FTC Recommends Bounty on Spammers

joke-boy writes "AP reports that as part of the CANSPAM legislation, the FTC has issued a report recommending placing taxpayer-funded 6-figure bounties on spammers, much like the bounties placed on the FBI's Ten Most Wanted."

Oh yea....

[Krypto420]

Now these bastard are gonna make *ME* rich!!!!

Re:Oh yea....

[nmoog]

says he with a free-ipod spam sig.

Their Figures are a Little Off

[christopherfinke]

What would it take to get someone to turn in one of those spammers who send millions of unwanted e-mails? At least $100,000, the Federal Trade Commission figures.

Really? If I knew someone who was spamming, I'd turn them in for free. Any cash would just be a bonus.

Re:Their Figures are a Little Off

[bizpile]

Really? If I knew someone who was spamming, I'd turn them in for free. Any cash would just be a bonus.

You make a good point. It's like when they double the bounty on Osama. Like people in Pakistan/Afganistan are sitting around saying, "You know, I'd turn him in for $50 million, but $25 million just doen't speak to me."

Actually, I'd turn in a spammer just to get a couple of free punches ;).

Re:Their Figures are a Little Off

[mcc]

1. Send massive amounts of spam
2. Profit
3. Frame someone else for having sent the massive amount of spam
4. Get them on the "most wanted spammers" list
5. Turn them in for $100,000
6. Profit more

Re:Their Figures are a Little Off

[Antique+Geekmeister]

I turn in a dozen clearly fraudulent spams a month, which are blithely ignored by law enforcement. The problem is not "catching". The law enforcement agencies can easily, if they wish, get subpoenas to track the records or follow a canceled check or credit card to get the worst of the spammers.

The problem is that they can't be bothered unless it involves hundreds of thousands of dollars of blatant wire fraud, and even then they're quite incompetent at following the evidence or even prosecuting for the right crime.

Re:Their Figures are a Little Off

[stephanruby]

"From 18 to 80 Blind crippled or Crazy If they can't walk or crawl we'll Drag Em Back".

I'm glad they're ADA compliant.

Six Figures?

[josh3736]

I can understand six figure rewards for those on the ten most wanted list, but for spammers?

Surely there are things that money could be better spent on. Like say, the implementation of a new email protocol. Or (gasp!) things like Social Security or education.

Re:Six Figures?

[savagedome]

Top ten most wanted deserve 7 and 8 figures.

But seriously, screw these scum of the earth bastards. Remember those days when web was a nice place and everybody you knew had a cutesy little homepage and you would leave cute little message in their guest books and such with your name and email and such. DAMN I WANT THAT BACK. That was a nicer web instead of trying to take every bit of care not to leak your email EVEN ONCE. Coming up with NOSPAM crap in your email addresses while posting them somewhere in the hope that some bastard spammer's spider won't catch that. Putting all those funky signs and punctuation and ascii characters to fool those spiders. Using spam filters, white lists, black lists, bayseian etc. etc. Telling everybody not to send, forward anything and never to use your email except for personal reasons.

And then your girlfriend sends you that cute little card to your email account from that cutesy flowery website that is an email harvester.

DAMN I WANT THE OLD WEB BACK BEFORE THESE SPAMMERS CAME AND TOOK IT OVER.

Re:Six Figures?

[josh3736]

I'd say one could compare spam to P2P music downloading.

When Napster became big, the RIAA shut it down. But then 3 more P2P apps popped up to fill that void. Then the RIAA tried to shut them down. Rinse and repeat, there's now 64 different filesharing apps just for Windows.

Now look at spam. Every time the FTC or whatever government agency shuts down a spammer, how many more will pop up to fill the void?

Free music or free money. There's a risk with both -- getting sued by the RIAA or having the Federal government on your ass.

What we really need to do is figgure out how to make it so that spam isn't profitable. Ever.

Re:Six Figures?

[YrWrstNtmr]

What we really need to do is figgure out how to make it so that spam isn't profitable. Ever.

You'd have to legislate out stupidity.

Fools buy stuff via spam, the companies involved feel justified in hiring a central marketing firm, who in turn hires the spammer.

We have to get rid of the fools.

Bad Idea

[ravenspear]

This action will hurt consumers.

You see, now I'm going to have to increase the cost of my penis enlargement pills to cover the increased risk this represents.

Re:Bad Idea

[bluewee]

Dear FTC:

I am reporting a spammer, RAVENSPEAR, an IP will be provided by SlashDot, and the address will be provided by the ISP. Could I get the sum payed out to me in 5 installments of 20,000 USD over 5 years?

Alex

that's hardly fair to the taxpayers

[CAIMLAS]

Why make the taxpayers pay for cleaning up the internet of spam?

Make the spammers pay out the bounty. There's absolutely no reason to make taxpayers (you know, citizens) suffer and go further in debt (via the nation) for the crimes to humanity that spammers have perpetrated.

Re:Allow me to say

[uberdave]

Oh yeah. Now since the playing field is little even, let me get my catcher's mit.

Why did I just imagine someone grinning evilly whilst cocking a machine pistol?

They didn't recommend it

[po_boy]

I think that they determined that it would take $100,000 - $250,000 for people to turn in people that they knew were spamming, but according to the article: The FTC, in a report requested by Congress, did not take a position on whether such a system was a good idea. To me, that sounds like the refrained from recommending it.

I guess it's up to us to convince them that it's a good idea.

Note: they recommend that this money come from taxpayers, but in an effort to try to cut down on that, can I suggest we find another source of it? Perhaps we need to not only look to civil penalties from the spammers, but also from the ISPs who behave negligently toward spammers.

Re:Donations

[christopherfinke]

Just tell me where I can donate to the bounties.

Chris Finke
920 Delaware St SE #3003
Minneapolis, MN 55414

Thanks in advance!

Won't do much

[Dorsai42]

When there's a bounty on the advertisers who use the spammers, then we'll see a reduction in spam

Re:Allow me to say

[Drawkcab]

A bounty doesn't really make sense the way that spammers are currently prosecuted. Most spammers just get a slap on the wrist. Until spammers actually start getting serious hard time or huge civil penalties, then the value of the bounty would be greater than the cost to most spammers. This would make it beneficial for a small time spammer to partake in their own bounty.

If bounties given out were a percentage of the fines actually collected from spammers (which ideally should be really painful for big spammers), rather than some fixed range, then a bounty system would make sense. And spammers who manage to launder their profits so the fines don't stick need to get prison time.

Obligatory

Your post advocates a

( ) technical (x) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
(x) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
----
Also, finding spammers has never been a problem.

After thinking about it...

[The+Master+Control+P]

I have, in the past, made a handful of comments w.r.t. the spam problem. After thinking about it for a bit, I've come to realize that the solution is not so much in applying new technology but applying new people.

Think about it: Right now, almost everything that lands in the spammer's inbox is signal because right now, no one in their right mind responds to offers for the hottest young teens on the net and herbal viagra. Thus, it's trivial for them to send out a hundred million e-mails and it's also easy to sort through the maybe one thousand people dumb enough to respond: It's almost ALL signal.

But, suppose that of those hundred million people, ten million clicked the link and a million responded. The S/N ratio goes from 10:1 to 1:1000 or 1:10000. It's no longer going to be economical for the spammer to sort through so much static. It should be possible to respond to, perhaps, 1/10 or 1/20 of the spam you get. It won't take much... Just something like "I'm very intrigued by your offer. Please tell me more." You can't use a computer script to generate responses, because they can easily be filtered out just like you filter 99% of spam. You'll maybe spend 30 minutes a day to respond to 60 spams.

Before long, the bastards will spend so goddamn much time sorting through the static that they won't be able to send more! The only problem is, what do we do to reedcuate the millions of idiots (ie the ones who create the problem in the FIRST PLACE!!!) who are (mostly) trained to pound the delete key?

Re:Allow me to say

[GMFTatsujin]

A bounty doesn't really make sense the way that spammers are currently prosecuted.

It does, however, make a *lot* of sense if the spammer gets to hang on my far wall encased in frozen carbonite.

I wouldn't consider paying a bounty hunter who brought in the spammer any other way.

Good to see some momentum

[bigberk]

Let's review the facts:

1. Spammers use stolen resources (hijacked zombie computers, DSL/cable connections) in order to further their business.
2. Spammers do not seek consent before bombarding email systems with their marketing information.
3. Spammers generally disrespect requests for them to stop sending unsolicited email, and in fact often send more mail after such requests (selling 'confirmed' addresses to colleagues)
4. Spammers deliberately conceal their location of 'business', mislead consumers in their 'marketing campaigns' and forge their identities.

It's good to see these people increasingly treated as what they really are, criminals that have been harming society and getting away with it because our current laws are too slow to catch up. What they're doing is not only annoying, but harmful to innocent peoples' systems.

What a waste. Next, Please.

[KarmaOverDogma]

I agree.

Further, I am very curious as to how many bounty hunters will have will and/or the ability to get foriegn spammers to US Courts.

This, of course, speaks nothing of the spammers who are already here.

Spammers being actively hunted in the post Soviet Bloc countries, China, Nigeria, etc would be a very interesting thing to see if it *ever* happened, which I sincerely doubt.

The war on spam reminds me of the war on drugs.

And, IIRC, the war on drugs has yet to be won.

Donald Rumsfeld, a man I am not very fond of, did correctly point out in my opinion that the war on drugs is a demand problem.

So is Spam.

As long as spam is profitable, it *will* continue.

This will mainly serve to make the FTC look good while doing little (VERY little) to solve the problem.

Our tax dollars at waste - again.

.

Wait a minute...

[freeze128]

What's to keep spammers from turning in other spammers? Then the spammers get MORE money.... OUR money!

Great idea!

[Gzip+Christ]

Dear Slashdotters,

Do you need a new mortgage? Do you want to earn your d1pl0ma? Do you want a Nigerian penis? Send $1 to:

Happy Dude
355 S 520 W, Ste. 100
Lindon, UT 84042

Sincerely,
Darl McBride

Lousy Republicans.

[Gannoc]

Now our tax dollars are going to go towards keeping our penises small. Great.

California spammer running for Senate

[dananderson]

It's interesting the report was requested by Congress. California has a spammer, Bill Jones, running for Senate (Republican, BTW). So we can have a spammer deciding the laws for spammers. Sort of like the fox guarding the chicken house.

California had a state law that was to go into effect where citizens can collect fines from spammers (at least in state). Unfortunately the so-called "CAN Spam Act," nullified the state law. So the CAN Spam Act actually encouraged, not discouraged SPAM. The members of Congress are no doubt technically ignorant and easily presuaded by lobbyists (especially the Direct Marketing Association) that I don't see much hope from the old geezers (no disrespect :-).

Script may be hard, but doable

[bill_mcgonigle]

At first I thought, "why waste the time when we have things like Eliza to do it for you?"

Then I thought, "that's too funny, somebody must've done it already," and, yeah, here's the perl script.

You can't use a computer script to generate responses, because they can easily be filtered out just like you filter 99% of spam. You'll maybe spend 30 minutes a day to respond to 60 spams.

I suspect if you built up the vocabulary well enough, and, more importantly, use the content of the message with a word rank algorithm and then do some thesaurus lookups and stemming, maybe using WordNet you'd have something that would be at least as unique as what any given subset of 10000 people would come up with.

I'm intrigued because I have a good enough ruleset now that any SpamAssassin score over 10 goes to /dev/null and I haven't seen any false positives in the past six months. I get plenty of false negatives but the hits are ready to feed to a script, and I'm too lazy to respond to them myself.

Simpler (and cheaper) solution

[menscher]

Bounties are silly -- most geeks would do this for free.

How about legalizing (or promising to look the other way) vigilante attacks against spam sites? If they give a phone number, set up an auto-dialer. If it's a website, launch a DoS attack. If there's a physical address, mail them a bomb. If this stuff was all legal, I guarantee the problem would solve itself.

Seriously... bounties that are marked "dead or alive" are far more effective.

Re:Innocent Spammers

[dasunt]

What a great idea! How wonderful! How utterly sensible! We all know nobody has a right to operate a computer unless they first verify all code running on it to be secure. It's not the vendor's fault. Just like people who die in airline crashes deserve it because they did not verify the plane would land safely.

I'm not expected to know 100% about my car. But if I avoid doing safety basic precautions (replacing tires when they are bald) and get into trouble (sliding into another car on a rainy night) then a good lawyer is going to rightfully pin part of the blame on me.

Legal precedents could apply in other ways, such as creating an attractive nuisence.