Will Bounties Cure The Spam Problem?

An anonymous reader writes with a pointer to a piece in today's Mercury News about Lawrence Lessig's proposed spam-bounty legislation, excerpting: "If the law passes, citizens could be eligible for rewards of thousands of dollars or more if they're the first to provide the government with proof and the identity of offending spammers."

I'm skeptical....

[mark-t]

The same plan could be used to find people who illegally copy music or who pirate software, but that isn't going to happen anytime soon, is it?

Nope... this is a waste of time for them to even be talking about.

An unspoofable "From:" field would be a start

Average Joe is just starting to realize that the "From:" field on e-mails is like the return address on an envelope, you could write whatever you want.

But there's no reason why electronic mail cannot be better than snail mail in that respect. Make the "From:" field unspoofable!

Re:An unspoofable "From:" field would be a start

[EvilNTUser]

"But there's no reason why electronic mail cannot be better than snail mail in that respect. Make the "From:" field unspoofable!"

No. There's a valid reason behind that feature. I don't want to have to check a large number of accounts for incoming mail just because I use different mail servers to send email depending on where I'm located.

Forget the spammers

[HornyBastard]

Go after the people who pay them to send all the spam.
If there are no clients, spam will cease to exist.

On it

As an ISP, I get quite a few spam mailings coming through my servers. I'm already blocking quite a few. Imagine how many spammers that can be reported. Specially since I'm blocking as many as 12k messages a day on a server that only has 150 users on it. Not to mention the other servers with thousands

$100 bounty offer

[Animats]

I repeat my bounty offer:

I will pay $100 to the first person to provide me with the identity of the actual person or persons operating the following spamvertised sites:

• contipay.com
• profitabill.com
• alphabill.com
• quantumbill.com
• girlswhocry.com
• girlswhocry.net
• girlraped.com
• incestuals.com
• hardgiants.info
• spywiper.com
• internetsweeper.net

The name and address obtained must be within the United States and must be usable for service of process.

"whois" addresses have been checked and are not useful.

These sites move from ISP to ISP frequently. Many no longer work, but others in the same family appear.

We've received over 16,000 spam bounces because of this spammer.

Letters of Marque and Reprisal (for foreign spam)

[kaltkalt]

The US Constitution, Article 1, Section 8, clause 11, gives the gov't the right to issue Letters of Marque and Reprisal. This is a formal declaration given to a private citizen by a gov't giving him/her the right to seize the assets of a citizen of a foreign nation. So, we can have international bounty hunters, too. Unfortunately the letter of M&R went out of fashion about a century ago, but hey, it's still in the Constitution. This came up during the debate about what to do in the "war on terror" ... for example, see http://www.progress.org/archive/fold232.htm We should issue letters of M&R for recipients of spam and ISP operators. They're stealing our property and their governments aren't doing anything to compensate us (hell, neither is our gov't).

Re:Proof?

[abhisarda]

Ok..if this becomes a law, then the law enforcement agencies will be compelled to help track the spammer. The person who receives the spam will contact the police, who in turn will ask the ISP(of the spammer) for details.

Now that this law is proposing thousands of dollars in bounties. It is not difficult to envisage spam bounty help centres opening up(true american entrepreneurship ;)) who will help track down the identities of the spammers for a cut from the bounty-say 30 %.
People would be more than willing to agree to that if they they are assured of results.

Now assuming this will be successful, spammers would have to move their bases offshore. How will we deal with that? I don't know.

Tracking IP addresses in SMTP ?

[Richard_J_N]

What's wrong with the following solution? I can't see anything wrong - and it ought to be simple to implement. (SMTP would need some minor changes) It seems too easy :-)

Every time mail is routed from one server to the next, the receiving server should 'stamp' the mail with the IP address of the sending server. That way, genuine mail has a valid sequence of IP addresses, and spam can be traced back to either the originator's IP, or the first mailserver to "lie" on the stamp.

Either way, we then have an authenticated list of IP addresses of "bad people" - who could be dropped into the Real-Time Black Hole (or similar).

Also, given the spammer's IP address and timestamp, they could be traced quickly.

This would need all SMTP servers to change (by adding extra mail headers), which might take 2 years to permeate most of the world's systems.
So it's not an instant fix, but would work in due course (like IP v.6). It's also backwards compatible.

Re:Well...

[firewood]

I don't really believe that would be as big an issue as you imply. Spammers' Achilllies Heel is that they (or those who use them) *must* provide some tracable contact information in order to get your money.

But they don't always have to ask for the money to be sent to them. If they mix random victims addresses in with their own send-me-money addresses, they'll get lots of citizens screaming to vote down this law as harrassment.

Re:Will bounties cure the spam problem?

One good filter blocks any mail with @yahoo if the address before @yahoo is longer than 9 characters.

My Yahoo address happens to be ten characters. Guess you won't be getting any email from me ;)

I can't see how a filter like that could qualify as good. You'd lose a lot of important email with a filter like that.

Re:all i can say is

hmmmm.

this could be a bad model.

what if the RIAA uses it on file traders.

you'll have some kids turning in others.

mp3 bounty hunters....great.

then the pissed off kid kills the bounty hunter.

Re:Not to be cynical, but...

[PhiloHmm]

Well then do the opposite right - vote for left wingers? I think we'd both say no to that since spam isn't a political or legislative problem.

It seems to me that spam is a technical plague that is fairly easy to overcome by end users. I have a "white list" of domains that I receive messages from. If someone needs to send me a message I either add their email or their domain to my allowed list. Everything else gets bounced back to the sender as if I don't exist.

Sure this may take a few minutes to initially set up and a couple seconds here and there to administer, but it's better than the two alternatives:

A) Dealing with spam on a regular basis, and worse,
B) Another unenforceable, privacy invading law on the books.

Now the problem that ISPs need to solve is filtering out spam period - but until then setup some rules on your mail client. I'd imagine it would take as long to do as your post above.

no

it'll just make it even more intruiging to spammers. higher bounty on there heads for doing something wrong or illegal must mean it's got higher value to doing it, right? wrong, this is sooo the wrong thing to do. They know how to stop spam, just no-one will do it. no-one has the balls to simply make illegal the use of any open stmp relay capable servers. because they make too much money off of anti-spam tools and filters that don't work. spam is a very easy problem to fix, yet typically greed and lack of honesty makes it a world wide epedemic almost as bad as the SARS virus.