Slashdot Mirror
FTC Recommends Bounty on Spammers
joke-boy writes "AP reports that as part of the CANSPAM legislation, the FTC has issued a report recommending placing taxpayer-funded 6-figure bounties on spammers, much like the bounties placed on the FBI's Ten Most Wanted."
Now these bastard are gonna make *ME* rich!!!!
Surely there are things that money could be better spent on. Like say, the implementation of a new email protocol. Or (gasp!) things like Social Security or education.
Like a good caning or flogging plus prison time and life bankrupting fines and I'm sold on this!!!!
Bounty is a good idea, but I was hoping for more of a Mad Max scenario. You know, 2 Men Enter... 1 (non-spamming) man leaves
This action will hurt consumers.
You see, now I'm going to have to increase the cost of my penis enlargement pills to cover the increased risk this represents.
What about the people who are unknowingly sending spam from their cracked computers? Is this basically saying that there is a 6-digit bounty for the grandmother who doesn't know enough to keep her computer secure?
Six-figure incentives are the only way to persuade people to disclose the identity of co-workers, friends and others they know are responsible for flooding online mailboxes with unsolicited pitches for prescription drugs, weight loss plans and other products, according to an agency report Thursday.
I dont think spammers run around telling coworkers and relatives they send spam. These people keep to themselves.
How does that quote go? The only way for 3 people to keep a secret is if 2 of them are dead.
It works for crime because most criminals like to brag, no incentive to brag here.
Why make the taxpayers pay for cleaning up the internet of spam?
Make the spammers pay out the bounty. There's absolutely no reason to make taxpayers (you know, citizens) suffer and go further in debt (via the nation) for the crimes to humanity that spammers have perpetrated.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Oh yeah. Now since the playing field is little even, let me get my catcher's mit.
Why did I just imagine someone grinning evilly whilst cocking a machine pistol?
"I'm not impatient. I just hate waiting." - My Dad
I think that they determined that it would take $100,000 - $250,000 for people to turn in people that they knew were spamming, but according to the article: The FTC, in a report requested by Congress, did not take a position on whether such a system was a good idea. To me, that sounds like the refrained from recommending it.
I guess it's up to us to convince them that it's a good idea.
Note: they recommend that this money come from taxpayers, but in an effort to try to cut down on that, can I suggest we find another source of it? Perhaps we need to not only look to civil penalties from the spammers, but also from the ISPs who behave negligently toward spammers.
920 Delaware St SE #3003
Minneapolis, MN 55414
Thanks in advance!
When there's a bounty on the advertisers who use the spammers, then we'll see a reduction in spam
If you forget about the future, the future will forget about you.
A bounty doesn't really make sense the way that spammers are currently prosecuted. Most spammers just get a slap on the wrist. Until spammers actually start getting serious hard time or huge civil penalties, then the value of the bounty would be greater than the cost to most spammers. This would make it beneficial for a small time spammer to partake in their own bounty.
If bounties given out were a percentage of the fines actually collected from spammers (which ideally should be really painful for big spammers), rather than some fixed range, then a bounty system would make sense. And spammers who manage to launder their profits so the fines don't stick need to get prison time.
Sorry, I have a problem with that. We can easily raise millions in voluntary contributions for a Ralsky Kneecapping Fund.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Your post advocates a
( ) technical (x) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
(x) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
----
Also, finding spammers has never been a problem.
I have, in the past, made a handful of comments w.r.t. the spam problem. After thinking about it for a bit, I've come to realize that the solution is not so much in applying new technology but applying new people.
Think about it: Right now, almost everything that lands in the spammer's inbox is signal because right now, no one in their right mind responds to offers for the hottest young teens on the net and herbal viagra. Thus, it's trivial for them to send out a hundred million e-mails and it's also easy to sort through the maybe one thousand people dumb enough to respond: It's almost ALL signal.
But, suppose that of those hundred million people, ten million clicked the link and a million responded. The S/N ratio goes from 10:1 to 1:1000 or 1:10000. It's no longer going to be economical for the spammer to sort through so much static. It should be possible to respond to, perhaps, 1/10 or 1/20 of the spam you get. It won't take much... Just something like "I'm very intrigued by your offer. Please tell me more." You can't use a computer script to generate responses, because they can easily be filtered out just like you filter 99% of spam. You'll maybe spend 30 minutes a day to respond to 60 spams.
Before long, the bastards will spend so goddamn much time sorting through the static that they won't be able to send more! The only problem is, what do we do to reedcuate the millions of idiots (ie the ones who create the problem in the FIRST PLACE!!!) who are (mostly) trained to pound the delete key?
....confiscation and public destruction of zombie computers. Then just *perhaps* enough people would bingo to what they are running and how they are running stuff on their computers to treat them with a little more intelligence, and they in turn might go seek out those who supplied them with inadequate products that are sold with no warranties, the vendors and software makers who ship these easily zombified boxes.
It's way past time products that come brand new pre-borked got recalled and the vendors ordered to "not do that".
We as consumers and the government wouldn't put up with "acme doors" that failed to swing open and closed, failed to lock adequately, and anyone could open with a gentle shove when it was allegedly latched, but with computers connected to the internet they can ship totally insecure crap and profit from it to the tune of hundreds of billions with little recourse for the consumer when they get owned or the dang thing fails to function as advertised.
And really, the thought of a legion of whizzed off grandmothers who had their zombie computers confiscated descending on a computer and software marketing weasel convention and laying waste with brooms is rather a nice image.
YOUNG MAN *WHACK* DON'T YOU EVER *WHACK* SELL THAT SHODDY MERCHANDISE AGAIN!! *WHACK WHACK WHACK*
Well, I am just outraged! Why does the FTC want me to put paper towels on spammers? Are they going to microwave them or something? Furthermore, why does it have to be Bounty, in particular? I know it's supposed to be the, "quicker picker-upper", but, come on, can I at least use a bargain brand like Marcal? This is just insane...
What?!?! A reward offered by the government for acts deemed beneficial to the state...?
Oh.
Nevermind...
Show me on the doll where his noodly appendage touched you.
You know, sometimes it's good to take a step back from our collective geekdom and look at the bigger picture. I'm thinking of this from my Mom's perspective, a woman who once didn't know what the O and I on opposide ends of a power switch meant: is this a sign of the times or what?
We just comapred spammers to the FBI's Ten Most Wanted. Spammers are, on some level, comparable to druglords and serial killers. Isn't that true, though? Especially druglords. I can so picture a spammer sitting back with his small army of a spammed-up crew protecting him.
ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
I wonder if it wouldn't be better (certainly more efficient) if large ISP's gave bounties for identifying spammers on their lines. At least it would cut out a little good ol' government waste.
A bounty doesn't really make sense the way that spammers are currently prosecuted.
It does, however, make a *lot* of sense if the spammer gets to hang on my far wall encased in frozen carbonite.
I wouldn't consider paying a bounty hunter who brought in the spammer any other way.
Your company advocates a
( ) technical ( ) legislative ( ) market-based (x) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
(x) Jurisdictional problems
(x) Unpopularity of weird new taxes
(x) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Extreme stupidity on the part of people who do business with Microsoft
( ) Extreme stupidity on the part of people who do business with Yahoo
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid company for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
___ This sig is in boldface to emphasize its importance!
- Spammers use stolen resources (hijacked zombie computers, DSL/cable connections) in order to further their business.
- Spammers do not seek consent before bombarding email systems with their marketing information.
- Spammers generally disrespect requests for them to stop sending unsolicited email, and in fact often send more mail after such requests (selling 'confirmed' addresses to colleagues)
- Spammers deliberately conceal their location of 'business', mislead consumers in their 'marketing campaigns' and forge their identities.
It's good to see these people increasingly treated as what they really are, criminals that have been harming society and getting away with it because our current laws are too slow to catch up. What they're doing is not only annoying, but harmful to innocent peoples' systems.I agree.
Further, I am very curious as to how many bounty hunters will have will and/or the ability to get foriegn spammers to US Courts.
This, of course, speaks nothing of the spammers who are already here.
Spammers being actively hunted in the post Soviet Bloc countries, China, Nigeria, etc would be a very interesting thing to see if it *ever* happened, which I sincerely doubt.
The war on spam reminds me of the war on drugs.
And, IIRC, the war on drugs has yet to be won.
Donald Rumsfeld, a man I am not very fond of, did correctly point out in my opinion that the war on drugs is a demand problem.
So is Spam.
As long as spam is profitable, it *will* continue.
This will mainly serve to make the FTC look good while doing little (VERY little) to solve the problem.
Our tax dollars at waste - again.
.
uR iGn0ranc3, Their Power
I'm waiting for the day we get a reality show based on the bounty hunters out searching for these spammers. *Cut to a scene of 2 large men bursting in the door and some fat balding man infront of his computer trying to eat memory keys of information before getting caught* now that's tv I'd watch!
awake since 7, angry since I met you
Dear Chris,
Thank you for posting your home address in a public forum. Now we know where you live. Do you have any idea what we are going to do to you? Do you? We're going to...
Sincerely,The International Brotherhood of Spammers and Unsolicited Bulk Email Advertisers
Show me on the doll where his noodly appendage touched you.
Now spammers will let you MAKE MONEY FAST!!!
splunge (n) -- A good idea.. but it could be lousy... and I'm not being indecisive!
As you may know the CANSPAM legislation now includes a SIX FIGURE bounty on spammers. I am willing to share with you a list of known spammers for a paltry sum of $US10. Please send money to...
skribe
Blog
What's to keep spammers from turning in other spammers? Then the spammers get MORE money.... OUR money!
The fact is that major corporations, like the illegal drug dealers, outsource the most dangerous of their illegal activities to small time criminals. The discounts these small time criminals provide are the smallest part of the benefit. The real benefit comes from a judicial system that allows Wal*Mart to hire illegal aliens at wages that do no meet the federal standards, but not be responsible for the legal consequences. This shifting of responsibility away from corporation appears to the primary purpose of the modern executive. And therefore the livelihood of the million dollar executive depends on the fiction that he or she is not responsible for anything separated by the smallest sliver of paper. Even if it requires that the we assume the executive is the stupidest person in the planet, pride in ones job and oneself has become so irrelevant that stupidity is the preferable interpretation.
This means that the spammers we are likely to catch will be replaced tomorrow, created by the corporate dual obsession with criminal behavior and outsourcing risk. They at the same time need to protect themselves from lawsuits, but also need to sell prescription drugs to kids. There is always another person who wants to earn a buck, and the pushers are always willing to set up another patsy to take the fall.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
Do you need a new mortgage? Do you want to earn your d1pl0ma? Do you want a Nigerian penis? Send $1 to:
Sincerely,Darl McBride
IT's testimony to bring charges and convict. I mean spamhaus can say someone is a spammer, that isn't enough to get a subpoena much less a conviction.
What they want is someone who has direct knowledge of the spammer's illegal activities to come forward and testify. If I know Alan Rasky's been spamming because I've heard about it from an ISP, no good. If I know he's been spamming because I've been to his house, heard him talk about it, and seen the servers, that's what they want.
Convicting someone is different from knowing they are doing something. The OCCB division of a police force knows about basically every mobster in a city. They even generally know what they do. However knowing they are a hitman is real different from having evidence that hold up in court they are. If Joe Blow says "hey that guy's a well knwon hitman" they say "Tell us something we don't know". If Joe Blow says "I saw that guy kill someone" they break out the recorder and take a statement.
They should pay for it from the anti-terrorism funds that have already been allocated. After all, what is the largest flow of unregulated information into the US? Spam of course. They already talked about looking for steganography in pornography but sending secret messages to unidentifiable recipients using spam would be childsplay. Millions would receive the spams so the terror cell members couldn't be identified and the sender is virtually untraceable because of using rooted zombies. And due to the infinite variety of spam, what G-man could determine which spams even contain messages?
Liberals call everyone Nazis yet they are the closest thing to it.
Now our tax dollars are going to go towards keeping our penises small. Great.
Sounds like a nice supplement to my income I only need to bust one a year to make a really nice living. Bring it on I am more than ready!
Got Code?
Or just the pelt?
-- Alastair
There's a whole spammer infrastructure, a constellation of crooked companies that make profitable spamming possible. They're not hard to find. Most of them are committing felonies. So why aren't we hearing about arrests once a week or so, instead of once a year? Most of the players are actually in the US or Canada, even though they may seem to be offshore.
Just as an exercise, I looked at the last spam I received. It was a porno spam, linking to a web site in China. But on the payment page, the form submission was to a server in Canada, connected to Bellnexxia. That's fairly common. Often, spammers don't want to process the payments through the anonymous crooked ISP that serves the data.
What's really needed is to apply pressure to the banking system to shut down the "high risk third party billing" operations upon which spammers rely for credit card processing. A few money laundering cases would clear up that issue.
Worst spammers are big business? Hardly. Ask anyone if thier email is full of unsolicited GE and Chevy ads.
Everyone I ask says no, its all pr0n, mortgages, male enhancement and bootleg software offers.
"I forgot my mantra."
California had a state law that was to go into effect where citizens can collect fines from spammers (at least in state). Unfortunately the so-called "CAN Spam Act," nullified the state law. So the CAN Spam Act actually encouraged, not discouraged SPAM. The members of Congress are no doubt technically ignorant and easily presuaded by lobbyists (especially the Direct Marketing Association) that I don't see much hope from the old geezers (no disrespect :-).
(I'm new here so I don't know if this has been posted on every spam thread)
It seems to me that the only decent technical solution to this is something like Hash Cash, which has the end result of restricting the amount of mail a computer can send per unit of time . . . at least, it would be a good addition to any existing measures. How practical is this? Would it scale properly? Etc.
xkcd.com - a webcomic of mathematics, love, and language.
Don't forget Col. Mubutu and his money laundering - that's important too!
A fine is a tax you pay for doing wrong and a tax is a fine you pay for doing all right.
At first I thought, "why waste the time when we have things like Eliza to do it for you?"
/dev/null and I haven't seen any false positives in the past six months. I get plenty of false negatives but the hits are ready to feed to a script, and I'm too lazy to respond to them myself.
Then I thought, "that's too funny, somebody must've done it already," and, yeah, here's the perl script.
You can't use a computer script to generate responses, because they can easily be filtered out just like you filter 99% of spam. You'll maybe spend 30 minutes a day to respond to 60 spams.
I suspect if you built up the vocabulary well enough, and, more importantly, use the content of the message with a word rank algorithm and then do some thesaurus lookups and stemming, maybe using WordNet you'd have something that would be at least as unique as what any given subset of 10000 people would come up with.
I'm intrigued because I have a good enough ruleset now that any SpamAssassin score over 10 goes to
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
It's all about enforcement.
It's a sad day when one branch of the government offers a bounty to get another branch of the government off their asses to enforce laws that have been on the books for decades.
Spammers break laws. Felony laws. 95% of all spammers break serious laws that could have them put in prison.
We don't need people to report spammers. All someone has to do is put an unpatched windows pc on the net for a few hours and they'll be a zombie pc and start collecting info and able to identify the spammers. In a day you can have a hundred charges of computer tampering.
Think about this come election time. We have a government that has been neutered by big business that has little concern for anything which doesn't directly affect big, multinational corporations that contribute to their campaign coffers. The apathy of the public is responsible for allowing these losers in office.
How about legalizing (or promising to look the other way) vigilante attacks against spam sites? If they give a phone number, set up an auto-dialer. If it's a website, launch a DoS attack. If there's a physical address, mail them a bomb. If this stuff was all legal, I guarantee the problem would solve itself.
Seriously... bounties that are marked "dead or alive" are far more effective.
BTW, editors, why don't you guys RTFA once in a while. The FTC is not recommending anything. All they did was figure out what type of reward would be needed should such a system be implemented. From the article itself:
Way to completely miss the point of the article.Mathematics is made of 50 percent formulas, 50 percent proofs, and 50 percent imagination.
Almost all spam comes from the states.. originally... they may proxy through foreign systems, but it doesn't take much effort to track down the true source of the spammers. IP spoofing doesn't work in these cases... you can track down the spammers. The problem is law enforcement authorities don't do their jobs. We don't need bounties. We need attorney generals that will enforce the laws.
Which really amazes me. Given that AGs are notorious publicity whores, someone, somewhere will finally get off their ass and put a spammer in jail and they will become a tremendous hero. This shows how un-technically-savvy most AGs are.
"Further, I am very curious as to how many bounty hunters will have will and/or the ability to get foriegn spammers to US Courts.
You are free to use any methods necessary, but I want them alive...no disintegrations!
You're using her as bait, Master!
How about something that works: Fight SPAM
[blue] - The Ministry of Information approved this message...
How about a reduced bounty on the ISPs that knowingly host spammers?
I am MuchTall
Federal programs are available to you! You can make THOUSANDS OF DOLLARS with a simple email or phone call!
1. Find a spammer
2. Turn him in
3. Profit!!!
The Federal Government wants this message to get out to all InterWeb users! So send this mail to all your friends and family!
davejenkins.com |
Is that dead or alive?
I know Earthlinks $16 million judgment against Howard Carmack was just a drop in the bucket for a spammer, but the 3.5 to 7 years the fed got him for should get the attention of the other ass pounders.
Scam? Spam? Spam for sure, and the dubious claims in the spam must be a scam. And the free iPods site brought me all of this.
Thanks, but no thanks.
Clever signature text goes here.
Spam Boys, Spam Boys,
What you gonna do?
What you gonna do,
when we ping for you?
Right there the FCC has certified this as a good way to make money via fraud. All fraudsters have to do is find someone willing to be the fall guy - i.e. "become" a spammer - in return for a percentage of the reward when they're "turned in". With the above paragraph, the FCC has made the business case for this by saying that the reward will outweigh the penalty.
- First they ignore you, then they laugh at you, then ???, then profit.
most of the world's spam originates from the usa, like the world drug suppy (if you include tobacco)
You could make it illegal to advertise using spammers, but that makes it easy to get framed: if I don't like your company, I can send out a billion spams advertising your products, and you get hit with a fine.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10