Slashdot Mirror

← Back to Stories (view on slashdot.org)

SpamSlayer - should we DDOS spammers?

Posted by ryuzaki0 on from the what-lines-to-cross dept.

pointbeing writes "Just read this article about a company called Blue Security that essentially floods a spammer's website with requests to unsubscribe members - we're talking thousands of requests per day - the company's CEO says that fighting back by "inducing loss" against spammers is the only way to eventually stop them. Although I hate spam as much as the next guy, is participating in a DDOS attack the way to bring spammers to their knees? If it's okay in this instance, it it okay to DDOS the next guy who does something we don't like? "

9 of 587 comments (clear)

  1. Sounds like a lawsuit waiting to happen... by Iphtashu+Fitz · · Score: 4, Interesting

    All it'll take is one spammer to file a lawsuit against these guys to stop them dead in their tracks.

    1. Re:Sounds like a lawsuit waiting to happen... by wkcole · · Score: 5, Interesting
      Read about the clean hands doctrine and get back with us.

      Read up on the history of the Church[spit] of Scientology's lawsuits and of the lawsuits that were filed against MAPS in 2000 by spammers and get back with us.

      One thing LRH got right: lawsuits under the US system are not all about who is right or about wins in court. They are often about which side can inflict the most damage on its opponent by careful strategic pursuit of the lawsuit.

  2. I remember when this debate started by AEton · · Score: 4, Interesting

    A couple of guys told everyone on Usenet about their latest green card scheme.

    Should we bomb them into oblivion?

    Or should we listen to the voice of reason and tolerate this behavior as a necessary evil, integral to the total freedom of the global Internet?

    Sometimes I think we chose wrong.

    --
    We recently had heard in the office over one of the Yellow Machine that's made by Anthology Solutions.
  3. Re:Sophistry at its finest... by interiot · · Score: 5, Interesting

    How do you define DDOS? If spammers send millions of emails in a day to AOL, does that constitute a DDOS against AOL? If large ISPs automatically send an unsubscribe response for each spam they get, and the total bandwidth is less than what the spammer originally sent, does that constitute a DDOS? Is it a DDOS if the large ISP's intent in doing this is to shut the spammer down?

  4. It depends on the timing. by RealProgrammer · · Score: 4, Interesting

    If you catch someone in the act of doing harm to you or to someone else, don't wait. Act. Stop the harm being done, or being threatened.

    It may be necessary, in the process of stopping the harm, to inflict harm on the attacker. Take care that your response isn't more harmful than that which had been threatened.

    Failing to act in that circumstance is at best a reverse tragedy of the commons, in the general case laziness, and at worst is sheer cowardice.

    After the fact it becomes mere revenge, which is a waste of time.

    --
    sigs, as if you care.
  5. Re:Hate to break it to you, but by germanStefan · · Score: 3, Interesting
    I think the best way to combat spam is with effective server side anti-spam solution, but still delivering it just tagged as *SPAM* what they then do wiht it is up to them. If someone wants to get penis creme to get the biggest "cum shots to impress their wife"(pardon my language...just reading from my last spam message). Its not up to me as an admin of a small hosting company to do anything. I wont attack those sending me spams, and its not my job to block people from getting what they want. I don't think spam is such a pain as a well trained (more than 10000 spams and hams) spamassassin or other bayesian filter should get reasonably good.

    Also I set up a catch all for my clients. They sign up at websites as @domain.com. Then if that domain starts sending spams we add as an alias to the spam@domain.com. This has helped a great deal as people's primary e-mail accounts remain hidden behind the catch all. And it require almost no work for the clients. They can send me a quick note or add it through their "control panel" blacklist...

    What do other slashdotters do that are admin's for hosting companies or midsize-big companies? I would be interested

  6. Wait a second by Marc2k · · Score: 4, Interesting

    How long before the RIAA gets permission to DDoS file-sharers, or entire P2P networks?

    Didn't...this already happen? I can't find an article offhand (Googling mostly gives back results about the RIAA website getting DOSd. I'm not sure of the outcome, but I do know that a few years ago, the RIAA sought amnesty from laws regarding DOS attacks, so that they could DOS "known pirates". I'm not sure if they were ever granted anything relating to this though..but judging by the fact that I can't find anything relating to the subject, I'd guess that nothing ever came of it.

    --
    --- What
  7. Do-Not-Intrude Registry Service by guyro · · Score: 5, Interesting
    There is no doubt that DDoS is an illegal and immoral action. As a security company we are the first to recognize that and live by that rule.

    Blue Frog clients do not arbitrarily perform DDoS on spam sites. They complain about specific spam messages received in mailboxes belonging to our users. Our users exercise their right to complain about the spam they receive. They are merely responding to invitations to the spammer's website.

    The Blue Frog enters the site and sends a complaint just as a user would do manually. It does not consume more resources from the site or from its ISP than a user could do manually. Many users have tried sending complaint to spammers at some point requesting to unsubscribe. We merely allow the users to do it in a safe and automated manner.

    Our goal is to force spammers to comply with the Do-Not-Intrude Registry - to clean out our users' addresses from their mailing lists. When they do so, they will not receive even one single complaint from community members.

    We perform thorough manual (human) validation on the spam messages we act upon, to prevent Joe Jobs and to make sure we minimize any possible impact on third parties.

    Guy Rosen
    Blue Security, Director of Operations
    http://www.bluesecurity.com/

  8. Re:Sophistry at its finest... by femtoguy · · Score: 3, Interesting

    I think that the best idea is not to do DDOS, but something even more useful. If everyone chooses a fake set of personal credentials (name, phone number and whatever else) and then responds with the fake information, that will shut down the spammers in a hurry. Instead of sending out 10,000,000 e-mails and getting 10 promising leads, they will get 10 promising leads and 999,990 fake names and addresses.