Slashdot Mirror
Lessig On Bounties For Spamhunters
An anonymous reader submits: "Digital rights (as in yours, not the RIAA's) guru Lawrence Lessig comes up with a Swiftian idea of how to fight spammers -- $10,000 for the first ubergeek to hunt the offender down. The column is at CIO Insight. Wonder if it'll reach its audience there."
How much would I get if I blew up the building that housed hotmail.com?
(B) + (D) + (B) + (D) = (K) + (&)
Good idea, except how would you know if the spammer had been already reported? Also, who would fund it? No one really has an incentive to.
If you don't know what Zoo Blacklisting is, click here.
but it will only catch the stupid ones. The "smarter" ones, and I use the term loosely, will endure.
Sent from your iPad.
ncc
The first one to find a spammer gets to name it. Well, maybe not such a good idea after all...
If tits were wings it'd be flying around.
As he does in the charicature at the top of the article.
I've been thinking the same thing, but applied to my Provincial Government. Start up a pool, a buck per citizen. Whoever removes Gordon Campbell, our current, fascist prick-in-office, takes the pot.
I'm pretty sure there'd be enough donations to make it well worth someone's time...
--
Don't like it? Respond with words, not karma.
For a period of one month, all filters on spam and spam hunting should be suspended. Part of the problem is that anti-spam activities are masking the true magnitude of the problem. A wake-up call is needed. When people realize just how much spam is being sent out, the villagers will take to the streets with pitchforks and torches.
If tits were wings it'd be flying around.
I can see the sense in promoting our rights to privacy online, as michael and timothy (bless them) are wont to do, but then we see a sudden reversal. Sure, I guess it's a real pain when spammers send hundreds of unwanted messages over the Internet every day, but is offering a bounty to rob them of their right to privacy really the answer? This is just the government turning citizen against fellow citizen in a foul ploy to get us to turn in our rights to online privacy. Let's look at what's happened so far:
- Spammers send spam
- Geek gets pissed, deletes spam
Now that isn't that terrible, is it? Do we really need to go out and promote a database state and tie together all a person's Constitutionally private information into one big heap of spying and ratting out? I dislike spam as much as the next man, but I draw the line at violating others' online rights. It's a line nobody should be willing to cross.--sdem
From California Spam law:
and
Very similar...
Lessig's a heck of a guy and a darned good fella to have on the side of the angels, but someone ought to let him know that beginning an address or article with any variation on "$DICTIONARY defines $TERM as $DEFINITION" is considered (and rightly so) to be oratorically weak. It's the dishrag introduction.
Go forth, eloquent slashdotters, and purge this offense from your own pulpit-poundings.
Learn to spell: nickel, missile, lose, solely, amendment, speech, kernel, probably, ridiculous, deity, hierarchy, versus
I have a bunch of female friends that forward letters endlessly to the point that they're no longer my friends. I'd love to put one of their heads on a stick and turn them in for 10k. Do they count? :)
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
i could be wrong, but that isn't at all what the article says. the article is saying that California Congressman Howard Berman is trying to pass a bill that forces the companies to pay you $10,000.
you may not want to start praising him yet, though, as the article also says
In July, Berman, a Democrat, introduced a bill to deputize the recording industry and other copyright holders to help fight copyright violations. Through his bill, these vigilantes would be granted immunity from liability as they deployed tools to hack peer-to-peer systems that they "reasonably believe" violate copyright laws. Run a Morpheus server with content that recording industry executives think is theirs, and you may find your machine doesn't run much content at all.
well. now that the article is explained for you all; comment.
sig - .
The thing is that SPAM works! If it wasn't profitable no one would bother with it but, it is profitable. Highly profitable! So long as people keep buying from spammers spam will continue to infest the internet.
Just like the Nigerian money scam, so long as people continue to fall for it, it will continue to circulate. Blacklists and other technology solutions will never be able to keep out all the spam. Legislation will never be effective against it. The only way to make it die is for people to stop buying from it and so far, it seems that there are far too many people who are insecure about their penis size for the spam to stop.
for blowing the place whence most 'first posts' come from? With emphasis on the lame ones that come like 5th.
The author compares the bill that the RIAA bought to allow them to crack any box they want with the "spam vigilantes" that blacklist sites that don't obey "proper" e-mail etiquette and then by organizing automated boycotts of the sites on the list.
His explanation of the bill is Through his bill, these vigilantes would be granted immunity from liability as they deployed tools to hack peer-to-peer systems that they "reasonably believe" violate copyright laws. He compares the two as unaccountable processes that wrongfully victimize people.
He then proposes (drum roll) a law that spammers would have to follow, and a reward for geeks who catch them if they don't. Like they'll follow laws. Blacklisting servers is better; it slaps the stupid admins pretty hard for victimizing everyone else. It also slaps folks like that stupid "internet lawyer" and Bernie Schifman. There's a public good- actual, relevant punishment for offenders.
I spent a year in Iraq looking for WMD and all I found was this lousy sig.
Does my family get paid compensation if I get gunned down while searching?
This is big business...with only slightly more positive moral compunctions than drugs.
What's this Submit thingy do?
Does he want them dead or alive? Or maybe just their head?
Outdoor digital photography, mostly in New Engl
The problem with tagging all commercial email with an identifier such as "ADV:" is that most recipients will simply create an email rule to auto-delete it and never even know it arrived.
That's great for the recipients, but it does nothing to reduce the load on ISP servers; in fact, it may increase it as the advertisers will have to send out MORE mail to make sure at least somebody opens it.
Also, such a solution does nothing to help legitimate advertisers, who need to know the demographics of who is actually reading their ad. If there is an easy way to filter, they may buy a list that is 90% middle class professional office workers, but they have no way of telling what mix actually read their ad. So they would never buy a service that operated under the "ADV" rules. Result: only the scam companies would ever send the mail.
With Berman's proposal, the "vigilante" does the damage (DoS, etc.) before there is any proven wrongdoing. (What if a legit song happened to be labeled the same as a pirated one?)
With Lessig's idea, the vigilante reports the wrongdoing and lets the proper authority take care of it. (A solution I like better. Imagine if there was an all out DoS war between the vigilantes, RIAA, MP3 traders, and all of us in between.)
One can't help but wonder: if this works for spammers, why couldn't it work for MP3s?
A bill like this is perilously close, if you ask me. If this works, the RIAA could start handing out $$$$ incentives for ratting out (illegal) MP3 traders.
having said that, it's also clear that having a way to identify the source of a potential spam would create serious privacy concerns - what's to stop that method from being used to identify the source of any email? nor does "identifying the spammer" seem to be as useful as "marginalizing the spammer" - i.e. making sure that spammers are likely to have to pay so dearly that it's not profitable for them. strictly speaking, we may not need to identify them to achieve this result.
so what we really need is a way to marginalize real spammers without sacrificing others' privacy rights in the process.
And I'm sure the ones from other countries will happily stamp [ADV:] on their subject lines...
... but what about the rest of the world?
See more of his stuff here. They're great!
I don't think that this is about their right to privacy; instead, this is our right to have a private email accout. I know from personal experience that I have email accounts that are listed only on my resume online and I don't give them out to anyone. When my account gets spammed all of a sudden, it is an invasion of my privacy. I want to have a private email address for a specific purpose, but some spammer and his mailbot that collects random email addresses can find these things. This is an invasion of my privacy. I don't give my resume to just anyone and I don't think that I should have to take it offline, but this is unacceptible. They are invading my privacy. I can understand telephone calls because at least I can make them take my name off of the list. In the case of the spammer, I don't know who they are, or how to make them stop sending things to me without being inconvenienced by creating a new email address. This is totally an invasion of my privacy, not theirs. Bounty Hunt Away in my book, cause the spammers don't know what the right to privacy is in the first place -- or they just don't care.
I think is not a bad idea at all. The reward is high though, so I suspect a few people might find some way to abuse the system.
But what if someone creates a site were you can put a bounty on a particular spam message and add to the pot on locating the spammer ( for legal action, of course ). I don't mean just finding originating network, but the real contact information of the individual or company responsible.
So say you get a particular "work at home" message once a day. You can post your message on there and put $5 in the collection for finding the prick who's harassing you. If he/she is annoying you, chances are there are others who are being annoyed as well. If there is a match in the database, then your money is added to others.
I am sure there are lots of capabable people out there, given $100 bucks to find a spammer *will* find them.
This site could also be used to organize groups of people who would like to sue spammers. So instead of one person footing the bill, if your spammer is being sued, you can join the fun as well.
Based on upvotes, Ageism is the only "-ism" Slashdotters care about and think isn't SJW
this would do nothing but piss off those people who cannot fight the spam. only the "ubergeeks", who already know about the spam, would be able to fight/hunt/track the spammers, and this tactic would be mostly useless.
"And perhaps, posterity will thank me for having shown it that the ancients did not know everything." -Pierre Fermat
Spam is a blight on our high-tech civilization. Lawrence Lessig has an idea: force spammers who don't label their junk e-mail to pay $10,000 to the first recipient who finds them.
I don't know about you, but I don't have alot of time to hunt someone down. Yes the money is worth it, but the question would be to find them. A good hacker can use a laptop, and a pay phone and send out tons of spam and move on (to another state or pay phone). It will be extrememly hard to catch someone who is good at spamming people and doesn't want to get caught. So how can we catch them if they keep moving and send only a few emails to use? Its highly unlikely that from a few emails, someone could catch a spammer.
$10,000 would pay for my college bill though. O well.
What would you do to automate the hunting-down-spammers process?
Perhaps something you could put on your servers? Once certain thresholds and/or parameters are reached, you could have another program kick in that could track them down.
A $10K reward would definitely get people working together in novel ways. Imagine if several ISPs/homeusers/businesses started working together to track these fuckers down.
This is a really good idea.
There are lots of us who want to stop this kinda shit, but have no idea where/how to start.
And naturally there were extremely annoying ads on the page with the story. Pop-up too.
Wow, two Your Rights Online articles in a row. Our legal rights being threatened twice ine one hour. What kind of world are we living in?
I don't understand his objection to the RBL. It has checks and balances. It is democratic. Use of the RBL is volentary. It doesn't involve expensive court actions or investigations paid for by taxpayers. It takes no direct action. But if you don't play nice, then others may choose not to play with you. If you don't self-police, others stop listening. Its quite a stretch to say that "restricts the freedom of email" and that it has not "done anything except make e-mailing more difficult." The RBL sure hasn't made my emailing more difficult or restricted my freedom.
I think good laws would add to the effectiveness of the RBL, don't get me wrong. But to hear the spammers tell it, the RBL has made their cost of business much higher, so I wouldn't say it is a detriment.
Don't moderate flamebait as Troll. Know the difference or you will be Meta-moderated.
This is what I get for reading slashdot from a locked-down library PC. Man, that Overture popup is freaking annoying!
Ok, so does this mean that an email containing ANY advertisement within it must be prefixed with ADV:... what about the many legitimate mailing lists (for jokes, stock quotes, music/dvd/game schedules, etc), that use these banner-ads and text-ads within the message to fund their production (like 90% of the Web uses). The main content of the email is NOT unsolicited, yet it does contain unsolicited pieces.
Every SysAdmin in the world is going to automatically send any ADV: emails to the bit bucket, making the delivery of these types of lists a virtual nightmare (and subsequently causing them to go to a subscription model, meaning we lose even more of the wonderful freebies the Net is known for.)
To be fair, Lessig does point out that there needs to be human intervention, but I'm where is the line drawn?
...and if a fraction of the people (such as myself) who get that ADV e-mail set up an auto-reply ("Don't ever send me this shit again!"), the problem could get MUCH worse in terms of mail server loads...
Which can also be used to get rid of our good friend Berman.
I personally think the whole thing stinks. No one wants the RIAA snooping around on their machine, so how can you justify it being OK for hackers to snoop out spammers? Another brilliant Berman solution is all this is. This guy just needs to shut up.
Now I hate spam as much as the next guy, but there has to be another answer. I mean seriously, I'm still trying to find a way to get away from unsolicited phone calls and snail mail, I don't see much legislation going around trying to stop that.
"Alright. I'll kindnap him for 50, deprogram him for 50, and I'll kill him for 100!"
"No, just the first 2!"
"Alright, I'll throw in the killin' for free."
Finally, math books without any of that base 6 crap in them.
The real problem with this, however, is that spam is a volume based business. On a 10megabit line you can push spam to hundreds, if not thousands, of recipient a second (With a 2K message, this would give a theoretical maximum of 500 transmits/megabyte. With 20 recipients/transmit that would be ~10,000 recipients/second). If only one of those thousands of people is going to get the $10K, it's going to be like playing the lottery to get a bounty -- In other words, not worth it.
Far better than that would be $100/message recieved by a user with no limit on the number of fines. That way, a person would know that they would get some value from hunting down a spammer. Given that I get, perhaps, a dozen spams per day, tracking down a handfull of spammers each afternoon would keep me well fed.
OS Software is like love: The best way to make it grow is to give it away.
Once added to the list, there is no way to appeal the blocking or to fight such policies
:-)
This is bullshit, and he knows it, but he has to exaggerate and distort the truth in order to highlight his fashionable Bounty idea.
I inadvertedly ran an open relay and quickly ended up on Ordb, and rightfully, I might add. My mail server logs had this nice explanation given in the error message from other servers, complete with a helpful link explaining how to fix and get delisted (fix your server, resubmit its IP for checking, get automatically removed).
3 hours and a sendmail.cf later I was back with the good guys, and had this nice warm feeling
Vacuum cleaners suck. Kings rule.
Piett: "We don't need that scum!"
...[Stops at MAPS] ... no blackholing!"
Officer: "Yes, sir."
Vader: "A substantial reward will be offered to the one who captures the spammers. You are free to use any means necessary, but I want them alive
MAPS: "As you wish."
Granted we're all busy, we all could do the more well-meaning Internet a duty by checking the headers of even five or ten a day of those SPAM messages and submitting any open SMTP relays you find to at least one realtime blackhole list. This is what I've been doing for over a year. This is precisely what the article meant about e-mail vigilante-ism. You'd be surprised to find out how much of the SPAM you receive are sent through ill-configured mail relays.
It also quite likely means YOU have received one less SPAM message because of ME!
And how does one confirm a mail host is an open relay? I shall not explain, but if you know of telnet and a bit of Simple Mail Transfer Protocol, you could manually check this.
Quite honestly, if even half the Slashdot population did this sort of thing consistently for two weeks, the entire Internet could conceivably see a tremendous decrease in SPAM flow. Not impossible.
- IP
*starts loading his G3*
Ok, the top 10 spammers are basicly known entities. Whats hunting them down gonna do. They skip town, dont show up in court, etc. Unless we really mean hunting them down and killing them which I am in full support of, however unless I've missed something its still a tad on the illegal side in the United States. Paying a bounty to find them is all well and good but the courts dont do much about them even when you get them into court. These people are scum who hide thier identity constantly. They are good at it. Ok perhaps we can be better at finding them but they still skip out on court hearings all the time.
I dont think it will help any.
--- Always remember. 99.36% of all statistics are inaccurate.
SPEWS does not "block with any appeal allowed".
First of all, SPEWS doesn't block anything. SPEWS only provides the list of scumbags. Its users then decide what they do with the information. Some block Email, some flag Email for filtering by end users, some use the list as evidence of anti-spammer evils.
Second of all, there is an appeal process. The spammer just needs to stop spamming.
Thirdly, he seems to imply that it would be common to be listed in SPEWS by mistake. This is simply not true at all. Usually a spammer has to exhibit a pattern of abusive behavior to get listed. There appears to be a human process involved in getting listed by SPEWS, which seems to be very effective in weeding out mistakes and joe-jobs.
Proletariat of the world, unite to kill spammers. The slower, the better. The more painful, the better. Remember, knees first, so they can't run away.
In Soviet Russia, I ruled you
The real hotmail agressively fights spammers. I know, because I look at the unfiltered spam I receive (for submission to SpamCop and my private blacklist). Rarely do I get spam from hotmail IP addresses.
But I'm not sure about this. I'm having enough trouble getting email I WANT to receive, such as newsletters and mailed digests of newsgroups. Nitwits that forget that they signed up for a newsletter report the sender as a spammer and those stupid idiots at spamcop will block things like lockergnome and Fred Langa.
Who going to watch the watchers? Why can't _I_ deside what is spam and what isn't?
Am I the only one that is wondering if the fight against spam is causing more harm then good lately?
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
For $10K, I'd hunt spammers full time and I would probably make $200K+ / year, easily . It's usually rather easy to find who they are. Most of them don't really hide who they are and most of the ones that try, fail miserably. The very few that successfully hide their tracks usually have a M.O. that can be identified with the help of resources such as ROKSO (http://www.spamhaus.org/rokso/) or news.admin.net-abuse.email.
There's very few spammers that you can't track down nowadays. Even the most sneakiest ones can easily be tracked down by simply buying what they sell or pretending to be interested. Follow the money...
I sometimes send out order faxes to spamming scum and purposedly leave out the credit card number or obsfuscate it so that the scum has to call me back to get the payment information. Works every time. You can always count on the greediness of these people.
Proletariat of the world, unite to kill spammers.
The slower, the better. The more painful, the better.
In Soviet Russia, I ruled you
There is an attorney trying to collect using California's anti-spam law. The case has been all the way to the California Supreme Court, and is now back at the trial court level. This case has been going on for over two years now, and the plaintiff hasn't collected yet. But they will.
Growing a Spam Killing Community -- "The purpose of this article is to discuss how to eliminate spam through a community of spammer killers. Why take a passive role in spam elimination and why use up precious time and complex tools to track down one spammer? Instead, let's create a community of spammer hunters to track them down and wipe them out, using their own methods against them. Forget killing spam, let's kill the spammers."
How to Download YouTube Videos
Sounds like an excellent Idea. I have NO problems tracking down spamers. I'm welL practived at this game. Hahahaha! If they want YOUR money, then there is a way to get at them.
Now we have to define the rules and the terms of the game. I'll leave that up for someone else to do.
The problem isn't so much finding them, the problem is stopping them. Many major spammers are well known from what I've read, and even with massive work shutting down isp accounts etc, they just move on to the next one. Sure, as articles posted here on slashdot has revealed, it does cause them major pain (the spammers) and ups their cost in doing their shitty work, but it doesn't stop them. When you send out spam by the millions, even if you only get 1% of the receivers to buy into it, you're making good cash.
How about $50 for every garbage bucket you empty at their door instead ? Get enough people to do that (or spit in their face, but that's more my preference) or something similar, and they'd probably reconsider their line of "work". Seriously, I really think these people could use some real annoyance in their lives too, considering that they are annoying millions of people just by the click of a button. Bandwidth costs, time wasted downloading and deleting mail, etc.. add that up 20 million times and, well, you get the idea.
It's not working very well, because of weak enforcement. That may change after a few cases are litigated. I do see a hundred or so "ADV:" messages in my trash can right now, placed there by a rule, so it's doing something. But only about 2% of incoming spam is being junked by that rule.
Read the article. The 10k bounty for not labeling spam as spam isn't what you should be paying attention to. It's his attack on volunteer efforts to block spam relays, whom he calls "spam vigilantes", in the worst sense of the word. Essentially, he says that efforts to blackhole servers (presumably, because the admin of that server also needs to be whacked repeatedly with a cluestick) do more harm than good, and that we should just use filtering.
The 10k bounty is supposed to convince spammers to label their spam so we can effectively filter it.
Finished laughing? Let's dissect his thinking, shall we? He says we can handle spam just by making sure the spammers label it. This is the thinking behind a lot of bad legislation - it legitimizes it, instead of eradicating it. Second of all, he implies that vigilantism can work with government (finding spammers who don't comply with the ADV: rule) to fix what vigilantism by itself (blacklists) cannot do. Well, blacklists are meant to eliminate spammer havens - and we have plenty of anti-spam people hunting spammers as it is, FOR FREE. What the hell does he think 10k is going to do, if all the bounty-hunter does is turn the spammer's info over to the government? I mean, the FTC doesn't do much to the existing fax-spammers who are in violation of federal law. (The fax.com lawsuit was filed by a private individual, the FTC just levies paltry fines.) Or worse, what is the US government gonna do to foreign spammers who don't comply with our "label law"?
Essentially, Lessig says we should discard our current system of blocklists and anti-spam tech, in favor of simple client-side filters and a federal mandate to label spam, with a bounty to catch anyone who fails to label their spam. The threat is so feeble, and the undeserved side-effects so beneficial, I'm sure that spammers will love this idea.
It sounds like this effort will involve a tracing operation, digging in to find the systems, the software, and the people behind the spam.
What will the reward be for implicating the spam-enabling software vendors? One in particular that comes to mind is Elcomsoft. Will there be a $10K reward for dragging Dmitry's bizzness into court?
(note, the 'Advanced Email Extractor' tool linked to above used to be a link right on the elcomsoft.com web page, but that alternative 'MailUtilites' web page still comes up as one of the top five links in Google when you search on 'elcomsoft.' I suspect they're hiding their association with the 'mail utilites' product line to get geek sympathy. Spread the word, they sell tools to the spammers!)
It is widely known that Hotmail begain selling its email addresses to third parties (i.e. spam)!
Tired of Spam?
We are too. For just the low cost introductory rate of $9.95 a month, all spam in your inbox will be removed with our special software. It will also increase your penis size, get you an intern, fire your boss and help you get more women.
I'd like to become a spammer. It sounds like a good way to make money at someone elses expense.
Here is what my spam would say:
Dear Sir or Madam,
You are recieving this unsolicited email because your government has biased laws that favor large businesses rather than individual people. This, like all other unsolicited email has an opt-out mechanism. Just opt out and your name will be removed from the list. See bottom for details.
But you didn't ask for this mail, did you. Well too bad, there aren't any opt-in laws protecting you by making it illegal to send unsolicited commercial mail. Only opt-out laws. In most cases these are mere recommendations.
Why? Well because your bank, your car insurance company, your health insurance company and several other giant corporations prefer it this way.
But it's costing you time and money. Too bad. So Sad.
The only way it will change is if you make your voice heard. Send this to someone who gives a damn. When enough people give a damn the laws will change. (At that point you can stop sending it).
Until then, keep sending it around - after all, it is only SPAM.
To opt-out of receiving future emails please send a formal request. For security purposes we require with your First Name, middle initial, Last Name, social security number, mother's maiden name, date of birth, gender, kindergarten school teacher's name, address, license plate number, driver license number, checking account number, favorite color, and height. Request that fail to provide the above information, for security purposes will be disregarded.
because I have been enjoined by this Holy Office to abandon the false opinion which maintains that the Sun is the centre
After signing up, the number of unsolicited phone calls I get has dropped to zero.
Once again Lessig makes a good point. For more info, please purchase Lessig's books at Amazon....
3 75 726446/qid=1032917143/sr=8-1/ref=sr_8_1/102-311658 8-1026528?v=glance&n=507846
;) .
http://www.amazon.com/exec/obidos/tg/detail/-/0
No SpamAssassin code is going to filter this one
smd4985
So, for example, if Bill Gates sells some MS stock today, he can't buy MS stock tomorrow.
The way the SEC enforces this is very clever. The law is that any shareholder of the company can sue to nail a short swing trader. If the suit is successful, the short swing trader has to turn over to the company any profit they made, AND they have to pay the attorney fees of the suing shareholder. The profits are calculated in the least favorable (to the short swing trader) way--find the highest selling price he got in the last six months, and the lowest buying price...match those shares up, and count the difference as profit. So, if you buy at 100, sell at 90, buy at 80, and sell at 70, you have really lost 20, but as far as the short swing laws go, you made 10 (the sell at 90 less the buy at 80), and so you have to pay 10.
The final brilliant piece of the short swing law is that the shareholder who brings suit does NOT have to have been a shareholder at the time of the trading--they only have to be a shareholder at the time of the suit.
Combine that with the winner getting attorney fees, and what happens is that attorneys check the public records, find dumb corporate officers who tried to sneak in some short swing trading, go out and buy a share of the company to get standing to sue, and sue.
This has pretty much completely eliminated illegal short swing trading, with the SEC having to spend no money to track it down and enforce the law.
Who else thinks that the spam friendly ISP's will exploit this? What happens if your Spam account becomes overdue? What about the ISP's who want to make a quick dollar? It'd be a nice profitable way to get out of providing a spamming service.
"The big question in our lives is how to be at the same time a hedonist and in a hurry" - Alain Ducasse (?)
Block lists don't take any freedom from spammers. It never prevents them from sending all the e-mail they want. It's just that when it hits a server of someone that doesn't want to hear their speach, the "mute" button gets hit.
Why spammers think that keeping their message out of my inbox is restricting freedom of speech, I'll never understand. Are they not my eyes, are they not my ears? Can I not decide what I'll use my time to read, to hear, to think about? So what if it's the greatest thing since round wheels. If I choose to close my mind to it, trying to sell me the goose that lays golden eggs isn't going to overcome my "buyers resistance".
Not only are spammers stupid, they are persistantly stupid. In the Darwinan game of the Internet, they rank below the Doo-doo of the Do Do.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
And we thought Stanford Law School was just supposed to churn out legal scholarship. Stanford's CS department better watch out...
The good souls who fight spam on the Net should embrace the rule of law over the reign of code, and then turn their coding efforts toward assuring this law actually rules.
The "rule of law" though is limited by the jurisdiction of where the law applies. Unfortunately, spam is like pollution and knows no boundaries. We'll all have to wait for something along the lines of IRRITATE:
International
Ruling
Regarding
Inappropriate
Textual
Assemblages
Tainting
E-mail
For an overview of the spam problem, please see my paper.
'Hey Mr Spammer, I caught you, so now you gotta pay. I say so, the court says so, and we can always take it to Judge Judy. So pay.' 'Uh gee man, I don't got no money man.' In a word, I think the suggestion is naive 'talking head' stuff. If spammers are so good today at hiding their identities, why won't they be good at hiding their money?
One solution i've heard was to make emails computationially expensive. Like, if my mailserver doesn't recognize your address, you have to factor the product of a few smallish primes before it will deliver the message. Something not too nasty, but hopefully big enough that you can't just have lookup tables. If you're sending a message to 10 people, it takes maybe a few seconds. If you're sending to thousands of people, it takes longer. You could even set preferences for how ugly you want the factorization to be: if the headers all match up, it's addressed to one person, and there's no html or images or links, make 'em factor 2*7*13. If the subject contains 'debt' or is in all caps, or there are removal instructions in the body, they have to factor something that's almost crypto-grade.
Put in some work-arounds where someone can email a list admin for permission to mail the list, etc.
but not yet in the cyberworld. Whatever happened to "My right to swing my arm ends where the other man's nose begins" (it's paraphrased, sorry, and I hope not terribly mangled).
honestly, the question is valid, but I think the answer is that actually spam itself is an invation of privacy.
On the one hand, isn't it safe to assume that the spammer got my e-mail address through a breach of my privacy?
CH Kelley has some amusing postings in alt.stop.spamming. If everyone would follow his instructions for the toll free numbers he selects, it would get the message through to a few spammers.
Of course my idea of "make them pay" is perhaps a bit different than the norm. I'm not talking about finding out who they are so they can face the swift hand justice, I'm more of the though of finding out who they so they can face teh swift baseball bats of Guido and Nunzio who, when they're done, break the spammers' fingers so they can no longer type out those emails telling me how easy it is to buy my Viagra.
Hell, I'd be willing to contribute to a fund which promised such results. I want my mailbox back and I'm tired of coming up with new regular expressions to make the spam go away.
You definatly have a point. One thing I have noticed over the years is that you don't get spam on a particular e-mail account unless you do one of the following ***Use that account to create an account on a website. (you will get crap from them even if you uncheck all the boxes) ***Use that account to e-mail someone who likes to hit that one button in whatever e-mail program they use to e-mail everyone on their address book. (this button by the way should be renamed 'help everyone in my address book receive spam') I blame hotmail, and i blame every other web-based e-mail program, as well as windows based programs that have the default action as sending it with everyone's address in the TO, instead of BCC I learned this really quick, and i have had no problems with my current email addresses. I have a School assigned one that I give nobody I have an ISP one that I only give to people who aren't morons. I have a hotmail one that I give to the people who are morons (don't know of the existance of BCC) and I have a hotmail one for creating accounts. Guess which ones get the most Spam
New "Crossing Jordan" episode: a man is found dead, shot twice. The only clue is a can of Spam jammed in his mouth, unopened...
-- Terry
What I don't understand is why everyone always talk about it being impossible to catch the "smart" spammers. These people aren't sending this shit out for fun. Yeah, they forge headers, return addresses, & so forth. But why does that matter?
If they're sending these damn things out for commercial gain, at some point they have to get your money. They either have a website (which can be tracked down via the hosting ISP, DNS entries, shit - traceroute the bitch & call the next people upstream), or an address, or a phone number. That should get all of the stateside jackasses. Even the ones who host overseas can have the hurt put on them. They have to take credit cards or paypal or something. That means a paper trail & it means that Discover Card or Visa or whoever can lock them out.
All that leaves is chain mail (which is stupid, but sent by your buddies that you can tell to fuck off) and people after bank account info (such as Nigerian princes).
Honestly, why is it claimed to be so hard for spammers to be tracked down? For the average joe, yeah, it's hard. For those enforcing anti-spam laws it should be relatively easy (if a little tedious) to nab the majority. Can someone explain this?
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
In particular you assume that there is some right for "legitimate" advertisers to put their ads anywhere that they can think of. There isn't. Don't believe me? Then try to put up big billboards over The Grand Canyon.
And to most people, cutting out the slimeballs cuts out the run of the mill advertisers is a small loss. Actually for a lot of us it is a definite win.
Don't forget the article a few days ago about warpainting to show areas with unprotected wireless access. Spammers could email from there & claim it was the company violating the law, not them.
Most companies allow SMTP to relay from any internal address....
Hmmm......who's at fault?
The RBL has made life difficult for many companies. Once you are on their list it is difficult, sometimes impossible to get off.
In these days of high turnover in data centers, it is not uncommon to get an address that is on the list from someone else's abuse. Not to mention the fact that the RBL in particular has been known to make mistakes about what an "open relay" is - for a while every postfix installation was labeled as an open relay, simply because that software would "accept" relay messages, but then immediately trash them.
Furthermore, the RBL is NOT voluntary for the end user. Clueless sysadmins make the choice and rarely inform the users.
Ask any CEO, salesperson or small business man and they will tell you that they'd rather get 1000 spams a day than potentially miss one legitimate customer email.
If I'm granted immunity in all cases where I am responsible for the death of a spammer, and I receive $10,000 for each such death of my own doing, count me in. But if it's just 'turn them in, wah wah wah', then I'll have to pass.
Basically, the address harvester has a program that connects directly to the mail server of my ISP and 'sends' lots of identical (mostly empty and therefore quickest to send) messages through the connection, generating a different To: portion from 'words' likely to appear in a username for each message. Every time a message fails to go through, the harvester is notified, so for every message that DOES go through the program writes the To: e-mail address that was generated for that message to a file of valid addresses.
Based on my experience, if you get a blank message and don't know the sender you can usually expect to get many more messages from people you don't know in the future -- with no mistakes necessary on your part to do so.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
I'll never understand people who want to inflict pain and permanent disability over something as trivial as unwanted email.
Must be the effect of violent video games on the younger generation.
Think sir, how you would feel if someone you care about was attacked in such brutal manner, for a trivial perceived injustice.
The column is at CIO Insight. Wonder if it'll reach its audience there.
;)
This is slashdot, obviously, it has reached its audience
lone, dfx
I've thought about how to get rid of spammers..
Well, not get rid of, but make it less profitable..
We know that they generate their lists from scrapping websites like slashdot, netnews, and other communication channels..
WHat if we were to suddenly generate millions of fake email accounts, on non-existant domains.
With this, we less even more the possibility of someone actaully buying/reading the spam.. For example, if they have 1 million eemail addresses, and say 2 of those one million take the bait, then if we flood the list with another 1 million address, they're hit ratio goes down. Less hits, less profit.
The other thing this does is increase the amount of time and bandwidth necessary to send the emails. Since all our made up emails have bad domains, does it take a second or 2 to timeout? Slows them down.
And by non-existant domains, I dont mean aaa@thisREMOVETHISsucks.com... I mean stuff that could be a possible email address. like aaa@hungry-for-food.com or something.
Maybe if we flood the newsgroups and websites with completely bad info, we can make it not worth it for the spammers..
Slashdot is like Playboy: I read it for the articles
I'm more of the though of finding out who they so they can face teh swift baseball bats of Guido and Nunzio
lol.... nice to see someone else who reads the M.Y.T.H. series =)
$5 / month hosted VPS on linux = awesome!
Find their cars.
Put sugar or corn syrup in their gas tanks.
pour fish oil and rancid milk in their sunroofs so they get into the carpet.
Put water in their gas tanks.
Shove ball pearings in their mufflers.
Shove bannanas and potatoes in their exhausts.
Pour Nail polish remover on their car's paint.
Sandpaper their windshield.
Pour sulfuric or battery acid on their roofs.
Place sulfuric acid packs in their mufflers.
Spray sulfiric acid on their brakes, rims and paint.
On a hot day, put M&Ms or pennies on their paint.
Rip off their external mirrors.
Superglue or epoxy in their door locks.
Spraypaint all the car's glass.
Mix sulfiric acid with vaseline and apply it to the inside of the door handles.
Apply sulfric acid to the window seals.
With chipper pliers, clip the tire stems.
Make them pay.
- Zav - Imagine a Beowulf cluster of insensitive clods...
Please fix your sig. That's "One nation under God", without a comma. (Yes, it does change the meaning, and yes, it's important.)
Seeking redress?
What a shame!
Your faith is misplaced
in the RBL.
If we had their address,
and a name,
It would probably
take care of itself...
Or, a Limerick:
Send Congress home -- no laws need be made.
Save your money -- the price will be paid.
No judges, no jury,
have it done in a hurry,
A real life black hole -- get a spade.
How do you get off of SPEWS once you're listed incorrectly? There's no quick straightforward way.
definitely a brain fart.
the links in some spam that are something without even a full domain name? Usually a set of numbers with no dots or anything. If I recall it was something SIMILAR to http://11085523 (whatever it was). Pinging actually responded but ironically...with a non-routable IP address. Which is WEIRD since those are non-routable over the internet. Tracert would actually go around the country & hit a firewall somewhere.
Any idea how that was done so those can be blocked? It also just happened to be the open relay address....
So what if it forces a majority of the spammers into using the [ADV] tag in their Subject headers? What is that going to accomplish? Yes, most ISPs will instantly block anything with [ADV] in the subject header but the spammers will still be using bandwidth to bounce endless waves of spam off of your filters in an attempt to get at the remaining mail servers which don't filter for one reason or another!
Beyond that, an [ADV] flag is content. As the subject of this post points out: The fight against spam needs to be firmly grounded in a lack of consent -- not the slippery slope which any argument based on content quickly becomes!
It can't be just the first one. It has to be a bounty to everyone who tracks the spammer down and take them to court. Otherwise, it just wouldn't pay to do it. A better scheme:
1. Allow anyone to take spammers to small claims court for around $2K.
2. Make the person selling whatever is advertised in the spam be responsible for unless they are willing to file a criminal complaint against the spammer.
3. Explicitly make is illegal to advertise someone else's product without authorization (it's probably already illegal...). This is to enable #2.
4. If an ISP cannot identify the spammer, the ISP must pay the fine. This may already be the case, but making is explicit would help.
An engineer who ran for Congress. http://herbrobinson.us
E-Mail is distributed. There is no way you can establish and maintain such a system. You could require billing information be attached to each e-mail, and collect before finally delivering the mail, but the overhead would begin to make e-mail as expensive as postal mail, and nearly as slow. That's not to mention that people just wouldn't do it, so that e-mail provider would die off quickly.
Of course, if you actually want to stop spam, quickly, easilly, and without privacy problems, nor even a single law required, simply follow my how-to that I'm mentioning all the time. I still fail to see why everyone who reads it would much rather waste endless hours wresting with half-assed 'solutions', which can so easilly be defeated, as soon as spammers see it as a problem.
Spam is not a technical issue; it's a political one. The best way to eliminate spam is to make sure legislators worldwide can't get away from it, and get so pissed off at it they rise off their over-privileged butts and start doing something to stop it.
For obvious reasons, and "ADV" wont work. Now, Lessig makes the mistake of thinking that the US is the whole world. That's a very bad mistake. Another mistake is not to realize that my mailserver and bandwidth has suffered from the spam if I accept it. These costs are very large indeed. The only way to avoid this cost is that spam is never sent.
I've been a regular in NANAE for a long time (not right now), and I have supported RBL and SPEWS, and I still see many positive things about them.
Yet, I don't think people realize how much power they have, and what costs a mistake will have. Use of RBL and SPEWS is voluntary, so Lessigs "vigilantism" reference is highly inappropiate. But effectively, so many people are using them that an error on the part of us is too costly for those that it hits.
Mistakes are human, and we all make mistakes, but it is easier to make mistakes when you're not working full-time on an issue, when you don't have the time to research properly. Nevertheless, these mistakes are unacceptable. By mistakes I'm not talking about the RBLing of Peacefire. They chose to stand by scumbags and chose to go to the press rather than resolve it in a manner that everybody would benefit from. I'm talking like the case of Ed Felten's "Freedom to Tinker" experiences with SpamCop and the SPEWS listing of The Linux Kernel Archives. These are examples of things that should never happen. Most of us strive for many 9s of uptime, and can appreciate what it is like to be blocked for days. Traumatic, that's what it is. :-)
Yet, that is going to happen many times more if we continue with current practices.
I think the US needs good laws. Here in Norway we have a law that requires confirmed opt-in and bans business to consumer spam. It works quite well. While I get quite a lot of religous spam from US, I get nothing from Norway, though that is not regulated. It could be that the message is quite strong that spamming is unacceptable anyway, so even the morons don't spam.
While spammers can move off-shore, I wouldn't mind blocking whole countries untill they get good laws. Moving off-shore won't work.
It will not totally stop spam, but only totalitarian regimes want total solution to problems. With laws in place, we may get a spam a month, I don't mind as long as I can turn the spammer over to the justice system and let them decide whether he overstepped the boundaries or not. That's what the justice system is there for.
Now, Lessig's proposal is bad from another angle too, and that is that it to a great extent encourages vigilantism. I really don't want a bunch of script-kiddies running around trying to obtain evidence that some randomly accused person committed spamming. Joe-jobs happen a lot, I've been joed myself. True spamfighters know a joe-job when they see it, but a random script-kiddie out to make a fast $10k won't.
A US ban on spam is needed. Blacklists should be abandoned.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
Everyone is really hot about 'freedom of speech', and that's just fine with me. But can anyone tell me since when did the right to freedom of speech guarantee the speaker an audience??
As far as I know, I can stand on a street corner and say pretty much what I like, right? Or distribute pamphlets, say.
What I can't do, correct me if I'm wrong, is grab hold of a passerby and hold him still while I exercise my right to free speech. Nor can I grab people and stuff pamphlets into their pockets. Right? Speak, sure, but nobody has to listen.
So, getting on to spam, how is it that spammers can do the electronic equivalent of stuffing pamphlets into my pockets? Why is nobody advocating opt-in lists for those people that enjoy getting spam?
The opt-in list would be equivalent to me stopping and listening to the speaker on the street corner, willingly taking a pamphlet. And by opt-in, I'm talking about opt-in for a particular marketing company, not for all its affiliates as well. If I want to opt-in to the affiliates, I'll do so on a case by case basis, because they have interesting offers.
Somebody else talked about legislation legitimising spam - that's already been done, pal. I've received plenty of spam with notes at the bottom saying, 'this email is not deemed spam because it complies with USC....whatever'. Hah! It's spam and it's been legitimised already.
No, what's needed is legislation stating that spam can only be sent to people that volunteer to read it. Anything else is exactly the same as the street corner speaker stuffing pamphlets into my pockets. People say, 'well, you can just hit delete', to which the only real response is, 'why should I have to?' When an ad break happens on TV, I can just walk away, get a drink, take a pee, whatever. The 'just hit delete' crowd are telling me, 'nope, can't move, gotta watch that ad'.
OK, so I don't really think that opt-in legislation would work, but it would be a step in the right direction. Heavy fines and jail time for repeat spam offenders would be better. Make it uneconomical to continue in business. Ah, enough already. Spammers won't quit any more than politicans will keep election promises.. :)
To my experience (I am getting ~20 spam messages per day, compared to abhout 2-5 private ones, not counting mailing list messages which are pre-filtered to a local News server) setting up such a law is simply not worth it. Most spammers are not located in a country where such a law would apply. How would you want to sue a Chinese spammer for a fine of $10000? Do you assume the Chinese government would be interested in cooperating? More than half of the spam I get originates from China or Taiwan.
:-))
Spam is an international issue which can only be tackled with internationally. No existing law enforcement agency is able to do that.
Moreover, no law enforcement agency would be able to handle the huge number of cases. Most cases would simply never be dealt with.
On the other hand, I could make a living on haunting spammers if it worked.
So I will continue filtering my e-mail locally, and using community-based systems like SPEWS, ORDB, Spamcop, or Spamassassin. Nothing else works. Fighting spam with laws is like fighting terrorists or the guerilla with military forces.
A simple solution would be to identify repeated SPAM (i.e. University Diplomas) then host a website to collect payments using PayPal / Amazon Honour System or whatever to collect small donations from people who are fed up receiving the same crap all the time.
Use the money to hire a hitman to eliminate the originator.
I think this would make a great deterrent.
It made it as a slashdot headline, it's already reached it's audience.
Brings a whole new meaning to that phrase
You should've put "[ObStarWars ref]" in the subject line so I knew to skip over your comment!
The cancel-bots went on a strike to show the magnitude of the problem. Few people noticed the difference.
It is unclear whether this was because the ISP filters already take most of the spam, or because one of the major cancel-bots continued to operate.
In any case, it was a PR failure for the bot operators.
How does a spammer have any right to privacy?? The whole point of spam (ostensibly) is to _advertise_ yourself.
For that matter, the whole idea of e-mail is centered around sending information from yourself to one or more persons. Unless you're leaving an anonymous tip, they're not a whole lot of justification for hiding your identity. Would you trust random snail mail with no return address? Personally I'd be handing that one over to the bomb squad.
Privacy and advertising should be (and largely are) anti-thetical. If you're telling someone to buy something, tell them who you are. That's not a privacy violation, it's common sense.
As for this "promo[ting] a database state and t[ying] together all a person's Constutionally private information", RTFA. There's no talk of that at all. The only suggestion is using information in _the advertisement_ about the _advertising company_ to track them down. If Nike starts sending you junk mail, it's not violating their privacy to look up the address of their headquartes and ask them to stop.
The identity of a business is NOT private information. Any suggestion that this has anything to do with 'big brother'-style policy is absurd.
all those IP's in foreign countries don't listen to the FTC.
i happened across this page today. the site host lists email addresses of those who spam him... so bots find spammers ... and the spammers get spammed. nevermind the fact that the email address is prolly only used once before they move to another address. in the meantime... check out http://www.cardhouse.com/drcliff/wreck/shitlist.ht m
when you close the article, you get a pop up? I find pop ups more annoying than spam myself...
Up until 1954 or thereabouts, it was "one nation, indivisible".
There was no "under god".
There is no place for religion in our government (or there shouldn't be, anyway).
http://slashdot.org/comments.pl?sid=40147&cid=4281 516
Define solicited mail as for an American company as requiring an American company to provide opt-in. That way American companies cannot receive opt-ins from foreign companies.
If that kind of law passes, the spammers will just set up wholly owned American subsidiaries for the sole purpose of "opting in" spam targets. And if the law is written so as to exclude American companies wholly owned by foreign entities, then it also excludes legitimate outfits such as Nintendo and (once the settlement becomes final) possibly Microsoft.
Will I retire or break 10K?
I thought that once the DATA command was in progress, you couldn't interrupt it. So you'd probably have to take the data, anyhow unless you were willing to just drop the connection. And if you do that, the originating server is likely to just try again.
And after you get several pieces of spam from an IP address, you block/throttle connections from that IP address for 24 hours. Does that break any RFCs?
Will I retire or break 10K?
Spam could be fought and cut down drastically. All we need is to rally the industry behind the effort. Sure, a little will always get through. But mostly, it will be due to luck. I don't buy the argument about "smarter" spammers. If they were good enough to consistently defeat well engineered systems, they'd be good enough to get a real job doing something else that pays a lot better.
:-)
C'mon, look at the spam you get. It's real bottom feeder stuff. It probably makes some money for someone, but I can guarantee no one's getting rich. If you really believe it's possible, then I have a great way for you to make money. Have you heard the good news about Herbalife?
This is one of the most ironic and ultimately annyoing things for me. Recently, I've been getting more spam from companies sending anti-spam or anti-popup products. In addition, I get popups advertising the same.
One would think that it doesn't take a brain surgeon to realize that people who dislike spam/popups are going to be doubly annoyed by spam/popups advertising anti-spam/popup solutions.
Subject: RE: Penis enlargement
Body: Cheap way to remove your head from your ass...
- phorm
I thought he was supposed to be one of the good guys... obviously I was wrong. What a moron.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
Here is a Business 2.0 article on Lessig's idea.
(copy/pasted below):
Utility on the Bounty
Issue: August 2000
Print Article | Email This Article
If bounties helped free the Wild West of outlaws, why not use them to liberate the Net frontier from spammers? That's what Stanford University law professor Lawrence Lessig proposed last May at the Spam Summit 2000 in Washington, D.C.
Lessig's idea rests on legislation requiring valid labels on unsolicited commercial email--or spam. The spammers who break this code would be fair game for bounty hunters, who could track the culprits and collect rewards based on the amounts ISPs would expect to recover in court. Individuals could get in on the action by forwarding their "outlaw" spam to companies set up to trace the messages.
"We have to be more pragmatic and experimental in our approach," says Lessig, adding that a bounty system might also bridge the gap between the legislation camp and the technology camp on how to curtail encroaching spam, which cost ISPs millions per year just to keep to a slow stampede.
Congress is working on a spam bill that requires labeling but also gives ISPs the right to enforce their own spam policies in civil court, something Lessig views as disastrous because it would require emailers to know the individual policies of ISPs.
As for a bounty? "We already have a lot of intelligent people who spend time tracking down spammers pro bono," says John Mozena, co-founder and vice president of the Coalition Against Unsolicited Commercial Email. "When you throw money into the equation, you start running the risk of vigilantism. I don't think that would be productive." In the eyes of some, though, running spammers out of town might not be so bad.