Slashdot Mirror

← Back to Stories (view on slashdot.org)

Will Bounties Cure The Spam Problem?

Posted by timothy on from the hang-'em-high dept.

An anonymous reader writes with a pointer to a piece in today's Mercury News about Lawrence Lessig's proposed spam-bounty legislation, excerpting: "If the law passes, citizens could be eligible for rewards of thousands of dollars or more if they're the first to provide the government with proof and the identity of offending spammers."

3 of 241 comments (clear)

  1. Re:Forget the spammers by mark-t · · Score: 4, Informative
    Wrong.

    Some people throw all sorts of crud into their spam, for exactly that reason. You don't know which companies actually did pay for the spam and which didn't.

    I wrote some shareware once and ended up getting several nasty emails one week accusing me of spamming them because my web page was mentioned in a spam email they received. I have never participated in or authorized any sort of email advertising campaign in my life, spamming or otherwise, but having seen this, I know you can't just go out and blame the web pages that the person is advertising.

    --
    File under 'M' for 'Manic ranting'
  2. Spammers and proxies by httptech · · Score: 5, Informative
    Spammers almost always use proxy servers to disguise their true IP address. This blind dependence on an army of proxies is actually a weakness. The more proxies they use, the more likely one is actually a honeypot (honeyproxy). Recently it was discovered that the Internet is being seeded with hidden proxy servers by the Sobig.a (BigBoss) virus. Unfortunately for the spammers, the password for the proxy server console was also discovered, allowing anti-spammers to watch their comings and goings and log their true IP addresses. Not that I recommend doing that, (as it could be illegal in most countries), but the password is here:

    http://www.lurhq.com/sobig.html

  3. No, you can't. by pr0ntab · · Score: 3, Informative

    But doing so on the people you can influence (the operators of legitimate mail servers serving local users) will prevent the situation where a RBL captures a whole domain due to the compromise of a local account. You don't need to figure out how to do a full authentication chain yet (that's the role PGP fills right now).
    Once you get to a certain critical mass acceptance, then you can go full force (forcing the servers to authenticate to each other using shared secrets).
    Presumably, at this point there would be trusted MXs that allow connections from mail servers not running SMTP AUTH because they can't use it for whatever reason, but they would be whitelists.

    That situation doesn't seem to far in the future. My ISP (Cox) already uses cram-md5 SMTP AUTH. At least I don't have to worry about someone impersonating me through their server. That's one step closer.

    --
    Fuck Beta. Fuck Dice