Attacking the Spammer Business Model

Stephen Samuel asks: "Spammers spam because it's an 'easy way to make money'. They send out millions of spams knowing that 99.995% of them will be ignored, but the other 0.005% of responses are pure gold (Andrew Leung at Telus has an excellent report on the economics of spam). Responses to mortage spams are reportedly worth $50.00 each. What would happen if, instead of technical and legal approaches, we simply started attacking their business model? If people started responding to just 1% of the spam we received, spammers would drown in the responses, and the mortage spam responses wouldn't be worth an email, much less $50. The Nigerian Sweet Revenge is an example of this. The nice thing about this sort of statistical approach is that it would start to reward spammers for sending out -fewer- emails. (fewer emails -> fewer bogus responses). What other ways can people think of to attack the spammer business models, and what are the expected downsides of such approaches?" Of course, the one major drawback to this is the likelihood of more spam, since you'll be giving them a valid email address. However, many of you may be receiving increasing amount of spam as it is (even through your filters) so might an organized spam-the-spammers movement work?

Richest spammers could afford to handle replies

[eaglebtc]

The top 1% of spammers who can afford the bandwidth and the hardware could still theoretically handle the volumes of email they would receive. Then they just have to expand their operations to go after the potential business contacts.

Now what about sending them bogus email addresses and phony information? That would send them on a wild goose chase.

Re:Richest spammers could afford to handle replies

[magarity]

It isn't about bandwidth. This plan is to make the flood of loan referrals, or whatever, have lower value. If the only people who respond to loan spams are people searching for loans then each one has a good chance of being a customer. But if there are a thousand bogus loan seekers then there are suddenly less real customers and the loan companies will not want to pay very much to chase bad leads. At least, that seems to be the idea here.

Re:Richest spammers could afford to handle replies

[Bronster]

Because many of them are in datacenters on hosting accounts that were purchased from reputable companies who didn't know they were selling to spammers, and DDoS'ing these poor hosting companies will likely put them out of business for nothing more than a simple mistake.

Those reputable companies might be a bit more careful in future to ensure that they aren't selling to spammers - by doing background checks, by educating their customers (for those spammers who don't actually realise it's a bad idea) and by being very public about kicking spammers when they're caught.

Provide a strong enough financial dis-incentive to host spammers and eventually spam friendly ISPs will dry up - but while there's profit to be made hosting spamers, then of course these "reputable companies" will 'accidentally' host them.

Re:Bogus spams?

[Rascally]

Those are usually just spams sent out to verify valid email address and filter out bounces, etc so they have a "cleaner" (I use that term in a very loose fashion) list to use for their actual "real" spamming operation.

Spam their 800 numbers..

[James_G]

If I get a spam that makes it through spamcop and spam assassin, and contains an 800 number (this doesn't happen often), I'll try and call them. It's not cheap to run an 800 number, and they tend to have a several minute long message rather than a real person answering the phone. If you have multiple lines, the fun thing to do is to call up on one line, let the message finish, get to the part where you get to record a message and then call them up again on a second line and conference the two together. Record their outgoing message as your message, rinse, repeat.

It feels good to cost the spammers some money, even if it does waste your time to do it.