Slashdot Mirror
Will Bounties Cure The Spam Problem?
An anonymous reader writes with a pointer to a piece in today's Mercury News about Lawrence Lessig's proposed spam-bounty legislation, excerpting: "If the law passes, citizens could be eligible for rewards of thousands of dollars or more if they're the first to provide the government with proof and the identity of offending spammers."
SADDLE UP, BOYS!
I'M PUTTIN' ME TOGETHER A POSSE!
We're gonna round up them bandwidth rustlers and get us the bounty!
but what proof must the prompt geek provide that he hasn't 'trespassed' on others systems? would this type of legislation just create a lot of crap civil-litigation?
Fnord.sig
Sounds pretty much like outlaw bounties from the old west. This system has been successful for over a hundred years and there is a large modern day bounty hunter business. The same could work for spam.
Mike Wendland - public enemy number 1.
Now where do I pick up that check...?
Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
It could cause a lot of problems to those who spammers masquerade as -- since most spammers don't use their real emails. We could end up with innocent individuals with bounty charges because the spammer forged their emails.
Massive networking attempt for friends
Proof? What year do they think this is?!
Hasn't it already been established that the act of accusing them is proof enough? Send them to Guantanamo Bay, they'll confess in due course.
And then how long before this plan is turned against p2p file sharers?
Do you really want the government to go there?
Nope... this is a waste of time for them to even be talking about.
File under 'M' for 'Manic ranting'
Isn't that how Jango Fett got started???
Let's remember that business spam has to offer some way for a victim to buy the item which is being advertised. That invites a subpoena to search that business for evidence that they hired the spammer...if laws accept that as sufficient evidence.
There is the problem of a competitor sending spam which advertises stuff from someone else, to cause problems for someone else.
And some things are distributed -- like spam which promotes some worthless stock and tries to make the stock price rise. Any of the current stock holders could have hired the spammer.
Average Joe is just starting to realize that the "From:" field on e-mails is like the return address on an envelope, you could write whatever you want.
But there's no reason why electronic mail cannot be better than snail mail in that respect. Make the "From:" field unspoofable!
Dead or alive?
Well I can see it now: "Tonight on America's Most Wanted, spammers." or in Canada "I'm Constable Bob of the RCMP, we are requesting your assistance in solving the spam problem."
Not likley. Rewards will not work any better than penalties. But I do like the idea of 2 year sentence of no telecomunication devices for spammers.
Nah, Never mind.
I guess this law will help halt spam from foreign servers as well, because people in other countries respect our laws.
Go after the people who pay them to send all the spam.
If there are no clients, spam will cease to exist.
Death has been proven to be 99% fatal in lab rats.
...that people keep trying to find legal solutions to technology problems.
We created this technology, and now that it does exactly what it was designed it to do, people try to make impose laws to restrict how it's used. I have a better idea, change email's design.
It reminds me of Singapore. A poor subway design allowed for a mischievious kid to shutdown the whole system with a stick of chewing gum. Their solution was to outlaw chewing gum. Sure it was wrong for the kids to act that way, sure they should have been punished, but seriously quit trying to create legal solutions to technology based problems.
I'll be sure to send a list. After all the cutbacks at work last year, I could use the money. Not to mention the fact that my home dialup received 1038 e-mails last month - out of which perhaps 2 dozen were desirable. I also have my mail archived back through May of last year.
All I can say is, "Come 'n get it!"
C|N>K
That'll be fun -- put the guy in jail. The slashdot can post his new address (down to the jailcell) and we'll be able to see how many catalogs his jail cell can hold.
He'll be real popular around mailcall.
Invalid Checksum. Retrying.
Just one more step towards a nation of snitches...
From the article: "The bounty hunters would need to trace the offending e-mail to its source, identify the sender and provide proof to the Federal Trade Commission. The FTC would investigate and fine the offender, if appropriate. The bounty hunter would get 20 percent of the fine." If the main problem is not having the manpower to trace and catch these spammers now (as posited earlier in the piece), how is this queuing system going to help? I would think that the in-basket would quickly fill up and it would still require huge manpower to investigate each claim. There would certainly be loads of helf-assed cases presented and for that matter, why wouldn't spammers simply flood the queue with bogus "proofs" to bog the proceedings?
"...all the labours of the ages, all the devotion, all the inspiration, all the noonday brightness..." yada yada
This spammer goes by many aliases including spammer@aol.com and fred@slashdot.org. He is considered armed and dangerous and is known to use forged headers.
Well, apparently if it works here, it might just cross over into other lines of justice, thus making the police in many urban towns completely useless and creating an angry, distrusting populace, ready to turn each other in for fabulous prizes. What's that? Operation TIPS?
I have no idea what you're talking about.
The government should have a program where they pay bounty out to the first person to publicly execute known spammers.
This is a global problem. How would you deal with spam that originates outside the jurisdiction of this law?
"I am a die-hard capitalist....but unethical, lying, bastard capitalism is really no better than socialism" - unknown
Seems to me that the majority of spam is not traceable, and the spam problem is exacerbated by .NET stupidity. If ISPs get their act together and set up filtering to route only verifiable addressed mail then the problem will go away. There are many ways to detect and differentiate between mail that is direct and mail that does the spam central routing crap. Some filters that I have set up already do exactly that. There is no reason to believe that legitimate ISPs cannot do the same. However is blocking spam in the interest of ISPs? Perhaps not if their main source of revenue is automailers! The sensible solution is to pressure your ISP to block and refuse bulk mail that is from phony addresses. One good filter blocks any mail with @yahoo if the address before @yahoo is longer than 9 characters. Likewise with @hotmail, @aol etc. Sure this might block some legit mail but so far this has not been the case. Setting up bounties to bust email spammers is like putting sheep in wolves clothing. Alot of bah bah bah and then loud howling, when the spam revenue stream dries up.
OH THE SHAME I fell off the wagon and use sigs again!
if you read the article, it explains how techniques like using PGP to sign messages can make the From field unspoofable, but they are not relevant when privacy or anonymity is crucial (whistleblowing, etc.). Hence, it cannot be demanded that everyone follows this practice. It suggests recipients should check your email more carefully to see if its legit (the article also explains this; checking your headers for a "postmark" that looks abnormal).
The last quote was somewhat encouraging, that "the Internet is a rough and tumble place" (paraphrasing) but we'll cope because it is often the best way to reach people.
If an unspoofable From: is what you want, demand your mail server administrator only accept signed messages, or filter them yourself in your client.
Another option is to convince her (and/or the administrators of any other MXs you care about) to relay with SMTP AUTH only. Most mail clients support that feature nowadays. If enough people start using that new RFC, we shouldn't have to worry about hijacked ISPs mail servers being used to send spam, and their netblocks being RBL'd.
Fuck Beta. Fuck Dice
This would prompt a lot of people who run mail servers to learn how to monitor their logs and finally close their danged open relays.
I had a sucky sig.
http://www.lurhq.com/sobig.html
I see the morons are out in force today.
Obviously if your are too stupid to type "Prisoner Dilemna" into Google, to find out what the comment is referring to, you don't have a chance of understanding the logic behind it.
Hello [your name spelled wrong]
Want to make as much as $3000/week, without leaving home!?! Become a Spam Bounty hunter! Just buy Doctor Bob's 12-step program for hunting down spammers...
etc.
Congratulations! Now we are the Evil Empire
But doing so on the people you can influence (the operators of legitimate mail servers serving local users) will prevent the situation where a RBL captures a whole domain due to the compromise of a local account. You don't need to figure out how to do a full authentication chain yet (that's the role PGP fills right now).
Once you get to a certain critical mass acceptance, then you can go full force (forcing the servers to authenticate to each other using shared secrets).
Presumably, at this point there would be trusted MXs that allow connections from mail servers not running SMTP AUTH because they can't use it for whatever reason, but they would be whitelists.
That situation doesn't seem to far in the future. My ISP (Cox) already uses cram-md5 SMTP AUTH. At least I don't have to worry about someone impersonating me through their server. That's one step closer.
Fuck Beta. Fuck Dice
1) Start my own spam company
2) Turn myself in
3) ???
4) Profit
I remember when legal used to mean lawful, now it means some kind of loophole. - Leo Kessler
I will pay $100 to the first person to provide me with the identity of the actual person or persons operating the following spamvertised sites:
The name and address obtained must be within the United States and must be usable for service of process.
"whois" addresses have been checked and are not useful.
These sites move from ISP to ISP frequently. Many no longer work, but others in the same family appear.
We've received over 16,000 spam bounces because of this spammer.
The US Constitution, Article 1, Section 8, clause 11, gives the gov't the right to issue Letters of Marque and Reprisal. This is a formal declaration given to a private citizen by a gov't giving him/her the right to seize the assets of a citizen of a foreign nation. So, we can have international bounty hunters, too. Unfortunately the letter of M&R went out of fashion about a century ago, but hey, it's still in the Constitution. This came up during the debate about what to do in the "war on terror" ... for example, see http://www.progress.org/archive/fold232.htm
We should issue letters of M&R for recipients of spam and ISP operators. They're stealing our property and their governments aren't doing anything to compensate us (hell, neither is our gov't).
Stupid people make stupid things profitable.
I wonder what the hue and cry would sound like if someone was proposing bounties for "proof" that one of their fellow citizens was a terrorist.
What's wrong with the following solution? I can't see anything wrong - and it ought to be simple to implement. (SMTP would need some minor changes) It seems too easy :-)
Every time mail is routed from one server to the next, the receiving server should 'stamp' the mail with the IP address of the sending server. That way, genuine mail has a valid sequence of IP addresses, and spam can be traced back to either the originator's IP, or the first mailserver to "lie" on the stamp.
Either way, we then have an authenticated list of IP addresses of "bad people" - who could be dropped into the Real-Time Black Hole (or similar).
Also, given the spammer's IP address and timestamp, they could be traced quickly.
This would need all SMTP servers to change (by adding extra mail headers), which might take 2 years to permeate most of the world's systems.
So it's not an instant fix, but would work in due course (like IP v.6). It's also backwards compatible.
If the risk of being sued is too much then the spam stops.
Only 18 people send the half of the world email in
spam according to another slashdot article. It costs alot of money to pay for a t3 line to spam. My guess is spammers might look for wireless networks next or go to a starbucks because they have high speed access. But will be severly restrained and may quite spamming altogether since its risky legal ground now.
It can take months or years to bring a spammer to court. You need proof and the spammers hack and hide there tracks. Its difficult to prove if they use openrelays and hack routers to hide there tracks. However advertisers can not do this so easily. If they hide there tricks customers will not find them.
Its the easiest and most effective way to get rid of it.
http://saveie6.com/
I blogged my rebuttal to Larry last January.
The problem, in a nutshell, is that the success of his proposal depends upon the efficacy of filtering. His bounty, if it works as desired, ensures that we have subject tags to do that filtering. My claim is that even if Larry's proposal allows for perfect filtering, we're still in store for a mail system meltdown.
This claim has not been well received. :)
The problem is that too many people--a significant number of them hang out on this web site--believe filtering is a magic bullet. It isn't, and Larry's proposal provides an example of the situation where you can implement perfect filtering and still have a mail system meltdown.
I do think there may be a remedy that may save Larry's proposal. If the filtering tag is moved from the Subject header into the tranport session (say, an ESTMP parameter), that may reduce the cost of rejecting spam enough to avoid the system meltdown problem.
Big dollar potential from the government rewards.
Large resources at major ISPs.
Major ISPs are a major target for spammers.
Major ISPs look to generate income from alternate revenue sources.
Like we all will have a chance at being first. Dream on.
Still, even with this in mind, the plan is creative and might go a ways in putting a dent into the spam problem.
He's made his intention clear.
If one has this information and wants to see a spammer harassed, here's somebody whose mad too and may have some tools to make some hurt.
Kinda like if a lawyer who has been angered at being awoken in the middle of the night by helicopters and lets it be known that he has placed a bounty on those running those helicopters. If you are getting woke up at night with those things and know whose doing it, you probably wanna give that lawyer a call and share the info. Who gives a damm about the money? Its peace at night which is the real goal.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
Uh-oh, I can see it now.
:-)
Organized crime moves in on the spam business.
Mind you, if there were just a couple of crime families runinng the spamming business it might be easier to block all those messages -- and any new wannabe-spammers would probably get whacked very early in their careers
No, it doesn't. Spammers earn far more money by spamming than they ever would by turning each other in. There's no incentive for them to do that.
Besides, even if one spammer turned in another, that one could just turn him in too. The feds probably wouldn't offer any sort of immunity for something as trivial as this. Why should they?
Disclaimer: IANAL. This post is, however, legal advice, and creates an attorney-client relationship.
...who thinks that this would make a cool anime series? Imagine, a group of shady characters with dubious histories, coming together through necessity and circumstance to bust baddies. Think of the storytelling possibilities!
Fighting the War on the War on Drugs.
http://smokedot.org/
hmmmm.
this could be a bad model.
what if the RIAA uses it on file traders.
you'll have some kids turning in others.
mp3 bounty hunters....great.
then the pissed off kid kills the bounty hunter.
Well then do the opposite right - vote for left wingers? I think we'd both say no to that since spam isn't a political or legislative problem.
It seems to me that spam is a technical plague that is fairly easy to overcome by end users. I have a "white list" of domains that I receive messages from. If someone needs to send me a message I either add their email or their domain to my allowed list. Everything else gets bounced back to the sender as if I don't exist.
Sure this may take a few minutes to initially set up and a couple seconds here and there to administer, but it's better than the two alternatives:
A) Dealing with spam on a regular basis, and worse,
B) Another unenforceable, privacy invading law on the books.
Now the problem that ISPs need to solve is filtering out spam period - but until then setup some rules on your mail client. I'd imagine it would take as long to do as your post above.
it'll just make it even more intruiging to spammers. higher bounty on there heads for doing something wrong or illegal must mean it's got higher value to doing it, right? wrong, this is sooo the wrong thing to do. They know how to stop spam, just no-one will do it. no-one has the balls to simply make illegal the use of any open stmp relay capable servers. because they make too much money off of anti-spam tools and filters that don't work. spam is a very easy problem to fix, yet typically greed and lack of honesty makes it a world wide epedemic almost as bad as the SARS virus.