Slashdot Mirror


Can A Bounty System Cure Spam?

dankinit writes "The FTC is considering a proposal made popular by Lawrence Lessig which would offer a bounty to people who help catch spammers. The proposal looks to harness the power of volunteers online who might want a piece of the multimillion dollar fines spammers could incur. Spamhaus founder Steve Linford doesn't like the idea though, explaining '...the FTC already has so much information on their identities that to get anymore would be useless.'"

14 of 281 comments (clear)

  1. Cure 81 doesn't work, try #82.... by LostCluster · · Score: 4, Insightful

    We know who is spamming us. Afterall, the spam message needs some sort of e-mail address or web address so that the fools can respond, so you just have to follow the money trail to get back to the spammer.

    The problem is that the worst these people are setting themselves up outside of US jurisdiction, so that FTC and company just can't get to them. Any spammer who doesn't is excessively stupid. There's nothing that the US courts can take from them... and I just don't think offering 20% of $0 is going to do much anyway.

    Bottom line is that this plan doesn't connect. As much as spam annoys us, the US Government just can't do anything about it because it's a worldwide problem. On the Internet, if one jurisdiction doesn't like what you're doing, you just need to find another who will accept you.

    1. Re:Cure 81 doesn't work, try #82.... by wfberg · · Score: 5, Insightful


      The problem is that the worst these people are setting themselves up outside of US jurisdiction, so that FTC and company just can't get to them. Any spammer who doesn't is excessively stupid. There's nothing that the US courts can take from them... and I just don't think offering 20% of $0 is going to do much anyway.


      Yet they can freeze assets of suspected terrorists? Not to mention small time dope dealers.

      Spammers need to get paid in some way, too. That means that they will have US bank/merchant accounts. Those can be frozen, assets can be seized.

      Seizing assets happens in the war on drugs, but not when it comes to a white collar crime like spamming; by far a less "victim-less" crime.

      Credit card charges can be charged back to the acquirer (even if the dumb customer is satisfied). Acquirers can change their merchant contracts to prohibit spamming today.

      Profits made by mortgage intermediaries that don't care that their leads are spam-generated can be garnered (the leading mortgage banks could decide to include an anti-spamming clause in the contracts they offer intermediaries today).

      Meanwhile, mortgage lenders and credit card acquirers remain complicit, even though they do crack down on other types of crime - namely fraud, which would cost them the most money, as opposed to the crime of spamming where the costs is borne by society at large.

      They're just out to make a quick buck, bless 'em..

      --
      SCO employee? Check out the bounty
    2. Re:Cure 81 doesn't work, try #82.... by LostCluster · · Score: 5, Insightful

      Unfortunately, that's closing the barn door after the horse has already gotten out. Nearly all web server operators pull spammer sites offline as soon as they realize what has hit them to cut off the money chain before the transaction even happens. However, that's too late, the e-mail has already been sent.

      Spamming's so profitable when it works that they can put up with an insanely low response rate... unless you can put up a perfect blockade to catch all money headed their way, you're never gonna get it all.

    3. Re:Cure 81 doesn't work, try #82.... by wfberg · · Score: 4, Insightful

      If you were to charge back/seize money on accounts used by spammers, that would spoil the profits of an entire spamrun, not just the potential income from the clueless who buy after x amount of time. Also, spammers already use "bullet-proof" hosting in China etc. so their sites won't get pulled.

      There ought to be no such thing as a "bullet-proof" credit card acquirer or bank when it comes to spamming, but at the moment they all are. Besides, you need to use a domestic bank/acquirer (which is not so when it comes to websites) so it's a lot easier to legislate those than to go after internet resources like mail and web servers, which are a dime a dozen and you can use one in whichever country you like to hide in.

      And if it gives spammers an incentive to commit fraud (e.g. use other people's accounts, fake identities), then all the better, that should wake up the Feds to start some serious prosecution.

      --
      SCO employee? Check out the bounty
    4. Re:Cure 81 doesn't work, try #82.... by 1u3hr · · Score: 4, Insightful
      The problem is that the worst these people are setting themselves up outside of US jurisdiction, so that FTC and company just can't get to them.

      I don't think so. As the guy from Spamhaus says, the FTC et al know who the sapmmers are, most of them are American, resident in America. Yet they dpo nothing to stop them. Just look at the ROKSO list Here are names and addresses of 180 of the world's worst spammers, 140 of who are Americans. It's lack of will, not lack of evidence. The direct marketing lobbies have made sure that spamming will not be stopped. If any value was put on the resources these people waste, the FBI's Most Wanted would all be spammers. But because they just look at it individually, it's seen a nickel and dime.

  2. Re:Random thoughts by RodgerDodger · · Score: 3, Insightful

    Perhaps we should be fining the ISPs who happily let spam-servers loose on their network?


    Well, a few years ago, this would have been good, but more and more spammers seme to be shifting to using zombie PCs instead.
    --
    "Software is too expensive to build cheaply"
  3. There is no "Cure" by Angry+Prick · · Score: 5, Insightful

    But we could go a long way towards eliminating Spam if the right people would grow some backbone and do the right thing.

    1. Cut off Spam from the Zombies.
    Cable and DSL companies should block all port 25 traffic coming from their customers. If you want to send e-mail, you should have to use use their SMTP servers. Running your own mail-server is against their TOS in many cases, anyway.

    In all fairness, however, this could be handled on a case by case basis. If you are such a macho techno-geek that you really really really really just absolutely HAVE TO run your own mail server, you should have to ask them for persmission first and enter into some sort of agreement that you will not be part of the Spam problem.

    2. Cut off the Zombies.
    Any cable/DSL customers spewing out large volumes of e-mail (without permission to run a mail server) get a nasty letter, telling them that their service has been terminated until they secure their computer.

    3. Follow the money. Follow the money.
    Spammers have to make money, somebody has to get paid. They aren't doing this for the fun of it. Trace the money trail back to the people who get paid for the herbal viagra and penis enlargement pills. It isn't easy, but it can be done. If you follow the money, and apply EXISTING laws, such as:

    * Child Pornography Statute 18 U.S.C. 2252
    * Electronic Communications Privacy Act 18 U.S.C. 2701-2711
    * Economic Espionage and Protection of Trade Secrets Law Pub. L. No. 104-294
    * Computer Fraud and Abuse Act 18 U.S.C. 1030
    * Foreign Intelligence Surveillance Act 50 U.S.C. 1801-1811
    * Transportation of Obscene Matter for Sale or Distribution 18 U.S.C. 1465
    * Federal Wire Fraud Act 18 U.S.C. 1343

    you can shut down the Spammers.

  4. Bounty systems are bad. by Lazy+Jones · · Score: 4, Insightful

    Such a system has a fundamental problem: it will motivate people to act purely out of greed, with no further interest in helping to avoid spam. They will therefore concentrate on reporting "easy targets" and perhaps even report people who aren't actually spammers and can't prove it. The whole idea is rather cynical and smells of defeatism (the law won't help => hire bounty hunters acting outside of the law).

    --
    "I love my job, but I hate talking to people like you" (Freddie Mercury)
  5. Re:Play on the Dumb by LostCluster · · Score: 3, Insightful

    The classic "You've won, come pick up your prize at..." scheme is a great way for police to get a ton of people who are wanted for various reasons to all show up in one place where they can seal the exits and arrest them all at once.

    However, that kind of thing only appeals to the deadbeat dad type who doesn't have tons of money and decided that they could just skip paying child support to make ends meet... if the person is so rich to not need or want an extra TV, the bait just won't be appealing. Spammers are that well off...

  6. It won't work, but for a different reason. by khasim · · Score: 4, Insightful

    There was a story on /. a while ago about mortgage spam. The large mortgage vendors (many of them legitimate banks) were the ones that responded when some mortgage spam was answered.

    It seems that those institutions were paying for leads and they didn't really care where the leads came from.

    So, do you fine the guy who sent the spam or the company that contacts you after you answer the spam?

    If you only fine the guy, there will be another to take his place (and, as you noted, they will move outside of US jurisdiction).

    Can a bank that never before sent you any email be fined for contacting you if you send someone an email saying you're interested in a mortgage? Until that starts happening, nothing is going to happen to the spam level.

    Follow the money.

  7. Re:No by arth1 · · Score: 4, Insightful

    I'm more concerned that a coalition of spammers might join forces to report "undesired" elements (i.e. anti-spammers) under a system like this, and that it gets misused for harassment.

    Just like the tattle-tale system set up after 9/11 has been misused more than it's been useful, I predict the same thing would happen with this.

    Regards,
    --
    *Art

  8. Where are Bin Laden and mullah Omar today? by Chep · · Score: 3, Insightful

    No, I'm asking this question, because AFAIK there's a multi-million USD bounty on their heads today. Yet they're still hiding.

    Until the spamming problem is causing buildings to collapse, this FTC bounty system is not going to do anything. And even supposing that the mountain of junk we receive causes computer to be so heavy they start to crack the concrete, it's not because there's a bounty that the capture and conviction becomes easy.

    At least not until long-range individually targeted viruses are feasible and bounties are paid for DNA samples of spammers. And if that happens, methinks spam will not be our biggest concern.

  9. Why not the sellers? by Monoman · · Score: 3, Insightful

    Why aren't the companies that sell the products being punished?

    They should be much easier to track down and they are the ones hiring companies to do the naughty work for them.

    --
    Keep the Classic Slashdot.
  10. Better Idea by nwbvt · · Score: 3, Insightful
    Can CAN-SPAM. That law just threw out stricter state laws and denied private citizens the right to sue over unsolicited email in exchange for a toothless federal law that is full of loopholes.

    Implementing a bounty system is just a dumb idea. Do cops offer rewards to help them catch common criminals? No, because a system that does so would just flood the phone lines with false leads. Same here. As Steve Linford (who probably knows a lot more about the subject than Lawrence Lessig) said in the article, the problem isn't that the FTC doesn't have enough information on spammers. I think keeping your inbox clean is enough of a motivation for most people to report spam.

    I read a book by Lessig once. Internet visionary my ass. The man clearly had no clue what he was talking about.

    BTW, just a nitpick, the article refers several times to the "CAN-Spam" law. Such a law does not exist. The "CAN-SPAM" law, on the other hand does. The entire thing is the acronym (Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003), not just the CAN.

    --
    Mathematics is made of 50 percent formulas, 50 percent proofs, and 50 percent imagination.