Info: the CDGT situation

I've been contacted by one Francisco Moreira of Spam Daily News, in relation to the ongoing CDGT stock spam (reported frequently in this blog). Spam Daily News has already run a couple of articles on the subject, the first in which a law firm retaliates for being used as the "from" address in some of the spam, and the second in which CDGT strikes back with accusations of defamation and whatnot. Francisco asks my opinion on the matter.

Spamming is a nasty business, and the ugly brawl into which the CDGT affair has degenerated demonstrates this admirably. So far as I can tell, the only party that seems to be getting any real benefit from the situation is the spammer. I can only observe the facts and draw inferences, but for what it's worth, here are my inferences in this case.

I don't think the CDGT spam is "pump and dump" in the usual sense of that term. Where traditional pump and dump is concerned, the fraudster obtains a significant quantity of very low-value stock, then publicises a story about how that stock is suddenly going to rise for some reason or other. If people take the bait, then the stock does rise as a consequence of sudden buyer interest. The fraudster then dumps his stock at a profit, and lets everyone else deal with the aftermath.

The pattern of spamming in the case of CDGT doesn't match this scenario. For one, the stock isn't the kind of penny stock that pump-and-dumpers prefer to use, where a few cents difference can mean a 100% gain. Also, the spam has been staggeringly persistent, arriving time and time again. This isn't so much "pump and dump" as "pump and pump and pump and pump".

A big clue as to what's going on here lies in the SDN article entitled China Digital Media Corporation: 'We are not a spammer!', in which we see the following.

...Ng confirmed that his company hired a stock promoter but denied having anything to do with sending spam with Ziegler as the return address. He did not name the promoter and apologized for any embarrassment.

The obvious surmise from this state of affairs is that Ng's "stock promoter" is a spammer, or hires the use of a spammer. Degrees of separation like this are a frequent problem in spam. If party X hires party Y to perform promotion, and party Y is a spammer, party X may become offended when the rest of the world accuses him of spamming. Party X may deny it, as in the following statement from Daniel Ng.

Using spam is not how we operate our businesses. We are building value for shareholders through the old fashioned methods of hard work and skillful execution of our business plan.

Sadly, Mr Ng appears to have employed a spammer, and I don't see any practical or moral difference between "using spam" and "using a spammer". Maybe he didn't know he was hiring a spammer at the time, and he seems dead keen on denying it, but CDGT spam has been flooding the Internet for many months now. I personally have a large swag of CDGT spams (and PGCN spams obviously sent by the same spammer) in my inbox right now. It's possible that a spammer has been acting of his own initiative here, but to what end? The most reasonable explanation is the obvious one: Ng's "stock promoter" is (or uses) a spammer.

In the same article, we see the following statement from Mr Ziegler.

I was amazed that somebody spammed with an e-mail address that was a real e-mail address, thinking that there would be no ramifications.

Understand, Mr Ziegler, that spammers are relentlessly pragmatic, and untainted by the slightest trace of empathy. They deliberately use real email addresses (other than their own) as the sender address, since obvious forgeries are very likely to be blocked by anti-spam measures. If they want to be particularly spiteful, they will use the address of some anti-spam activist who has annoyed them, but any real address will do, in general.

As for "ramifications", spammers such as the CDGT spammer tend to use networks of compromised computers, sometimes called "zombies", to do their dirty work. Thus, even if you know which computer the spam came from, you haven't traced the spammer. Spammers are non-trivial to trace, and they know it. The ramifications of address forgery, along with most of the other negative ramifications of spam in general, tend to naturally fall upon parties other than the spammer. And, being the sociopaths they are, that state of affairs suits them nicely.

If Mr Ziegler goes ahead with this legal action -- and I see no reason why he shouldn't -- my one piece of advice would be as follows: follow the money. Don't just settle for nailing CDGT; use whatever legal means are available to discover who CDGT is paying (directly or indirectly) to send the spam. Nailing an actual spammer makes the world a better place.