Slashdot Mirror
Spam Haters Given Right of Reply
rk_cr wrote to mention an Israeli technology firm which has set up a system to allow harried email users the right to reply in force. The system "batters spam websites with thousands of complaints. The plan is to fill order forms on spam websites offering pills, porn and penile health tonics with complaints about the products advertised for sale in junk messages. The plan has been criticised by other anti-spam workers who say it amounts to vigilantism."
so we spam the spammers sending spam...wait..what? This is some strange paradox that i can't understand at 7am EST..
time is a perception of a being's consciousness
time is your 6th sense, the wierd ones are 7+
Would the users not then be liable for precisely the same kind of charges and punishment that the spammers are?
Sure this might annoy the spammers, but it's also going to cause problems for anyone unfortunate enough to be sharing a network/webhost/isp with a spammer. And what happens when someone sends spam appearing to be from a competitors site, in order for them to be attacked?
Drag n' Drop DVD Recommendations
http://it.slashdot.org/article.pl?sid=05/07/18/121 4226&tid=111&tid=1
Leela: Hold it Santa! Consider this: you are programmed to destroy the naughty... I submit to you, that you are in fact naughty, and that, logically, you must destroy yourself.
Santa: Nice try, but my head was built with paradox absorbing crumple zones.
5.. 4...3...2..1...
(you know, the "your solution to spam is unworkable because..." one)
I'm a spammer and I really don't appreciate this kind of vigilantism. Therefore, I'm going to have my army of spambots crapflood your website with GNAA/Trollkore posts. Have a nice day.
Wh47 d1d j00 541, 31337 15n't t3h r0xor5 ne m0r3???
FTA, I will quote a whiner: "Deliberate attacks against people's websites are illegal."
WTF?! Are you an idiot or what? Since when, exactly, are there laws on the web?
Before you reply with witty comments and dates, please understand I'm not saying that there should not be or that there are no written laws, I'm saying that (almost) nobody respects them. Go on, enforce laws on the web. Come back when you succeed.
Given that it's impossible to regulate the web beyond the very basics like domain registration etc., people like the whiner above should just accept the fact that the lack of laws on the web make this a no-man's land, where criminals are free to do what they want (which they are doing) and those who object are free to take arms and destroy them (which they are not doing).
So who gives a fuck when it's illegal - laws that are not enforced are simply not there. Now do you prefer sitting and whining and blaming it on the innocent ones or actually *doing* something to solve the problem?
Global warming is a cube.
Maybe Zonk would learn to READ THE FRIGGIN SITE.
Sign me up!
Where's the, uh, bittorrent?
People get bent over and anally raped by the entertainment/corrupt bribery industry - the solution - bend them over and take their stuff for free.
Some nutter in the middle east kills thousands of people - the solution involves killing thousands of people.
Some lowlife scum spam the world - the solution is obviously to spam them back in return.
This is just how things work now. No point trying to fight it.
The plan has been criticised by other anti-spam workers who say it amounts to vigilantism.
Have you noticed that everytime a brilliant solution arise, a solution that seems just right and appropriate. A solution that would maybe not stop but at least truly hinder spam or virii and stuff like that, security firm says its a bad idea, its vigilantism and crap like that. Who cares if its vigilantism, it works and thats all that count. The fact of the matter is that none of these company want virii gone or spam dead, they want to sell you stuff that gives you the impression its doing something usefull about it. deleting spam, filtering it, scanning for virii and removing the well known ones, it just doesnt do crap about the problems... retaliating might, so facing a technique that could work the "spam fighters" dismisses it...
A vigilante is someone who usurps ot assumes power or authority from where it rightfully
exists.
Now, show me an elected or appointed spam cop that this is taking authority away from. There is none. Don't even bother to pretend ISPs fulfill this role. Their role is to keep customers. Some do better than othres at cleaning the trash, but none can act beyond their boundries.
And speaking of boundries, that's where your anti-spam laws stop. And that's as it should be.
This is the emergence of a regulatory force in the absence of any. That is not vigilantism. The net should police itself, including the dirty work. If it doesn't, someone will.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Your post advocates a
(x) technical ( ) legislative ( ) market-based (x) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
(This time the spammers will be doing the filtering, and that will be quite easy for them.)
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
I code, therefore I am.
From: Spammer To: The_Spammed Hilarity ensues. I'm kind of out of loop, cause I haven't had any spam in ages, but I would assume that most spammers don't use an address of theirs in the From header.
Unbelievably stupid. Or, as Mitch Wagner observed:
And even he doesn't cover all the problems; for example, as everyone with the slightest clue about spam has known for years, responding to the spammer in any way is absolutely idiotic.
But since the people involved in this company have no anti-spam credentials, no track record of involvement, and no clue how their "counter-attacks" will be neatly retargeted (surely nobody is naive enough to believe that spammers will sit still for this?) I can't say I'm surprised. This is merely the latest bonehead idea in a long series (e.g. challenge-response, callbacks, SPF, etc.) of bonehead ideas put forth by people who have clearly failed to comprehend even the rudimentary aspects of the spam problem...or who have, but simply do not care about the conequences for everyone else as long as they can selfishly "solve" their part of the problem.
I've already blacklisted the company behind this tripe and null-routed their address space. I recommend the same for everyone else. There's simply no place on the Internet for those who want to profit from our collective misery by making it worse.
From the article: "If you have an e-mail account you get spam"
I don't have a problem with doing harm to those who employ spammers. It would be nice to have a public noticeboard giving the URLs of entities who pay spammers for driving traffic to their sites. I'm not advocating that we collectively attack the spammers or spam employers, just let's see their names, the same way they show the names of the guilty on the crime page of the newspaper. Leave the action to the public. In some cases, I imagine that it would actually drive shopping traffic figures up. In others, the results might not be so ... salubrious.
In times of trouble, the smell of frying onions usually gives confidence and comfort.
This is an old pattern. The bad guys (Spammers this time) inflict themselves on the public. Authority is asked to help, but cannot or will not do so. Victims then search for their own solutions. Authorities see their monopoly threatened and cry,"Vigilantes!" The authorities, whether government or private concerns, feel they have more to gain protecting their monopoly than by fighting the problem, and victims are an easier target than organized thugs. Notice that their protests against the victims do not offer a better solution, only name-calling and threats.
It may not work the way it is intended to but it will make me feel better to be able to do *something* Let the fun begin!
The reason is this: To make money, spammers have to read and process replies. If 50% of the spams produced a reply useless to the spammer, the actual profitable replies would be lost in the noise. There's no way they could afford to pay someone to read all the useless replies looking for the ones that actually want to buy the product.
The message could be generated by your spam filter. "We're sorry, your email message was filtered as spam and not delivered. If your message is legitimate, please reword it and try again." You would need enough different messages that the spammers could not apply their own spam filters of course.
1. DOS on spammers proposal: http://it.slashdot.org/article.pl?sid=05/07/18/121 4226&tid=111&tid=1;8 205&tid=95&tid=111)
2. The, I believe english, innitiative to reply on spam by going to the websites and not buy anything (1/3 of users responds on spam advertising: http://it.slashdot.org/article.pl?sid=05/03/23/23
Somehow I do not feel like going after these spammers at all, but more for just better working ISPs to disconnect bots of the net, and disconnect spammers of the net.
My wife's sketchblog Blob[p]: Gastrono-me
A complete waste of time.
What an idea!
Why OH WHY do people buy from them?
The plan has been criticised by other anti-spam workers who say it amounts to vigilantism.
What's wrong with vigilantism?
A person who has been wronged has the right to be redressed.
The theory behind a civilized society is that this redress cannot be undertaken personally, but must go through proper channels (law enforcement, the court system, etc).
The practice is that no state in the world is currently capable of enforcing all of its laws and punishing all offenders. There aren't enough courtrooms, hours, resources or jail cells. So people's right of redress has been taken away, and criminals can get away with their behaviour. That's not right.
Give some authority back to the people through vigilantism and you will see a dramatic drop in antisocial behaviour. Oh sure, it will be abused. Just as the current system can also be abused. But if you spam me and my buddies get to go to your house and beat the crap out of you, you will think twice about that line of business in the future. Word gets around.
Seven puppies were harmed during the making of this post.
The first article is excellent, by the way.
Whenever I get a phising e-mail, I go to the website that the e-mail directs me to, and fill out the forms with data that I make up. I even memorize (or jot down) what I enter in each field, because some phishing attempts claim I made a typo and ask me to fill out the form again --I guess this is an attempt to make sure I'm entering actual data.
When enough people do this, it 'drowns' the credit card numbers and identification codes from people who are too gullible to know that their banks would NEVER invite them to update their data this way.
If you're old enough to get screwed, you should be old enough to get hammered.
I have my doubts about whether this will actually work, but I'm not sure it matters.
I just think getting thousands of complaints should be the natural result of pissing off thousands of people.
The psychopathic behavior of a spammer wouldn't be tolerated for an instant if he were face-to-face with his victims. Try attending a ballet or opera, and yelling "I have cheese in my butt!" at top volume.
Whether it works or not, what Blue Sec is doing should be an expected inconvenience of spamming. Even if it just causes spammers to set up their own filters, at least it will weed out some would-be casual spammers.
The Internet is full. Go away.
Many people sending one message to one people != Spam
One person sending one(or more) messages to many people = Spam
Where each of a large number of people do something which is individually a lawful action when carried out in isolation, but in aggregate becomes harmful to some person, it is hard to see how that makes the actions of each individual then become illegal(unless there is a law to the contrary). For it to be vigilantism(in the common English usage of the word), each individual would have to do a reasonable harm to the spammer(e.g. chase him/her down, or send a death threat).
X-Has-Sig: yes
What? No it doesn't.
Couldn't it be called self-defense?
Cool! Let THEM start sweating around trying to protect their sites for once. How cool is having a spammer deal with the same kind of shit that they spread around?
That doesn't mean this can reduce their profits, which is always good.
That's just an opinion, not a fact, at least in this particular case.
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
Why not just save all the spam you get and script out forwarding it all to them to let them know all the different types of solicitation you do not wish to receive? True, it will be a tad redundant, but hey, you don't have the time to weed all that crap out! After all they are the ones getting paid to deal with this stuff.
I don't know why we talk so much about vigilantism. Okay, it's "wrong" and all. But let's dismiss the discussion and look at it from another angle.
These jackasses are making millions by pissing off hundreds of millions of people using means clearly designed to skirt protections from their crap. They are armed, in essence, with internet assault weapons. Why shouldn't we see if their defenses are as strong as their offense?
VIRUSES, NOT VIRII!
Why the heck do people write "virii"?
How exactly is this different from a bunch of people just filling out bogus information?
Answer: It isn't.
If a significant percentage of us, just did this, the spammers would be hurt by rising costs and sharply reduced product value proposition. (leads)
This company is just making that easier.
No harm, no foul.
Unless you are the spammer making money off of shared resources without giving anything back that is...
I hope this works and it catches on. I would use this service in a minute.
Want to cut down your junk mail? Spend a few days each month filling their postage paid envelopes with their competetors offers and other interesting bits you can stuff in there. For those little card things, fill 'em out with crap.
People have done this for years and this spam service is no different than hiring somebody to send crap data for you.
Blogging because I can...
There has been talk that
John Levine is being paid off buy the spammers, and I mean LOTS of cash.
One of his charges,who he gives a percentage to, evidently spilled the beans by accident at a party.
I know a guy who's been replying for years. And unlike this moronic idea, he's damn Funny.
Karma: Positive (probably because of superiour intellect)
"It's the worst kind of vigilante approach," Mr Levine told the AP news service. "Deliberate attacks against people's websites are illegal."
To be honest, I'm not that concerned with the rights of spammers. Although there are some problems with this approach, it may have have the desired effect to a certain degree...have at it!
from the article:" A software program downloaded by those signing up then visits the spammers' websites and fills in any online order forms it finds with complaints about the unsolicited mail."
I don't think so!
Sheesh! Slashdot has gotten really lame.
"Other anti-spam workers" is none other than John Levine, Ph.D, co-author of the BEST SELLING INTERNET BOOK OF ALL TIME (I kid you not) "The Internet for Dummies" (Now in its ninth edition). Some of you cretins need to read it.
In Commonwealth of Virginia v. Jeremy Jaynes Dr. Levine served as an expert witness for the prosecution. His testimony helped send Jaynes to prison for nine years.
At the second annual Conference on Email and Spam Levine presented a technical paper on his experiences with greylisting.
Dr. Levine is the chair of the IRTF Anti-Spam Research Group. He's a founding member of the Coalition Against Unsolicited Commercial Email. He runs the Network Abuse Clearinghouse.
"Other Anti-Spam Worker" indeed.
Take a good look at Blue Security's product. I think you'll see that it's little more than an HTTP DDoS tool. BlueSecurity claims that it's okay to DDoS spammers, and that they make very sure that only spammers are DDoS'd (although their careful not to call what they do a DDoS).
I'm given to understand that they moved their hosting to Israel when Verio terminated their service for violations of Verio's acceptable use policy. Verio doesn't allow folks to host denial of service tools on their network (nor will any normal ISP do so).
Someone should ask BlueSecurity about their legal threats against Everyone's Internet for attempting to do the same.
These are not nice people. The only difference between them and the normal crop of script-kiddie miscreants, is that they have found venture capital.
There's no 'on' position on the Slacker switch!
And there are several major problems with your proposed legality:
(1) The spammer invited you to visit the Web site to do business with them. They didn't invite you to visit the Web site to waste their computer resources. Saying "We were invited, so it's legal" is like saying that being invited to someone's house for dinner makes it 100% okay to show up, shit on the table, punch the other guests in the faces, and then break a few windows on the way out. The host invited you, so you weren't doing anything wrong, huh?
(2) "Filling out a form provided by the spammer's Web site" is not any more okay than what the spammer was doing - they were sending a message to an address provided by your mail server. Doing it maliciously is still bad even if the victim's computer, following orders from the victim, was a necessary part of the process. Note that this is really just point 1 again in different words.
(3) If you believe your own arguments, why wouldn't the spam complaints be legal? And if you don't, why would including a counteroffer - through a channel you KNOW isn't set up to take anything except orders under the already-agreed terms - make anything any better?
(4) Come on, they're operating a Web site, taking orders, and accepting money. If they're willing to do that, they're certainly willing to "disclose their identities" in the amount needed to file a lawsuit.
Or whenever someone speaks about standing up for themselves or protecting ones self. It amounts to some form of vigilante act or "Oh GEEBUS!! No, thats not the way to handle it!!!" It's in line with modern day cops. Sure, we'll make an attempt to protect you but if someone robs you or tries to physically harm you. The best thing to do is just give them your money or try to run away; the last thing you should do is try and protect yourself.
I'm sorry to all the SpamProtectors out there but you have been ineffective. You've done nothing to protect the people who need it. Your tools are always one step behind. Seemingly asking one to not retaliate should come from the lips of others. Not you, one with vested interest in Spam. If there is no more Spam, there is no more SpamProtector. You will be out of a job and thats what you should be striving for.
Now, i'm not recommended vigilante acts meaning putting a hot orange in ones eye socket or random acts of grotesque violence. However, I see nothing wrong with complaining or disabling a Spam server to protect not only myself but others who aren't able to protect themselves from this problem.
1. The government has continously failed us
2. You the Spam Protector has failed us
3. Everything to date has FAILED.
You then turn around and ask the honest abiding citizens to continue to be run over the coals at the expense of SPAM?
Not today or tomorrow, so you could kiss my ass. The way I see it, the more vigilantes the better. At the very least they have not failed us and have taken the fight right to the spammers doorstep.
They seemingly understand that the only way to win a war, is to fight one. The spamprotectors seemingly remind me of the weapons dealers who play both sides. You're as bad as the spammers.
So; Cheers! To all the vigilantes out there standing up for the little guy and even the not so little guy! You are welcome round these parts anyday.
Enact a law making harvesting of their organs legal? Spammer organs might taste like spam, but they're STILL organs!
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Near enough a dupe of this article, I think...
Agreed. The main problem with such automated vigilante DoS tools is that you can't control who they'll be targetted at. The spammers will just send a wave of pretty obvious spam linking to a few high profile sites like the FBI or the Whitehouse or Slashdot, and this service will promptly disappear like all the previous similar services.
The plan has been criticised by other anti-spam workers who say it amounts to vigilantism."
Being passive about spam simply does not work. It allows the sending host to continue operation and upstream providers to simply ignore the abuse.
Now if each person who got a spam were to send 30 times as much bytes every minute for 1/2 hour back to the source connection in which the spam arrived it would not take spammers very long before their connection was congested and the upstream provider would close them down.
Having the upstream providers shut down bad systems for a week is not a new concept, just one that needs to be brought back. Call this a collective protest, a collective DoS of a spamer to get their attention.
So you are saying that we are using lists of the private or work mail addresses of millions and millions of spammers who haven't contacted us previously or requested a reply any other way?
There's no 'on' position on the Slacker switch!
Just think it's just another jihad against spammers, and instead of sending in their suicide bombers they are sending massive amounts of spam. It seems they have the general mentality of just using force without thinking.
five to ten years ago, we didn't call it "vigilantism." When the net was much younger, we had people who cared about what happened, and who were willing to fight to keep the net from being bombarded by criminals. After millions of AOLers have poured online, (who have no sense of respect or duty to the internet itself) you get what we have today - millions being trodden upon by others who don't care, and the onlookers continue to watch without action. We are the few who have access and knowledge to resolve such an issue, but most of you newbies don't even remember a time when the net policed itself. Screw complaining, screw the court system, screw the whiners, and IMHO, screw the spammers most of all - actively.
If everybody in the spam-hater just responded to one spam a day, they'd be drowning in complaints.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
Sure there's more to it than that, but if we/they could start to get that going I think ISPs might start policing themselves a little more aggressively when they start getting the flood of true abuse reports, one for each sent/received spam email.
I've always gone to the spammers sites, collected email addresses, and submitted them all to each other. I thought everyone did this already. ;)
Since no links were given nor in the slashdot article nor in the one linked, here are they:
m .do?from=corporate
Company's website:
http://www.bluesecurity.com/
Public beta of the anti-spam stuff:
https://members.bluesecurity.com/cwa/register_for
No need to lower ourselves to their level. There is no magic bullet for removing all spam. We are winning the war, but it will take a little while.
Filtration is getting better every day, and I'm sure that we'll start finding uses for it outside of removing spam from our inboxes. We're starting to drown in information and I'm sure that a set of mature filtration algos will come in very handy later down the road.
Education is something we have to work on, but it's getting better. It seems like most people understand what to do when faced with spam. There's still that last >1% that will buy from spammers, but we'll get to them soon enough.
The US Army: promoting democracy through unquestioned obedience
It's pretty obvious that neither he nor you actually read the description on how this system works. You've both just decided that it must be a bad idea and even made up your mind on how the system must be written. I recommend that you at least try to inform yourself (that goes for your InfoWeek buddy too) before you spout crap like that.
It still might be a bad idea, for other reasons, but you both missed all the points completely.
When dealing with content SPAM, I have found that if you can wait long enough to get valid whois info, you can get them to stop very easily by using free speech over brute force. Sometimes a combination is needed.
Of course, content SPAM is that Texas Hold em or Viagra ads that show up on your web site. They have to advertise for a valid domain name, or they are just vandalizing your site. If you can wait long enough to gather enough whois info, you can do some damage. Sometimes they change their whois info, so you need a service that stores older info. Sometimes they are spamming a site that is nothing more than a SPAM site, so you have to find the main site they are running.
Anyway, once you have some valid whois info, you write an open email to all the owners of all the sites promoted by one spammer. In that email, you include all the personal info you can get out of the whois. Of course they were hoping to get your site indexed with their SPAM links, so you forward your open message to your weblog or message board, including all the personal messages. Then, you do the brute force work via phone (VOIP works), snail mail, and email. If the open email and permanent posting of the spammers name (or the spammers bosses name) on your site doesn't work, a few hundred calls to their home/cell phone will.
You are right in that this will certainly happen. But it can be managed, again because of the principal differences between legit and illegit businesses. Spammers are notriously impossible to reach in any other errand than ordering their products. Legit companies are way easier to reach, and have many ways of proving their legitimacy. Thus they can be white-listed or something.
From BBC News:
You will also have to understand that spammers put the effort into what they do because there is money in it. They are likely much less into "ensure justice" than the average angry spam victim. If the reply part of this works anything like it's supposed to, the money will run out of spamming and spammers will retreat to pushing pills in street corners or whatever (I suppose cutting your hair and getting a real job is out of the question) Meaning: if the countermeasures you describe can just be handled in the short time, there will be no long time to speak of.
There's no 'on' position on the Slacker switch!
and will report on journal anything of note.
give their web site a C- for clarity - lots of confusing steps that are non sequential
requires manual forward of spam - no one click button installed in email client
requries install of thier software - not sure what it does
What do we as individuals have to lose? I am repeatedly surprised at accusations of vigilantism -- who the heck are these ani-spam guys supposed to be helping? It should be kept in mind that vigilantism is and was an acceptable solution in the absence of effictive law enforcement. Back in more primitive times when there were no police forces, vigilantism was the only law enforcement; well, it's primitive times on the net.
(CavemanOgg: Grog him me on head with stone and take food, me hit him back.
CavemanJane: No, that be vigilantism!
CavemanOgg: ooh, you right, me wait 65,000 years for legal system to develop and then file complaint with authorities.
Epilogue: Grog had all the kids. )
This:
That doesn't mean this can reduce their profits, which is always good.
Should obviously have been written as:
That doesn't mean this CAN'T reduce their profits, which is always good.
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
All this does is put them out of business. I want to kick them in the nuts too.
Sure this might annoy the spammers, but it's also going to cause problems for anyone unfortunate enough to be sharing a network/webhost/isp with a spammer.
What kind of problems? The same exact problems that spammers cause when they send gazillions of emails? If those ISP's aren't worried about that, I see no reason for them to worry about this. After all, this ISN'T one of those DOS attacks which cause a lot of traffic...
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
So what you are saying is that the rich guys win - no matter what. More bandwidth, more people to send SPAM, better servers, etc. The little guy (not rich), then becomes toast. Kind of a not-so-nice evolution there...
Or as an alternative, create some software that you install as the mailbox "spam@yourdomain.com". Every time you receive some spam, your filter forwards the message to that address. Your mail server then checks the message, possibly consulting a central server for what to do. It then "visits" the spammer's website, downloads a few pages, images etc, and posts a complaint.
Clearly, for the magic software to know what to do, it would need "spam signatures" and then a procedure of what to do. Still, not rocket science to create (and easy to integrate into mail clients and such like).
If you make one (sensible) visit/request to the spammers website in response to each spam you receive, that surely isn't illegal, because the spammer has asked you to do just that. I guess you could add in some randomness, so it maybe makes 75 requests for every 100 spams, or whatever.
Whilst still "dubious", it's not a concerted DOS, because you're only making one request per spam. Of course, multipled by a million mail servers all doing the same thing, it has a more convincing effect.
i haveseen spam get huge in the last 3 or 4 years but i really see no excellent defense to it spammers have made rediculous money from filling our mailboxes with adverts for things that you cant even purchase in your country half the time their extremely illiegal but all i really hear about is the spammers have rights too i just dont see how the have the right to stop filling my mail box they have the right to get a job that isnt so god damned anti social and they have the right to get spammed if they dont comply.
I Predict A Riot
So by writing a virus that sends out Microsoft spam, I can get you to DOS them for me. Sounds cool.
I have a better idea, why don't we all just switch back to pmail. The amazing story is that some bozo actually funded this.
Hopefully this software will be very smart about where the spam really came from, and all the paths that the reply spams and any related undeliverable messages might take. I recall years ago an extremely upset exchange of IMs with someone who insisted I'd sent them junk mail (my address had been spoofed). With all the "Mail could not be delivered" messages I get already, hopefully this software doesn't, by some means or another, land more crap in MY email box.
-- I prefer the term "karma escort."
"He who fights with monsters might take care lest he thereby become a monster." -Friedrich Nietzsche
So now the excess traffic generated by spam is to be doubled by *answering* the S.O.B's? Not a good idea if you ask me...
The last phishing email I got I sent in all the info but fake and created a gmail mail account that used the exact username and password I sent on the phishing site. The I sent myself an email to that address. I then didnt click on the email and left it as unread. I wanted to see if someone eventually would log in and read it. But in a drunken stupor one day I logged into the wrong account and accidentally clicked on the email and it go marked as read, so didnt have a chance to see if someone had logged in.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
wait what? "Terrorism" in which no one is physically hurt and no property is damaged? Wouldn't that just be "protesting?"
Threat of force is as valid a form of terrorism as force itself (which is actually secondary - the point of the violence is to induce fear).
The point of terrorism is the use of terror, not necessarily violence, to achieve your aims. The clue's in the word.
All I want is to live in a world where everyone acknowledges my obvious superiority. Is that so much to ask?
You are not a political science major are you?
It's the natural reaction. When the government or whoever else claims the monopoly on force can't defend the people anymore, they take up the weapons themselves.
Governments the world over have made it very clear that they don't intend to pursue this problem seriously. We know who the spammers are, and yet they still run around free man. It doesn't get more clearer than that.
Assorted stuff I do sometimes: Lemuria.org
...The spammers will have created "an existing business relationship."
So? We Americans are the first to admit that there are times when vigilantism is necessary (such as when the people we've elected to do the right thing, won't).
Heard any good sigs lately?
1) could you please stop using this "war on ..." slogan?
2) (some) spammers get better every day; have you studied some of the mails? Certain mix of famous quotes + a few not to obvious ad words are quite hard to detect (for a pattern matcher).
3) You did read the "can a spamfilter play chess" article (a few days back)? The short answer is: not really. Matching "intersting" info with a former spam-checker doesn't seem like a very good idea; could work, but not very well.
Nice try
Does anybody still get spam? Since implementing postgrey, spf, spamassassin, and postfix on an five year old mac worth about $150, I never even receive spam anymore. Postgrey drops over 90% of all spam and viruses before the DATA command, spf and the postfix controls pick off a few more per cent, and SA takes out the rest.
Since configuring amavis to kill all messages with an SA score above 10, I get maybe 1 spam a week that SA wasn't completely sure was spam. I toss that in a shared IMAP folder that any user can write to, and it gets auto-learned as spam within minutes. I never see another message like it again.
Now that this is up and running, I pretty much don't need to touch it except for the occasional bug fix for one of the components.
Why would I bother resorting to vigilantism? The spam problem is solved. Once I added clamav to the mix, viruses went away too.
I've tried following the rule of The Means justify the End on dealing with spam but nothing seems to have any real effect.
Whatever it takes, no matter what methods are employed, are not entirely out of bounds.
I am not against the social practice of highlighting individuals as spam-kings in society and letting everyone near them know that they are the kind of spam. I see nothing wrong with someone following Alan Rolsky around for a month with a big sign over them that says, "This man sends you spam" when he tries to go out in public.
Usually I'm a pretty mellow guy and try to give people the benefit of the doubt, but the behavour of spammers is nothing less than pestilence and I have no issues with anyone taking any methods, real or virtual, to remove them.
I would even go so far as to create a spam-tax to the buyers. If you buy product that is advertised via spam, regardless of spam actually being how you heard of the product, you are subject to a 200% tax or 2 years in jail. Stop making spam financially effective and it won't be used anymore.
Who the fuck came up with the idea of commercializing the internet in the first place?
This is one very good way to fight back, when hacker fight against spammers
Spammers used to include 800 numbers to place orders for the shit they were selling. I left a couple of truly offensive messages on their answering machines, and one of the assholes actually called me back to complain about it (on my modem line).
;)
Having a real, live spammer on the phone, was highly satisfying... I covered a lot of ground, from his anatomy to his parentage.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Israelis are well-known for terrorizing people. This spam-back technique should be a shoe in
I took a look at Blue Security's privacy policy and found this:
"email addresses that Blue Security establishes for you may be published on the Internet, and your designated email addresses will be provided in encrypted form to senders of unsolicited bulk email. In addition, email messages sent to your named email account will be forwarded to other members of the Do-Not-Intrude Registry." (my emphasis)
So it seems to me that not only are these folks distributing a list of email addresses of real people to spammers on request, they're also forwarding any spam destined for any person on their list to all the others - providing a very valuable service to the spammers themselves.
Is this just a cynical attempt to increase spammers' hit rates? Am I just too cynical? Please tell me I'm wrong.
There is no magic bullet for removing all spam.
But a few non-magical rounds in the heads of spammers would do a good job of it.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
...it amounts to more spam, going the other direction.
It looks like what they're doing is making it easier for people to respond to spam sites --- I.e. Each person can grab any spam, and put it thru a program which spits out an website. I can then go that website, and fill out the information they're asking for (more or less).
One Spam, One response. perfectly legal.
If I'm accurately reading what this software does, however, I would dissent (bigtime) on one point: do not make a counter offer. The point of this communication is: do not contact me anymore. Making a counter-offer constitutes a business transaction, and legally opens you up to more spam. As far as I'm concerned, that would be a bad thing(tm).
If, on the other hand, that's not what they're doing, perhaps someone should write a thunderbird/mozilla plugin to do that.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
As grandparent said, "what happens when someone sends spam appearing to be from a competitors site"? This thing is tailor-made for joe jobs! Man, what a cool way to get someone you dislike DDOS'd! Not just competitors, this will let someone take out any site they don't like! You don't even need a botnet - you'll have people acting as your robot *voluntarily*!
Let me tell you about another group of vigilantes... They thought the British rule was oppressive, they wouldn't stand for taxation without representation, and they fought back as well!
This goes back to my theory that the only way to curb spam is through violence. passive resistance is not an option. If I met someone, say, in a supermarket who was a spammer, I would haul off and deck them. I would beat their ass 6-ways-from-sunday (and as my mother would say) in front of god and everybody. It would be a merciless ass-beating and when the police came, they would pull me off and say "What's all this about?" I would tell them "This, sir, is the guy who sends you and your children all the spam in your email box." to which they would respond... "as you were then, sir!"
1) They do not reply directly to the spammers. They first question the company that the spam links to, after checking the distribution of spam to that website versus to others (ie: the worst offenders are targeted).
2) For each user signed up, a honey-pot email account is set up. That email is seeded with your "identity" in places spammers look for addresses. It's bait.
3) For each spam recieved at a honey pot, a complaint is sent to the target company. The upshot of which is that if, like a spamming company, the server takes that honeypot account and says, "Hey, it's real!", the spammer will send out more, recieve more - and bog down the server.
I don't see why this is a bad thing; for one thing, it's the natural evolution based on an environment that contains such systems.
A system that uses "real" addresses to send more "business mail". Etiquette dictates that they send only one unless active business is taking place. Etiquette evolves for a reason. Anyways, these systems, called "spammers" don't take the hint, being mostly automated anyway.
In society, breaking etiquitte is annoying, and if continuous, is dealt with by the society. In human civilization, this is done by the public appointing authority, and insisting that to keep this authority, they take care of the etiquette-breakers. There is no such valid authority on the internet. I suggest there never has to be.
Instead, organizations like this develop as community projects. They can be professional and efficient, because they're also mostly automated, but programmed by those who have a very specific target and intent.
Best way to deal with spammers? Exploit a simple cause-effect relationship between incoming form data and outgoing mail, but never initiate contact. Bait? Sure, but don't initiate. Let them hang themselves.
Which is the point, really. Spammers who don't make it to the top of the list aren't targetted. Spammers who actually remove you from the sender list aren't targetted.
Additionally, the link between spam-collection and target-picking is not automated. It's done by the maintainers of the site, who first ASK the company in question to change their advertising methods away from spam.
As for spoofing your enemy's company, I'm sure they have a way of dealing with that; because there's human interaction before target-picking, these sorts of things can be dealt with.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
Let's hope each one takes them 20 minutes to process.
"Reality is that which, when you stop believing in it, it doesn't go away." - Philip K. Dick
Isn't this the equivalent of returning junk mail in the prepaid return envelopes? It's certainly not illegal, but very effective since it costs the sender money. I don't know how effective this method has been in stopping the amount of junk mail I receive, but see no reason why it wouldn't if more people did so. Same is true for spam, with the exception that software can make it as simple to do as sending the mail to the trash. Wendall
It's punishment.
42
I'm tired and fed up with all the spam I received. Is it a moral way to fight it ? Absolutely not !
Effective ? Perhaps, if they got enough fed up users who are willing to fight back. There is no near term solutions, nor law that will keep those spammers away.
Until there is perfect solution to put those spammers where they belong, I'd say YES to cause them as much troubles as they've caused the rest of the world with their spam.
The Government of the British Empire didn't engage in spoofing, or in re-direction through zombied-systems, etc...
Vigilantism, as attractive as it is to me, fails when one doesn't certainly have the origin's identity. . .
In fact, it seems to me, that Justice requires correct identification of perpetrator *&* crime, as-well-as correct corrective-law ( which is usually the thing felt-to-be-lacking that induces vigilantism, right? ). . .
IF that's the case, then wouldn't the problem be the non-correct law, rather-than failure-of-application-of-law?
Why not pressure/torque the law-maker(s)?
Why not remove all protection ( sysadmin implementing SpamAssassin, etc. ) from them, and let them get the raw stuff they ignore, while catering to their lover^h^h^h^h^h^h lobbyists? .
Make raw-experience a requirement of the position of legislator.
No-one can legislate women's rights if they haven't experienced the condition of being a woman,
no-one can legislate spam-management unless they've experienced spam, . .
It makes for a wonderfully threatening batch of implications, doesn't it?
IPTables enhancement Fail2Ban bans cracker-login's
All a spammer needs to do to avoid this kind of attack on a "website" is to have the trojan horse that is operating the "website" on a compromised PC ("zombie") on some broadband connection do some form verification before submitting the order for handling by spammers own computers somewhere else. Only real orders would pass through. And if they don't already they would quickly attack. That's what spammers do. They don't care about being attacked. They are constantly being attacked and they are constantly adapting, just like bacteria adapting to antibiotics...
Perhaps a better approach if we want to take this clearly illegal path is to drown the spammers with orders made with stolen or fake credit card numbers. That might be a big problem for them...
If someone really wants to make software that automatically does something about spam received, the program should just report the spam to the network abuse address of the source of the spam message. Spamcop.net does a really good job in parsing headers, identifying the source, locating the address of the correct abuse team, and sending them a complaint. Everything is done automatically except that the user has to manually copy and paste the email in raw form (or forward as attachment) and then to manually review and approve the complaint before it is sent. This is reasonable as it is a real complaint to a real abuse team. But it is limited to people that have the technical ability to extract the raw form of the email and submit it, and have the patience to do it with every single piece of spam...
Thia system should be further automated into a system that receives automatic forwards of spam identified by humans (e.g. clicking a "this is spam" button in an email reader) and then parses headers and classifies them according to their real sources, and then ISPs should have access to this data so they can identify the sources in their networks and block them. What I suggest here is a system that does quite what spamcop does but on a larger scale, with millions of email readers providing input that might have lower quality than manual spamcop reports by spamcop users that know what email headers are, and a reasonable way to organize the millions of complaints so abuse teams can use them (obviously receiving thousands of complaints in individual email messages about copies of the same message from the same zombie PC is not the right way. There's a need for automatically organizing these so abuse teams can spend their time dealing with new complaints).
So instead of a system that overloads the spammers websites I suggest a system that's cutting them off by helping the network providers find them and disconnect them.
A single justified complaint per incident per account, in the same form as the offending communication is NOT SPAM. You have the right to reply to anything sent to you and if you want that reply to say "Please Leave Me Alone Impudent Spamming Dog" then you are completely within your rights to do so. Spam is an intrusion. I treat it with the same contempt as telemarketers and door-knockers.... they're all timestealers. They steal the crumbs of leisuretime my boss leaves me and turn them into a boring advertisement.
-- Howto: Get +5 (1) Whine about M$ (2) Namedrop Gentoo (3) Casually Abuse Mods (4) Namedrop Early Computer Model
Here in the U.S., Anti-Spam laws will never be anything more than ineffectual lip service.
There's too much at stake in the way of taxable income.
The spammers are already filling MY inboxes with garbage. I pay for my email access. I pay for bandwidth. I pay for mobile email access. My hosting company pays for storage, filtering and bandwidth for spam (passing the charges on to me). My company pays to run a server, bandwidth, and storage. I add filters (taking me away from billable hours = a financial loss to me). They adapt and find ways around my filters, causing further time to adjust them. I've lost at least 3 email addresses due to spam. My main work address is now starting to receive spam. I can't lose this address without significantly affecting my business. Each message that comes in there takes me away from a billable task. I'm just waiting for my address to start showing up as the from: line in their spam, making my business look like a spammer, when it isn't. I will not be happy when that happens.
I own and promote a business. I pay for my advertising. There are many ways to promote a business without representing a cost to the end user. So, it's only fair that I recover those costs.
Ultimately these people represent a financial loss to me and my business that I have no way of recovering, and we're debating if it's legal to fill their forms with garbage? If I can't recover my costs the least I can do is increase theirs. Or, they can send me a cheque and I'll stop.
(Don't start me about the voicemail spammers. A few debt reduction organizations will be receiving an invoice shortly. I'm paying for my cell phone for my business, not so that they can advertise theirs at my expense)
I use Macs to up my productivity, so up yours Microsoft!
I'm not sure if anyone noticed, but a problem with vigilantism is that you are taking the law into your own hands, you are acting as the judge, jury, and executioner. The person you are "convicting" has no due process, and is simply punished by your own personal standards. Is there any kind of standard of proof, any kind of assurance that the person is guilty? Nope, just what the convicter is "sure" of.
Now, more specifically in this situation, what if this program is wrong/bugged? What if it sends your retaliatory spam to the wrong person (someone not even related to the spammer)? Just an "oops, oh well, my bad"? What if that wrongfully spammed person respams you as retaliation?
This is not to say that current anti-spam initiatives are working, or even that the justice system works well, but just to say that I'd rather have a justice system that is quirky than a justice system based on the random moral standards of random individuals.