Can A Bounty System Cure Spam?

← Back to Stories (view on slashdot.org)

Can A Bounty System Cure Spam?

Posted by timothy on Wednesday June 30, 2004 @12:13AM from the cure-is-a-strong-word dept.

dankinit writes "The FTC is considering a proposal made popular by Lawrence Lessig which would offer a bounty to people who help catch spammers. The proposal looks to harness the power of volunteers online who might want a piece of the multimillion dollar fines spammers could incur. Spamhaus founder Steve Linford doesn't like the idea though, explaining '...the FTC already has so much information on their identities that to get anymore would be useless.'"

5 of 281 comments (clear)

Min score:

Reason:

Sort:

Re:This is crazy by LostCluster · 2004-06-30 00:28 · Score: 3, Informative

Unfortunately, there's no such thing as a world judical system. We have extradition and cooperation with the places that want the same from us... but there are also places where they just don't care about us.

The world is not united in supporting us in everything we do, and when we falsely assume that we get ourselves into a deeper problem.
Motivation of Spammers and Vigilante Justice by Vexler · 2004-06-30 00:28 · Score: 2, Informative

This idea is of course not new. Microsoft has been offering money for information leading to the arrest and prosecution of virus/worm writers, and yet has seen relatively few leads.

There was an article recently on Slashdot that talks about the motivation of spammers as being primarily "money" - for college, for a late loan payment, or for just a quick financial pick-me-up. But in order for this type of "vigilante justice" to work for the government and ultimately for everyone, the motivation has to go much deeper. On one hand you could argue that few people volunteer to fight cybercrime because there is little or no money involved - so let's throw some money into it and entice people to do right. But I wonder if the ones who can are simply not doing it because there is a lack of worthwhile motivation. Money seems mundane, even insulting at times, as reward. Contrast this with the h4x0r culture, a meritocracy where your reward is respect and even deferential treatment from your peers when you demonstrate real skills.

It's fine if you want to resort to this type of measure, but what are the motivation and reward of doing good and getting rid of those who do bad things for rewards as trivial as money?
Re:Cure 81 doesn't work, try #82.... by Antique+Geekmeister · 2004-06-30 01:07 · Score: 5, Informative

Actually, far more than 50% of the spammers are in the US. The Spam Conference at MIT went into this in some depth. The US is where the bandwidth and the money are, it's where connectivity is plentiful and easy to get without showing legitimate ID, etc. So most of the spammers are there.

But you're quite right that almost all spam is trivially trackable to where the spammer wants the money to go. Unfortunately, the CANSPAM act just made it nearly impossible to go after spammers in court, reserving that ability to federal authorities who couldn't find their own IP address if you burned it on their asses with a branding iron.
Simple solution sounds great, won't work by KarmaOverDogma · 2004-06-30 01:51 · Score: 3, Informative

Your agruments seem great on the surface but further examination reveals flaws:

point 1)
I agree with the idea behind port 25 issues: having ppl who must run their own mail server get permission in advance does *sound* good. However, legitimate/responsible users who ask for permission in advance will, by definition, have alerted the ISP they are running a server and then be charged more for it. This will not be seen as fair when you consider they may, in fact, be using less bandwidth than the average on-line gamer or true zombies of which you speak. This also speaks nothing to overseas ISPs beyond enforcement and ISPs that don't give a fsuck.

my point here is that legitimate users should *not* have to pay extra (literally) on the account of spammers.

point 2)
shutting down zombies sounds great, but without effective automation it won't be effective because it will be too expensive and further raise the operating costs of ISPs beyond what they are already losing in lost bandwidth. How would you have the ISP distinguish legitimate mail traffic from spam without looking at every email? You could simply measure the volume of mail, but again, legitimate mail users would be cut off or would have to pay more.

I suppose if you dont care about legitimate mail servers from home paying (a lot) more this could work well, but only for mail from ISPs that actually care, and it only takes a few that don't (or pretend to but don't) to ruin this idea while still leaving ISPs free to charge legitimate users more in the name of abuse they cannot truly curtail; I don't like the idea of internet mail becoming corporatized than it alreday is.

Again, overseas/unenforcable spam and its ending money trail will continue. We can try to get financial insitutions to be more responsible with these transactions, but that assumes way to much in the way of co-operation. Most will give lip service and do little or nothing about it because of the costs invloved in curtailing it and lost revenue by someone else picking up the shady sales portal business.

point 3)
existing laws and standards of enformcement are fine for those within the bounds of enforcement, but there are so many who are not that we would not be prudent to expect much out of them.

Human behavior is always the weakest link in every security chain. Towards this end, our efforts would be better spent on education and good bayesian filters.

In short, don't you really think these relatively simple solutions you have proposed would have alreday been applied if they'd work so well? Typically, our world is far more complex than simple solutions allow for.

.

--
uR iGn0ranc3, Their Power
1. Re:Simple solution sounds great, won't work by Slinky+Saves+the+Wor · 2004-06-30 03:38 · Score: 2, Informative
  
  Not all ISPs make you pay more if you run a server.
  
  Also, as for bandwidth, if you're sold 512 Mbit/s line, you can damn well use the 512 Megabits per second, 24 hours a day, 7 days a week. That's what you pay for. If not, contact your local consumer protection agency and complain about fraudulent advertising.
  
  In short, don't you really think these relatively simple solutions you have proposed would have alreday been applied if they'd work so well?
  
  I see red whenever someone uses this argument. We'd still be sitting on the ground had certain two brothers decided that they could build a flying machine. They didn't think "Oh, if it were possible someone else would have already built it".
  
  It is trivial to find a phone number or a name + address from any spam I receive. For me, these addresses always point to the USA (for some reason I don't get Russian, Chinese or French spam). I wish there would be some avenue of letting the US authorities know of a company who utilizes spamming to market their products. Anyone who is part of the spam value chain deserves to be fined.
  
  At the minimum, start at the end of the chain, at the company which sells the stuff. That's where the money comes. Without advertising, there will be no spam.
  
  Typically, our world is far more complex than simple solutions allow for.
  
  This is not always the case. There can be remarkable complexity stemming from even the simplest of solutions. Check out Wolfram's book for examples.
  
  Food for thought: maybe it's just the spams which I receive, but I've noticed that there is no political spam around. No religious spam either, everything is about selling some cheap crap. Wonder why this is so?
  
  --
  I do not moderate.