Will Bounties Cure The Spam Problem?

An anonymous reader writes with a pointer to a piece in today's Mercury News about Lawrence Lessig's proposed spam-bounty legislation, excerpting: "If the law passes, citizens could be eligible for rewards of thousands of dollars or more if they're the first to provide the government with proof and the identity of offending spammers."

all i can say is

[DrWhizBang]

show me the money.

Re:all i can say is

Hello, Slashdot, may I help you?

Yes. Please transfer me to your legal department.

I'm afraid our attorney isn't here in the store, can I help you with something?

You better. I'm going to be sending you my hospital bill and you have to replace the monitor for my computer.

What happened, sir?

I was reading slashdot.org while I was taking a bath.

In the bath?

I had a table in the bathroom. But the mouse fell in the water and when I went to get it, the monitor cable got tangled up. It fell in too and I got terribly shocked!

And you want us to pay for it?

Just get me in touch with your legal people. They'll handle it.

Re:all i can say is

hmmmm.

this could be a bad model.

what if the RIAA uses it on file traders.

you'll have some kids turning in others.

mp3 bounty hunters....great.

then the pissed off kid kills the bounty hunter.

Re:all i can say is

[Jonathan+the+Nerd]

then the pissed off kid kills the bounty hunter.

Then twenty years later, George Lucas releases new footage of the incident that clearly shows the bounty hunter fired first, even though everyone who saw the original swears it didn't happen that way.

Re:all i can say is

The only problem here is that the "pissed off kid" won't be alive in order to kill the bounty hunter. If the RIAA, evil rat bastards, puts a bounty on you for mp3 trading, it will be for your head, not for prosecution.

Two words immediately spring to mind....

[mark-t]

"Prisoner Dilemna"

YEEHAW!!!!!!

[spoonist]

SADDLE UP, BOYS!

I'M PUTTIN' ME TOGETHER A POSSE!

We're gonna round up them bandwidth rustlers and get us the bounty!

Re:YEEHAW!!!!!!

[H310iSe]

but pa, howdowhe know which ones to round up? I mean, whose a gonna say whose a spammer and who'se just some wetbehindthears adMIN-nostrator with one of those there open relays? I mean to say that I know when I'm looking at porn (you know that olde sayin' about how to tell porn from art?) but spam ... say I russle up some of those there Real Audio executive, for example, now I'd say their tricky sign up where the check boxes for 'send me spam' are hidden below the margin in a combo box so's you have to scroll down to see 'em, them there's a deceitful practice leadin to some unwanted email. Should we shoot 'em?

Sure, i rekon anything from Nigeria, Viagra, Pam who wants me to see her boobies or penis stretchin devices are spam, no question. After that I get somewhat confused...

Re:YEEHAW!!!!!!

[doktor-hladnjak]

Hmmm... Perhaps, we've stumbled on a new opportunity for unemployed Slashdotters.

Setting: cocktail party

"So what do you do for a living?"
"I'm a bounty hunter--a spammer bounty hunter."

How cool would that look on a resume? Boring freelancers and consultants eat your hearts out!

Lovely idea...

[johny_qst]

but what proof must the prompt geek provide that he hasn't 'trespassed' on others systems? would this type of legislation just create a lot of crap civil-litigation?

bounty hunters

[Frostalicious]

Sounds pretty much like outlaw bounties from the old west. This system has been successful for over a hundred years and there is a large modern day bounty hunter business. The same could work for spam.

Re:bounty hunters

[MrLint]

Hmm bounties for spammers? I wonder if i can get a mesage off to the Bebop and get radcial edward on the case:)

Re:Bounty Hunters

[stefanlasiewski]

After seeing Jango Fett in Attack of the Clones, I don't think spammers have anything to worry about.

After about 5 minutes, Jango will have lost his rocket pack, will be ungracefully knocked over by a giant 3-horned lizard, and after a few more minutes of him bumbling around, his head will be cut off by a lightsaber in a very anti-climatic moment 2/3 though the movie ...

That's an easy one...

[bergeron76]

Mike Wendland - public enemy number 1.

Now where do I pick up that check...?

Re:That's an easy one...

Take the time to read..., next time...he's the author

Re:That's an easy one...

[slasher+guy]

Ralsky, meanwhile, is looking at new technology. Recently he's been talking to two computer programmers in Romania who have developed what could be called stealth spam.

It is intricate computer software, said Ralsky, that can detect computers that are online and then be programmed to flash them a pop-up ad, much like the kind that display whenever a particular Web site is opened.

"This is even better," he said. "You don't have to be on a Web site at all. You can just have your computer on, connected to the Internet, reading e-mail or just idling and, bam, this program detects your presence and up pops the message on your screen, past firewalls, past anti-spam programs, past anything.

Isn't this impossible? Maybe he means winpop-up :-)

Re:That's an easy one...

It's not impossible, he just has to have a root exploit of some sort.

'Course, if Ralsky doesn't like the attention he gets from "legal" spamming, just wait 'till he tries his "hack-n-pop" method. Just ask Kevin Mitnick if the Feds don't take that shit seriously.

Re:That's an easy one...

[Bendy+Chief]

Ralsky is an idiot. Those Romanians sold him snake oil. It's just run-of-the-mill Messenger popup spam, (not MSN Messenger, the administrative service) which is easily blocked by disabling the service, or by installing virtually any firewall on the face of the planet.

"Past anything" my ass.

Yarr!

I'm off to get me some booty! what? oh. yarr! bounty it is!

Well...

[Avsen]

It could cause a lot of problems to those who spammers masquerade as -- since most spammers don't use their real emails. We could end up with innocent individuals with bounty charges because the spammer forged their emails.

Re:Well...

[jaxle]

Well if the summary of the post is correct it wouldn't be a bounty on the spammers head... it would be a reward for the person who provides PROOF that a spammer is a spammer. This wouldn't put innocent people in danger of being screwed (probably...). This would probably encourage people involved in spamming to screw over their superiors and get sum cash dollas while at it. Or do they work alone? Hell if I know.

Re:Well...

[anonymous+loser]

I don't really believe that would be as big an issue as you imply. Spammers' Achilllies Heel is that they (or those who use them) *must* provide some tracable contact information in order to get your money. Sure, the email address might be spoofed, but since most people (especially law enforcement) already know this, it will probably be disregarded unless it happens to correlate with all the other evidence.

The same thing happens with snail mail, e.g. when someone sends a threatening letter. I'm sure they check out the return address on the envelope, interview the folks, etc., but they probably don't throw whoever's address in on there in jail unless there's plenty of other supporting evidence.

Re:Well...

[firewood]

I don't really believe that would be as big an issue as you imply. Spammers' Achilllies Heel is that they (or those who use them) *must* provide some tracable contact information in order to get your money.

But they don't always have to ask for the money to be sent to them. If they mix random victims addresses in with their own send-me-money addresses, they'll get lots of citizens screaming to vote down this law as harrassment.

Re:Well...

[greenrd]

If they mix random victims addresses in with their own send-me-money addresses, they'll get lots of citizens screaming to vote down this law as harrassment.

Uh, who's doing the harrassing here?

The spammers are, not the law - and that is harrassment (I say "is" not "would" because they already do it) irrespective of whether any anti-spam laws exist.

At best, they'll be calling for the spammers head's for framing them - not calling for repealing in the law.

Besides, it should still be possible to track down the real culprit, if a lot of his/her "customers" send in complaints to some central processing center - such as SpamCop.net.

Proof?

[jasonditz]

"If the law passes, citizens could be eligible for rewards of thousands of dollars or more if they're the first to provide the government with proof and the identity of offending spammers."

Proof? What year do they think this is?!

Hasn't it already been established that the act of accusing them is proof enough? Send them to Guantanamo Bay, they'll confess in due course.

Re:Proof?

[RLiegh]

1983?

Re:Proof?

[MBCook]

This is why we need to be able to use spectral evidence. I'll say right now last night a spectare came to my house and put spam in my e-mail box. I'll say that at any trial for anyone. It will only cost you $5.

Re:Proof?

[sik0fewl]

I think that if each of us forwards all of our spam to these guys then that should be proof enough. At least, that's what I'm planning on doing.

Re:Proof?

I don't understand all this. Back when the USA wanted to implement the "rat out your neighbour if you think he might be a terrorist" plan, everyone was up in arms about it.

But now, the equally useless "rat out your neighbour ifyou think he might be a spammer" plan, everyone is sharpening up their swords. Huh?

Re:Proof?

[abhisarda]

Ok..if this becomes a law, then the law enforcement agencies will be compelled to help track the spammer. The person who receives the spam will contact the police, who in turn will ask the ISP(of the spammer) for details.

Now that this law is proposing thousands of dollars in bounties. It is not difficult to envisage spam bounty help centres opening up(true american entrepreneurship ;)) who will help track down the identities of the spammers for a cut from the bounty-say 30 %.
People would be more than willing to agree to that if they they are assured of results.

Now assuming this will be successful, spammers would have to move their bases offshore. How will we deal with that? I don't know.

Re:Proof?

Well this law is heading in the right direction.
So what do you get for turing in a spammer's head? (imagines Battle angel style wars between spammers and high tech bounty hunters)

Re:Proof?

[kesuki]

Well you see, terrorists generally kill thier victims. Spammers on the other hand merely harrass them and bombard them with countless pointless commercial messages of no use to them.
So you see, Spammers are much more succeptible to the lynching effect, as their victims are left alive, with voices, and inboxes they can't be bothered with to wade through!
Terrorists only blow up people and/or buildings, mostly in new york city, or overseas. So you see, terrorists are not nearly as bad as spammers.

Re:Proof?

[Realistic_Dragon]

"Now assuming this will be successful, spammers would have to move their bases offshore. How will we deal with that? I don't know."

Hell, as long as they move them somewhere with no due process of law and a $50 fine for executing a dirty worthless spammer, I think that we will win big time ;o)

Re:Proof?

[instarx]

Accuse!? This is 2003! You don't even have to accuse anyone of anything - you can just call them material witnesses. Hell, just throw some people in prison and send me the bounty money.

Re:Proof?

It's media-whoring by some polititian, because they know spam is the number one public enemy. they want solid proof because no-one can provide any, and they know it. this is (as per typical re: politicians) is nothing but a propoganda based guesture that means nothing but hype. it is effectively, worthless. (as is most garbage that arises from politics).

Re:Proof?

[Mike1024]

Hey,

Now assuming this will be successful, spammers would have to move their bases offshore. How will we deal with that? I don't know.

How about a no questions asked spammer bounty program?

DNA technology could cut the transport costs as well. Just mail back the scalp, and if it suggests an appearance that matches the spammer, pay out 100 gold.

Michael

ok sure

And then how long before this plan is turned against p2p file sharers?

Do you really want the government to go there?

Re:ok sure

[harlows_monkeys]

And then how long before this plan is turned against p2p file sharers?

How would that be a problem?

I'm skeptical....

[mark-t]

The same plan could be used to find people who illegally copy music or who pirate software, but that isn't going to happen anytime soon, is it?

Nope... this is a waste of time for them to even be talking about.

Re:I'm skeptical....

[Evil+Adrian]

Not really. If you can make money for it, then you are more likely to turn people in.

Hell, if I found out someone I knew was spamming or pirating thousands of MP3's, I'd turn them in for free, cuz it sickens me.

Re:I'm skeptical....

[lommer]

I doubt it would be nearly as effective in that regard, as pirating mp3s is not something that the public seems to care about (let alone the fact that a large percentage partake). Spam, however, is something that really pisses people off and a little extra incentive might be all that's needed to get some technologically inclined bounty hunting groups to actively pursue spammers...

Re:I'm skeptical....

I think the difference is in the numbers. Maybe there are 20 really bad spammers out there. There are 20M people that think it's ok to share illegal music on p2p networks.

Bounty Hunters

[boatboy]

Isn't that how Jango Fett got started???

Purpose of Spam

One of the problems is the hiding of origin. Many spam laws make such lying specifically illegal, but can be hard to enforce.

Let's remember that business spam has to offer some way for a victim to buy the item which is being advertised. That invites a subpoena to search that business for evidence that they hired the spammer...if laws accept that as sufficient evidence.

There is the problem of a competitor sending spam which advertises stuff from someone else, to cause problems for someone else.

And some things are distributed -- like spam which promotes some worthless stock and tries to make the stock price rise. Any of the current stock holders could have hired the spammer.

Re:Purpose of Spam

[amber_lux]

to buy the item which is being advertised.

For some items, yes. For stock scams, and the like, no. Just blast 10 000 000 emails out, and enough idiots will buy the stock in question to push the price up. Spammer sells his stock at a profit, and is virtually untraceable.

if laws accept that as sufficient evidence.

Washington State has statutory damaages of $500 for spamming. People can sue the spammer, once they track them down. The problems are:

• Proving that the forged header was really sent by the spammer.
• Getting a judge in small claims court to accept your case.
• Convincing the judge that the case is serious.
• Convincing the judge that the case is not frivolous. At least one judge is on record as stating that these ( anti-spammer ) suits are frivolous, and she will dismiss them on request.
• If, after all that, one wins the case, the problem is one of collecting the judgement amount.
• And since spammers use shells of shells of shells, where is the government going to get the money from, if it can not find the money from the spammer.

Basically, a nice idea, but based upon experience in Washington, and other places where spammers can be sued, there are some problems with the idea.

a competitor sending spam which advertises stuff from someone else, to cause problems for someone else.

Joe-Jobbing the competition.

That is a current practice of the florida scumbags. Their competition being the people who run SPEWS, MAPS, etc.

Wind under Thy Wings

Amber

Re:Purpose of Spam

[Mr+Foot]

Hey Amber, did you even read the post that you replied to? Original Post: "like spam which promotes some worthless stock and tries to make the stock price rise. Any of the current stock holders could have hired the spammer." Your Post: " For stock scams, and the like, no. Just blast 10 000 000 emails out, and enough idiots will buy the stock in question to push the price up. Spammer sells his stock at a profit, and is virtually untraceable."

Re:Purpose of Spam

[Michael+Hunt]

I'm not sure about the SEC in America, but over here (Oz,) ASIC would spend significant time and resources tracking Pump'n'dump spammers because they're an over-funded government body with not a hell of a lot else to do apart from sue and arrest people (www.asic.gov.au).

Now, as far as sending out untracable emails; sure, there's no motive to indisputably link a real world entity with the spammer, as you quite correctly said that it could have been any of the shareholders (or contractors thereto) who sent the message.

You'll always be able to trace a spam back to an IP address, though, more or less. A few scenarios:

o Open relay is used, with forged headers. Forged headers are almost invariably insubtle and easy to determine. For instance:

Received: from open.relay.net (spambag.relay.net [192.168.0.1]) by smtp.victim.com for uid 1001 (date)
Received: from dialup.spambag.net dialup.spambag.net [192.168.10.10]) by open.relay.net (8.11.2/8.11.4) id f00 (date)
(fake received headers follow)

It's usually fairly easy to trace the spam back to an originator, and from there to a real person (based on the co-operation of the ISP; most ISPs in Australia would co-operate with ASIC, especially post One-Tel/One-Net)

o Formmail.pl or equivalent is used: the victim's mail server or the webserver's smarthost will show a connection from the webserver's IP. Subpoena the web logs. If needed, subpoena the spammer's proxy logs (if the HTTP connection came therefrom.)

o An open socks proxy is used (these usually don't leave a mark in the header, in fact, most of the time you're unlikely to know that spam has been forwarded from such.) Fortunately, most spammers aren't this subtle, and open proxies have a habit of disappearing overnight when people realise what they've done. A visit from the securities cops will usually bring this to people's attention :)

An unspoofable "From:" field would be a start

Average Joe is just starting to realize that the "From:" field on e-mails is like the return address on an envelope, you could write whatever you want.

But there's no reason why electronic mail cannot be better than snail mail in that respect. Make the "From:" field unspoofable!

Re:An unspoofable "From:" field would be a start

[EvilNTUser]

"But there's no reason why electronic mail cannot be better than snail mail in that respect. Make the "From:" field unspoofable!"

No. There's a valid reason behind that feature. I don't want to have to check a large number of accounts for incoming mail just because I use different mail servers to send email depending on where I'm located.

Re:An unspoofable "From:" field would be a start

[mark-t]

Er... why should you have to? Can't you set mail at all these other accounts to forward directly to one?

Re:An unspoofable "From:" field would be a start

Um, "Reply-To:"?

Re:An unspoofable "From:" field would be a start

[EvilNTUser]

Yes, but what if I want to cancel one of those accounts...

Re:An unspoofable "From:" field would be a start

[EvilNTUser]

Indeed. Sorry for my stupidity.

Re:Yarr! (corrected post)

'm off to get me some booty! what? oh. yarr! bounty it is!

I prefer this version...

[exhilaration]

"If the law passes, citizens could be eligible for rewards of thousands of dollars or more if they're the first to provide the government with the scalps or the severed heads of offending spammers."

Re:I prefer this version...

[LX.onesizebigger]

WANTED:
Spammers - dead or... dead will do.

Re:I prefer this version...

-- LADIES @ NJ/NYC: 23 YEAR OLD GUY SEEKS YOU!
--so I thought I'd give Slashdot a try.

Yep, we know /. is just teaming with women.

--Average weight, average height, average looks

Is that supposed to be a nice way to say that you are short, fat and bald?

--I'm non-white, so feel free to hit the "back" button if that's a problem.

Yeah that helps. Does that mean Hispanic, Black, Asian, Eskimo? Why are you too ashamed of your race to even list it, other than "non-white"?

Re:I prefer this version...

[DietHacker]

Yeah that helps. Does that mean Hispanic, Black, Asian, Eskimo? Why are you too ashamed of your race to even list it, other than "non-white"?

Maybe his mother doesn't remember?

One important question.

Dead or alive?

Re:One important question.

MAKE PARENT SLASHDOT POLL!

Crimestoppers - America's Most Wanted

[dan.hunt]

Well I can see it now: "Tonight on America's Most Wanted, spammers." or in Canada "I'm Constable Bob of the RCMP, we are requesting your assistance in solving the spam problem."

Not likley. Rewards will not work any better than penalties. But I do like the idea of 2 year sentence of no telecomunication devices for spammers.

Nah, Never mind.

Cool

[Elpacoloco]

I believe this will bring and end to the profit motive of spam -- break the law and it will cost you. And it will not cost you a piddling $50, as in the California, Washington, and other state laws. Oh no. It will cost you a thousand PER OFFENSE.

You better believe spammers will want to do things the legal way.

Re:Cool

[SexyTr0llGal]

And it will not cost you a piddling $50, as in the California, Washington, and other state laws. What are you talking about? It's $500, not $50.

If there was a real bounty...

[jpt.d]

Dead or Alive I think spam would quite possibly be a thing of the past from citizens of the country. It may take a few people to loose their heads under the guilotine, but some iron maidens could be used too.

Re:If there was a real bounty...

[RLiegh]

Dead or Alive I think spam would quite possibly be a thing of the past from citizens of the country. It may take a few people to loose their heads under the guilotine, but some iron maidens could be used too.

Judas Priest! I think you may be on to something!

Foreign Spam

[duckbillplatypus]

I guess this law will help halt spam from foreign servers as well, because people in other countries respect our laws.

Re:Foreign Spam

Most of my spam comes from servers in China. What are the chances of China respecting US law?

Re:Foreign Spam

[MechaStreisand]

Yes... SERVERS in China. I'll bet that many or most of the spammers themselves, however, are located in the States. All we need is for them to be found and fined out of existence (or better yet, jailed), and a lot of that spam from China will stop.

Forget the spammers

[HornyBastard]

Go after the people who pay them to send all the spam.
If there are no clients, spam will cease to exist.

Re:Forget the spammers

[Alizarin+Erythrosin]

I agree 100%! If they (spammers) can't get any clients, then they'll hopefully turn to a different (hopefully less annoying, sleezy, etc) business model.

Re:Forget the spammers

[mark-t]

Wrong.

Some people throw all sorts of crud into their spam, for exactly that reason. You don't know which companies actually did pay for the spam and which didn't.

I wrote some shareware once and ended up getting several nasty emails one week accusing me of spamming them because my web page was mentioned in a spam email they received. I have never participated in or authorized any sort of email advertising campaign in my life, spamming or otherwise, but having seen this, I know you can't just go out and blame the web pages that the person is advertising.

no

bounties won't help. spammers will happily pay
a percentage of their take (more than the govt
is going to shell out) for their providers Not
to give them up. of course, if you couple this
with legislation that makes it illegal to aid
a spammer, Then you might be on to something -
but just one half of the loaf won't work.

moron DOWting the cause/effect of the bountIE

problems.

there's little doubt spam will be won of the leading 'products' left to the softwar gangster payper liesense hostage ransom stock markup FUDgePeddlers from upon the pacific crest annex of capitollist hill/wall street of deceit.

so, for a mere 50$ mo., fuddles et AL can 'teach' you to be @leased as sucksassfull at spammage as heis.

accounting we will goo. buy for now, butt lookout bullow.

half the problem is...

[argoff]

...that people keep trying to find legal solutions to technology problems.

We created this technology, and now that it does exactly what it was designed it to do, people try to make impose laws to restrict how it's used. I have a better idea, change email's design.

It reminds me of Singapore. A poor subway design allowed for a mischievious kid to shutdown the whole system with a stick of chewing gum. Their solution was to outlaw chewing gum. Sure it was wrong for the kids to act that way, sure they should have been punished, but seriously quit trying to create legal solutions to technology based problems.

Re:half the problem is...

[DJ-Dodger]

Yeah, I mean look at that terrible window technology. It's so easy to break the glass that people are practically inviting people to come in and take their stuff. Why outlaw burglary when people are just too lazy to get a new security model and start installing steel plates over those windows?

Re:half the problem is...

[argoff]

Yeah, I mean look at that terrible window technology. It's so easy to break the glass that people are practically inviting people to come in and take their stuff. Why outlaw burglary when people are just too lazy to get a new security model and start installing steel plates over those windows?

I understand that it's wrong for people to act certain ways, but that does not always mean that the force of government is the only or best solution. In the physical world you half to use force to keep people who don't belong out of your space, or from violating you - that implies the need for a legal and political system in that space. In the virtual world, that system of accountability doesn't make sense.

Excellent!

[inode_buddha]

I'll be sure to send a list. After all the cutbacks at work last year, I could use the money. Not to mention the fact that my home dialup received 1038 e-mails last month - out of which perhaps 2 dozen were desirable. I also have my mail archived back through May of last year.

All I can say is, "Come 'n get it!"

Start your letter

Resign now and save us all the trouble of watching you be demeaned.

Jail Mail

[kmahan]

That'll be fun -- put the guy in jail. The slashdot can post his new address (down to the jailcell) and we'll be able to see how many catalogs his jail cell can hold.

He'll be real popular around mailcall.

Re:Jail Mail

[LX.onesizebigger]

He better hide the viagra ads well out of sight of his cellmate Bubba!

talk about sucksassfull

no wonder you're still # -1

the only MiSsing part of the equation, is determining whereas va lairIE'a SourceForgerIE(tm), & patentdead PostBlock(tm) device swirls into this cesspool of execrable.

we're praying for you moron(s).

Tank!

[FrostedWheat]

I think it's time to blow this thing.
Get everybody and the stuff together.
Alright, Three Two One lets Spam...

Re:Tank!

[MsGeek]

See you, Space Cowboy...

Re:Tank!

[weeboo0104]

Who would win in a fight? Ein, or the MSN butterfly?

Re:Tank!

[MsGeek]

Menchi would kick both their asses. She can shoot a chaingun. I rest my case.

A Nation Of Snitches

[The+Eating+Gorilla+C]

Just one more step towards a nation of snitches...

Re:A Nation Of Snitches

[gmhowell]

Just one more step towards a nation of snitches...

I'd be much more interested if the government funded a nation of snatches.

Not quite....

[dabuk]

Mike Wendland is the one who wrote the story. The Spammer is Alan Ralsky.

...and he fumbles the touchdown..

[RLiegh]

that would have been so much better if the text that was in my buffer (" Proof? What year do they think this is?! ") had successfully pasted...bleah.

At least my karma can withstand two -1 posts. ;)

There are no bounty hunters today

There are "bail enforcement officers". Learn the difference.

Re:There are no bounty hunters today

[Frostalicious]

There are "bail enforcement officers". Learn the difference.

Even people in the industry informally say "bounty hunter"

Bounty Hunter Training

proposed spam-bounty

[frovingslosh]

A simpler solution would just be to put a bounty on the head of the spammer, and let us hunt them down and bring them in dead or alive, but preferably the former. First few bounties collected this way would do a lot to resolve the problem.

Still a mountain of work for the enforcers

[SYFer]

From the article: "The bounty hunters would need to trace the offending e-mail to its source, identify the sender and provide proof to the Federal Trade Commission. The FTC would investigate and fine the offender, if appropriate. The bounty hunter would get 20 percent of the fine." If the main problem is not having the manpower to trace and catch these spammers now (as posited earlier in the piece), how is this queuing system going to help? I would think that the in-basket would quickly fill up and it would still require huge manpower to investigate each claim. There would certainly be loads of helf-assed cases presented and for that matter, why wouldn't spammers simply flood the queue with bogus "proofs" to bog the proceedings?

Re:Still a mountain of work for the enforcers

[shepd]

>There would certainly be loads of helf-assed cases presented and for that matter, why wouldn't spammers simply flood the queue with bogus "proofs" to bog the proceedings?

False accusations are highly illegal, that's why. Not "penis extending pills" illegal, but "Federal pound me in the ass prison" illegal.

Then again, IANAL.

Re:Still a mountain of work for the enforcers

[rainmanjag]

I agree that the system is rife with possible problems. It would truly be a shame to lose Lessig over this.

-jag

Re:Still a mountain of work for the enforcers

[sean23007]

Lessig shouldn't be too worried. If he has to resign from his Stanford post, dozens of other employers would jump on him.

Re:Still a mountain of work for the enforcers

[MCZapf]

Plus, I would think it would be kinda hard to get that proof. You'd need records from his ISP and things like that. Law enforcement officers might be able to get at it with a warrent. But what's a bounty hunter supposed to do?

OT: What the heck is the subscriber bonus? Am I to believe that Slashdot subscribers with good Karma can now default post at 3?? (I'm not going to try it, because that would be way too high a score for this post.)

oh no!

[deus_X_machina]

But just think! Now it'll be almost impossible for me to find free access hardcore porn, fix my credit, learn thousands of Ebay secrets, get that penis enlargement I've always dreamed of, and hear about unique business proposals, such as the time a rich Nigerian banker needed my help to claim millions of dollars, all in one sitting!

c'mon people... they don't have great offers like this in your local supermarket, mind you!

Bounty Hunters?

Commander: We don't need their scumm.
Officer: Yes sir.

Seems like it would just move it one level up

[rosta]

The problem with this idea is that every time someone spams us, we'll spam the federal government. This will just propagate the spam problem, rather than solving it (what happens when the spam branch of the FCC fraud division shuts down due to email server overload?). On the plus side, this whole scenario would make some Libertarians I know very happy.

America's Most Wanted

[MyNameIsFred]

I can't wait until John Walsh appears on TV giving us the profile of this week's "Most Wanted" spammer. I just want to see the mug shots and police identikit sketches.

This spammer goes by many aliases including spammer@aol.com and fred@slashdot.org. He is considered armed and dangerous and is known to use forged headers.

It'll never happen

[parliboy]

They're expecting us to squeal on suspicious activity (re: terrorists) for free, even though that could put us in danger. Lessig expects those chepskate bastards to pony up for spammers? Never gonna happen.

Re:Microsoft declares best uptime in industry

considering windows 2003 server is only 6 months old, a 6 month uptime isn't bad.

My work computer (2k pro) has an uptime of over a year (it would be pushing 2 years, but there was a power outtage a year ago, and no ups).

No, no, no. *this* is the cure.

[inertia187]

Just get rid of email as we know it. This is getting much too complicated for me.

Just do away with email. I've already done it with my US Mail. Every day, I'd open my mail box and find trash. Honest to God TRASH. So I told them I didn't want mail any more, just like in Seinfeld, only they actually did it.

I still have email, but I'd be happy to use this protocol instead, if only there was an effective reference implementation.

Re:No, no, no. *this* is the cure.

[ratfynk]

WHY IPOD ALWAYS IPOD it don't do email, maybe an IPOD cell phone with Email and instant massaging, as well as tunes and vibro massage! whats with you and this Ipod thing anyway, does it make me money, no, then what the hell is it good for anyway. I've seen some brain dead characters driving down the road with an Ipod earpiece in one ear, cell phone in the other and a Starbucks running down their crotch. If an Ipod becomes another way to send and receive spam then maybe it might be usefull but I dought it.

Re:No, no, no. *this* is the cure.

good luck in prison

Re:No, no, no. *this* is the cure.

[hendridm]

> I still have email, but I'd be happy to use this protocol instead, if only there was an effective reference implementation.

I agree, instead of hunting the people who exploit the problem, why not fix the problem by removing the exploits? A new, standardized protocol is in order. It would not be an easy transition, but it would probably be better down the road than bounty hunting.

Re:No, no, no. *this* is the cure.

[miquels]

if only there was an effective reference implementation

Ah, but there is. http://www.blug.linux.no/rfc1149/

Selling Out Other People: The Way To Police

[mrseigen]

Well, apparently if it works here, it might just cross over into other lines of justice, thus making the police in many urban towns completely useless and creating an angry, distrusting populace, ready to turn each other in for fabulous prizes. What's that? Operation TIPS?

I have no idea what you're talking about.

The government should have a program where they pay bounty out to the first person to publicly execute known spammers.

Re:Selling Out Other People: The Way To Police

[realdpk]

Um, the police in many urban towns are already completely useless. They're nothing more than revenue streams for the cities - for example, in Seattle they're going to enforce jaywalking law by writing tickets, but they can't be bothered to investigate a home burglary!

Jurisdiction

[pugh]

This is a global problem. How would you deal with spam that originates outside the jurisdiction of this law?

Re:Jurisdiction

[evilviper]

What's the point of sending spam to Americans about a store in China? No matter if it's comming outside of the US, or not, the money is, no doubt, comming from companies with a presence inside the US, meaning they are liable.

That said, I still, STRONGLY believe that, not only should no laws be passed, but that very little needs to be done to make our current e-mail system SPAM-free.

Spamcop's blacklist, trashing all e-mail without the correct word in the subject-line, etc. Both can be done with minimal hassle, and without significantly changing how e-mail is used.

SWEET!!!

I GET TO BE BOBA FETT!!!

Will bounties cure the spam problem?

[ratfynk]

Seems to me that the majority of spam is not traceable, and the spam problem is exacerbated by .NET stupidity. If ISPs get their act together and set up filtering to route only verifiable addressed mail then the problem will go away. There are many ways to detect and differentiate between mail that is direct and mail that does the spam central routing crap. Some filters that I have set up already do exactly that. There is no reason to believe that legitimate ISPs cannot do the same. However is blocking spam in the interest of ISPs? Perhaps not if their main source of revenue is automailers! The sensible solution is to pressure your ISP to block and refuse bulk mail that is from phony addresses. One good filter blocks any mail with @yahoo if the address before @yahoo is longer than 9 characters. Likewise with @hotmail, @aol etc. Sure this might block some legit mail but so far this has not been the case. Setting up bounties to bust email spammers is like putting sheep in wolves clothing. Alot of bah bah bah and then loud howling, when the spam revenue stream dries up.

Re:Will bounties cure the spam problem?

One good filter blocks any mail with @yahoo if the address before @yahoo is longer than 9 characters.

My Yahoo address happens to be ten characters. Guess you won't be getting any email from me ;)

I can't see how a filter like that could qualify as good. You'd lose a lot of important email with a filter like that.

Re:Will bounties cure the spam problem?

Basically, just make it illegal to send e-mail without a permit, make the permit avialable for free, but requiring a valid mailing address, via snail mail you recieve the .nfo to configure your mail server.
the holder of the last legitimit permit is legally liable for up to $10,000 per spam that goes through their system.. All of a sudden not even ISPs will allow spamers to be thier customers -- they can't afford to! no matter how belly up they're going to go!
spread this law from the US to as many countries as we can cram it down the throats of, (some would willingly embrace it, having already had public complaints about spam/etc.) Problem solved.

Notes...

[pr0ntab]

if you read the article, it explains how techniques like using PGP to sign messages can make the From field unspoofable, but they are not relevant when privacy or anonymity is crucial (whistleblowing, etc.). Hence, it cannot be demanded that everyone follows this practice. It suggests recipients should check your email more carefully to see if its legit (the article also explains this; checking your headers for a "postmark" that looks abnormal).

The last quote was somewhat encouraging, that "the Internet is a rough and tumble place" (paraphrasing) but we'll cope because it is often the best way to reach people.

If an unspoofable From: is what you want, demand your mail server administrator only accept signed messages, or filter them yourself in your client.
Another option is to convince her (and/or the administrators of any other MXs you care about) to relay with SMTP AUTH only. Most mail clients support that feature nowadays. If enough people start using that new RFC, we shouldn't have to worry about hijacked ISPs mail servers being used to send spam, and their netblocks being RBL'd.

Re:Notes...

[mark-t]

Sure... but then how do you convince them to only accept connections from systems that relay with SMTP AUTH... and so on, down the line?

AFAIK, you can't... which is why we have this problem.

Re:Notes...

[realdpk]

You can accept PGP keys from anonymous people.

The problem isn't that you want to know exactly who is sending - you merely want to be able to trace where the e-mail came from. If some anonymous joe sends you a key for joebob@hotmail.com, and that key is later used for spamming, you revoke it from your "I accept mail from these guys" keyring. Easy peasy.

This would encourage a little education, too.

[irving47]

This would prompt a lot of people who run mail servers to learn how to monitor their logs and finally close their danged open relays.

Spammers and proxies

[httptech]

Spammers almost always use proxy servers to disguise their true IP address. This blind dependence on an army of proxies is actually a weakness. The more proxies they use, the more likely one is actually a honeypot (honeyproxy). Recently it was discovered that the Internet is being seeded with hidden proxy servers by the Sobig.a (BigBoss) virus. Unfortunately for the spammers, the password for the proxy server console was also discovered, allowing anti-spammers to watch their comings and goings and log their true IP addresses. Not that I recommend doing that, (as it could be illegal in most countries), but the password is here:

http://www.lurhq.com/sobig.html

doesn't look too difficult really

1: just find someone advertising that they will email your message to millions of people,

2: pay a few hundred dollars, give them your "ad", then wait until they send the spam,

3: then turn them in!

4: profit!

No it wouldn't

[autopr0n]

The bounties arn't paid for capturing people, but for identifying them. And the government isn't going to take some iliterate moron's word if they don't even understand that "From:" != actual sender.

Re:No it wouldn't

Yeah, because you know the government ALWAYS gets the right man. Innocent people NEVER go to jail, or get the death penalty.

Re:SIX words immediately spring to mind....

[GrubInCan]

I see the morons are out in force today.
Obviously if your are too stupid to type "Prisoner Dilemna" into Google, to find out what the comment is referring to, you don't have a chance of understanding the logic behind it.

Coming soon

[skillet-thief]

Hello [your name spelled wrong]

Want to make as much as $3000/week, without leaving home!?! Become a Spam Bounty hunter! Just buy Doctor Bob's 12-step program for hunting down spammers...

etc.

Re:Coming soon

Doctor Bob's 12 step program? Did Bill Wilson have any part of that? ;)

Why does the government have to sponsor this?

[archnerd]

Why can't the EFF (or someone similar) pay the bounties? I'm a member and I'd be happy to see my membership dues go toward that.

Ya ! gets my vote !

I could make a lot of cash with this system...

Great new way to make money!

[autopr0n]

Step 1) set up a porn site with an 'affiliate' program.
Step 2) convince spammers to sign up for affiliate acounts.
Step 3) turn them over to the government when they send out spam. Step 4) profit!

I doubt it would really be that hard to frame someone for spamming, btw...

Re:Great new way to make money!

[boobulla]

or just idling and, bam, this program detects your presence and up pops the message on your screen, past firewalls, past anti-spam programs, past anything.

Isnt' that just playing off of the M$ "messenger" service? That's been going on for absolutely too long now...

Re:SIX words immediately spring to mind....

His comment had nothing to do with knowing (or not knowing) about the Dilemna, dimwit. I agree, however, that the morons are out in force today. Welcome to my foes list.

On it

As an ISP, I get quite a few spam mailings coming through my servers. I'm already blocking quite a few. Imagine how many spammers that can be reported. Specially since I'm blocking as many as 12k messages a day on a server that only has 150 users on it. Not to mention the other servers with thousands

No, you can't.

[pr0ntab]

But doing so on the people you can influence (the operators of legitimate mail servers serving local users) will prevent the situation where a RBL captures a whole domain due to the compromise of a local account. You don't need to figure out how to do a full authentication chain yet (that's the role PGP fills right now).
Once you get to a certain critical mass acceptance, then you can go full force (forcing the servers to authenticate to each other using shared secrets).
Presumably, at this point there would be trusted MXs that allow connections from mail servers not running SMTP AUTH because they can't use it for whatever reason, but they would be whitelists.

That situation doesn't seem to far in the future. My ISP (Cox) already uses cram-md5 SMTP AUTH. At least I don't have to worry about someone impersonating me through their server. That's one step closer.

Re:No, you can't.

[geniusj]

anyone who has access to that mailserver could spoof mail from you, no? It might add an extra header in there saying which user authenticated to the mailserver, but the From line should still be changable.

Cheers,
-JD-

Re:SIX words immediately spring to mind....

[Daetrin]

And how exactly do you know that? And whose comment are you talking about anyway?

Clearly the Prisoners Dilema has some relevance to the problem, since the person most likely to know who a spammer is is another spammer who has been trading/selling lists with them.

Easy Money

[sik0fewl]

1) Start my own spam company
2) Turn myself in
3) ???
4) Profit

Re:Easy Money

[sharkey]

3) ???

3) Use KY Jelly, lots of KY Jelly.

Great Idea

"let us hunt them down and bring them in dead or alive, but preferably the former." So someone forges headers to look like YOU sent the SPAM. I shoot you dead! Was that what you wanted? Moron.

SORRY NO LADIES HERE, TRY SEVENTEEN.COM

Dear Mr. Mystery Man,

I regret to inform you that you have mistakenly advertised your desire for females on Slashdot. This is a common mistake, as both Slashdot.org and Seventeen.com begin with the letter 'S'.

As you know, women do not read Slashdot. Especially not the type of women that a 23-year-old Mystery Man is interested in. I invite you to visit Seventeen Magazine's site where you will find more attractive young ladies than you could possibly handle.

$100 bounty offer

[Animats]

I repeat my bounty offer:

I will pay $100 to the first person to provide me with the identity of the actual person or persons operating the following spamvertised sites:

• contipay.com
• profitabill.com
• alphabill.com
• quantumbill.com
• girlswhocry.com
• girlswhocry.net
• girlraped.com
• incestuals.com
• hardgiants.info
• spywiper.com
• internetsweeper.net

The name and address obtained must be within the United States and must be usable for service of process.

"whois" addresses have been checked and are not useful.

These sites move from ISP to ISP frequently. Many no longer work, but others in the same family appear.

We've received over 16,000 spam bounces because of this spammer.

Re:$100 bounty offer

[MsGeek]

Thanks, you have improved my Kmail filters file. You rock.

Re:$100 bounty offer

[evilviper]

Could you clarify what you are looking for? They can be traced to their US-based ISPs (Rackspace, for one!), and to their PO Boxes in the Bahamas.

Some provide whois info that seems straigh-forward enough:

whois quantumbill.com

Administrative Contact:
Demley, Richard quantum@qlshop.com
Quantum Communications, Corp.
80 Halsey St.
Islandia, NY 11749
US
+1-866-324-3964

etc. Could you explain what you are looking for, and what your aren't looking for/problems you've had tracing them down?

Re:$100 bounty offer

[Dimensio]

Try a subpoena with tucows.com, Verisign or one of the other registrars. Unfortunately, some of them seem to be hosted in Brazil, and Brazillian ISPs seem to enjoy making money directly from criminal activity (especially Diveo.net.br), though I did get action once when a misconfigured mail filter once bounced an e-mail over one thousand times.

Re:$100 bounty offer

[Animats]

Most, if not all, of the domain registration data for these sites is bogus.

A polite letter to Divio.net asking for the identity of the owners of "profitabill.com" has not yet resulted in a reply, but Profitabill.com no longer seems to be accessable. Every site listed seems to have gone dark in the last 24 hours.

Maybe the spammers read Slashdot.

Re:$100 bounty offer

[Dimensio]

Most of the domain registration data may be bogus, but the registrar name cannot be bogus. You need to contact the WHOIS server for the registrar to retrieve the information in the first place.

Send an e-mail explaining the situation, and also mention the bogus WHOIS information, as that is a violation of ICANN rules (even if ICANN is too full of pusses to enforce anything). At the very least, you might get the domain name pulled. Unfortunately, very few registrars care if their customers are spammers, so the dead domains are likely a result of the hosting ISPs pulling the plug (though one of the sites listed was hosted in Brazil, so I doubt that it's gone yet).

Re:$100 bounty offer

[Animats]

On several occasions, I've used ICANN's form for reporting bad domain registration information. Only once have I received a reply, and all they did was change a totally bogus country code.

Re:$100 bounty offer

Have you tried answers.google?

Letters of Marque and Reprisal (for foreign spam)

[kaltkalt]

The US Constitution, Article 1, Section 8, clause 11, gives the gov't the right to issue Letters of Marque and Reprisal. This is a formal declaration given to a private citizen by a gov't giving him/her the right to seize the assets of a citizen of a foreign nation. So, we can have international bounty hunters, too. Unfortunately the letter of M&R went out of fashion about a century ago, but hey, it's still in the Constitution. This came up during the debate about what to do in the "war on terror" ... for example, see http://www.progress.org/archive/fold232.htm We should issue letters of M&R for recipients of spam and ISP operators. They're stealing our property and their governments aren't doing anything to compensate us (hell, neither is our gov't).

I wonder

[tmark]

I wonder what the hue and cry would sound like if someone was proposing bounties for "proof" that one of their fellow citizens was a terrorist.

New rules of business

1. Send spam.
2. Turn self in.
3. ???
4. Collect bounty as PROFIT!

Inintended (but predictable) consequences

[taustin]

If it becomes profitable to identify spammers, then everyone will be a spammer. Yes, even you.

Re:Inintended (but predictable) consequences

huh?? If it becomes profitable to identify spammers, then everyone will be a spammer

What are you talking about?. It looks like you meant "If is profitable to identify spammers, then everyone will start hunting them down." If thats now what you meant, you don't know what your talking about.

Re:Inintended (but predictable) consequences

Seems like *you* don't know what *he's* talking about.

1. Think
2. Type

Best place to start...

Boca Raton, FL.

According to Steve Linford in this report there are out of the 150 spammers who are doing 90% of spamming, about 40 live there.

Not surprising that the recent suet against Steve Linford and other anti-spammers by the "lawyer" claming to represent anonymous coward "E-Mail Marketers" operates in Boca Raton.

Re:SIX words immediately spring to mind....

"his" comment? Two AC's in the same thread, both delivering such wit as could only be found in a preschool for the mentally challenged, and having the same 5 words "welcome to my foes list". I would therefore deduce that it's quite probable that you and the prior AC are one and the same.

You are right that the comment had nothing to with knowing or not knowing about the dilemna -- it was so entirely non sequitor as to be irrellevant.

Won't work

[nnet]

This won't work. Spamming operations will just move offshore, just like IT contracting.

The only fix is a complete rewrite of SMTP protocol, and totally outlawing spam completely.

Tracking IP addresses in SMTP ?

[Richard_J_N]

What's wrong with the following solution? I can't see anything wrong - and it ought to be simple to implement. (SMTP would need some minor changes) It seems too easy :-)

Every time mail is routed from one server to the next, the receiving server should 'stamp' the mail with the IP address of the sending server. That way, genuine mail has a valid sequence of IP addresses, and spam can be traced back to either the originator's IP, or the first mailserver to "lie" on the stamp.

Either way, we then have an authenticated list of IP addresses of "bad people" - who could be dropped into the Real-Time Black Hole (or similar).

Also, given the spammer's IP address and timestamp, they could be traced quickly.

This would need all SMTP servers to change (by adding extra mail headers), which might take 2 years to permeate most of the world's systems.
So it's not an instant fix, but would work in due course (like IP v.6). It's also backwards compatible.

Re:Tracking IP addresses in SMTP ?

[Daniel_Staal]

Simple workaround: 'Stamp' your outgoing spam with three or four bogus relays, and a bogus orgination point.

Just make sure that one or two of the ones upstream from you actually have mailservers and it would be hard to say where the bogus trail stops and the real trail ends.

Oh, by the way: check your incoming mail headers. The stamps are there.

Re:Tracking IP addresses in SMTP ?

[bobintetley]

Every time mail is routed from one server to the next, the receiving server should 'stamp' the mail with the IP address of the sending server. That way, genuine mail has a valid sequence of IP addresses, and spam can be traced back to either the originator's IP, or the first mailserver to "lie" on the stamp.

What do you think it does right now? ALL mail servers stamp the IP address of each server in the chain, along with a date/time stamp and resolved hostname (where possible). Look at the header of any email you've ever received.

Most MTAs can be configured to disregard servers with no valid MX records (drops a lot of dial up abuse).

This is why spammers either use ephemeral dynamic IP addresses from dial up accounts, or proxy servers (the proxy does the job on behalf of the client y'see - "by proxy", so the mail's origin according to the relay is the proxy server).

Re:Tracking IP addresses in SMTP ?

[Richard_J_N]

True enough. That makes it harder. But nevertheless, the recipient of a spam does have a chain of IP addresses where at least one (we don't necessarily know which) is verified by subsequent "good" servers as being "evil". So, it might be possible to search for patterns in these chains.

that's all?

$100 for a name and US addresss for ELEVEN sites that are all hosted OUTSIDE the US and move around frequently?

no wonder you've gotten no takers so far.

Re:that's all?

[anubi]

I get the idea its not the money.

He's made his intention clear.

If one has this information and wants to see a spammer harassed, here's somebody whose mad too and may have some tools to make some hurt.

Kinda like if a lawyer who has been angered at being awoken in the middle of the night by helicopters and lets it be known that he has placed a bounty on those running those helicopters. If you are getting woke up at night with those things and know whose doing it, you probably wanna give that lawyer a call and share the info. Who gives a damm about the money? Its peace at night which is the real goal.

Go after the people paying them.

[Billly+Gates]

AOL is doing something right for once by not just suing the spammers but also the companies that advertise their products with spam.

If the risk of being sued is too much then the spam stops.

Only 18 people send the half of the world email in
spam according to another slashdot article. It costs alot of money to pay for a t3 line to spam. My guess is spammers might look for wireless networks next or go to a starbucks because they have high speed access. But will be severly restrained and may quite spamming altogether since its risky legal ground now.

It can take months or years to bring a spammer to court. You need proof and the spammers hack and hide there tracks. Its difficult to prove if they use openrelays and hack routers to hide there tracks. However advertisers can not do this so easily. If they hide there tricks customers will not find them.

Its the easiest and most effective way to get rid of it.

Re:Go after the people paying them.

[pnorthover]

Perhaps then the countermeasure would be for the spammers to do a few runs advertising companies that never requested it. Then a company that did request it could just deny everything and claim that the spammer had acted for them without authorization also.

Where's CowboyNeal when you need him?

[GQuon]

Too bad we can't make a poll about who will be the best bounty hunter, because the CowboyNeal option is gone.

my rebuttal to larry

[chip+rosenthal]

I blogged my rebuttal to Larry last January.

The problem, in a nutshell, is that the success of his proposal depends upon the efficacy of filtering. His bounty, if it works as desired, ensures that we have subject tags to do that filtering. My claim is that even if Larry's proposal allows for perfect filtering, we're still in store for a mail system meltdown.

This claim has not been well received. :)

The problem is that too many people--a significant number of them hang out on this web site--believe filtering is a magic bullet. It isn't, and Larry's proposal provides an example of the situation where you can implement perfect filtering and still have a mail system meltdown.

I do think there may be a remedy that may save Larry's proposal. If the filtering tag is moved from the Subject header into the tranport session (say, an ESTMP parameter), that may reduce the cost of rejecting spam enough to avoid the system meltdown problem.

YANI (Yet another noxious irony)

As we all think of exactly how wealthy we shall become from this latest whack a mole^H^H^H^H spammer plan, we might also think about this:

Big dollar potential from the government rewards.

Large resources at major ISPs.

Major ISPs are a major target for spammers.

Major ISPs look to generate income from alternate revenue sources.

Like we all will have a chance at being first. Dream on.

Still, even with this in mind, the plan is creative and might go a ways in putting a dent into the spam problem.

Re: Your Account Number 14545

Hello fellow internet entrepeneures!

My name is M.S. Seiko, a former student of L. Lessing, Juris Doctore and respected internet laywer of Sanford University U.S.A.! I wish to share with you a secret known only to a select few for now, but to many very soon! Today it is worth much, tomorrow ... well maybe NOT! I must ask that you treat this COMPLETELY CONFIDENTIALLITY.

Make $10K helping LAW ENFORCEMENT STOP SPAM!!!

Are yuo tired of SPAM? Want to be your own boss and be patriotic at the same time? What if I told you that you can make TENS of THOUSENDS OF DOLLARS doing both at the SAME TIME?!?!

<IMG SRC="http: / /www.mysleazybug.com/?shoulda_turned_preview_off=1 4545">

Click below so we will remove your email address from our list and
never trouble you again.

xx- click here -xx

NOTE...
This email is NOT SPAM. You have in the past subscribed to one of our
affiliate sites, looked at one of our affiliate sites, received spam
before, used a computer before, had a really easy email address to guess,
or now own an email address previously owned by someone meeting the above qualities.

You have my support!

When I was a kid I remember that they used to put out there in the Old West
a wanted poster. It said, 'Wanted: Dead or Alive'

I like this proposal. If we make this law, will you slashdotters let go of the DMCA and the Sonny Bono Act? (You know, in politics, it's win some lose some.)

God bless America
PotUS

Make it two words

[GnarlyNome]

"The Prisoner"

Re:SIX words immediately spring to mind....

[GnarlyNome]

Well of course, it's sort of a let the bad guys eat each other then pick off the ones that are left.

Time for *REAL* Bounty Hunters!

Each morning as I clear the accumulated pile of spam from my mailbox I wonder how many spammers you'd have to actually kill in a very public and violent manner before the rest got the message that spamming was no longer to be tollerated?

I'm sure there are plenty of hit-men out there who'd gladly accept a contract to take out one or two of the largest known offenders for a reasonable fee.

Would the other spammers be stupid enough to continue plying their trade or would we finally have a fast, effective solution to the problem?

Re:Time for *REAL* Bounty Hunters!

[NewtonsLaw]

Uh-oh, I can see it now.

Organized crime moves in on the spam business.

Mind you, if there were just a couple of crime families runinng the spamming business it might be easier to block all those messages -- and any new wannabe-spammers would probably get whacked very early in their careers :-)

SPAM Bounty Hunter

[jargon]

Oh what a life I would lead, as a Spammer Bounty Hunter. Traveling across the world with a laptop in one hand and a gun in the other, I would track down those vermin, and bring them in.

It would be a lonely life, but full of adventure.

[Cue Theme Music]

Do we have to bring them in alive?

[GnarlyNome]

got a Barrett light .50 I'm just itching to try out

Wow!

[Rai]

And I had only joked about this idea before.

Re:Letters of Marque and Reprisal (for foreign spa

[Zak3056]

The Declaration of Paris abolished letters of marque, though the US did not sign that treaty. However, the Hague Convention (which the US IS a party to) reiterated this ban.

Congress still DOES have the power to issue such letters if it so chooses, but it would place the US in violation of that treaty.

How does this apply?

[arevos]

I'm confused. How does the Prisoner's Dilemna apply to this story?

Re:How does this apply?

[tarzan353]

It doesn't. He was just trying to sound smart so he could get some karma.

Re:How does this apply?

[mark-t]

It doesn't. He was just trying to sound smart so he could get some karma.

I don't need karma, thanks.

And considering some of the idiots that have posted in respond to my above post so far (in a parallel thread, not this one), I'd just as soon my above remark get modded down to -1.

I hadn't expected my reasoning to require explaining, but a brief synopsis is when you have two potentially guilty parties, and you want one to be forthcoming with evidence to turn the other in, with promise of gain for being the one to snitch, you create what is called the Prisoner Dilemma (sorry... misspelled it before).

Re:How does this apply?

"I don't need karma, thanks."

You don't even have the +1 bonus, you fucking spastic.

Re:How does this apply?

[arevos]

I know what the Prisoner Dilemma is, I just can't see how on earth it could apply. Unless we're interviewing the spammers, which I really doubt, how is this relevant?

Real Bounties

What we really need is a low that pays citizens for bringing in the scalps of spammers. Put all those guns to good use.

Re:SIX words immediately spring to mind....

[MechaStreisand]

No, it doesn't. Spammers earn far more money by spamming than they ever would by turning each other in. There's no incentive for them to do that.

Besides, even if one spammer turned in another, that one could just turn him in too. The feds probably wouldn't offer any sort of immunity for something as trivial as this. Why should they?

Re:Letters of Marque and Reprisal (for foreign spa

[kaltkalt]

Indeed, we're not supposed to issue them, but I suppose we're not supposed to go to war without UN approval/backing. Just like any other country, we'll do what's in our best interests and breach any treaty that gets in the way (especially environmental ones). Not to sound cynical -- that's what we should do. An act of congress supersedes a treaty, as you pointed out. I say we go for it.

We need more spam - seriously.

You read that right. We need more spam. More spam to more e-mailboxes. We need the spammers to come out in full force and bombard everyone on the internet with an e-mail box.

Most of the people don't care and aren't as annoyed. They simply don't get very much spam, if any at all. It's the small group of us that get it all, repetitively.

Once enough of the internet population cares, you'll see change at a faster pace.

Re:SIX words immediately spring to mind....

if you're too stupid too to type "you're" or "dilemma" then get your GED and learn how to spell

Am I the only one...

[Resident+Geek]

...who thinks that this would make a cool anime series? Imagine, a group of shady characters with dubious histories, coming together through necessity and circumstance to bust baddies. Think of the storytelling possibilities!

[OT] How can I do my part?

[rich_r]

I hate spam as much as the next man (assuming the next man isn't a spammer) so I've decided to run Jackpot on an old laptop.
(Yeah, I could do it with $oss_os_of_your_choice but knowing my luck I'd end up with a real open relay!).
It's sat inside the NAT box with port 25 directed to it. Any other ports I should crack open? The other problem is how to maximise it's effects. At whom should I direct my emails/phone calls/bricks through windows when the hits start rolling in?

I'm in the postion where I my work can't come home with me so I'm looking for a project to get my teeth into....

Mmmmm.....Bounties...(gurgling sound)

Will Bounties Cure The Spam Problem?

Sure, just keep feeding the spammers tons of chocolate till their stomachs explode.

We don't trust the government

[Mistlefoot]

We don't trust the government from abusing there powers to trace our identities. We don't trust the RIAA from trying to find out who we are. Yet we are proposing offering bounties so that Joe's kid who lives down the street can use whatever he can to find out who some spammer is? The spammer spoofs my email address and the government is going to encourage a posse of wanna be's to hassle me, by offering them a bounty if they happen to be right? I don't like this idea.

Previous observations on this idea

[Tomble]

A month or 2 back I saw a page on the linux.org website about spam. It turned out they had had troubles with some bunch of spammers forging the linux.org domain not only in the From: field, but also in their Received from: field so that stupidly large numbers of people thought they'd really been sent spam by linux.org. And complaining to them about it.

So obviously the people at linux.org have now become a tad annoyed about this, and the page they put up goes on at length. But it is worth noting that they've already talked about this proposal of Lessig's at the bottom of the page and don't seem all that impressed about it. I think they have a point (although they seem to have expressed it a bit badly...).

One of the other points they address is the one you talk about yourself: When people are spamming for others, the people hiring them can't easily be shown to be responsible. Joe Bloggs down the road could send a ton of spam saying "vote for anonymous_loser for president", it doesn't actually mean you asked him to, even if in most cases it is pretty likely. So no, generally they don't have any sort of useful contact information that is available to you.

Re:Previous observations on this idea

[greenrd]

When people are spamming for others, the people hiring them can't easily be shown to be responsible.

Nonsense.

Subpoena the spammer and the suspect. One of them must have records. If the spammer has no accounts, jail them for tax evasion!

Re:Previous observations on this idea

[Tomble]

Nonsense. Subpoena the spammer and the suspect.

Note: IANAL, and don't have the slightest knowledge about things like subpoenas.

The point the Linux.org people give is that getting to the records of the spammers' clients requires large amounts of money for legal costs. As I say, I have no idea about such things, so maybe you're right and it really isn't a problem, or maybe they're right and it is.

Either way, I suppose I should have worded my comment to say that most people couldn't (because most people aren't rich), rather than it wasn't easy, which implies everyone would have a hard time of it.

Re:Previous observations on this idea

It doesn't require huge amounts of money to get those records. It requires a paper with a signature by a judge. Sure it costs money to have a judge do that singnature but that is what they are there for.

And the other half of the problem is...

[schon]

And the other half of the problem is that people believe that spam is a technological problem.

We created this technology, and now that it does exactly what it was designed it to do

That's just it. It does do exactly what it was designed to do.

A poor subway design allowed for a mischievious kid to shutdown the whole system with a stick of chewing gum.

Even if this story is true, it's completely beside the point.

There is no way to stop sociopaths from spamming, without making email useless in the process.

The only thing I've seen that might prevent them is to turn email into the electronic equivalent of snail-mail, ie. sender pays per message sent... this would make email practically useless for most people, and still wouldn't stop spam.

Spam is not a technological problem, in any way, shape, or form.

Money Laundering

SPAM is a convenient way for "the mob" to launder money. Think twice about hitting back unless you are well-armed and have backup (or are one mean motherfucker yourself).

I'm surprised that no one else has picked up on this yet. The following represents organized harrassment from more than one source:

"At this point, I continued south on Minnow Pond to the cul de sac and turned around. I found that the driver of the Jag had moved his vehicle in an attempt to partially block my path and had rolled down his window. I decided that it would be most prudent not to have any contact with this person at all and to go about my own way. Next thing I know, the Jag driver had pulled behind me and was trying to overtake my vehicle, surpassing normal residential speeds, honking his horn all the while. I sped up, made my way back out to Maple Road and turned west. In my rearview mirror, I could see Mr. Jag had turned eastbound. I breathed a sigh of relief, decided that my idea to go on a photo shoot probably wasn't my best, then drove home after stopping to drop the camera off for processing. I requested prints and a CDROM so that I could post the photos here.

After my return home, I didn't think much of the events of the afternoon and went about my normal business. The next day, Monday the 9th, upon arriving home from work, I noticed there were a pair of messages waiting on my answering machine. The first message originated at a number in Georgia, 770-657-1021, at somewhere around 1:30 in the afternoon (the third call came from the same number and wiped out the caller ID entry on my phone). The second came from a number in Colorado, 720-587-9978, at 3:45 pm."

http://ares.penguinhosting.net/~leftreveggplant/

Not to be cynical, but...

[Zhe+Mappel]

I do like Lessig's efforts. However, let's be real. We live in an era in which the president gazes upon the cinders of the WTC and mutters something about preserving "free trade," while also equating shopping with patriotism. Moral: with the right wing in power, Americans stand about as much chance of being protected from spammers as the antiquities in the Baghdad museum had of being protected from looters. Minds attuned only to money can conceive of no competing values. A view of privacy that doesn't contemplate receiving Florida land offers and Viagra pitches every few hours is simply alien to them. After all, just what is it that makes up the rest of the physical, audible, and visual landscape of America?

If you want an end to spam -- and the much larger structural problems of rampant business avarice represented by Enron and the California power scandals, to name but two recent examples -- then don't vote for right wingers. They are committed to deregulation irrespective of the social consequences. But if you vote for them, thinking your measly tax break adequate recompense, then let us hear no more complaints about unfettered commerce. You got your tax break. Now take your spam like a good little soldier.

Re:Not to be cynical, but...

[PhiloHmm]

Well then do the opposite right - vote for left wingers? I think we'd both say no to that since spam isn't a political or legislative problem.

It seems to me that spam is a technical plague that is fairly easy to overcome by end users. I have a "white list" of domains that I receive messages from. If someone needs to send me a message I either add their email or their domain to my allowed list. Everything else gets bounced back to the sender as if I don't exist.

Sure this may take a few minutes to initially set up and a couple seconds here and there to administer, but it's better than the two alternatives:

A) Dealing with spam on a regular basis, and worse,
B) Another unenforceable, privacy invading law on the books.

Now the problem that ISPs need to solve is filtering out spam period - but until then setup some rules on your mail client. I'd imagine it would take as long to do as your post above.

Oh hogwash

[A+nonymous+Coward]

Chewing gum was banned along with spitting and long hair for the same reason, that the people in charge are control freaks.

Wherever you got that subway idea, it's nonsense.

No.

[www.sorehands.com]

In California, there is a $50/spam for the ESP per spam. There is no statutory damages for the recipient of the spam, yet. Soon, it will be $500/spam once SB12 gets signed by the governor.

But you can argue for punitive damages.

Re:And the other half of the problem is...

[MechaStreisand]

Are you on glue?

Of course there's no way to stop sociopaths from spamming. There's also no way to stop sociopaths from murdering, either, but that doesn't mean we can't make it an unattractive choice. The main reason spammers are so hard to catch and hard to block consistently is because e-mail, as currently implemented, allows you to hide where the e-mail has come from. If this was not possible, it would be a simple matter to figure out where most of the spam is coming from and block it. Most e-mail servers would quickly do this, most of the spam wouldn't get through anymore, they'd get an even lower response rate as a result, and bam! Unprofitable. The problem largely disappears.

What's so hard about that?

I think that legal measures, in this case, are justified and a good idea. But technological measures are not too hard to do either, if we were really determined. This problem is by no means unsolvable.

That should cover ammo costs

[rossz]

Not that 9mm rounds cost all that much, but I'll be going through a bucket of those a week until I find and eliminate the last living spammer.

Re:That should cover ammo costs

Remember the scalping knife. You need to collect those trophies.

Why wasn't this filed under Privacy?

[lord+sibn]

I (for one) am not a spammer, but that does not mean I want some technically savvy idiot coming along and digging for my personal information, even if he is just going to give it to the government.

Bebop, bebop, here, here!

[saikou]

Now all we will have to do is to switch from dollars to wulongs, and Cowboy Bebop can go hunting for them :) A nice 15 000 wulongs for "Mad Joe The Enlarger", or 20 000 for "Mortgage Broking Mike" :)

Keep your reward...

[PhiloHmm]

...just give me a license to kill the offenders - that'd be 'reward' enough. Oh wait, that and expense account.

But seriously what will the judicial system do then? Maybe if they do to spammers what they did to Mitnick...

Yeah, but at least you'd know who did it.

[pr0ntab]

Or who's password's been stolen. ^_^

hehe

[silicon1]

I will become SpamFett, the great internet spam bounty hunter!

Re:SIX words immediately spring to mind....

Unless a fake spammer spends less buying spam lists from spammers, then uses that information to collect more bounty on the spammers than the fake spammer spent on the project.

I'd like to collect a list of the people convicted of being spammers and sell that...

LL

Lawrence Lessig is such a moron. Typical ivory tower pompous head-up-ass professor.

This hog doesn't need washing

[GQuon]

Well, they may be control freaks, but there are supposedly "good reasons" behind the ridiculously high penalties. (For example, spitting on the street spreads disease.)

And regarding chewing gum, they had problems cleaning it up. But the ban came in 1992, after chewing gum, stuck on the photo cell of a subway car door, stopped the entire subway system, making thousands late for work. And in the Singapore "ant hill", doing something which distrupts work seems to be the worst crime. (At least chewing gum use "just" has a maximum sentence of 1 year. The possesion of illegal drugs gives you the death penalty.)

More about chewing gum.

Terrific!

[hoojchoons]

Are you a starving or poorly-paid geek? Then this could be the job opportunity of your lifetime! Become a spam-bounty hunter and show people how mean geeks are, lol!

Re:SIX words immediately spring to mind....

[GrubInCan]

Oh look, it's another one.

I'll write it slowly this time, so you can follow....
Type "Prisoner Dilemna" into Google and educate yourself.

no

it'll just make it even more intruiging to spammers. higher bounty on there heads for doing something wrong or illegal must mean it's got higher value to doing it, right? wrong, this is sooo the wrong thing to do. They know how to stop spam, just no-one will do it. no-one has the balls to simply make illegal the use of any open stmp relay capable servers. because they make too much money off of anti-spam tools and filters that don't work. spam is a very easy problem to fix, yet typically greed and lack of honesty makes it a world wide epedemic almost as bad as the SARS virus.

Accusing ?

[AftanGustur]

Hasn't it already been established that the act of accusing them is proof enough? Send them to Guantanamo Bay, they'll confess in due course.

Please correct me if I am wrong, but I don't think those held at Guantanamo Bay have been officially accused of anything illegal.

Officially they're not prisoners of war and they're not accused of any crime.

That makes them hostages, no ?

How to implement pop-up ads

[markusl]

It'd be relatively straightforward to produce unsolicited pop-up ads on people's computers.

You either lure the punter on to a Web page that has a Java applet on it or send HTML mail that loads the applet when opened. Or, if you don't know Java, you use the applet as the payload of a virus, or embed it as a secret component in a piece of freeware.

The applet runs invisibly for most of the time, but calls home to the spammer's server every so often. When instructed, it produces a pop-up window containing an advert. The pop-up can be as antisocial -- sorry, attention-grabbing -- as you want. It can refuse to close for a set period of time. It can force itself on top of other windows. It can disable the keyboard and mouse until the user acknowledges your important message. It must certainly arrange for itself to be reloaded at system startup, or the user will miss your investment opportunities if he restarts his computer.

The usual precautions apply. All together now: don't enable Java and ActiveX in your browser. Use a mailer that doesn't display HTML mail. Don't catch a virus. Even better, use an OS that isn't vulnerable to most viruses.

QuantumBill

[Animats]

Been there, done that. QuantumBill seems to be defunct. The site is gone, and so is "qlshop.com". (They're still in archive.org.) Calling their answering machine hasn't yielded much. Quantum Communications is a valid New York corporation, but their address for process of service is a P.O. box. (That's not a dead end, but it takes some time to trace.) I haven't been able to find a "Richard Demley" in Islandia, NY. "80 Halsey St." shows as a vacant lot in Earthviewer. So the obvious searches didn't yield a definitive result.

Re:QuantumBill

[evilviper]

Well, since you can trace them all back to their US-based ISPs, I don't see why you don't subpoena their records (if you are serious about this, anyhow)?

Not to mention the cool armor...

[GuyMannDude]

Fuck the resume addition. I'd become a spammer bounty hunter just so I could walk around in that cool Boba/Jango Fett armor all the time. Can you imagine the look on one of those "grow your penis" spammers when you bust down his door wearin' that shit?

Man, slashdot would have to create an entirely new icon for all the geeks that would submit their bounty-hunter-armor-custom-mods.

GMD

Re:Not to mention the cool armor...

[I+Am+The+Owl]

Can you imagine the look on one of those "grow your penis" spammers when you bust down his door wearin' that shit?

Or the laughter?

Follow the Money

[billstewart]

Usually it's hard to trace the sending of the spam. But most spam is selling something, or advertising web sites, and it's much easier to trace that part - you follow the money, because spamming is almost always about trying to get money. That doesn't mean that there aren't "Joe Jobs" framing people with forgeries (usually sent by real spammers annoyed at anti-spammers), and some kinds of spam (like "Buy stock XYZW") don't lend themselves well to it. But usually, you can track down where the money goes.

Stopping Big Spammers

[billstewart]

The Spamhaus and ROKSO people assert that the vast maajority of spam comes from around 200 big spammers. If the bounty business makes it possible to shut them down, either by busting them or by filtering them out, that could help.

I agree than filtering at the ESMTP level would be much more scalable than filtering in the message body, and that'd help. There are other things that can also change scalability radically, such as moving from long-term-use email addresses under real domains to limited-use addresses under subdomains, combined with teergrubing mail to bad addresses. A number of mail systems support addresses like username+tag@domain.com, which lets you identify where some of your messages came from, but only at the MUA level; tag@username.domain.com is visible to the MTA at the envelope level, so it can be set to block email addressed to known spambait addresses distributed on a per-user level rather than a per-ISP level. It does mean that some anti-spam tools get built at the DNS server level rather than the sendmail server level, which can be fast and lightweight if you're not using bind, but has other issues. It also has the effect of making dictionary attacks impractical, if implemented carefully, because the spammer now has to search for usernames and subdomains, though under simpler implementations, this just means that a spammer who does get your subdomain sends you a million emails (oops...).

That's called ROKSO

[billstewart]

That's ROKSO, the Spamhaus Project's Register Of Known Spam Operations (ROKSO) Database. More people watch TV than Spamhaus, but at least the ROKSO people do some research and try harder to be "Fair and Balanced" ...

It already happens occasionally

[billstewart]

There were a couple of Russian spammers in New Jersey who were found murdered in their home a few years ago. The general speculation is that they were running a pump&dump stock scam and somebody who lost money took out a hit on them.

It's an email you can't refuse...

Chewing gum was banned in 1970s...

[A+nonymous+Coward]

... when I was there in the Navy. At least that's what they told us, along with spitting and all the signs showing "normal" hair and the message that if your hair was longer than that, go to the back of the line.

Now maybe the Navy lied to us, or Singapore lied to the Navy. But I think not.

On- / Off- again?

[GQuon]

Was importing banned in the 1970s as well, or just chewing in public?

Perhaps it was the penalties that were upped in 1992 to 1 year in prison. I thought they were kidding.

In trade discussions between the U.S. and Singapore, chewing gum is one of the issues. They are relaxing it a bit now. Sugar-free gum is allowed with a prescription from a dentist or a doctor.

Another one of those countries I wouldn't want to go to if I didn't have to.

Your job

[NaveWeiss]

I read your last journal entry. What happened with your job? I was sorry to hear that.. and besides, how old are you, may I ask? ;)

You can answer by email if you want. Just reply here too with the first and last letters of your email address so I'll know it's you.