Slashdot Mirror
SpamSlayer - should we DDOS spammers?
pointbeing writes "Just read this article about a company called Blue Security that essentially floods a spammer's website with requests to unsubscribe members - we're talking thousands of requests per day - the company's CEO says that fighting back by "inducing loss" against spammers is the only way to eventually stop them.
Although I hate spam as much as the next guy, is participating in a DDOS attack the way to bring spammers to their knees? If it's okay in this instance, it it okay to DDOS the next guy who does something we don't like?
"
From TFA:Sounds a lot like a DDOS attack...in fact, it sounds exactly like a DDOS attack. But aren't they illegal?
Also from TFA:That's what I thought...what does Blue Security have to say in their defense?
Again from TFA:Sorry, Reshef, but what you are describing is a textbook example of a DDOS attack. Whether the site in question is actully shut down, or merely incapacitated, is beside the point.
This whole caper is a non-starter, especially so since a precedent for this sort of thing has already been established by Lycos Europe.
____
~ |rip/\/\aster /\/\onkey
I'm sorry, acting just like a criminal for revenge purposes, no matter how satisfying, is wrong. It just brings you down to their level.
What if only once a bad guy manages to blame someone innocent who get's DDoSed? Should we hazard the consequences?
I don't suffer from insanity, I enjoy every minute of it.
-- Thou hast strayed far from the path of the Avatar.
When you start trusting someone else to tell you who's spamming and who isn't, you invite them to abuse that power; what guarantees do you have that Blue Security will never go to a legitimate site owner, and threaten to tell SpamSlayer users that the legitimate site is spamvertised unless Blue Security receive enough money?
I appear to have a blog. Odd.
And when the "necessary evil" is more than half the email traffic on the net and starting to drown out the things we are supposed to be gaining by putting up with this necessary evil? The moral of the tragedy of the commons is that nobody wins.
Two wrongs not making a right and all that... we know the drill. But it is undeniably wrong that spammers do what spammers do. With that in mind, we can either (a) wait until they see the error of their ways, (b) wait until sufficient legislation is enabled that will actually work or (c) do something about it ourselves.
A and B aren't working. C, at present, is the only answer we have available to us.
I want to say for the "record" (whatever that means) that marketing through email is okay with me so long as people WANT to recieve it. If someone out there WANTS to buy some descrete penis pills or any other "plain brown wrapper" item that's fine with me. And let there be a means for them to subscribe to the stuff. The key is Opt-in explicitly and without any tricks or gimicks and more significantly, an "instant off" function that will not require 4-6 weeks to update their databases (which is utter horse shit). Okay I said it... now let's move on.
We do everything we can to block these people. They do everything they can to avoid being blocked. Their attempts at evasion is proof positive that they know they are pissing off the world for profit. How many other business models work at public expense for personal gain? In effort to prevent at-large vigilante-ism, where should the line be drawn? As much as I'd like to pull over and beat the crap out of people with ridiculously loud stereos playing in their cars, it's wrong (and dangerous) to do.
I'm at a loss for what we should do about the problem. These people are essentially polluting the internet and it needs to stop. But how?
There's another name for this sort of activity: "Lynching" There's a good reason why one isn't supposed to take the law into one's own hands. It's because, however noble your intentions, there are no checks or balances on your actions; no safeties or limits.
I HATE spammers. When I'm bored, I shut them down by tracking relevant data about them, and reporting them to their hosts and domain registrars. But who decides who the next "spammer" is? When I get spammed, even that isn't strong enough evidence for me. My next step is to ensure that it isn't an isolated incident, and so I go search the web to see if they've been added to a database/blacklist, or are on any of a number of spammer watchlists. Once I've got enough evidence to be able to convince a host/registrar, as well as myself, THEN I take action. But... how many vigilantes would take these extra steps? How many would simply go along with the crowd? "Hey! It's a spammer! GET HIM!!!"
As much as I hate what spammers do, I simply can't condone this kind of action, without some kind of safety net for false positives. We're seeing something of a double standard here. What if, instead of discussing actions against "spammers", we were discussing actions against "terrorists"? Biometric tracking? Millimeter wave scanners? RealID? We've all seen how many people get strip-searched, end up on no-fly lists, get arrested for not having the right paperwork or IDs, and have any number of other civil rights violated. We're constantly demanding that we have some sort of guarantee that we're not going to end up flagging the wrong individuals. I agree wholeheartedly; we'd damn well better ensure we're flagging the right people, or the system is pointless, and the "terrorists" will end up laughing all the way back to the compound. So... where's our safety net here, folks?
If we could legitimately do something like this, there wouldn't be a need for it, because it would mean the authorities would already be doing so. What happens on the day someone decides that Bob's Direct Mail service is "close enough" to spam, and we should start targeting them? How about Bob's Direct Mail Order? Bob's Direct Shipping? Bob's Joint? Who decides the next target? What if it's just a personal vendetta, and isn't even accurate? What happens when 20,000 people take that person's word for it, without doing any of their own research?
Yes, something needs to be done about the spammers, but this sets a dangerous precident. What's the solution? Hell if I know, though I suspect it's a combination of legislation and education. I just know that this has enough problems to have been condemned by almost everyone here, if it had come from the opposite direction.
Is going to the DMV and waiting on line a DDOS? no, it is following the procedure as it has been recommended by the provider.
Before you can ask if using the function is a denial of service answser this question: Is sending spam a denial of service attack? I have had to cancel email accounts because of all the spam. Did the spammers attack me? Did they deny me access to my email by raising the noise to signal ratio to the point that I could not use it anymore? I certainly feel that they did.
Now, the only reason that the spammers would have a technical issue is if they were not prepared for all the cancellation requests that come through. In that sense it is like a slashdotting. When a site gets slashdotted we laugh and say the site should have been on a better server, with more bandwidth, etc, etc. So...if the spammer cannot handle the cancellation requests maybe it's his fault. Maybe he should have vetted his mailing list and not sent emails to uninterested parties. Maybe 10 year old boys dont need viagra, cheap diabetic supplies, and hot lesbian horse action. Some discretion and discipline in advertising practices could help alleviate this problem.
Fact of the matter is that each spam email out is supposed to offer a chance to cancel the mailings and get off the list. If the spammer cant do that he is in violation of the law. I dont care if he has too many cancellation requests. I dont care if everyone who recieves it cancels.
If they dont want attention then they should not advertise.