Slashdot Mirror
SpamSlayer - should we DDOS spammers?
pointbeing writes "Just read this article about a company called Blue Security that essentially floods a spammer's website with requests to unsubscribe members - we're talking thousands of requests per day - the company's CEO says that fighting back by "inducing loss" against spammers is the only way to eventually stop them.
Although I hate spam as much as the next guy, is participating in a DDOS attack the way to bring spammers to their knees? If it's okay in this instance, it it okay to DDOS the next guy who does something we don't like?
"
From TFA:Sounds a lot like a DDOS attack...in fact, it sounds exactly like a DDOS attack. But aren't they illegal?
Also from TFA:That's what I thought...what does Blue Security have to say in their defense?
Again from TFA:Sorry, Reshef, but what you are describing is a textbook example of a DDOS attack. Whether the site in question is actully shut down, or merely incapacitated, is beside the point.
This whole caper is a non-starter, especially so since a precedent for this sort of thing has already been established by Lycos Europe.
____
~ |rip/\/\aster /\/\onkey
Wouldn't it just be easier to slashdot a site owned by a spammer company?
For those who complain that ISPs end up footing the bill because the spammers don't pay, well, I guess they'll need to be more careful about vetting their customers next time. As if there are any really "innocent" ISPs hosting Internet "pharmacies" or "Rolex" dealers.
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
I'm sorry, acting just like a criminal for revenge purposes, no matter how satisfying, is wrong. It just brings you down to their level.
Not only is this immoral, but in many places it's outright illegal. This is not the direction to go.
All it'll take is one spammer to file a lawsuit against these guys to stop them dead in their tracks.
1. Spam in Name of Competitor 2. ? 3. PROFIT
A couple of guys told everyone on Usenet about their latest green card scheme.
Should we bomb them into oblivion?
Or should we listen to the voice of reason and tolerate this behavior as a necessary evil, integral to the total freedom of the global Internet?
Sometimes I think we chose wrong.
We recently had heard in the office over one of the Yellow Machine that's made by Anthology Solutions.
What if only once a bad guy manages to blame someone innocent who get's DDoSed? Should we hazard the consequences?
I don't suffer from insanity, I enjoy every minute of it.
Why are they doing this, when they could put their energy into tracking the spammers so they can be prosecuted.
Only sending spammers to jail AND taking away ALL their assets (cash/cars/houses) is going to deter them.
Does sco.com have an unsubscribe link? ;)
500GB of disk, 5TB of transfer, $5.95/mo
Spam wouldn't be a problem if people didn't actually click on the links. I've seen studies somewhere about the return rate on spam. While it is quite low, it's still high enough to make it worth their while.
Maybe we should establish a site that lists all the companies that support spam, and then boycott them. We could even have a plugin in firefox that would warn or block a site that was known to have used spam.
Since when did operating systems become a religion?
-- Thou hast strayed far from the path of the Avatar.
This is a common practice. I did some consulting work for a co-owner for one of the early email harvesting/organizing/sales/distrobution companies. (Not on his evil project though) He went through 6 IPs that year. Basicly, DDOSers would attack the entire node he was on, not just him, they would threaten the ISP. The ISP looks at the profit potential of one company, versus the cost of losing all of their customers and would boot him off their grid.
All in all a pita for him. But the thing that will shut down a spammer... Charge Backs. Anyone who deals with online sales and credit cards knows that the quickest way to lose your online sales abaility is to have a few people return their goods and demand their money back. CC companies hate this, and if you get more then a few over a year, you can bet your account is going to get revoked. And getting an ISP is a hell of a lot easier than getting a CC carrier.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
Sorry, but I can't feel bad for spammers (or sites that support them) who get DDoS'ed. They make their $ by annoying millions in the hopes that hundreds will be gullible enough to buy their crap. What goes around comes around... and I fully support the use of DDoS attacks against these loosers.
Furthermore.. the repeated HTTP requets should include in their USER_AGENT header the following so it shows up in the logs ("LOOKS_LIKE_YOUR_WEB_SERVER_NEEDS_SOME_V1aGrA")
When you start trusting someone else to tell you who's spamming and who isn't, you invite them to abuse that power; what guarantees do you have that Blue Security will never go to a legitimate site owner, and threaten to tell SpamSlayer users that the legitimate site is spamvertised unless Blue Security receive enough money?
I appear to have a blog. Odd.
This beggs me to ask, do twon wrongs make a right?
I don't know, but if two wrongs do make a right then your above sentence contains no spelling errors whatsover.
But how do you correctly identify which sites to target. It will probably cause even more collateral damage than dns block lists.
Fighting fire with fire usually results in damage to both sides (friendly fire anyone?)
Something everyone should remember is that unless you are directly connected to the spammer's LAN, you aren't sending packets to him directly. Every packet you send out travels many hops. Your ISP and everyone in between have to use resources to forward that packet.
I don't know about everyone else but I don't want my cable connection bogged down just because my neighbor feels like being an activist. Let's let the legal system do its job and use distributed computing for protein folding or other more worthy causes.
...because it's illegal to castrate them.
Weaselmancer
rediculous.
If you catch someone in the act of doing harm to you or to someone else, don't wait. Act. Stop the harm being done, or being threatened.
It may be necessary, in the process of stopping the harm, to inflict harm on the attacker. Take care that your response isn't more harmful than that which had been threatened.
Failing to act in that circumstance is at best a reverse tragedy of the commons, in the general case laziness, and at worst is sheer cowardice.
After the fact it becomes mere revenge, which is a waste of time.
sigs, as if you care.
skip the ads and jump right to the good articles.
Jump to the what?
Two wrongs not making a right and all that... we know the drill. But it is undeniably wrong that spammers do what spammers do. With that in mind, we can either (a) wait until they see the error of their ways, (b) wait until sufficient legislation is enabled that will actually work or (c) do something about it ourselves.
A and B aren't working. C, at present, is the only answer we have available to us.
I want to say for the "record" (whatever that means) that marketing through email is okay with me so long as people WANT to recieve it. If someone out there WANTS to buy some descrete penis pills or any other "plain brown wrapper" item that's fine with me. And let there be a means for them to subscribe to the stuff. The key is Opt-in explicitly and without any tricks or gimicks and more significantly, an "instant off" function that will not require 4-6 weeks to update their databases (which is utter horse shit). Okay I said it... now let's move on.
We do everything we can to block these people. They do everything they can to avoid being blocked. Their attempts at evasion is proof positive that they know they are pissing off the world for profit. How many other business models work at public expense for personal gain? In effort to prevent at-large vigilante-ism, where should the line be drawn? As much as I'd like to pull over and beat the crap out of people with ridiculously loud stereos playing in their cars, it's wrong (and dangerous) to do.
I'm at a loss for what we should do about the problem. These people are essentially polluting the internet and it needs to stop. But how?
Mr. President, we are rapidly approaching a moment of truth both for ourselves as human beings and for the life of our nation. Now, truth is not always a pleasant thing. But it is necessary now to make a choice, to choose between two admittedly regrettable, but nevertheless *distinguishable*, postwar environments: one where you got twenty million people spammed, and the other where you got a hundred and fifty million people spammed. Hello? Hello, Dimitri? Listen, I can't hear too well, do you suppose you could turn the music down just a little? Oh, that's much better. Yes. Fine, I can hear you now, Dimitri. Clear and plain and coming through fine. I'm coming through fine too, eh? Good, then. Well then as you say we're both coming through fine. Good. Well it's good that you're fine and I'm fine. I agree with you. It's great to be fine. Now then Dimitri. You know how we've always talked about the possibility of something going wrong with the spam. The spam, Dimitri. The email spam. Well now what happened is, one of our base commanders, he had a sort of, well he went a little funny in the head. You know. Just a little... funny. And uh, he went and did a silly thing.
I personally like the SURBLs. They list spamvertised web sites, not the originating hosts of spam messages. If you block those then you're one step closer to cutting down on their profits.
DoS attacks are very effective against phishing sites. Most phishing scams utilize a CGI that e-mails the captured data to an e-mail address somewhere. By using a script which generates random data (see my sig), you can quickly render a phisher's data collection. Several factors can contribute to this. First, the flood of fake data can obscure the data that was captured from actual victims, Secondly, you can overflow the SMTP server that the phisher is using to process the captures. Finally, you may be able to fill the mailbox to which the captured data is being sent, although this is a bit harder with things such as GMail. However, the flood of mail from a single host may trigger sanctions at a free e-mail provider.
As a sidebar, I'm going to be releasing a new version of my anti-phishing tools in the next few days. I've added functionality which generates real-looking names and e-mail addresses and credit card numbers with valid checksums.
Chris
This is just another form of spamming. Anyone who generates unnecessary network traffic is a menace to the Internet.
Policing the Internet and making it an unwelcoming place for spammers is not "unnecessary." It's necessary if e-mail is to remain a viable, cost-effective means of communication.
Spammers love the kind of prissy-assed, holier-than-thou, arguments about ethics that people like you put up every time someone actually tries to combat spam. Bullsh*t. Enough is enough. If two or three months of attacks on a spammer's servers could get him to stop pissing off a million or more people a day, then let the attacks begin! If it makes a Chinese ISP stop writing web hosting contracts for spammers, then let's get going. If you don't have a viable plan to combat the ever-increasing volume of spam, then get out of the way and let those who do take action.
How long before the RIAA gets permission to DDoS file-sharers, or entire P2P networks?
Didn't...this already happen? I can't find an article offhand (Googling mostly gives back results about the RIAA website getting DOSd. I'm not sure of the outcome, but I do know that a few years ago, the RIAA sought amnesty from laws regarding DOS attacks, so that they could DOS "known pirates". I'm not sure if they were ever granted anything relating to this though..but judging by the fact that I can't find anything relating to the subject, I'd guess that nothing ever came of it.
--- What
If I were a carrier/backbone level provider, I certainly wouldn't want all this extra garbage traffic on my network.
I'm sure the rest of the network doesn't appreciate the potential increase in latency and packet loss these attacks can result in, either.
DDoS attacks are never a solution to a problem. They may hurt the target, but at the cost of wasted bandwidth for everyone else using the paths to that target.
Let's not start down this path. Please.
-Z
My mail server got hacked and ( )\/\/ |\| ) by some sleazebag spammer. It ended up sending a bunch of spam that had a URL to click on to "sign up" for their wonderful offer. After recovering and updating the mail server I wrote a quick little program that ran overnight that filled in this web form with garbage, but not random garbage that could be filtered out. To a machine each record looked valid. I ended up inserting over 200k records into their database making it worthless. I did it again a few times when I was able to get an IP address that didn't get blocked at the server.
Was it right? Probably not. Did it feel good, HELL YES.
Blue Frog clients do not arbitrarily perform DDoS on spam sites. They complain about specific spam messages received in mailboxes belonging to our users. Our users exercise their right to complain about the spam they receive. They are merely responding to invitations to the spammer's website.
The Blue Frog enters the site and sends a complaint just as a user would do manually. It does not consume more resources from the site or from its ISP than a user could do manually. Many users have tried sending complaint to spammers at some point requesting to unsubscribe. We merely allow the users to do it in a safe and automated manner.
Our goal is to force spammers to comply with the Do-Not-Intrude Registry - to clean out our users' addresses from their mailing lists. When they do so, they will not receive even one single complaint from community members.
We perform thorough manual (human) validation on the spam messages we act upon, to prevent Joe Jobs and to make sure we minimize any possible impact on third parties.
Guy Rosen
Blue Security, Director of Operations
http://www.bluesecurity.com/
OMG i just got spammed from bluesecurity.com! We better rush out and DDOS them.
Seriously, what's to stop a spammer from sending spam on behalf of a competitor, and laughing while BlueSecurity shuts down their website?
And who decides what is spam? BlueSecurity employees? A poll of users? A 13 yr old who scripts a bunch of canned messages to "BS" and says Microsoft spammed him?
Spam is Evil, but so is fighting spam *with* Evil.
-David
...a lot of people taking the moral "high ground" on this one and deriding these types of tactics. Let me draw another picture:
Rather than taking an offensive stance, let design a system that runs in a distributed way (a network) that can detect a particular spam email as it is sent out to millions of addresses. Then, merely in response to that event, the nodes on the network coordinate to create an automated reply to unsubscribe from that piece of email.
Now, I am sure there are those among you that would argue that this is a DDoS type approach. And it is. Except I think you'd stand a very good chance in court (if it ever even made it that far) of arguing that is perfectly legal. Spamming is illegal, and they are required to provide a link to unsubscribe. In the case that they do not, some nodes on the network could sleuth down the appropriate address to send the request to and provide it to other nodes. Thus, the network would never initiate an attack, it would merely recognize and respond (using the channels provided for in law) to the emails that are sent out. Sure, the end effect would be a DDoS, but so is a Slashdotting - and that isn't illegal.
I haven't done my homework on the wording of the law that makes a DDoS illegal (besides, in whose jurisdiction is it illegal?), but there are so many DDoS-like events on the web that the law cannot make them ALL illegal, and if Slashdotting is OK, I'm sure the scheme outlined above would be OK, too.
There's another name for this sort of activity: "Lynching" There's a good reason why one isn't supposed to take the law into one's own hands. It's because, however noble your intentions, there are no checks or balances on your actions; no safeties or limits.
I HATE spammers. When I'm bored, I shut them down by tracking relevant data about them, and reporting them to their hosts and domain registrars. But who decides who the next "spammer" is? When I get spammed, even that isn't strong enough evidence for me. My next step is to ensure that it isn't an isolated incident, and so I go search the web to see if they've been added to a database/blacklist, or are on any of a number of spammer watchlists. Once I've got enough evidence to be able to convince a host/registrar, as well as myself, THEN I take action. But... how many vigilantes would take these extra steps? How many would simply go along with the crowd? "Hey! It's a spammer! GET HIM!!!"
As much as I hate what spammers do, I simply can't condone this kind of action, without some kind of safety net for false positives. We're seeing something of a double standard here. What if, instead of discussing actions against "spammers", we were discussing actions against "terrorists"? Biometric tracking? Millimeter wave scanners? RealID? We've all seen how many people get strip-searched, end up on no-fly lists, get arrested for not having the right paperwork or IDs, and have any number of other civil rights violated. We're constantly demanding that we have some sort of guarantee that we're not going to end up flagging the wrong individuals. I agree wholeheartedly; we'd damn well better ensure we're flagging the right people, or the system is pointless, and the "terrorists" will end up laughing all the way back to the compound. So... where's our safety net here, folks?
If we could legitimately do something like this, there wouldn't be a need for it, because it would mean the authorities would already be doing so. What happens on the day someone decides that Bob's Direct Mail service is "close enough" to spam, and we should start targeting them? How about Bob's Direct Mail Order? Bob's Direct Shipping? Bob's Joint? Who decides the next target? What if it's just a personal vendetta, and isn't even accurate? What happens when 20,000 people take that person's word for it, without doing any of their own research?
Yes, something needs to be done about the spammers, but this sets a dangerous precident. What's the solution? Hell if I know, though I suspect it's a combination of legislation and education. I just know that this has enough problems to have been condemned by almost everyone here, if it had come from the opposite direction.
As I watch my server crawl with thousands of spam smtp requests on one screen and read this story on another...I think, let the war begin!
T o: "uzhl"
Now sending floods to unsubcribe lists, is not the way to be doing it however.
The attacks should be directed at the injecting IP.
In the example below, I direct a ping flood to: 219.86.51.137
Further, you could parse the body for the web sites actually hosting the spam.
As well, you can have scripts automatically send notifications to blacklisters and abuse departments of the upstream providers.
net.tw ---> http://www.pigo.cn/index.htm gets abuse complaint.
(Now if I could only write in chinese)
Further, you could hack the injecting box:
Starting nmap 3.55 ( http://www.insecure.org/nmap/ ) at 2005-07-18 10:40 MDT
Interesting ports on 219-86-51-137.dynamic.tfn.net.tw (219.86.51.137):
(The 1658 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
135/tcp filtered msrpc
1025/tcp open NFS-or-IIS
Looks like some juicy ports.
Example Spammer Header:
>From ahzu6.j93m6@yahoo.com Mon Jul 18 10:22:54 2005
Return-Path:
Received: from 142.127.184.144 (219-86-51-137.dynamic.tfn.net.tw [219.86.51.137])
by ns.qualico.ca (8.9.3/8.8.7) with ESMTP id KAA23411;
Mon, 18 Jul 2005 10:22:54 -0600
Message-Id:
From: =?Big5?B?dzahuTahuTYyMzo1MjoyMQ==?=
Subject: =?Big5?B?GwgYsdAUsXoVvHYCpPkDsMURv+gIIRMhEggI?=
Content-Type: text/html;
charset="BIG-5"
Sender: "w66623:52:21"
Reply-To: ahzu6.j93m6@yahoo.com
Date: Mon, 18 Jul 2005 23:55:06 +0800
X-MimeOLE: Produced By Mircosoft MimeOLE V6.00.2600.0000
Is going to the DMV and waiting on line a DDOS? no, it is following the procedure as it has been recommended by the provider.
Before you can ask if using the function is a denial of service answser this question: Is sending spam a denial of service attack? I have had to cancel email accounts because of all the spam. Did the spammers attack me? Did they deny me access to my email by raising the noise to signal ratio to the point that I could not use it anymore? I certainly feel that they did.
Now, the only reason that the spammers would have a technical issue is if they were not prepared for all the cancellation requests that come through. In that sense it is like a slashdotting. When a site gets slashdotted we laugh and say the site should have been on a better server, with more bandwidth, etc, etc. So...if the spammer cannot handle the cancellation requests maybe it's his fault. Maybe he should have vetted his mailing list and not sent emails to uninterested parties. Maybe 10 year old boys dont need viagra, cheap diabetic supplies, and hot lesbian horse action. Some discretion and discipline in advertising practices could help alleviate this problem.
Fact of the matter is that each spam email out is supposed to offer a chance to cancel the mailings and get off the list. If the spammer cant do that he is in violation of the law. I dont care if he has too many cancellation requests. I dont care if everyone who recieves it cancels.
If they dont want attention then they should not advertise.
The fact that so many people are seriously considering vigilante-oriented solutions to these problems calls attention to the woefully inadequate enforcement resources we have.
I am still dumbfounded as to why ANY of the ~200 (or less) spam-gangs (as documented by Spamhaus) who are responsible for 80% of all spam haven't been taken down? I don't buy the jurisdictional problem excuse -- most of them are in the states and all of us know they can be easily traced. Almost every one of these spammers are engaging in multiple criminal activities, including computer tampering, fraud, copyright infringement, RICO violations, identity theft, ponzi schemes, and more.
The biggest casualty of spam is the theft of bandwidth and network resources. DDOS'ing the spammers, while effective in that it may increase their cost of doing business, compounds the problem.
However, at this point, since the feds seem incapable of doing anything about this, I'm unwilling to write off any approach that might wake them up and get them into action. Our country does have a history demonstrating that civil disobedience can be an effective catalyst when the status quo is ambivalent. With that being said, I wouldn't personally endorse anything of questionable legality, but at the same time, I can't help but respect the role of such tactics in history.
Still, it just boggles me that a few FBI agents haven't done something as simple as toss up a few PCs on a cable connection with a packet sniffer, and begun documenting the propagation of worms and how the spammers are operating. It would take no more than a week to build a solid case against so many of these operations, you could pick-and-choose which perpetrator would be the easiest to prosecute. So why hasn't this been done?
I don't hate spam for the same reasons most people hate spam. I suspect most people are just annoyed with the deluge of crap that ends up in their inbox. I don't care, it gets filtered out 80% of the time and it takes me about a minute each morning to click the "yes, that's spam too" button in thunderbird.
What *I* hate about spam is the fact that there's so much of it that it accounts for a good measurable percentage of the total traffic on the net. Think about it. Spam is usually small messages, sent to thousands of recipients all over the world. So every bit of spam branches out from the spammers local mail relay and induces a small amount of traffic to a great many parts of the network.
There are lots of spammers. They send lots of spam to lots and lots of people. That makes up a huge collection of packets that have to be routed all over the globe, all day long. I heard a figure somewhere saying it might be as high as 60% of total traffic.
My ping times to various game servers are seldom better than 70ms, and quite often over 100ms. I'm willing to bet that if all that crap weren't being flushed all over the net, the overall latency would drop by a good 20ms.
(Don't get me wrong, I'd rather have a nice T3 and be high enough up to not have the extra latency to begin with... but... I can only hold my breath so long.)
Using DDoS attacks against them would just induce even more garbage onto the network, and make it even slower.
The "right" way to deal with it is to (a) change the SMTP protocol so it requires some form of identification (perhaps a public key signature) -- if I don't recognize the caller-id on my phone, it goes to voicemail, why should email be different?, (b) go back to batch processing of email -- why do you NEED email to get there in 30 seconds, use an IM for real-time. Let mail servers send mail every 4 hours so at least that end can be more efficient. Use compression while you're at it. And (c) make spamming a crime, punishable by firebombing of the offenders house *grin*. If (a) happens, it should be possible to locate the spammer's property and eliminate it. That would remove the incentive for spamming, since all that "hard-earned" money would be lost.
we could make a thunderbird/evolution/etc plugin that automatically wgets all the links in a message flagged as junk a few times. if enough people decide the email is unwanted, the problem takes care of itself. this is a bit of an added safeguard because its sort of a vote rather than one person or company deciding what is spam and what is not.
eBayDig 1s a typo saerch engien
There is no law on the internet. Some countries punish spammers via the law but this only works for spammers within the borders of those countries, or reciprocating countries, and only if the spammer is actually caught. Crime prevention on the internet has been a laughable exercise in futility from the get-go regardless of the 'high-profile' cases touted about as a bizarre metric of success.
You're dealing with a system that really doesn't give a shit what the law is in any one country, or any one group of countries. And since only the insane among us want a world government, that leaves with the question of what to do when law enforcement is essentially ineffective. Which it has been, and will be, no matter what laws the U.S. decides to pass or what the penalties are. U.S. law, after all, stops at U.S. borders.
So long as there are countries that'll host spammers there'll be mountains of spam to contend with.
If the law can't control the problem, what does that leave you? Seems to me that vigilantism doesn't sound so bad when the alternative is "bend over and grab your ankles".
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
I know most of you are too young to remember the old days of the Internet but before DDOSing was illegal this was the method to stop spammers. That and brute force attacks aginst their servers. If you where a spammer then you were an open target.
This worked too. Spam increased only after the laws pretaining to network attacks came into effect.
I I guess that if someone breaks into your house watches your TV and eats all your food this is ok as long as they don't carry anything out. Still your left with the electric bill for running the TV and now you also have another mouth to feed. Guess your made of money. Well I am not and if you break in here you will be dealt with accordly and I will call the Cops only to come and carry away your corpse.
So if you stick your hand in my pocket to take my money and I cut off your hand am I the bad guy for cutting you? If you hadn't put your hand in my pocket in the first place I would have never hurt you. This is the same thing spammers stick their hands in my pocket everytime they send their shit. So if I cut off their hand by DDOSing them am I wrong? Personally I don't think so.
Remember THEY contacted me first.
The laws are no good. Ever called the FTC about this? Even being a ISP they will not presue your case. Their only answer is send us an email. Even when you have a mountian of evidence against them. Laws aren;t worth the paper it is written on if they are not enforced and the CAN-SPAM Act is just an illusion to appear that the goverment is doing something about it.
OK guys you can flame me now....
That will merely 1mpr0ve the s1ze of their ordering system!
;)
maybe we should market such spam to spammers....
The situation you are likening things to probably doesn't work as you suspect.
Do you think the West was tamed by vigilante gangs, citizen lynchings, and the like? Do you believe this is what civilized the West?
Or rather, was it the coming of the railroad, the influx of honest people, the extension of the hands of law enforcement, the implementation of new laws and their enforcement, etc.
I submit that the Wild West was a place of murderers, vigilante gangs (murderers), hired guns (ditto), the precursor of the corporate army (likewise sometimes), and citizens who were sometimes willing to backshoot a dangerous stranger or lynch him without due process.
Now, all I'm getting at is reverting to the same type of action as the spammers is sort of like admitting you can't come up with anything better, more civilized, or more effective. That smacks of giving up, of throwing up your hands and saying "we can't beat 'em, better join 'em".
There are any number of existent laws and if the agencies that enforced them were a bit better funded and there was better international cooperation, we'd see a fairly marked decrease in some of this sort of traffic. Fighting spam is as much an international diplomatic/legal/bureaucratic issue as it is a technical one.
I mean, think of it in another way. You've got a dark room and you have a door onto it. You know the dark room has some nasty critters in it, and one might wander into your lighted door and try to eat you. I don't think the solution is releasing alternate strains of nasty critter. That's just magnifying the problem. Instead, you'd put a door on with a peep hole, you'd install a mantrap or two, and you might find out which other room is popping monsters out and send a group of people to that room to speak with them about it.
I figure we can win this war another way, we just have to decide to spend the money and put it as a priority for our law makers, law enforcers, and budget allocators for same. And of course, arm-twist some offshore havens into rethinking their policies.
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
I am fence sitting on this one. I joined the site and downloaded the blue frog client and may use it if only because my one computer isn't enough to make any difference in internet traffic by itself anyway. In this kind of war no one soldier makes much of a difference to the outcome.
However I am concerned about starting a large scale netwar with the spammers, effectively shutting down the internet. This is essentially what happened for me locally during the whole makelovenotspam fiasco. The spammers faught back with everything they had. It was not pretty. Also, as a rabid e-pirate complete with parrot and eye patch, I am concerned that the war could be an excuse for RIAA/MPAA sponsored attacks as well. The fact is that the internet is a very fragile system which can be easily broken. Some people are arguing that maybe it should be until our governments are willing to pass enforceable spam laws with actual teeth. But I'm not so sure I'd be willing to go that far.
I think a better long term system would be to get large groups of people to join an anti-spam organization which would accept donations and membership dues or whatever to fight against companies that advertise with spam in the real world. Something like a shady, vigilante, version of the EFF. The idea would be to hurt and put out of business companies that advertise with spam as much as possible. Moebius faxes, war dialing of 800 numbers, junk mail attacks, publishing of personal contact information for everyone in management positions including cellphone numbers, email and snail mail addresses. Maybe even opportunistic vandalism in a car-keying, sugar in the gas tank, potato in the tailpipe, spray-painting "spam sucks" onto windshields, kind of way. Presumably a professional organization could come up with even more nuisance ideas. Maybe a freesite could keep track of the exploits.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
I think the real problem is the ISPs. Internet service providers have these spammers as customers. Not only the spammers themselves but also the companies they spam for. There is no law that says you have to take a customer. It would be cheaper to not take these customers and save their bandwith.
DDOS attacking is not the answer; taking their network connection is!
MidnightBSD: The BSD for Everyone
Turn your back on spam. Use the best protection you can, hit delete, change emails once in a while, don't post your primary to suspicious sites or public places. It's pretty each. I don't get a lot of spam.
;))
It's a lot like weather, if you just live with it it's not that bad. I used to get all freaked out about those profiteering on the internet, because I was around a little before it really got commercial (when Mosaic came out and playboy.com started
It's symptomatic of our society--we're a marketing based economy. Almost everyone already has most of what they NEED here in America (food, shelter, medicine, etc.) therefore it's necessary to TEMPT us with things we just WANT and the essence of marketing is WANT. Need doesn't require extensive marketing to match up potential customers, they come looking for you.
Turn your back on spam and all marketing, don't buy into it if you want it to go away. But you should know just by looking at your friends and relatives that it's not going to go away. Everyone buys something because of a brand name or something like that. Nike shoes, Pepsi Cola, pft. We are all part of the problem so we can't really complain.
However, what I didn't like especially about your post was the comment about getting "lawmakers" involved. Ahem, what you are saying is taking the greatest invention furthering freedom of expression and thought and speech since the printing press and REGULATING it because you don't want to delete a few emails?! The price you pay for freedom is high isn't. You poor thing, having to suffer for like 2 or 3 minutes a day sorting through your email.
WE CAN'T WIN THIS WAR. Just like we can't "WIN" the "War on Fear" as I like to call the current stance of the U.S. Law Enforcement/Miltary/Political triumverate. This isn't a war on "Spam", this is a war on "Annoyance." You might as well start writing letters to your congressperson so maybe they can make it illegal for people to talk on a cell phone in a public place or, how about this, have a dog that barks or a rice burner with a loud stereo.
That's all annoying stuff but guess what, WE PUT UP WITH IT. We're ADULTS and it's just a part of life. If you let every little nitpicking thing get to you then you will die a nervous wreck!
Spam, as I see it, is just an annoyance.
What I DON'T like is Spyware. THAT'S a legitimate thing to declare war on. It invades your computer, sends your private information to others, makes a computer unusable, sends your web browser to it's own pages. That's an INVASION.
Annoyances, well.. I can live with those.
Please don't get the law involved with annoyances. Or next thing you know, they'll take your dog away. Then your computer, so you can't annoy me with your silly wars.
Cool! Amazing Toys.