Lessig On Bounties For Spamhunters

An anonymous reader submits: "Digital rights (as in yours, not the RIAA's) guru Lawrence Lessig comes up with a Swiftian idea of how to fight spammers -- $10,000 for the first ubergeek to hunt the offender down. The column is at CIO Insight. Wonder if it'll reach its audience there."

How much...

[T3kno]

How much would I get if I blew up the building that housed hotmail.com?

Re:How much...

[Tackhead]

> How much would I get if I blew up the building that housed hotmail.com?

Nothing. The spam doesn't come from Hotmail. Spammers forge hotmail.com dropboxes into the headers, but typically spam through dedicated machines hosted by spam-friendly providers.

If someone were to go apeshit with a SuperSoaker full of saline solution in ELI.NET's or Level3's datacenter, for instance, your load of inbound spam would probably decrease substantially.

There are some "ISPs" allegedly in Mexico and Brazil (but hosted via US-based backbones) that are no more than spammer fronts.

Re:How much...

[fliplap]

Translation: I got owned by some 10 year old with netbus who stole my geocities password and replaced pictures of my wife with pictures of tranvestites.

well, it's a start

[Em+Emalb]

but it will only catch the stupid ones. The "smarter" ones, and I use the term loosely, will endure.

Re:well, it's a start

[Vinum]

Hmm... that kind of gave me a crazy idea.. but I am sure a lot of these spammers are also into credit card fraud. A corporation like VISA could collect spam and use a dummy credit card number that would validate normally... except that instead of them getting a check with money at the end of the month... the companies ability to clear cards through visa would be revoked. Furthermore, if the government would just make spam a freaking crime... this would be a nice way to bust the people doing this stuff..

Because face it, most of these spammers are located in America even if they are going through Chinese relays and such.

I am sure someone will reply to this and give me 10 reasons why this will never work. But either way, its fun for discussion. :)

Take a lesson from astronomy

[PD]

The first one to find a spammer gets to name it. Well, maybe not such a good idea after all...

The opposite is needed

[PD]

For a period of one month, all filters on spam and spam hunting should be suspended. Part of the problem is that anti-spam activities are masking the true magnitude of the problem. A wake-up call is needed. When people realize just how much spam is being sent out, the villagers will take to the streets with pitchforks and torches.

Re:The opposite is needed

[taernim]

In a related story:

tired of spam?
we am sure you are too! my government has agreed to pay the sum of $34,004,267 to help you fight these spam persons. yes, it sounds much too good. but yes, this is truth. if you would like to join the fight, we only need your bank routing number and complete address. we will soon win by helping you help us help you.

(Check out this article if you somehow miss the irony...)

uhh, missing something here

[Telastyn]

from the article:

But at least with the spam problem, there is a much simpler solution that, so far, Congress has failed to see. Imagine a law that had two parts--a labeling part and a bounty part. Part A says that any unsolicited commercial e-mail must include in its subject line the tag [ADV:]. Part B says that the first person to track down a spammer violating the labeling requirement will, upon providing proof to the Federal Trade Commission, be entitled to $10,000 to be paid by the spammer.

From California Spam law:

(g) In the case of e-mail that consists of unsolicited advertising material for the lease, sale, rental, gift offer, or other disposition of any realty, goods, services, or extension of credit, the subject line of each and every message shall include "ADV:" as the first four characters. If these messages contain information that consists of unsolicited advertising material for the lease, sale, rental, gift offer, or other disposition of any realty, goods, services, or extension of credit, that may only be viewed, purchased, rented, leased, or held in possession by an individual 18 years of age and older, the subject line of each and every message shall include "ADV:ADLT" as the first eight characters.

and

(f) (1) In addition to any other action available under law, any electronic mail service provider whose policy on unsolicited electronic mail advertisements is violated as provided in this section may bring a civil action to recover the actual monetary loss suffered by that provider by reason of that violation, or liquidated damages of fifty dollars ($50) for each electronic mail message initiated or delivered in violation of this section, up to a maximum of twenty-five thousand dollars ($25,000) per day, whichever amount is greater.

Very similar...

Re:uhh, missing something here

[Alsee]

($50) for each electronic mail message initiated or delivered in violation of this section, up to a maximum of twenty-five thousand dollars ($25,000) per day

That part of the law is severely broken. They hit the $25,000 cap after the first 500 spams per day. The bigger spammers send MILLIONS of spams per day. At 1 millions spams per day the fine is 2.5 cents per spam, and at 10 millions spams per day the fine is one-fourth of a cent.

As they can crank up the volume of spam the fine approaches zero. The fine becomes an acceptable cost of doing bussiness.

Before anyone replies to point out the phrase "whichever amount is greater", that phrase reffers to proving "actual monetary loss suffered" which aint gonna happen.

-

First Caught Spammer

[DarkHelmet]

I have a bunch of female friends that forward letters endlessly to the point that they're no longer my friends. I'd love to put one of their heads on a stick and turn them in for 10k. Do they count? :)

This problem cannot be solved!

[FreeLinux]

The thing is that SPAM works! If it wasn't profitable no one would bother with it but, it is profitable. Highly profitable! So long as people keep buying from spammers spam will continue to infest the internet.

Just like the Nigerian money scam, so long as people continue to fall for it, it will continue to circulate. Blacklists and other technology solutions will never be able to keep out all the spam. Legislation will never be effective against it. The only way to make it die is for people to stop buying from it and so far, it seems that there are far too many people who are insecure about their penis size for the spam to stop.

Re:This problem cannot be solved!

[Alsee]

The problem with spam is that the cost is basicly zero per-message. $X to send Y pieces of spam, X divided by Y works out to zero point zero cents per spam.

The only way to make it die is for people to stop buying from it

Not possible. Spam works at a response rate of 1 in 10,000. The general population contains a far higher rate of mental illness, senility, and retardation, not to mention just plain gullibility and stupidity.

To to missquote something P.T. Barnum never said,
The internet: a million suckers log on every minute.

It seems to me that the only solution will come by a switch over to a new E-mail system that can link a non negligible co$t to all E-mail, or just to offending E-mail. This could be done with crypographicly signed "stamps".

Would you be willing to attach 2 cents to each E-mail where the recipient of the mail gets the money? Send mail to your friend and he gets 2 cents, he send you mail and you get the 2 cents back.

The other proposal I saw has much more expensive stamps, from 32 cents up to a few dollars. In that plan you you can keep re-using your stamps unless the recipient "redeems" the stamp. The idea is that it is generally "rude" to redeem a stamp. If you get legitimate mail from a friend or stranger you do nothing and it costs the sender nothing, if you get spam or otherwise offensive mail you click a button to redeem the stamp and the sender is out the money.

-

it's a stretch to claim that spam is a right

[keithmoore]

I don't think that spam is a right any more than driving around in a loudspeaker-laden truck that is playing incessant advertisements in the middle of the night is a right. and I don't think that spammers have any more right to privacy than others who disturb the peace or engage in petty theft. the public has a greater interest in having the names of accused be in the public record than in keeping their names secret. (this actually helps discourage false accusations by the government)

having said that, it's also clear that having a way to identify the source of a potential spam would create serious privacy concerns - what's to stop that method from being used to identify the source of any email? nor does "identifying the spammer" seem to be as useful as "marginalizing the spammer" - i.e. making sure that spammers are likely to have to pay so dearly that it's not profitable for them. strictly speaking, we may not need to identify them to achieve this result.

so what we really need is a way to marginalize real spammers without sacrificing others' privacy rights in the process.

RBL bad?

[phriedom]

I don't understand his objection to the RBL. It has checks and balances. It is democratic. Use of the RBL is volentary. It doesn't involve expensive court actions or investigations paid for by taxpayers. It takes no direct action. But if you don't play nice, then others may choose not to play with you. If you don't self-police, others stop listening. Its quite a stretch to say that "restricts the freedom of email" and that it has not "done anything except make e-mailing more difficult." The RBL sure hasn't made my emailing more difficult or restricted my freedom.

I think good laws would add to the effectiveness of the RBL, don't get me wrong. But to hear the spammers tell it, the RBL has made their cost of business much higher, so I wouldn't say it is a detriment.

Here's MY deal.

[unicron]

"Alright. I'll kindnap him for 50, deprogram him for 50, and I'll kill him for 100!"

"No, just the first 2!"

"Alright, I'll throw in the killin' for free."

What an asshole

[Gruturo]

Once added to the list, there is no way to appeal the blocking or to fight such policies

This is bullshit, and he knows it, but he has to exaggerate and distort the truth in order to highlight his fashionable Bounty idea.
I inadvertedly ran an open relay and quickly ended up on Ordb, and rightfully, I might add. My mail server logs had this nice explanation given in the error message from other servers, complete with a helpful link explaining how to fix and get delisted (fix your server, resubmit its IP for checking, get automatically removed).

3 hours and a sendmail.cf later I was back with the good guys, and had this nice warm feeling :-)

Re:What an asshole

[hysterion]

Once added to the list, there is no way to appeal the blocking or to fight such policies

This is bullshit, and he knows it, but he has to exaggerate and distort the truth in order to highlight his fashionable Bounty idea. I inadvertedly ran an open relay and quickly ended up on Ordb [ordb.org],

This is out-of-context, selective quoting, and you know it, since right after this he continues with: ``Sometimes, the spam vigilantes offer people a way to appeal, but not always. Spews.org, for example, blocks without any appeal allowed.'' So,

• He does nuance his assertions. You `exaggerate and distort' them.
• He's talking about Spews.org, not Ordb.org.