Slashdot Mirror
Can A Bounty System Cure Spam?
dankinit writes "The FTC is considering a proposal made popular by Lawrence Lessig which would offer a bounty to people who help catch spammers. The proposal looks to harness the power of volunteers online who might want a piece of the multimillion dollar fines spammers could incur. Spamhaus founder Steve Linford doesn't like the idea though, explaining '...the FTC already has so much information on their identities that to get anymore would be useless.'"
Because some spammer might propose more money + no spam in exchange of their safety...
Trolling using another account since 2005.
We know who is spamming us. Afterall, the spam message needs some sort of e-mail address or web address so that the fools can respond, so you just have to follow the money trail to get back to the spammer.
The problem is that the worst these people are setting themselves up outside of US jurisdiction, so that FTC and company just can't get to them. Any spammer who doesn't is excessively stupid. There's nothing that the US courts can take from them... and I just don't think offering 20% of $0 is going to do much anyway.
Bottom line is that this plan doesn't connect. As much as spam annoys us, the US Government just can't do anything about it because it's a worldwide problem. On the Internet, if one jurisdiction doesn't like what you're doing, you just need to find another who will accept you.
"I want them alive... no disintegration." Oh to be a bounty hunter...
404
Can A Bounty System Cure Spam?
Depends, will the FTC hand out Boba Fett type bounting hunting uniforms? I wouldn't mind starting a collection of Spammers In Carbonite on my walls.
Outdoor digital photography, mostly in New Engl
Just answer a few simple questions and we'll send you this FREE spammer catcher software!
There's no justice quite like angry mob justice
See your sig here
Dead or Alive Sounds good to me.
think about it: spammers start trying to catch each other for the bounty, and then they form these massive spamming groups (read gangs) that join up to get the bounty on other spammers...then you end up with a smaller group of REALLY powerful spammers...i gotta stop playing Mafia...
I feel the need for some airstrikes... not to make light of the damage an airstrike can cause, but come on, they're spammers.
Can A Bounty System Cure Spam?
Unlikely. But, if the law actually get's off it's ass and actually hands out fines, spammers might be more inclined to stick the equivalent of "this is spam" (the opt-out message, etc.), which could make filtering more effective.
Perhaps we should be fining the ISPs who happily let spam-servers loose on their network?
"It would promote vigilantism on the Net and it probably would not catch any bad guys," said Louis Mastria, spokesman for the Direct Mail Association
There are plenty of technically-skilled knowledgable people out there who might otherwise not have bothered, but who could probably track a few people down.
'the FCC has so much information on their identities that to get anymore would be useless.'
We don't care whether they're known or not. We just want to bankrupt them and get the money we have lost* due to spam.
--
* Most end-users don't lose money, but the amount of stress and anger caused to me by spam has probably shortened my lifespan, and can you put a price on that?
Spammers aren't exactly the kind of people who are scared of breaking the law anyway. A good chunk of the time, even if sending the spam was legal, the message it contains doesn't exactly pass the smell test anyway. Phishing scams, offers to buy perscription pills without having to see your doctor, or the basic fraud of selling a product and then not sending it are some of their favorites.
When I was a kid growing up in the sticks the county offered a bounty of $0.25/pair for gopher paws. That might work.
Spam just needs to be made illegal in all countries and investigated like any other international crime (e.g. extrodition orders, sharing of information across borders, copperation on investigations).
Why we need a different mechnism for capturing these Spam criminals is beyond me.
----
Well, he says whats the point.. cause they already know enough about spammers.
.. but just felt i wanted to disect this either misquoted statement from Linford (which i wouldn't put past slashdot stories) or just narrowminded comment.
.. i have no intentions of reading more than the /. blurb on this one.
one reason. Information about people isn't guaranteed to be evidence that will hold up in court. So getting citizens to help with evidence against the spammers, from different sides than just teh FTC info gathering, helps any case that they would put up agains the Spammers.
Who knows if it will really work
and yes
Who makes you Sig?
We would need an organized way of combining suits against spammers. Otherwise, those millions of individual suits would clog the courts. A bounty system is the perfect solution. People who collect information on their spammers would organize and report that information to a centralized organization which would handle the actual law suits. Then this organization could pick its targets by employing a pseudo-random, RIAA-style method of picking out random spammers with a boatload of complaints. Any money won would be distributed evenly to those who provided reports on the spammer.
Give them a free tv if they show up at say a convention center. err maybe a free xbox if they are say in the first 400 people to a convention.
This may sound like it wouldn't work. They tried giving away a free tv to the first 400 guys to show up at a conference on not paying child support and they caught like 400 some guys who were deliquient. Lets try it on spammers.
Evolution or ID?
on how much per spammers corpse you are prepared to pay for someone to hunt and kill them.
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
This idea is of course not new. Microsoft has been offering money for information leading to the arrest and prosecution of virus/worm writers, and yet has seen relatively few leads.
There was an article recently on Slashdot that talks about the motivation of spammers as being primarily "money" - for college, for a late loan payment, or for just a quick financial pick-me-up. But in order for this type of "vigilante justice" to work for the government and ultimately for everyone, the motivation has to go much deeper. On one hand you could argue that few people volunteer to fight cybercrime because there is little or no money involved - so let's throw some money into it and entice people to do right. But I wonder if the ones who can are simply not doing it because there is a lack of worthwhile motivation. Money seems mundane, even insulting at times, as reward. Contrast this with the h4x0r culture, a meritocracy where your reward is respect and even deferential treatment from your peers when you demonstrate real skills.
It's fine if you want to resort to this type of measure, but what are the motivation and reward of doing good and getting rid of those who do bad things for rewards as trivial as money?
They should all be locked up with men who have enlarged their penises, used viagra, and are looking for a meaningful relationship.
I like the idea of giving spam hunters the same authority as real life bounty hunters! Armed sysadmins tracking down spammers to their real life office space using Wi-Fi handhelds to monitor their network traffic. Just imagine how immensly satisfying it would be to break down their office doors, catching them mid-spam, forcing them to the ground, cuffing them (with zip ties of course) and hauling them off to be executed^H^H^H^H^H^H^H^H jail.
I know that's not the sorta of bounty system the article is talking about but it's a pleasant little fantasy that will keep me amused while I delete this mornings viagra and mortage offers.
"Listen: We are here on Earth to fart around. Don't let anybody tell you any different!" - Kurt Vonnegut
... so why not have them work at sorting email into spam and non-spam, to provide the raw input to help train spam filters.
You could use a feedback mechanism to prevent lying - for example, if the filter' efficiency falls because they misclassified something, they get more time added, etc.
If they sent out 10,000 spam, they have to classify 10,000 spam, if they sent out 100,000,000 spam, they have to classify 100,000,000 spam.
... and make them have to do it in their spare time, with a requirement of n number of spams classified per day, 7 days a week, not while they're "guests of the state".
... and, of course, no internet access except to send in their "homework" and receive new assignments.
Make them crap their pants every time they hear "You've got mail!"
Everybody allways talks about it's impossible to get the spammers themselves, so that their servers are 'shut up'. But everybody also knows those servers are in some freaky places where regulation means (allmost) nothing. That's just too bad for all the poor people who get spammed.
But why doesn't the juristiction follow the line to the compagnies themselves instead of their spammers? If company X is found by following the links on their mail, can't we get those companies sued? I don't think many will copntinue if they're all hanged.
But yeah, I know there are a lot of companies who are also located in those freaky places selling the most legal stuff, but still...
How many companies are there located in the US?
(As a sidenote, how many European companies do spamming? It seems to me that only American compananies do this kinda stuff, 'cept our beloved Nigerian poor bankers who deserve our help with their finances.)
Dependency hell? =>
But we could go a long way towards eliminating Spam if the right people would grow some backbone and do the right thing.
1. Cut off Spam from the Zombies.
Cable and DSL companies should block all port 25 traffic coming from their customers. If you want to send e-mail, you should have to use use their SMTP servers. Running your own mail-server is against their TOS in many cases, anyway.
In all fairness, however, this could be handled on a case by case basis. If you are such a macho techno-geek that you really really really really just absolutely HAVE TO run your own mail server, you should have to ask them for persmission first and enter into some sort of agreement that you will not be part of the Spam problem.
2. Cut off the Zombies.
Any cable/DSL customers spewing out large volumes of e-mail (without permission to run a mail server) get a nasty letter, telling them that their service has been terminated until they secure their computer.
3. Follow the money. Follow the money.
Spammers have to make money, somebody has to get paid. They aren't doing this for the fun of it. Trace the money trail back to the people who get paid for the herbal viagra and penis enlargement pills. It isn't easy, but it can be done. If you follow the money, and apply EXISTING laws, such as:
* Child Pornography Statute 18 U.S.C. 2252
* Electronic Communications Privacy Act 18 U.S.C. 2701-2711
* Economic Espionage and Protection of Trade Secrets Law Pub. L. No. 104-294
* Computer Fraud and Abuse Act 18 U.S.C. 1030
* Foreign Intelligence Surveillance Act 50 U.S.C. 1801-1811
* Transportation of Obscene Matter for Sale or Distribution 18 U.S.C. 1465
* Federal Wire Fraud Act 18 U.S.C. 1343
you can shut down the Spammers.
Although spam looks like a very international problem, I believe that a good number of spammers are based in the USA, they just use machines outside USA to do the dirty work. If this helps FTC to get to those spammers, and make their charges hold in court, all the better.
If they only found a good law to throw at those who hire the services of spammers, sell access to compromised machines, sell address lists for fraudulent purposes, then we might get somewhere.
In Murphy We Turst
Why should my tax dollars go to help catch spammers when the real problem is its profitable to spam?
I am in favor of throwing out SMTP because and changing TCP/IP to version 6 on the internet. It would make things harder to hack and more secure.
Both Unix and TCP/IP were never known for security. Sure its more secure than Windows but ask any former VMS or OS/390 administrator about it?
http://saveie6.com/
But only if I partner with an ex-cop with a prosthetic arm, a hot chick with no memory, an adolescent female hacker named Ed, and a Welsh Corgi.
I'm in the hole of the broadband donut.
Such a system has a fundamental problem: it will motivate people to act purely out of greed, with no further interest in helping to avoid spam. They will therefore concentrate on reporting "easy targets" and perhaps even report people who aren't actually spammers and can't prove it. The whole idea is rather cynical and smells of defeatism (the law won't help => hire bounty hunters acting outside of the law).
"I love my job, but I hate talking to people like you" (Freddie Mercury)
If you think about it, exactly how many of YOU have collected any money from those crimestoppers rewards? And you want to trust the FTC To pay you, your hard earned cash?
From the article :
The prize for a spammer's virtual pelt? A hefty percentage of whatever civil penalty the FTC is eventually able to collect based on the information.
Sorry, they're not gonna catch a damn person with "eventually" and "whatever" as backing for a reward.
If anyone put half of the effort in to catching spammers as they do with file sharers, I believe this would be a closed case. There is something fundamentally wrong with this whole situation. I can get fined a few grand, and face possible jail time, for downloading a song. On the other hand, I can make serious cash sending out billions of unwanted emails and get away with it?
"If a quarter is two bits, then a dollar's a byte." -R Deric Miller
.. in a great sci-fi book "Labyrinth of Reflections" by Sergey Lukianenko. Unfortunately, it hasn't been translated into English (yet), so I can't post a link ...
In the book, there's a funny bit about cyberworld residents meeting in a town hall by the Statue of a Last Spammer... built when the last spammer was exterminated by the bounty hunters. Being wise enough, the governments still decided to keep the bounty in effect AFTER the last spammer was caught.
Personally, I think this is crazy enough that it could work. Imagine the unlimited energies of 16 year olds who spend their days glued to the computer, chatting on IRC, cracking porn site passwords, doing various small-scale mischief and playing Counterstrike, directed towards catching spammers. All I can say is, that would be a BAD time to be a spammer.
just wait untill they start selling online tracking software, i bet there will be very little spam and a few rich script kiddies
There was a story on /. a while ago about mortgage spam. The large mortgage vendors (many of them legitimate banks) were the ones that responded when some mortgage spam was answered.
It seems that those institutions were paying for leads and they didn't really care where the leads came from.
So, do you fine the guy who sent the spam or the company that contacts you after you answer the spam?
If you only fine the guy, there will be another to take his place (and, as you noted, they will move outside of US jurisdiction).
Can a bank that never before sent you any email be fined for contacting you if you send someone an email saying you're interested in a mortgage? Until that starts happening, nothing is going to happen to the spam level.
Follow the money.
Lets
Rather than figuring out how to thwart spam, lets have *everyone* simply do what they ask for every spam email:
Lets
I think there's some confusion on the part of a few posters here that needs to be cleared up.
The spammers aren't the companies that pay these guys to do it. The spammers are the people who actually queue up the messages and spit them out. Now, I know what you're thinking, the company being advertised is at fault, too. But still, there is an order that you gotta go through in order to get the right people.
After all, you don't go after the gun manufacturers for creating tools of self-defence just because unintended users end up killing people, right? The proper order is, the person who used it, the parents of the minor that used it, the retailer that sold the ammo, THEN the gun manufacturer, right?
Oh wait, nm. I guess the anti-gun sentiment amongst the public tends to skew the proper order you'd think this should be. But still, I'm the kind of person that is capable of hunting down spammers, but I simply don't do it because there is no incentive.
A monetary incetive might be lucrative, but I'd have to see the amount of money given. If it's too low, it's not worth my time. If it's too high, like the Microsoft reward offers for the Sasser and Blaster creators, then I know they aren't actually going to pay out.
This article advocates a
( ) technical ( ) legislative ( ) market-based (X) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
(X) Microsoft will not put up with it
(X) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(X) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
(X) Unpopularity of weird new taxes
(X) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
(X) Joe jobs and/or identity theft
(X) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(X) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
(X) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, l0ser! I'm going to find out where you live and burn your
house down!
The cost to my company and others is very large, and essentially constitutes grand theft of services.
Fast machines, powerfull AI, impulsive invention,... All I lack is a good espresso machine!
"DICK JONES!! I SPAM FOR DICK JONES!!!"
If you don't know where you are going, you will wind up somewhere else.
Lets get their private info, and send spam to their email accounts.
If that isn't good enough, we can send junk mail to their house.
See how many of them want to enlarge their penises, or perhaps their grandmothers want to see the hot lesbian cam.
I am Bennett Haselton! I am Bennett Haselton!
If you think of spam as a pathogen, no - No more than any other disease can be wiped out. But the system will be allowed to function without parasites overwhelming it. The best benefit are geeks hitting the weight room, NRA gun ranges and loading up on pepperspray and beanbag guns. We finally get to use those skills honed with years of nerf weapons training. Geeks getting paid to hunt down spammers? Too sweet.
"First you get the Linux, then you get the power, THEN you get the women"
Tracking down the spammers is not a problem. As I and many others have said, follow the money trail. I advocated setting up a credit card account and making purchases, then when the transaction is completed, the billing records will show who bought the goods, then prosecute them.
...and they all moved away
The problem with prosecuting individual spammers is that the Justice Department goes after big money criminals more agressively than small fry spammers. They are more interested in capturing the guy that embezzeled millions of dollars, rather than the guy that sent out millions of emails.
Alices Restaurant Updated:
There he was, sitting on the bench with all the bank robbers, embezzlers, serial killers,
"Whatcha in for, kid?"
"Sending 7 Million spam emails"
Pete Carr Owner Chatmag.com
...it worked like current bounty systems.
The police issue warrants for bail jumpers.
Bounty hunters get $$$ for bringing them in.
With a spam bounty system, it could work like this:
The feds put up 'info wanted' notices for specific spammers. It would eliminate the objections people have of vigilantes going after innocent legitimate marketers. The feds would be asking for information about specific spammers, much like the FBI's most wanted list.
You call in leads, the feds prosecute, you get $$$.
The idea here being that there are often people out on the internet who are far more skilled or have far better connections than law enforcement, in tracking down miscreants.
There are likely a lot more net-skilled individuals out there than there are law enforcement officials with good net skills.
Why not put that talent to use, a bounty is great incentive (besides the satisfaction of putting spammers out of business).
Pretty simple.
They live in the USA, they are american citizens. They just spam using servers in china to try to hide the true origin.
Very few spammers actually bother to move outside US borders. And even then, unless they officially renounce their citizenship, they are still US citizens and can still be deported + prosecuted -- no matter where in the world they may be.
The US courts can sieze their assets. Their house, their cars, their computers, etc. Ever wonder what all those government auctions are? Most of them are auctioning off siezed property from criminals. There is serious $$ there.
So yes, there's plenty the US courts can take from them, unless they're living underneath a bridge in a cardboard box.
Finally, a poster that sees it right (or at least my way...:).
Spamming and spamvertised business have become enmeshed in the otherwise legitmate economy (either through banking, ISPs, list brokering or trickle-down to middlemen like mortgage intermediaries).
Why isn't the FTC leaning on those people? Or at least publicizing their involvement in spam, even if it is indirect?
Furthermore, given the prima faciae fraudulent and/or illegal nature of spamvertised businesses and products, why isn't the FBI starting RICO investigations against these third parties whose implicit cooperation is necessary for spammers to do business at all? RICO has serious penalties and can be used to "bundle" miscellaneous state and federal law violations that would otherwise be unprosecutable or not worth prosecuting individually.
There's too much of this "it's all overseas" mantra and "we can't do anything about it." I say bullshit -- there's a money trail to follow and a bunch of people who would rather not be the target of a Federal racketeering indictment who live right here in the USA.
No, I'm asking this question, because AFAIK there's a multi-million USD bounty on their heads today. Yet they're still hiding.
Until the spamming problem is causing buildings to collapse, this FTC bounty system is not going to do anything. And even supposing that the mountain of junk we receive causes computer to be so heavy they start to crack the concrete, it's not because there's a bounty that the capture and conviction becomes easy.
At least not until long-range individually targeted viruses are feasible and bounties are paid for DNA samples of spammers. And if that happens, methinks spam will not be our biggest concern.
A bounty system will ONLY work well if the tipper is subject to severe legal penalties if making a false tip. Even then, there's problems -- 911 services get a LOT of prank calls and false reports, and bounty programs tend to see even bigger problems.
We have to remember that spam exists only because it makes money. If people are not buying products that are spam marketted then the money will run out and spam will go away. That's the RIGHT way to do it.
a bounty on the heads of the spammers that is...
Use Bounty to clean up Spam?
Muppet: "Good Idea. Here's the paper towels"
I love that line. I forgot which muppet said it though.
Speak truth to power.
A bounty system isn't right, for exactly the reason Steve Linford says. It's preposterous to suggest that the government needs more information.
What we need instead is a law similar to the Tennessee law which simply made spamming a civil offense and set out a clear, punitive civil penalty structure. The problem with the TN law was that the penalty wasn't quite enough.
I suggest a law that simply makes spamming a civil offense, with punitive damages set at $5000/spam and compensatory damages set at $10/spam. There woudl be a 10% bonus for pornographic spam. The law should be worded to give judges little discretion except to determine whether a particular email is spam. If the defendant is on the FTC's list of spammers, then the judge would have no discretion. His job would be to swing the gavel.
Having DA's or AG's go after spammers makes no sense. They have more important cases to deal with usually. Leave this up to people who are the victims. The spammers will die a death of a thousand cuts.
The hardest part is tracking them down, but since the FTC already has a lot of information, they need to make it public to assist.
Do you have ESP?
Why aren't the companies that sell the products being punished?
They should be much easier to track down and they are the ones hiring companies to do the naughty work for them.
Keep the Classic Slashdot.
I'll happily forward any and all UCE, gratis, to someone who can actually nail the pests. I usually send a notice to the offending system's owners when I think someone's host has been hijacked. My typical experience is that nobody wants to hear about it. :-{
I suspect we'll see more results from private action, now that someone has been foolish enough to crack into some sites with expensive reputations to maintain in order to distribute their junkmail-mirror trojans. Financiers are dangerous dudes, and the damage from the latest horror goes way, way beyond that of the typical defacement prank.
Consider a law like this imposed upon spammers and those who hire them. Follow the money, cut off and confiscate the money, reduce spam.
The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.
The other day a friend of mine and I were talking after I had watched The Boondock Saints, and we decided that the problem of spammers could easily be solved if we went after them with the same attitude as taken by the main characters in that movie.
Your agruments seem great on the surface but further examination reveals flaws:
point 1)
I agree with the idea behind port 25 issues: having ppl who must run their own mail server get permission in advance does *sound* good. However, legitimate/responsible users who ask for permission in advance will, by definition, have alerted the ISP they are running a server and then be charged more for it. This will not be seen as fair when you consider they may, in fact, be using less bandwidth than the average on-line gamer or true zombies of which you speak. This also speaks nothing to overseas ISPs beyond enforcement and ISPs that don't give a fsuck.
my point here is that legitimate users should *not* have to pay extra (literally) on the account of spammers.
point 2)
shutting down zombies sounds great, but without effective automation it won't be effective because it will be too expensive and further raise the operating costs of ISPs beyond what they are already losing in lost bandwidth. How would you have the ISP distinguish legitimate mail traffic from spam without looking at every email? You could simply measure the volume of mail, but again, legitimate mail users would be cut off or would have to pay more.
I suppose if you dont care about legitimate mail servers from home paying (a lot) more this could work well, but only for mail from ISPs that actually care, and it only takes a few that don't (or pretend to but don't) to ruin this idea while still leaving ISPs free to charge legitimate users more in the name of abuse they cannot truly curtail; I don't like the idea of internet mail becoming corporatized than it alreday is.
Again, overseas/unenforcable spam and its ending money trail will continue. We can try to get financial insitutions to be more responsible with these transactions, but that assumes way to much in the way of co-operation. Most will give lip service and do little or nothing about it because of the costs invloved in curtailing it and lost revenue by someone else picking up the shady sales portal business.
point 3)
existing laws and standards of enformcement are fine for those within the bounds of enforcement, but there are so many who are not that we would not be prudent to expect much out of them.
Human behavior is always the weakest link in every security chain. Towards this end, our efforts would be better spent on education and good bayesian filters.
In short, don't you really think these relatively simple solutions you have proposed would have alreday been applied if they'd work so well? Typically, our world is far more complex than simple solutions allow for.
.
uR iGn0ranc3, Their Power
Countries can just pass a law giving them the recourse of fining the companies that are being advertised via spam.
Said compaines could be fined HUGE fines, and thus make it unprofitable to advertise with spammers.
An alternitive that most admins might like:
Catch a spammer, and get the privilage of pulling the lever to the trap door, under that nice rope the spammer is tied too (by the neck)...
karma, hah...
Ah, we're one step closer to my dream of giving spam hunters frequent flier miles and baseball bats...
Someday...
I agree. There is a money trail, and that is the problem. Somewhere in back someone has to be spending some of those profits in kickbacks for protection.
The spam is illegal. The products are fraudulent. The trail exists. Nothing is done.
Why?
Because your politicians never actually read their own email, so they don't have to deal with it.
Start printing the spam and sending it in to Congress, making use of the free postage when contacting your representative, and keep doing that for a few months.
Flood them with paper as you are flooded with spam, and I guarantee they'll finally get off their asses and do something about the problem instead of just lip-service laws with no enforcement.
I do not fail; I succeed at finding out what does not work.
This could certainly make a great novel or even a TV series. Think about it for a bit. There would be "Wanted Posters" placed on the web. There are many possiblities for story lines here of how spammers are hunted down and brought to justice.
There of course would be a new profession of bounty hunter, some of which would be more ethical than others.
Yes, they'll have you arrested under some vague and frightening anti-terrorist law.
If it means I can travel around in a beat up old spaceship with a grizzled old ex-cop, an androgenous pre-teen ubergeek, a super-smart corgi, and an extra fine woman with guns, amnesia, and a gambling problem... then I'm all for it!
Smeghead every day of the week.
Yahoo should be using these clicks statistically to refine it's filters (which I don't use) and launch complaints against spammer ISPs and/or filter trojan relays.
If you ask me, spamming doesn't bother me nearly as much as popup windows on IE that download Ad Viruses like WtoolsA and ClearSearch on my computer. Spam requires I click on the mail and hit delete or Spam. All hail Yahoo.
No, for me, it is the websites that authorize Ad Viruses that piss me off. People who host such sites should be permanently shutdown and its owners castrated.
And yes, I know IE sucks, but my girlfriend uses IE regularly and she doesn't know better and it's not as easy to get her to switch over to Opera or Mozilla. And it seems a lot of stuff just doesn't work right without scripting.
So before going after spammers, go after those fuckers, for gods' sakes. I'm sick of having to troll through my computer every night running Adaware and HijackThis and antivirus to ensure I don't have more crap on my computer.
I do not see this working, because what would stop someone from hax0ring someone and spamming, then turning them in?
I hate sigs.
I mean spam every address you can find send thousand of duplicate emails a day, bring the entire internet down. We made the thing, lets take it back down. Then leave the unwashed masses out of it. And if we can't take every router in the world down by sending massive amounts of spam, maybe we can make the signal to noise ratio so high that the spammers wont make any money.
Imagine a day when everyone gets 100,000 plus emails per inbox. Each one for a different product. It would be impossible for them to read each ad, so the real spam would get bypassed and the spammers wouldn't make any money.
Now before anyone takes this serious, I know this wouldn't work, even if we could get thousands of people to send fake spam, they would be the ones the lawmakers would go after while the real spammers. And besides, its most likley morally wrong.
But I say, If you can't beat em, join em. If we were all spammers, nobody would care about spam.
Only a new protocal can save us, please, let us all leave SMTP now!!!! It is the worst protocol ever, way to open for abuse and falsehood. I really liked the AMTP protocol as per the previous article in this zany forum, wish I coudl find it...
photoplankton
You don't have to give people monetary incentive to help fight spam.
Just outlaw spammers and let the hordes of rabid geeks take care of them.
I have seen some people suggest going after the end company rather than the spammer themselves (as i'd say that often times the company itself is not doing the spamming - but rather a 3rd party takes care of that). If we do this than I can see a huge potential for abuse. Say you have a grudge against some company - or they are your competition and you want to hit them where it hurts.. rent-a-spammer and write up fake marketing emails from that company. Then call them on it.
Now how do we know if an ad is legit or being used in some sort of "return to sender" attack where they are just being set up to get a hefty fine even though they had no idea these ads were circulating?
Just a thought.
Go after their customers.
The "Vi'e'gra" sellers.
The "Wanna slip wit my moder...She's a virgen" promoters.
The "Get out of debt FAST" banks. The "You're PRE-APPROVED" credit card shufflers.
I'm sure an international trade agreement can be hammered out to share the fines according to the amount of Spam a country _sends_. And its 'sent' right from the country where the Spam artists live. The prosecution can occur anywhere Spam is received but it's collected where its 'sent' from.
And you know how you catch the Spam? Have honey-pot mail boxes.
Makes law enforcement almost fun.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
And just like the song, Timothy is a goat!!!
Implementing a bounty system is just a dumb idea. Do cops offer rewards to help them catch common criminals? No, because a system that does so would just flood the phone lines with false leads. Same here. As Steve Linford (who probably knows a lot more about the subject than Lawrence Lessig) said in the article, the problem isn't that the FTC doesn't have enough information on spammers. I think keeping your inbox clean is enough of a motivation for most people to report spam.
I read a book by Lessig once. Internet visionary my ass. The man clearly had no clue what he was talking about.
BTW, just a nitpick, the article refers several times to the "CAN-Spam" law. Such a law does not exist. The "CAN-SPAM" law, on the other hand does. The entire thing is the acronym (Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003), not just the CAN.
Mathematics is made of 50 percent formulas, 50 percent proofs, and 50 percent imagination.
The spam is illegal. The products are fraudulent. The trail exists. Nothing is done. Why? Because your politicians never actually read their own email, so they don't have to deal with it.
I'm not sure that's it, but I'd wager that the DMA or other business lobby groups has put a lot of pressure on the FTC, Congress and other enforcement/lawmaking entities and lobbied them heavily on the value of spam to their respective businesses; they soft-peddle it as only "porn" being a problem, when in reality all the other shady, it's-legal-if-you-read-the-disclaimers spamvertised businesses are just as, if not more, fraudulent than porn. Idiot politicians boil it down to its most basic election politics -- "business good, porn bad" and don't do anything about it.
Who also wants to bet that the DMA didn't strike some secret deal with the FTC over the Do Not Call list; "we won't make a Supreme Court case out of it if you don't start handing out spam indictments".
All in all, the mystery remains, though -- spam is illegal, the products are fraudulent at best, and the money trail exists, yet nothing is done about it. I know it's not a pure conspiracy, but it really feels like one.
To 10 of your closest friends and recieve money from Microsoft and the FTC!! It really works!! I know you got email like this before, but this one is the real thing!
boycott slashdot February 10th - 17th check out: altSlashdot.org
I did RTFA, so:
Your post advocates a
( ) technical (x) legislative ( ) market-based (x) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(x) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
So we're talking Cowboy Bebop but with email and in the privacy of our own homes? Only if I get to work with Faye! -1 excessive nerdiness
Because it's run by the Mafia. And you don't touch the Mafia, they can kill you like they did Kennedy. You fight them for tens of years without really rooting out the problem. But for terrorists you can do it in a matter of months if you choose to.
It's all about priorities...
You bet it can! Let a bunch of people pay someone/some entity an amount of cash - and watch them make the spammers "go away".
I mean, if it was legal, wouldn't *you* with hate in your heart and the prospect of fullfillment in your head kill e.g. Richter?! I know I would sure as hell do. If I got $1000 for every spammer, I could almost buy a BigMac once I had clensed the world from this vermin!
I would assume there would be no limit & an open season...
How many /.ers would like to have a few spammer's heads mounted on the wall in their dens?
Of course, the taxidermists might not like it. Stuffing a spammer is probably worse that stuffing a dead skunk.
"Obviously, I'm not an IBM computer any more than I'm an ashtray" (Bob Dylan)
I would like to see: Video of a spammer being flayed and skinned as he or she painfully and slowly die. This video would then be broadcast across the internet, letting spammers know what future they face if they are caught. I think spam would end in a hurry.
--E--
To quote the patrician - "Tax the rat farms".
Offering a bounty may well create a situation where spam is generated by those wishing to make money fast (tm&c) by claiming bounties.
n/t
testing out my trending skills
We go back to the old ol' days of bounty hunting and shoot those bastards where they stand. Wanted...Dead or Dead.
do we take the bodies to collect?
Some mornings it's hardly worth chewing through the restraints to get out of bed.
Is there an email service that will make a small charge for forwarding emails to my account. At, say, one cent for ten emails, I wouldn't mind reading some spam.
Better still let the user set their threshold price.
If this were done I would at least have one email address left that was relatively spam free. And the spam I did receive would do some good.
the FTC already has so much information on their identities that to get anymore would be useless
:-D
when all else fails, counterspam from the rooftops
(it's a joke)
...far too few people understand that spammers truly deserve to die. You're not going to get a lot of support.
Most people, if left in a room with a baseball bat an Alan Ralsky tied to a chair would probably let him go. I'd make sure that he suffered until his last breath.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
So I strung them along for a month or so asking for clarification on this and that, gathering requirements etc. etc. Saying I'd start work in a few days, then a few more days.
They blew off the other folks who had bid on the project (they were only offering $500!!) and said they wanted me to do it. So finally after I couldn't stall any longer I sent them an email and basically said "You guys are spammers and I'm not helping you!"
May no camel spit in your yogurt soup.
making use of the free postage when contacting your representative
Never heard of that before. How do you go about using that?
There is such a thing as a world juducial system. Or almost. But the US doesn't want to play ball. It's not the rest of the world that is slowing down this kind of global cooperation.
"...offer a bounty to people who help catch spammers".
WOOT!!! That is a great idea. I hope this passes, I will make some serious cash!
Have a law that lets anyone who sends an unsolicited email collect a 100 dollar fine from anyone that buys something from them. The public would soon learn not to buy from spammers and spam would end. ( Fark.com had a link the other day to a story that said 20% of internet users buy things from spammers.. Holy shit... )
Eat at Joe's.
Paying informants for validated info about crimes will be safer for the accused when the validation does not require their participation, beyond receiving notice that their being investigated. Only when a sufficient standard of proven physical evidence, or much more corroborated signed, sworn testimony, is registered, should the investigation cost the accused any time or money, or be published beyond the accusal notification. If not indicted within a short length of time, the entire record should be transferred to a record used only for statistical and investigative analysis of the law enforcement organizations, and unavailable to any process targeting the cleared accused.
With those due processes enforced, cutting in the public directly on proceeds from the P2P investigation of network crimes will enhance justice. Too bad the US justice system is so clogged with hypocritical "original intent" fantasists, and other, more authentic 1700s justice theories, as well as the overwhelming masses of private lawyers, and their Congressional dregs, that we'll get the worst of all worlds: expensive vigilante justice that damages the lives of the innocent, while keeping fines merely an acceptable cost of business for network criminals.
--
make install -not war
Notorious spammer X wanted, Dead or Alive
Yeah, I know, I have heard all of the excuses: Some people bitch because their ISP's mail servers suck, and some people just want to run their own mail server as a hobby. Or somebody is running a business from a residential connection and doesn't want to look like a cheapskate because they use their ISPs mail servers. Some people have some sort of idea that blocking port 25 is taking something away from them. Not all spam comes from dynamic ports. Also there are some ISPs who have no idea how to filter port 25 for dynamic ports. There are other excuses, these are the most common.
Ita appears that the half assed port 25 filtering that Comcast is applying is being very effective, port 25 needs to be blocked from ALL dynamic port 25's, not just the ones they find to be spamming.
The vast majority of spam is coming from dynamic ports - BLOCK them. In every case where port 25 has been filtered, all spam sent by various viuses/worms/etc., was instantly stopped as soon as the filter was applied. Many of the bitches above can be solved by using a decent mail service (that uses s port other than port 25). If you don't like your ISP's mail servers, bitch at them for providing crappy service.
Mail servers should also be configured to block all incoming mail sent from port 25 on dynamic ports. This one is harder to do because there are is no way to identify all dynamic ports.
Spammers ruined open mail relays long ago, they are now ruining open port 25.
FTC already has so much information on their identities that to get anymore would be useless.
:)
Who's talking about a bounty for information? I am more thinking of dead or alive type of bounty.
Yahh, hiii haaaaa! -Major Kong, from Dr. Strangelove
How about $1 for each printed piece of spam you can shove up Scott Richer's...mailbox.
Take out the portion of MAY-SPAM that denies end users private right of action. When I and a million other people have the ability to personally sue the spammers, then maybe something will get done.
Where is the wisdom we have lost in knowledge?
Where is the knowledge we have lost in information?
The bounty system presupposes that there will be civil action taken against a spammer in the first place, and those that help will get a reward.
The problem is, we have hundreds of civil-oriented anti-spam laws on the books that are not being enforced or pursued. It is not economically viable to use the civil courts to attack the spamming industry. The main reason is that it's not cost-effective: good luck finding a lawyer who will take this case which will cost a lot of money and time up front with no guarantee of a pay off. Second, suing someone in civil court generally works when you can find these people and bring them into court, which is very problemmatic with spammers, but more importantly, it assumes the spammers have money in the first place, which is pretty doubtful. If spammers were really making lots of money, they'd be more visible than they are - all indications are that most of these people are transient scam artists with very little long-term equity in their posession. So the bottom line is that civil suits have never proven to make any difference in this field. Who's crazy enough to jump on this bandwagon? What has happened to people when they propose ideas that are based on premises that have shown to be consistently useless and ineffective?
You forgot the world-weary, smart-mouthed young man who is a master at hand-to-hand combat.
Anyway, all you really need is Ed (and maybe the Welsh Corgi).
Tell her/show her the end results of spam on the Internet and set her loose to solve the problem.
Perhaps those guys are tracking down the great-great granddescendents of today's notorious (ex-)spammers in their era for the past 5-6 years after a rift in time and space enabled a brilliantly, modern-time post-produced audiovisual record of some of their exploits to appear on late 20th Century media outlets such as televison, videotape, DVD, theatrical movies...and yes, the Internet.
With Ed on the case, it'll be the spammers murmurring to inspired fast-tempo jazz music: "I think it's time we blow this scene. Get everybody and their stuff together...Ok, 3-2-1 let's--"
Ed (Bullhorn-style over spammer's computer speakers): FREEZE!...YOU MAKERS OF BAD AWFUL Spam-Spam!!!!
See you later, packet cowboy....
Vista:XPSP2::ME:98SE
What would be the point? You think politicians read their regular mail any more often than they read their e-mail?
Centralization breaks the internet.
For customers that can prove that their computers are spam free [like mine running different flavors of *BSD], ISPs should grant higher bandwidth, [> 1.5Mbps] for the price the customer is currently paying.
Folks who want higher bandwidth for a relatively cheap price will clean up their machines in order to get it.
Can I take their scalps like a real bounty hunter?
We may experience some slight turbulence and then...explode. -Capt. Mal Reynolds
I agree with you, but only to a point. For this to be effective the FCC would have to step up its aggressiveness, but they know that and would bother putting it into place unless they where (more) able to process it. There would be a lot more pressure with money as a potentailly serious motivating factor.
Quack, quack.
There is an alternative, however, that could make anti-spam enforcement much more effective, and nip the problem in the bud. Visa/MC would give the FTC and their European counterparts "poisoned" credit card numbers to use on spammer sites. Any merchant account that attempts a transaction using such a number would be immediately frozen and its balance forfeited. A portion of the proceeds could be set aside to pay for Visa/MC's costs, giving them an incentive to participate.
You could even imagine a next step - since the spammers' clients would be known, you could fine them, since they are the ones who keep spammers in business in the first place.
I can barely contain my excitement.
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
After much Googling, it seems you are correct. The people who'd told me a few years back that you get "free postage" for letters sent to the government were obviously wrong.
I do not fail; I succeed at finding out what does not work.
I unsubbed from all yahoo groups recently.
The amount of spam almost immediately dropped from 500+ per day to approx 3 per day. Some days I get none at all.