5:46 PM

 

Weblog authors are solely responsible for the content and accuracy of their weblogs, including opinions they express,
and O’Reilly Media, Inc., disclaims any and all liability for that content, its accuracy, and opinions it may contain.

All trademarks and registered trademarks appearing on spamkings.oreilly.com are the property of their respective owners.

O'Reilly Home | Privacy Policy

© 2004 O'Reilly Media, Inc.
For assistance with this site, email: