Spam Haters Given Right of Reply

rk_cr wrote to mention an Israeli technology firm which has set up a system to allow harried email users the right to reply in force. The system "batters spam websites with thousands of complaints. The plan is to fill order forms on spam websites offering pills, porn and penile health tonics with complaints about the products advertised for sale in junk messages. The plan has been criticised by other anti-spam workers who say it amounts to vigilantism."

dupe

[Anonymous Coward]

http://it.slashdot.org/article.pl?sid=05/07/18/121 4226&tid=111&tid=1 [slashdot.org]

Replies

[rbarreira]

(x) Requires immediate total cooperation from everybody at once

What? No it doesn't.

(x) Laws expressly prohibiting it

Couldn't it be called self-defense?

(x) Eternal arms race involved in all filtering approaches
(This time the spammers will be doing the filtering, and that will be quite easy for them.)

Cool! Let THEM start sweating around trying to protect their sites for once. How cool is having a spammer deal with the same kind of shit that they spread around?

(x) Extreme profitability of spam

That doesn't mean this can reduce their profits, which is always good.

(x) Feel-good measures do nothing to solve the problem

That's just an opinion, not a fact, at least in this particular case.

Re:One message != vigilante

[Rick Zeman]

Spamhaus' definition of spam: (the rest of the definition is [here. [spamhaus.org]

The word "Spam" as applied to Email means Unsolicited Bulk Email ("UBE").

Unsolicited means that the Recipient has not granted verifiable permission for the message to be sent. Bulk means that the message is sent as part of a larger collection of messages, all having substantively identical content.
A message is Spam only if it is both Unsolicited and Bulk.

- Unsolicited Email is normal email
(examples: first contact enquiries, job enquiries, sales enquiries)

- Bulk Email is normal email
(examples: subscriber newsletters, customer communications, discussion lists)

Technical Definition of Spam

An electronic message is "spam" IF:

(1) the recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients;

AND

(2) the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent.

(The rest of the definition is here. [spamhaus.org]

"Other Anti-Spam Workers"?

[Caveman Og]

Sheesh! Slashdot has gotten really lame.

"Other anti-spam workers" is none other than John Levine, Ph.D [johnlevine.com], co-author of the BEST SELLING INTERNET BOOK OF ALL TIME (I kid you not) "The Internet for Dummies" (Now in its ninth edition). Some of you cretins need to read it.

In Commonwealth of Virginia v. Jeremy Jaynes [pcworld.com] Dr. Levine served as an expert witness for the prosecution. His testimony helped send Jaynes to prison for nine years.

At the second annual Conference on Email and Spam [www.ceas.cc] Levine presented a technical paper on his experiences with greylisting [www.ceas.cc].

Dr. Levine is the chair of the IRTF Anti-Spam Research Group [asrg.sp.am]. He's a founding member of the Coalition Against Unsolicited Commercial Email [cauce.org]. He runs the Network Abuse Clearinghouse [abuse.net].

"Other Anti-Spam Worker" indeed.

Take a good look at Blue Security's product. I think you'll see that it's little more than an HTTP DDoS tool. BlueSecurity claims that it's okay to DDoS spammers, and that they make very sure that only spammers are DDoS'd (although their careful not to call what they do a DDoS).

I'm given to understand that they moved their hosting to Israel when Verio terminated their service for violations of Verio's acceptable use policy. Verio doesn't allow folks to host denial of service tools on their network (nor will any normal ISP do so).

Someone should ask BlueSecurity about their legal threats against Everyone's Internet for attempting to do the same.

These are not nice people. The only difference between them and the normal crop of script-kiddie miscreants, is that they have found venture capital.

Re:Catch a clue

[Tim C]

No, it's anyone who dishes out justice or punishment without official power to do so. Just because there's no authority to combat spam doesn't mean that those who take it upon themselves to do so aren't vigilantes.

This is the emergence of a regulatory force in the absence of any. That is not vigilantism.

Actually, that's precisely what it is, until and unless such force becomes official, either by sanction from an appropriate body, or by default.

obligatory links

[jon1012]

Since no links were given nor in the slashdot article nor in the one linked, here are they:

Company's website:
http://www.bluesecurity.com/ [bluesecurity.com]

Public beta of the anti-spam stuff:
https://members.bluesecurity.com/cwa/register_form .do?from=corporate [bluesecurity.com]

Re:Futurama

[scottv67]

But that logic employed in the grandparent post was also employed in the original Star Trek series. Kirk convinced "Nomad" that he (Nomad) was flawed and therefore it had to "sterilize" itself. While Nomad sat there at 100% CPU util, Kirk and Scotty locked the anti-gravs on Nomad, carried his metal ass to the transporter room and beamed him into Deep Space.

Paradox or not, it works. :^)

Wow, he, and you, didn't read the site.

[Fordiman]

1) They do not reply directly to the spammers. They first question the company that the spam links to, after checking the distribution of spam to that website versus to others (ie: the worst offenders are targeted).

2) For each user signed up, a honey-pot email account is set up. That email is seeded with your "identity" in places spammers look for addresses. It's bait.

3) For each spam recieved at a honey pot, a complaint is sent to the target company. The upshot of which is that if, like a spamming company, the server takes that honeypot account and says, "Hey, it's real!", the spammer will send out more, recieve more - and bog down the server.

I don't see why this is a bad thing; for one thing, it's the natural evolution based on an environment that contains such systems.

A system that uses "real" addresses to send more "business mail". Etiquette dictates that they send only one unless active business is taking place. Etiquette evolves for a reason. Anyways, these systems, called "spammers" don't take the hint, being mostly automated anyway.

In society, breaking etiquitte is annoying, and if continuous, is dealt with by the society. In human civilization, this is done by the public appointing authority, and insisting that to keep this authority, they take care of the etiquette-breakers. There is no such valid authority on the internet. I suggest there never has to be.

Instead, organizations like this develop as community projects. They can be professional and efficient, because they're also mostly automated, but programmed by those who have a very specific target and intent.

Best way to deal with spammers? Exploit a simple cause-effect relationship between incoming form data and outgoing mail, but never initiate contact. Bait? Sure, but don't initiate. Let them hang themselves.

Which is the point, really. Spammers who don't make it to the top of the list aren't targetted. Spammers who actually remove you from the sender list aren't targetted.

Additionally, the link between spam-collection and target-picking is not automated. It's done by the maintainers of the site, who first ASK the company in question to change their advertising methods away from spam.

As for spoofing your enemy's company, I'm sure they have a way of dealing with that; because there's human interaction before target-picking, these sorts of things can be dealt with.