TFBW

I don’t receive all that many phone calls on my land-line telephone. Most people who know me now call me on my mobile phone. Consequently, the percentage of telemarketing calls I receive on the land-line keeps rising. I screen all my calls through my answering machine, and in the vast majority of cases there is no message left: the caller has hung up before the outgoing message is even finished. I’m seriously considering termination of the service: I’m not paying a monthly fee just to provide a service to telemarketers, dammit.

My mobile phone, on the other hand, has been relatively free of junk calls. Up until yesterday, I’ve only had one telemarketing incident: someone trying to sell mobile phone service. He phoned during the day, but I was asleep thanks to having a very late night previously. I played along, and rambled somewhat unthinkingly at him for a while (not hard — he woke me up), and he eventually accused me of wasting his time, and hung up on me. Score!

The second incident came yesterday, and I think it’s a bad sign of things to come, which is why I mention it here. This call was not an in-person telemarketing call, but a pre-recorded one. The inconsiderate pests just phoned me up and played their ad at me — a completely mechanical process. The reason it was targeted at my mobile was clear enough: it was an ad for one of those atrocious “premium rate” scams services; specifically, WizQuiz Pty Ltd (ACN 127 627 089). Their quiz strikes me as a bit of a rip off: they send you a “trivia question” via premium SMS ($6.60, ka-ching), which you can answer ($0.25, ka-ching), and if you get it wrong, they’ll let you know through another premium SMS ($6.60, ka-ching), and so on. If you get it right, then you’re competing against everyone else who got it right for whatever prize they’re offering — probably an iPod or something small like that. That’s potentially a lot of ka-ching for very little outlay on their part. I listened to their entire ad in silence, hoping that it would increase their running costs more than simply hanging up would, but with potential income like that, it’s no wonder they can afford to rack up some expenses.

Personally, I wish I could opt out of “premium rate” anything with all phone companies, but it seems like they get a slice of the action, so it’s not in their own immediate interest to let you opt out. Fortunately, there is something that can be done about telemarketing, and it’s about time I did it myself. As of 31 May, 2007, telemarketers in Australia (or operating on behalf of Australian businesses) are bound by the “Do Not Call Register”. I’m pretty sure the existence of this register isn’t widely known — after all, it’s not like the telemarketers are going to mention it. Whatever the case, I’m now going to add both my phone numbers to this register, and see if I can’t claim back my communications services from these nuisances.

In the long run, however, it wouldn’t surprise me if we need to add “white list” functionality to phones, such that my phone only rings if the caller is in my personal phonebook. All others get diverted to voicemail or something. Actually, I’d be happy to take telemarketing calls — I just want it to be on the receiving end of one of those “premium rate” numbers. Go ahead: market at me — $6.60 per minute, including tax.

I’ve seen a bit of confusion as to the nature of past and present injunctions taken out against Wayne Mansfield in relation to his violations of the Spam Act. There are two major points of confusion: first, what’s the point of issuing an injunction which basically says “don’t break this law”; and second, didn’t Wayne violate previous injunctions by continuing his spam operations during the court case, and why wansn’t anything done about it?

Although I’m no legal expert, I’ve come to appreciate the point of issuing an injunction, even when that injunction is “don’t break law X”. Violating an injunction is a special offence in and of itself. The penalties for violating the Spam Act consist of fines (which is why Wayne was fined AU$5.5 million), but the penalties for violating an injunction can include imprisonment. This kind of thing discourages an unrepentant lawbreaker from continued violation. A convicted spammer (like Wayne) might simply weigh up the costs and chances of being caught again, then decide it was commercially viable to keep breaking the law if it weren’t for the additional penalties possible under an injunction.

An injunction is pointless unless it’s enforced, and this brings us to our second point of confusion. Did the court issue an injunction against Wayne Mansfield during the court case? If so, did he violate it? If so again, did the court take action against him? There certainly were injunctions issued against Wayne, and the ACMA announced in a July 2005 press release that an interim injunction had been issued, ordering him not to send further commercial emails without recipient consent, but that injunction only stood until a subsequent hearing on 4th August, 2005. After a bit more legal tussling, the injunction that finally stood for the remainder of the case (issued in September 2005) ordered that he not send further commercial email to those parties (such as myself) who had lodged complaints with the ACMA, and also that he not divulge those addresses to anyone else. I imagine that the argument went, in essence, something like this.

ACMA: Your honour, Mr Mansfield is still breaking the law even now. Please order him to stop.
Judge: Fair enough; so ordered.
Wayne: Wait a minute, I’m not breaking the law. That’s my point. I’m entitled to send these emails under the terms of the act.
ACMA: We have received complaints which contradict that claim. They say they never granted you permission to send commercial messages.
Wayne: I have prior business dealings with these recipients, so I am entitled to send them commercial messages until they request otherwise. If they want me to stop, they need only ask.
ACMA: They say that they have no prior dealings with you, and they are concerned that you will share their email addresses with other spammers if they request that you stop.
Wayne: I promise not to do that.
Judge: Very well, since there is a question of fact as to whether Mr Mansfield has appropriate permission from his recipients in general, I order that the ACMA provide a list of complainant email addresses to Mr Mansfield, that he cease sending commercial messages to those recipients specifically, and that he not divulge those addresses to any third parties.

So far as I’m aware, Wayne did comply with this court order. He also continued to spam other parties, causing noticeable grumbling on a certain anti-spam mailing list I follow. Presumably the grumblers hadn’t issued formal complaints to the ACMA, or the spam arrived at addresses other than the ones they’d specified in their complaint, so there was spam, but no violation of the injunction.

Whatever the case, the court ultimately rejected Wayne’s argument that he had a prior business relationship with his recipients. To the best of my understanding, that argument was something like “I sent them unsolicited commercial email when it was legal to do so, and they didn’t request that I stop: this constitutes a prior business relationship.” The portion of the Reasons for Judgment which address this point start at paragraph #77, and they make interesting reading (to those who, like me, appreciate a good formal argument).

Because Wayne’s arguments were rejected, he was found to be in violation of the Spam Act. The “declaratory relief” section of the final order [442KB PDF] thus covered all his unsolicited commercial email sent between 10th April 2004 and 13th April 2006 (judgment day). He was a silly boy to send further spam during his court case, since he was clocking up more and more fines in the end. I sincerely hope that the “pecuniary penalties” (fines) were sufficient to stop him in his tracks, but if he’s still spamming, it’s important to report it so that the “injunctive relief” can have its intended effect and put him behind bars — preferably without Internet access.

On April 13th, 2006, Wayne Mansfield was found by an Australian Federal Court to be in breach of the Spam Act. The wheels of justice turn slowly, but on October 27th, 2006, the judge handed down his decision in relation to penalties: AU$4.5 million against Clarity1 Pty Ltd (Mansfield’s business) and AU$1 million against Mr Mansfield himself. (At present exchange rates, AU$1 is roughly 75 US cents.)

The decision against Mr Mansfield also imposes a restraining injunction to the effect that neither he nor his company may send commercial email to anyone that has not granted specific prior consent for him to do so; nor may he or his company harvest email addresses or use harvested address lists. Basically the injunction requires him to obey the law (specifically the Spam Act), which seems a little superfluous, but I gather this is done so that future violations become violations of specific court orders, not just breaking the law, and action can be taken much more quickly against violation of an injunction. It’s therefore important to report any Mansfield-related spam to the ACMA if it’s still being sent.

I was one of the parties who lodged complaints in relation to Mr Mansfield’s spamming, and was called as a witness at the trial. The process was very slow and tedious, but educational. My hat is off to the ACMA guys for their success in this matter. I hope that the outcome acts as a deterrent to any other Australians who might be under the false impression that spamming is cheap and effective marketing.

References

• Commonwealth of Australia Law: Spam Act 2003
• Federal Court of Australia Case File for Australian Communications Authority v Clarity1 Pty Ltd
• Reasons for Judgment in the case, (April 13th, 2006)
• Australian Communications and Media Authority press release on the decision

For convenience, I have produced a PDF rendition of the final order. The court-supplied document (see case file above) is a “.doc” file.

Apparently I picked a ripe moment to start hosting a forum. Forum spam has been a problem for quite a while, but it seems to have hit a new pitch this month. Perhaps the automated spamming tools with imaginative names like “Forum Poster” have hit the mainstream. These generate a maximum amount of damage (in the euphemistic name of “search engine optimisation”) with a minimum amount of user interaction.

Fortunately I’ve managed to fend off the spam for now. After one or two attempts with limited success, I’ve found an approach which neutralises the bot-generated spam without noticably impacting normal operation. I’m using phpBB, but this technique isn’t specific to that software.

The technique involves adding one line of Javascript to the main template for the forum, and a couple of lines of Apache “.htaccess” configuration (or equivalent). The one line of Javascript sets a session cookie. It doesn’t really matter what the cookie is called or what value it holds: make something up. The Javascript code looks like the following.

document.cookie = 'foo=bar;PATH=/';

In this particular case, a cookie named ‘foo’ obtains the value ‘bar’. Next, create or modify the “.htaccess” file for the forum (assuming that it’s served by Apache) to deny POST operations except where this cookie is present. The configuration might look like the following.

SetEnvIf Request_Method "^POST$" posting
SetEnvIf Cookie "foo=bar" javascript
Order Deny,Allow
Deny from env=posting
Allow from env=javascript


If a client attempts to POST anything to the server (as it would in leaving a message or creating a user account), it will receive a “403 Access Denied” response unless the appropriate cookie is set. This should filter out anything that lacks Javascript support, including the forum posting spamware (at this point in time). If the technique becomes widespread, the arms race will progress, and the spamware authors will adjust accordingly. Such is life. It’s an excellent measure to take right at the moment, however.

While I’m on the subject of forum spam, I’d like to blow a big raspberry in the direction of “TOT Corporation” in Thailand for the netblock 203.113.13.0/24, and “Telefonica de Espana” in Spain for the netblock 80.58.205.0/24. Several addresses in these ranges are, at this time, using (or proxying) forum spamming software which is blocked by my filter. Given that they hit my forum on the order of ten times a day, I hate to think how much crap they generate on a global scale. A quick Google search for “203.113.13.” shows it to be a notorious source of Wiki and guestbook spam as well.

Food for misanthropy.

Further updates on this subject can be found in a dedicated thread in the forum itself. There you can see what abuse has occurred since inventing this technique, and what additional measures have been necessary. Also, you can comment there. Guest posting is enabled.

Do a Google search for “Domain Registry of America”, and the top listing is likely to be the company of that name. The rest consist primarily of people complaining about them: accusing them of being scammers, slammers, crooks, and other similar terms of disapproval. I don’t have anything nice to say about them either.

I’d refrain from saying anything at all if it weren’t for the fact that I too am on their hit-list of people to con. Like many other domain name registrants, I get snail-mail from DRoA to notify me that my domain name is going to expire soon. Like most of those others, I have no business dealings with DRoA at all. Their “Domain Name Expiration Notice” is junk mail dressed up to look like something important and official.

No doubt their manifest lack of business ethics has been profitable, even if it has gained them an ill reputation and made them the target of court action from time to time. It’s easy to see how a person unschooled in the ins and outs of domain name registration could form the mistaken belief that this “notice” was somehow official, and had the force of an invoice rather than a solicitation. No rational actor would buy DRoA’s overpriced services if they were properly informed of the facts and the abundance of cheaper registrars.

But it’s not just their disingenuous advertising methods and inflated prices that make me think ill of them. The stereotypical “fine print” on the back of this junk-impersonating-a-notice contains such unconscionable gems as the following condition relating to transfer of a domain away from DRoA to another registrar.

You… agree to pay any and all fees that may be charged by DRoA to effect the transfer.

What a nice little poison pill that is. If you figure out that you’ve been had, and that you don’t need to keep paying DRoA’s high prices, they can sting you on your way out the door with a fee of unspecified magnitude.

Domain Registry of America is a company rank with misdirection. If all the above doesn’t demonstrate the substance of that assertion, then consider the letterhead on this “Domain Name Expiration Notice”, which incorporates part of the US flag. DRoA is based in Ontario, Canada. And ultimately they are not even an ICANN-accredited registrar, let alone a registry.

“Domain Registry of America?” Bah! Humbug!