Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attacking the Spammer Business Model

Posted by Cliff on from the a-spammer-in-the-gears dept.

Stephen Samuel asks: "Spammers spam because it's an 'easy way to make money'. They send out millions of spams knowing that 99.995% of them will be ignored, but the other 0.005% of responses are pure gold (Andrew Leung at Telus has an excellent report on the economics of spam). Responses to mortage spams are reportedly worth $50.00 each. What would happen if, instead of technical and legal approaches, we simply started attacking their business model? If people started responding to just 1% of the spam we received, spammers would drown in the responses, and the mortage spam responses wouldn't be worth an email, much less $50. The Nigerian Sweet Revenge is an example of this. The nice thing about this sort of statistical approach is that it would start to reward spammers for sending out -fewer- emails. (fewer emails -> fewer bogus responses). What other ways can people think of to attack the spammer business models, and what are the expected downsides of such approaches?" Of course, the one major drawback to this is the likelihood of more spam, since you'll be giving them a valid email address. However, many of you may be receiving increasing amount of spam as it is (even through your filters) so might an organized spam-the-spammers movement work?

37 of 655 comments (clear)

  1. Richest spammers could afford to handle replies by eaglebtc · · Score: 5, Insightful

    The top 1% of spammers who can afford the bandwidth and the hardware could still theoretically handle the volumes of email they would receive. Then they just have to expand their operations to go after the potential business contacts.

    Now what about sending them bogus email addresses and phony information? That would send them on a wild goose chase.

    --
    Homestarrunner.net -- It's Dot Com!
    1. Re:Richest spammers could afford to handle replies by magarity · · Score: 5, Insightful

      It isn't about bandwidth. This plan is to make the flood of loan referrals, or whatever, have lower value. If the only people who respond to loan spams are people searching for loans then each one has a good chance of being a customer. But if there are a thousand bogus loan seekers then there are suddenly less real customers and the loan companies will not want to pay very much to chase bad leads. At least, that seems to be the idea here.

    2. Re:Richest spammers could afford to handle replies by ron_ivi · · Score: 4, Funny
      "Now what about sending them bogus email addresses and phony information?"

      Reply with the the email addreses of other spammers :-)

    3. Re:Richest spammers could afford to handle replies by perrat · · Score: 4, Insightful

      In addition to this there is the costing model used by most ISP's, where the user will pay for items that they download but not for what they upload. In the current situation the 'economy of SPAM' is based upon having a massive number of emails and a very small number (percentage wise) of responses. The current ISP costing model advantages the spammers. If your anti SPAM software actualy sent a 'no-thanks' type response of the origionator, they would by paying to download each of these messages. Even by counter blocking at the other end they still need to download the message first before they can determine it's legitimacy. If you can break the economy of SPAM your put the spammer out of business. Even the richest spammer still has to rely on a tiny percentage return to generate their income.

    4. Re:Richest spammers could afford to handle replies by einer · · Score: 5, Informative

      Now what about sending them bogus email addresses and phony information? That would send them on a wild goose chase.

      That would be form fucker

      The plan would work if enough people did it (the single reply, not necessarily the form fucker), and it would work for the same reason that spam makes my inbox useless. A poor signal to noise ratio. Someone has to dig through all of those garbage e-mails and harvest the truly interested parties (both of them).

    5. Re:Richest spammers could afford to handle replies by shird · · Score: 4, Informative

      Because they are often hosted on unsuspecting peoples hijacked machines, through worms and trojans etc. They are often only compromised for a short period of time, just enough to gather a few dozen responses. So there is no point in attacking these machines, they arent going to be sticking around for long anyway, and dont even belong to the spammer.

      --
      I.O.U One Sig.
    6. Re:Richest spammers could afford to handle replies by BrokenHalo · · Score: 4, Funny

      Well, I guess a few spammers found dead with "THOU SHALT NOT SPAM" carved into their skin might start getting the message across :-)

    7. Re:Richest spammers could afford to handle replies by Bronster · · Score: 5, Insightful

      Because many of them are in datacenters on hosting accounts that were purchased from reputable companies who didn't know they were selling to spammers, and DDoS'ing these poor hosting companies will likely put them out of business for nothing more than a simple mistake.

      Those reputable companies might be a bit more careful in future to ensure that they aren't selling to spammers - by doing background checks, by educating their customers (for those spammers who don't actually realise it's a bad idea) and by being very public about kicking spammers when they're caught.

      Provide a strong enough financial dis-incentive to host spammers and eventually spam friendly ISPs will dry up - but while there's profit to be made hosting spamers, then of course these "reputable companies" will 'accidentally' host them.

    8. Re:Richest spammers could afford to handle replies by nuntius · · Score: 5, Interesting

      So, instead of SpamAssassin simply blocking your incoming junk mail, it should also send out bogus contact info/sign up for fake stuff?

      Brings new meaning to the concept of a Spam-bot...

      Anybody care to write one?

      The only problem I see is that the spammers could then prosecute you for forged identity/ misuse of computer equipment...

      Instead of doing a dictionary-style counter attack (which could accidentally frame someone), we would have to use the same name-mangling as the spammers use...

      Example counter-spam:
      Dear Sir:
      Please sign me up for 9en1s 3nlar6ement!
      Name: B0gus B0b
      Address: 12-34 Stat St, Washington UL 12345
      Email: anon_tip@fbi.gov

      Hopefully, the fake @fbi.gov email will get them in even more hot water... :) Hopefully it won't also get us in trouble. :(

  2. Bogus spams? by cravey · · Score: 4, Interesting

    Sorry, I don't think it will work. 90% of my spams are either gibberish or are otherwise not selling anything. Passages from shakespeare and the like or blank emails are pretty common for me these days.

    1. Re:Bogus spams? by Rascally · · Score: 5, Insightful

      Those are usually just spams sent out to verify valid email address and filter out bounces, etc so they have a "cleaner" (I use that term in a very loose fashion) list to use for their actual "real" spamming operation.

    2. Re:Bogus spams? by cravey · · Score: 5, Interesting

      My belief is that they are sent for possibly two reasons.

      1) Verify that the email address is deliverable. It makes no sense to keep a bad email address in your database of spam targets.

      2) Seed statistical spam filters with bogus data.

      I've been really happy with bogofilter on my IMAP server. Once I got the bus worked out of my scripts, it's running about 98% accuracy with zero good emails getting filtered as spam.

    3. Re:Bogus spams? by sfe_software · · Score: 4, Interesting

      Who sends them and whatfor?

      I don't know about everyone else, but a good portion of the seemingly blank SPAM I receive are actually HTML email with no text version. I told Mozilla mail to never, ever display HTML email (and can't figure out how I did it, to replicate on my laptop!) If I look at the email in a text editor, I realize that it's full of either HTML or Base64-encoded text/html.

      Mozilla Mail does properly convert normal HTML mail to text, even when a text version isn't included -- so obviously whatever tool the spammers use to compose their messages is non-compliant in some way (I haven't been bothered enough to figure out what exactly they are doing wrong).

      I do quite often get other messages that appear to be just junk, or possibly Chinese/Korean characters (the majority simply look like binary data)... those I haven't figured out yet.

      --
      NGWave - Fast Sound Editor for Windows
    4. Re:Bogus spams? by Stephen+Samuel · · Score: 4, Informative
      Sorry, I don't think it will work. 90% of my spams are either gibberish or are otherwise not selling anything.

      This might be the result of blocking remote images in email, to avoid spam filters, some spammers now have an email consisting of little more than a pointer to an image on their (zombie?) servers. The image has all of the text in it.

      If you have images blocked, try reading the source and see if that's the case.

      --
      Free Software: Like love, it grows best when given away.
  3. Ironic, don't you think? by The+Munger · · Score: 4, Insightful

    They work by flooding us with crap, hoping that they get one in a million to answer. We could fight them by flooding them so they have to look through a million emails to find the one legit order. Hmmm...

    Sorting through a pile of junk to get the stuff you're looking for. Sound familiar email junkies?

    --
    Refuse to make a statement in your sig!
    1. Re:Ironic, don't you think? by chriton · · Score: 5, Interesting

      Let's be clever & at least semi responsible at the same time. I propose a blend of technologies ripped from slashdot, P2P, and maybe 1 or 2 key innovations. Let's call this system "Spam Devil" or SD for short.

      The Basics:
      SD would allow users to connect to a peer to peer network which would enable thousands of users to share information about Spam they have received which warrants a response. Individual users would have the opportunity to nominate a Spam email for response. Once an email is nominated, it would be reviewed by several moderators in good standing. If those moderators certify a Spam for response, a distributed network of computers running SD would begin to flood the Spammer with bogus information either by email or by their websites.

      More Ideas:
      Moderators could be effectively metamoderated by comparing their votes with the votes of other moderators. A moderator's standing could be stored in a distributed fashion so when you rejoin the network, you don't have to start building your standing from scratch.

      Reponses by website could be templated by the original nominator and reviewed by the moderators. Each form field could be given a type such as name, email address, phone, etc. A facility for templating a series of screens would be useful, and probably could be accomplished by having the nominator make a dry run through the website. Additional heuristics could be added that would allow the program to make guesses if the templating doesn't match. In cases when heuristics are used, moderators could be prompted to verify that the responses make sense. It's critical that the responses be difficult to weed out of actual responses from real customers in order to confound the Spammers.

      Responses by email would require very careful moderating as the results, if misdirected, could be worse than the original problem (Spam). Some moderators may need to be certified as experts on email tracking. Also, some very clever test emails may need to be sent as confirmation before a response can be authorized. Responses by email should be anonymous. SD should be able to keep a healthy list of open relays by analyzing the Spam emails.

      A very clever use of SD could allow for response throttling ensuring that a website remains responsive for SD. It would be a real shame to have SD hammer a website into submission only to end up with no real work being done. The cruft should be added slowly & steadily at first & possibly release the floodgates later in the process.

      Finally, SD could be VERY useful for exchanging information about the Spam that is circulating and be used as raw information for filtering engines to reduce the amount of delivered Spam. If the system were to be well used, Spam might only be delivered to a smallish number of people before SD gets the email submitted, moderated, and certified as Spam. Once that's done, Spam filters worldwide could begin using that information to VERY specifically filter those Spam emails and blocking their delivery to suspecting throngs. Now wouldn't THAT be nice?

      --
      "Bishops and Bookies live off the irrational hopes of mankind." Bertrand Russell
  4. automated replies / anon remailers by dynamo · · Score: 5, Interesting

    what if we sent all the replies through anonymous remailers set up specifically for the task, or even better, had a system that you could foreward all your spam to that would do the replying for you - from an address that would send a random spam back in reply to anything you send it - you would literally spam the spammers.

    1. Re:automated replies / anon remailers by bgog · · Score: 4, Insightful

      If we all used anonymous remailers, they could simply filter them out and then they would have the legitimate responses. The only way this would work, (and it probably woulnd't unless everyone id it), is for the responses to be as real as possible, from real email addresses. That way they have to spend the time and effort to follow up on the leads. All 10 trillion of them.

  5. in the short run... by magarity · · Score: 4, Interesting

    Well, in the short run, loan referrals are STILL worth $50, so spamming a spammer who is doing that will result in an insane windfall for said spammer. And if the reverse attack isn't sustained... well, it just pays for a new boat and house in Tuscany for the spammer. Then it's back to spamming as usual. I vote against this plan unless you guarantee you can sustain it.

    1. Re:in the short run... by Stormie · · Score: 4, Insightful

      How long will people pay spammers $50 a referral once it becomes clear that 99% of said referrals are for non-existent names and addresses?

  6. Filters that fight back... by RevJim · · Score: 5, Informative
    Paul Graham wrote an article about this regarding spam filters that fight back. If everyone installs a spam filter that detects spam and then automatically crawls any links listed in the spam, it would bring their web servers to their knees.

    Here's a link to the article.

    http://www.paulgraham.com/ffb.html

    1. Re:Filters that fight back... by spacefrog · · Score: 4, Funny

      automatically crawls any links listed...bring their web servers to their knees

      Oh, the Slashdot business model!

    2. Re:Filters that fight back... by grotgrot · · Score: 4, Insightful
      automatically crawls any links listed in the spam, it would bring their web servers to their knees

      It doesn't distinguish between good guys and bad guys. In fact none of the "automatic" schemes mentioned do. Say the spammers decide they hate Paul, they can very easily deliver several spams pointing to his web site/email address/phone number. Remember that the cost of sending extra emails by a spammer is pretty much zero.

      The spammers are already picking on the anti-spam people.

      So how will your auto-responders etc tell the difference between bad guys and good guys?

    3. Re:Filters that fight back... by mrklaw · · Score: 4, Insightful

      Wow, what an easy way to DDoS. Just send out a bunch of Spam with a link to your least favorite website. The spam filters take care of the work for you.

    4. Re:Filters that fight back... by UnderScan · · Score: 4, Interesting

      Is there a way to keep their porn/mortgage/penis size ad server busy so that it can not open more connections?
      http://www.toad.net/~mischief/archives/00000084.sh tml

      This tool is a "honeypot." The idea is that you install this software on a Linux/Unix machine (believe there might also be an NT version available) and it pretends to be like multiple computers on the network, acting as virtual hosts. Whenever a worm comes along and probes one of those virtual hosts, La Brea hangs on to the thread and slows down the process of infection, logs all the relevant info, etc. It's actually a brilliant idea and now, thanks to some of our genius legislators, potentially illegal to possess or use.
      Someone created a tar-pit for Code Red. google for la brea code red

      any ideas?

      or am I suggesting a DoS?

    5. Re:Filters that fight back... by grotgrot · · Score: 4, Informative

      All the schemes are easily overcome by a spammer. And it is still easy for them to pick on innocent bystanders. For innocent people, all they have to do is include their URLs in a spam message. Thousands of individual servers checking an innocent person's server even if they decide it is harmless will still be a DDOS against a good guy.

      So here are several ways a spammer can get around everything that is proposed:

      • Include several links in the spam message. For example point at the BBC and CNN as containing relevant content about whatever product you are spamming. (You can use CSS to hide the text behind images or pull other stunts to help obscure it)
      • Include links to your "enemies". Put them last since the automated tools will spider them, but users read sequentially. Again they can be obscured, but they will hurt whoever is on the end of those sites.
      • Always give legitimate content back the first time your web server is connected to from an IP address. You could even put a timer in it that redirects to the real spam page after 30 seconds. Are the crawlers going wait? Will a human spam checker realise it is a spammer site.
      • Put up legitimate content when you think a spam fighter is looking at your site. If the spam fighters are building good guy and bad guy databases, you could try to ensure they always see good content. You could figure out some of their ip addresses, you could be more cautious if the user has a Linux based browser, you could use a popup since more technical people are likely to have popup blockers.
      • Make extensive use of javascript to make it hard for programs to automatically fill out your forms. You can do the same with ActiveX controls, flash, java and various other tricks.

      It is way easier to do this stuff playing defense. Using RBLs etc when someone tries to get access to your mail server works pretty well. Worst case you deny legitimate email, and the only one hurt is you.

      When going on the offensive, you are trying to hurt others. How much collateral damage is ok? One poster in this thread posted their web site. If a spammer included that URL in several billion spams and you had hundreds of thousands of hits against you, how would you feel? How would you feel if your site was listed as a bad guy site? How would you feel if your system had done something automated as an offensive action against another site (eg trying to fill out name and address forms with bogus information) and it turned out that site was mistakenly listed as a bad guy site?

      And if you think it is easy classifying sites, try these two: jennifer and jamie (answers at Metafilter: jennifer and jamie).

  7. Spam their 800 numbers.. by James_G · · Score: 5, Insightful
    If I get a spam that makes it through spamcop and spam assassin, and contains an 800 number (this doesn't happen often), I'll try and call them. It's not cheap to run an 800 number, and they tend to have a several minute long message rather than a real person answering the phone. If you have multiple lines, the fun thing to do is to call up on one line, let the message finish, get to the part where you get to record a message and then call them up again on a second line and conference the two together. Record their outgoing message as your message, rinse, repeat.

    It feels good to cost the spammers some money, even if it does waste your time to do it.

  8. For spam that wants you to call a 1-800 number by Maestro4k · · Score: 5, Interesting
    How about setting up a website that lists all the 1-800/866/etc. numbers from spam E-mails. Then everyone who wanted to could call and drag them along as long as possible to run the bill up. Probably wouldn't take too long before their phone costs ate up all their profits and more.

    The only downside is I don't think many spammers use this approach, but it'd certainly be effective against those who do. I don't think it'd be illegal (as long as each person didn't call more than once) either, but IANAL.

  9. The BIG Problem here..... by baximus · · Score: 4, Insightful

    ...is that the majority of spam I receive has forged headers, so I would in effect be sending the bogus replies to some poor sucker who had no idea their email address was being used as the "From:" header in a major spam operation.

    The number of spam emails that get through SpamAssassin because of forged "From:" headers is ridiculous. And worse is the number of bounce messages I get because someone has used my email address as the "From:" header in a massive spam mailout.

  10. Not applicable to most spam by MobyDisk · · Score: 4, Insightful

    Most of the spam I receive doesn't ask me to reply to purchase anything. They simply direct me to a web site of some sort. This eliminates mass-email replies as a possibility. If they use web forms, they can easily tell legitimate orders from phony ones by verifying the credit card numbers, phone numbers, addresses, etc.

  11. From a spammer's programmer by Anonymous Coward · · Score: 5, Interesting
    Part of my companies' income is from sales of various and sundry products sold via soley online "stores." Part of that traffic is via banner ads, text links, etc, and another portion is via bulk mail (spam), generated by affiliates and run from an outside-the-us operation (that is to say we are not technically pressing the "go" button to spam people).

    As a programmer working to keep the data flowing smoothly part of my job entails building programatic methods of detecting false data. Some of this is easy (i.e. people who put "I WANT TO RAPE YOUR DAUGHTER" in the first name field). Sometimes this is harder. IP checking helps, but distributed attacks are always a difficult thing to catch. However, all that said I don't know that this would be a significant problem.

    One of our upcoming process changes will include an attempt to contact each customer via phone or email to verify their order before following through with it. Futher, automated credit-card checking will automatically drop orders with bogus data in them. CreditCard declined statistics would rise, but ultimately it wouldn't be that much hassle.

    If you really want to hurt a spammer, get thousands of people to order a product, then send it back and charge-back the order on their cards. Creditcard merchant accounts have limits on the chargeback rates, and when they get too high the merchant provider will cut you off. Of course you have to front the money and the hassle, and at the end of the day there's only 1 less spammer out of a million (unless he tries to find another merchant provider and succeeds). But for some, perhaps the cost-benefit analysis would still find it worth it.

    Total Due: $0.02

    1. Re:From a spammer's programmer by Anonymous Coward · · Score: 4, Interesting

      This is a stunning. I have a better idea, if some grey hat wants to be a hero. This idea is extremely illegal. Purchase or get lots and lots of stolen credit cards. Target a spammer. Buy lots and lots of his product with the stolen cards. When the owners charge these back, the spammers will be *blacklisted* by Visa and Mastecard under the theory that, if that many stolen cards got used at one place, the spammers must be members of organized crime syndicates. Not just the spammers' companies will be blacklisted, by the way - the individual executives will be blacklisted, as well. Some selfless vigilante could solve the whole problem for us!

  12. Re:The Best Way to Attack Spammers by sfe_software · · Score: 5, Informative

    You could always do what I do.

    Add all the spammers to an e-mail list and automatically forward any spam I get (using an address I use only for this purpose) to everyone on that list.

    Having recently been a victim of having my addresses spoofed by spammers, I don't think this is a good idea. Only if the SPAM actually says to reply for more information (or to make a purchase) would this work; in other words, only if you have a reason to believe that the address is in fact going to reach the spammer.

    The majority of SPAM I get does not come from a valid email address, but instead includes a URL to visit or a telephone number to call. Thus, forwarding SPAM to the From/Reply address will either just bounce, or worse, go to the unsuspecting person who's address was inappropriately used.

    I know that often the spammers just use a random address from their list as the From/Reply-To, but for a couple of weeks I was the proud recipient of many thousands of bounced SPAM messages, to the extent that I had to temporarily /dev/null my Postmaster alias (violating RFCs of course).

    --
    NGWave - Fast Sound Editor for Windows
  13. 3 Lawyers, 3 geeks by RonBurk · · Score: 5, Interesting

    A very significant percentage of spam meets two criteria: 1) it already breaks some existing state or federal law and 2) it ultimately desires someone to supply a US-based credit card (Visa or Mastercard).

    The problem with all our wonderful anti-spam laws is that they are not being enforced, and probably never will be, except erratically for 1 or 2 really, really bad repeat offenders. So, instead of using laws to take bad people to court, use laws to make law-abiding people quit aiding and abetting spammers.

    Thus, the weak underbelly of many spammers is that some minion of MC/VISA is letting them process cc transactions.

    Solution: the FTC should allocate 3 lawyers and 3 geeks, and (the easy part) demand the cooperation of MC/VISA. The 3 geeks maintain emailboxes in all 50 states and a batch of email addresses designed to gather spam. They essentially provide the 3 lawyers with "quality" spam, that meets the 2 criteria mentioned above.

    The 3 lawyers select spam that has broken a law, follow the spam-requested transaction to the point where it requires a cc transaction, and do it. At that point, there is a CC transaction involving a broken law. The lawyers provide MC/VISA with the information on what merchant processor handled the transaction and what laws were broken. MC/VISA shutdown that account, or simply dings them $20,000 for each offense.

    Note that, unlike the FTC, MC/VISA can penalize any customer they choose to without due process (and they have a record of doing so). They definitely do not want to participate in illegally advertised transaction if a spotlight is shown on it.

    The need to process credit cards is the weak link in much of the spam business, and it is very hard for them to work around an inability to obtain the services of a merchant credit card account. MC/VISA have tightened up the requirements for getting CC services in the past, and they can certainly do so again.

    MC/VISA might even elect to make the process more automated by issuing the lawyers some "special" credit cards. When they see a transaction for any "special" number come through, they immediately shutdown that processor. (But you better make sure those special numbers aren't as easy to steal as all other credit card numbers seem to be!)

    3 lawyers plus 3 geeks could make a bigger dent in spam than any collective effort to date has produced.

  14. No, This is actually a BAD thing. by Anonymous Coward · · Score: 5, Funny
    This is actually a good thing.

    Why? Sheesh, I don't know, but whatever story gets posted here, someone always claims it's a good thing, so I figured it might just as well be me this time.


    This is a bad thing. Why? Well, I don't know either, but whatever comments get posted here, someone always claims you're wrong, so I figured it might just as well be me this time.

  15. Give me a fscking break by Weaselmancer · · Score: 4, Interesting

    Let's look this post a bit and do a little translation:

    Part of my companies' income is from sales of various and sundry products sold via soley online "stores." Part of that traffic is via banner ads, text links, etc, and another portion is via bulk mail (spam)

    Translation: I am a spammer.

    If you really want to hurt a spammer, get thousands of people to order a product, then send it back and charge-back the order on their cards.

    Translation: Give me your credit card number.

    Spammers are the wise guys and con men of the digital age. DO NOT TRUST THEM. I mean really - if this guy makes his living this way is he honestly going to give you a stick to beat him with???

    It's more likely he'll take your credit card number, charge it to the hilt and take off to Zaire.

    Give me your credit card number and I'll be hurt. Please!

    --
    Weaselmancer
    rediculous.
  16. Attacking Business Model - Posted Anonymously! by Anonymous Coward · · Score: 5, Interesting

    Not really related to the parent; I posted it up here because I think it's a good idea. I don't want to be too associated with it, anticipating the spammers fighting back.

    At the very least, I'd like to have a good Windows programmer put together something akin to this:

    #!/bin/bash

    COUNT=0

    while [ $COUNT -lt 2000 ]; do

    lynx -dump -traversal -useragent="By sending e-mail to my domain, you agreed to the published Terms of Service of my privately owned domains and servers, including the stipulation that all spam would result in your webserver log being filled with garbage. If you don't like it, don't send e-mail to my domains. I f you don't want me to visit your website, don't solicit my visit by sending me unsolicited e-mail. You do not have a First Amendment right to waste my bandwidth, electricity, CPU time or hard disk drive space with your crap, characteristically illiterate or otherwise."$1?YOU_FILL_MY_MAILBOX_WITH_UNSOLICITED _C RAP_AND_WE_WILL_DO_THE_SAME_TO_YOUR_WEBLOGS

    let COUNT=COUNT+1

    echo $COUNT

    done


    I use this on all my spam.

    Such a program would need to have a drag-and-drop interface, automatically replace the user's e-mail address (wherever it appears in HTML bugs) with uce@ftc.gov or something similar, trim serial numbers, cope with obfuscated URLs and hijacked Yahoo/Google redirectors, and eat both image tags and links.

    As it is, I open each message, manually extract all the HTML tags, and plop 'em into a terminal window on one of my servers.

    The only real worry is a spammer using a GeoCities or other free webpage. But if a few people hit the site with this kind of program, it would get it shut down faster than an abuse complaint.

    Of course, if the spammer is being paid per hit, the advertiser is spending a lot of money to advertise to /dev/null, so it's unlikely that they'll continue the current business model.

    I've also got it on the advice of a Federal Court judge (who is blind and can no longer read his e-mail in public places because he's too embarrassed by all the penis enlargement spams being read by his screen reader) that, since they've solicited my visit AND been warned on my website, there's very little the spammers can do about it. (Even so, I'd be hauled up in front of him, and I know how he feels about spam...)

    Such a program could be very popular with the general public, since there's a definite feeling of satisfaction. But I think it should also be distributed anonymously. Spammers are likely to DoS any download sites and flood any mailboxes.

    Sure, this is essentially a denial of service attack against the spammer. But the spam itself is a denial of service attack against MY mailbox, and nothing else seems to be able to stop it.

    Any Windows programmers out there?