Spam Haters Given Right of Reply 278
rk_cr wrote to mention an Israeli technology firm which has set up a system to allow harried email users the right to reply in force. The system "batters spam websites with thousands of complaints. The plan is to fill order forms on spam websites offering pills, porn and penile health tonics with complaints about the products advertised for sale in junk messages. The plan has been criticised by other anti-spam workers who say it amounts to vigilantism."
Not just getting the spammers though (Score:5, Interesting)
Re:Not just getting the spammers though (Score:3, Interesting)
Chances are if the website is trying to sell you herbal penis-happy-happy pills they too use spam at one point.
Though I agree with your former comment. However, realize that you don't need excess bandwidth. The idea is to fill their databases with useless information to make it harder to find any [if at all] orders were made.
Tom
Wrong approach (Score:3, Interesting)
WTF?! Are you an idiot or what? Since when, exactly, are there laws on the web?
Before you reply with witty comments and dates, please understand I'm not saying that there should not be or that there are no written laws, I'm saying that (almost) nobody respects them. Go on, enforce laws on the web. Come back when you succeed.
Given that it's impossible to regulate the web beyond the very basics like domain registration etc., people like the whiner above should just accept the fact that the lack of laws on the web make this a no-man's land, where criminals are free to do what they want (which they are doing) and those who object are free to take arms and destroy them (which they are not doing).
So who gives a fuck when it's illegal - laws that are not enforced are simply not there. Now do you prefer sitting and whining and blaming it on the innocent ones or actually *doing* something to solve the problem?
Let's get it done and over with... (Score:3, Interesting)
(x) technical ( ) legislative ( ) market-based (x) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
(This time the spammers will be doing the filtering, and that will be quite easy [captcha.net] for them.)
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Who was stupid enough to fund this nonsense? (Score:5, Interesting)
Unbelievably stupid. Or, as Mitch Wagner observed:
And even he doesn't cover all the problems; for example, as everyone with the slightest clue about spam has known for years, responding to the spammer in any way is absolutely idiotic.
But since the people involved in this company have no anti-spam credentials, no track record of involvement, and no clue how their "counter-attacks" will be neatly retargeted (surely nobody is naive enough to believe that spammers will sit still for this?) I can't say I'm surprised. This is merely the latest bonehead idea in a long series (e.g. challenge-response, callbacks, SPF, etc.) of bonehead ideas put forth by people who have clearly failed to comprehend even the rudimentary aspects of the spam problem...or who have, but simply do not care about the conequences for everyone else as long as they can selfishly "solve" their part of the problem.
I've already blacklisted the company behind this tripe and null-routed their address space. I recommend the same for everyone else. There's simply no place on the Internet for those who want to profit from our collective misery by making it worse.
Fully justified (Score:5, Interesting)
I just think getting thousands of complaints should be the natural result of pissing off thousands of people.
The psychopathic behavior of a spammer wouldn't be tolerated for an instant if he were face-to-face with his victims. Try attending a ballet or opera, and yelling "I have cheese in my butt!" at top volume.
Whether it works or not, what Blue Sec is doing should be an expected inconvenience of spamming. Even if it just causes spammers to set up their own filters, at least it will weed out some would-be casual spammers.
Re:fight fire with fire? (Score:2, Interesting)
Re:Catch a clue (Score:3, Interesting)
Other way around. Vigilantes arise when there is no authority, or when authority is corrupt and part of the problem.
The ultimate responsibility for protection lies with the community. As circumstances warrant, they may establish a police force to do this, or if police are powerless, do whatever is necessary themselves.
It is seemingly forgotten that governments, and the services they provide, are established by communies to serve those communities.
People who take advantage of lawless conditions can expect no protection from those they harm.
Re:Let's get it done and over with... (Score:5, Interesting)
I'll try to address some of your objections, but I think you missed the main one;
(*) Joe jobs and/or identity theft
I've had to deal with dozens of Joe jobs every year, and I'll have to deal with dozens more every month for the forseeable future. It's already so bad, a few more won't make it significantly worse.
(x) Requires immediate total cooperation from everybody at once
No, even a few thousand false records in a spammers database would be enough to increase their costs. That's the goal here, and while more would be better (especially if the company which hired the spammer is paying per response), it's a step in the right direction.
(x) Laws expressly prohibiting it
None.
(x) Eternal arms race involved in all filtering approaches (This time the spammers will be doing the filtering, and that will be quite easy for them.)
It will reduce their profits. That's good.
(x) Extreme profitability of spam
This will reduce it.
(x) Feel-good measures do nothing to solve the problem
Doing nothing will achieve even less.
(x) Sorry dude, but I don't think it would work.
It doesn't have to, at least not by itself. Spammers are just another in a long line of parasites humanity has had to deal with over the years. We're winning more often against most of our parasites, but rarely do we ever eliminate them completely. Spammers are winning now, they're a plague on the internet. Getting them under control in the way we have lice or fleas under control is a process, not a once-off event. This will be one control out of many.
Re:fight fire with fire? (Score:3, Interesting)
I call BS on the other spam worker claim. (Score:5, Interesting)
Answer: It isn't.
If a significant percentage of us, just did this, the spammers would be hurt by rising costs and sharply reduced product value proposition. (leads)
This company is just making that easier.
No harm, no foul.
Unless you are the spammer making money off of shared resources without giving anything back that is...
I hope this works and it catches on. I would use this service in a minute.
Want to cut down your junk mail? Spend a few days each month filling their postage paid envelopes with their competetors offers and other interesting bits you can stuff in there. For those little card things, fill 'em out with crap.
People have done this for years and this spam service is no different than hiring somebody to send crap data for you.
Re:Who was stupid enough to fund this nonsense? (Score:2, Interesting)
bullshit! (Score:0, Interesting)
(1) The spammer invited you to visit the Web site to do business with them. They didn't invite you to visit the Web site to waste their computer resources. Saying "We were invited, so it's legal" is like saying that being invited to someone's house for dinner makes it 100% okay to show up, shit on the table, punch the other guests in the faces, and then break a few windows on the way out. The host invited you, so you weren't doing anything wrong, huh?
(2) "Filling out a form provided by the spammer's Web site" is not any more okay than what the spammer was doing - they were sending a message to an address provided by your mail server. Doing it maliciously is still bad even if the victim's computer, following orders from the victim, was a necessary part of the process. Note that this is really just point 1 again in different words.
(3) If you believe your own arguments, why wouldn't the spam complaints be legal? And if you don't, why would including a counteroffer - through a channel you KNOW isn't set up to take anything except orders under the already-agreed terms - make anything any better?
(4) Come on, they're operating a Web site, taking orders, and accepting money. If they're willing to do that, they're certainly willing to "disclose their identities" in the amount needed to file a lawsuit.
Re:fight fire with fire? (Score:2, Interesting)
1. trying to save your people from a nazi dictatorship that, if succesful, would rule over Europe with an iron fist and drown all opposition in blood
2. attacking the first country that comes around, or where you happen to have funded wars for the last 10+ years for your interest, after a smallish attack on your country (sorry man, 6000 is nothing against even the small jew community of 6000000, let alone everybody else) without even retaliating against the real attackers, while seizing the ball to get super rich oil contracts in the next 30+ years.
I *DO* see some differences.
Re:fight fire with fire? (Score:5, Interesting)
The problem with the proffitability is that the average consumer IQ is 100, and that means 1/2 of them are below 100, so you're not dealing with the brightest collection of people in the world. There will always be a ready supply of suckers to reply to the spammers, so we can't stop it that way.
If we can't stop their revenue, the only way to financially affect them is by costing them money. The most straightforward way to do this is by bandwidth charges and fake submissions. Is this vigilante action? You bet it is. But right now even though spam is hated by 95% of the world, there is no effective legal enforcement against it. (try to think of anything else that 95% of people in the world don't hate, that isn't illegal as a result?) The main reason this is the case is that there's so much money in spam - it's very proffitable if done correctly. As long as there is incentive in the form of lots of cash, the problem will never go away. It doesn't matter how many laws you make or any other actions you take - if it remains a very proffitable venture, people will continue to engage in it.
The only thing that makes spam different is that ONE person can annoy the piss out of hundreds of thousands of people at a time, and as far as social injustice is concerned, that's very impressive. Someone with that level of morals doing that degree of harm to the general public deserves no protection from society or its justice, even if vigilante.
Lets say I go driving around town spattering mud on people's houses. It's a nuisance, not really harmful per se, but I'm annoying the piss out of people. How long do you think I'd be allowed to continue to do that before the cops would come haul me away? Now imagine I was managing to do that TO AN ENTIRE CITY. There'd be an APB out on my carcass, you can be sure. The only reason spammers don't have this probelm is they can spatter mud on people's houses from another state or another country. For now this makes them safe. I look forward to the day this is no longer the case.
Re:Let's get it done and over with... (Score:3, Interesting)
Comment removed (Score:4, Interesting)
Re:Who was stupid enough to fund this nonsense? (Score:3, Interesting)
And even he doesn't cover all the problems; for example, as everyone with the slightest clue about spam has known for years, responding to the spammer in any way is absolutely idiotic.
Really, mr. expert?
I guess when I caused an SMS spammer to stop by spamming their phone back from ICQ accounts, I just dreamed it up, then.
"Slightest clue", "has known for years"... bleh. You go get a clue.
"Please Spam Me" Registry? (Score:2, Interesting)
"email addresses that Blue Security establishes for you may be published on the Internet, and your designated email addresses will be provided in encrypted form to senders of unsolicited bulk email. In addition, email messages sent to your named email account will be forwarded to other members of the Do-Not-Intrude Registry." (my emphasis)
So it seems to me that not only are these folks distributing a list of email addresses of real people to spammers on request, they're also forwarding any spam destined for any person on their list to all the others - providing a very valuable service to the spammers themselves.
Is this just a cynical attempt to increase spammers' hit rates? Am I just too cynical? Please tell me I'm wrong.