Slashdot Mirror
Spam Haters Given Right of Reply
rk_cr wrote to mention an Israeli technology firm which has set up a system to allow harried email users the right to reply in force. The system "batters spam websites with thousands of complaints. The plan is to fill order forms on spam websites offering pills, porn and penile health tonics with complaints about the products advertised for sale in junk messages. The plan has been criticised by other anti-spam workers who say it amounts to vigilantism."
so we spam the spammers sending spam...wait..what? This is some strange paradox that i can't understand at 7am EST..
time is a perception of a being's consciousness
time is your 6th sense, the wierd ones are 7+
Would the users not then be liable for precisely the same kind of charges and punishment that the spammers are?
Sure this might annoy the spammers, but it's also going to cause problems for anyone unfortunate enough to be sharing a network/webhost/isp with a spammer. And what happens when someone sends spam appearing to be from a competitors site, in order for them to be attacked?
Drag n' Drop DVD Recommendations
http://it.slashdot.org/article.pl?sid=05/07/18/121 4226&tid=111&tid=1
Leela: Hold it Santa! Consider this: you are programmed to destroy the naughty... I submit to you, that you are in fact naughty, and that, logically, you must destroy yourself.
Santa: Nice try, but my head was built with paradox absorbing crumple zones.
I'm a spammer and I really don't appreciate this kind of vigilantism. Therefore, I'm going to have my army of spambots crapflood your website with GNAA/Trollkore posts. Have a nice day.
Wh47 d1d j00 541, 31337 15n't t3h r0xor5 ne m0r3???
FTA, I will quote a whiner: "Deliberate attacks against people's websites are illegal."
WTF?! Are you an idiot or what? Since when, exactly, are there laws on the web?
Before you reply with witty comments and dates, please understand I'm not saying that there should not be or that there are no written laws, I'm saying that (almost) nobody respects them. Go on, enforce laws on the web. Come back when you succeed.
Given that it's impossible to regulate the web beyond the very basics like domain registration etc., people like the whiner above should just accept the fact that the lack of laws on the web make this a no-man's land, where criminals are free to do what they want (which they are doing) and those who object are free to take arms and destroy them (which they are not doing).
So who gives a fuck when it's illegal - laws that are not enforced are simply not there. Now do you prefer sitting and whining and blaming it on the innocent ones or actually *doing* something to solve the problem?
Global warming is a cube.
The plan has been criticised by other anti-spam workers who say it amounts to vigilantism.
Have you noticed that everytime a brilliant solution arise, a solution that seems just right and appropriate. A solution that would maybe not stop but at least truly hinder spam or virii and stuff like that, security firm says its a bad idea, its vigilantism and crap like that. Who cares if its vigilantism, it works and thats all that count. The fact of the matter is that none of these company want virii gone or spam dead, they want to sell you stuff that gives you the impression its doing something usefull about it. deleting spam, filtering it, scanning for virii and removing the well known ones, it just doesnt do crap about the problems... retaliating might, so facing a technique that could work the "spam fighters" dismisses it...
A vigilante is someone who usurps ot assumes power or authority from where it rightfully
exists.
Now, show me an elected or appointed spam cop that this is taking authority away from. There is none. Don't even bother to pretend ISPs fulfill this role. Their role is to keep customers. Some do better than othres at cleaning the trash, but none can act beyond their boundries.
And speaking of boundries, that's where your anti-spam laws stop. And that's as it should be.
This is the emergence of a regulatory force in the absence of any. That is not vigilantism. The net should police itself, including the dirty work. If it doesn't, someone will.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Your post advocates a
(x) technical ( ) legislative ( ) market-based (x) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
(This time the spammers will be doing the filtering, and that will be quite easy for them.)
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
I code, therefore I am.
Unbelievably stupid. Or, as Mitch Wagner observed:
And even he doesn't cover all the problems; for example, as everyone with the slightest clue about spam has known for years, responding to the spammer in any way is absolutely idiotic.
But since the people involved in this company have no anti-spam credentials, no track record of involvement, and no clue how their "counter-attacks" will be neatly retargeted (surely nobody is naive enough to believe that spammers will sit still for this?) I can't say I'm surprised. This is merely the latest bonehead idea in a long series (e.g. challenge-response, callbacks, SPF, etc.) of bonehead ideas put forth by people who have clearly failed to comprehend even the rudimentary aspects of the spam problem...or who have, but simply do not care about the conequences for everyone else as long as they can selfishly "solve" their part of the problem.
I've already blacklisted the company behind this tripe and null-routed their address space. I recommend the same for everyone else. There's simply no place on the Internet for those who want to profit from our collective misery by making it worse.
This is an old pattern. The bad guys (Spammers this time) inflict themselves on the public. Authority is asked to help, but cannot or will not do so. Victims then search for their own solutions. Authorities see their monopoly threatened and cry,"Vigilantes!" The authorities, whether government or private concerns, feel they have more to gain protecting their monopoly than by fighting the problem, and victims are an easier target than organized thugs. Notice that their protests against the victims do not offer a better solution, only name-calling and threats.
FTA: The plan is to fill order forms on spam websites...
No 'From' header required...!
1. DOS on spammers proposal: http://it.slashdot.org/article.pl?sid=05/07/18/121 4226&tid=111&tid=1;8 205&tid=95&tid=111)
2. The, I believe english, innitiative to reply on spam by going to the websites and not buy anything (1/3 of users responds on spam advertising: http://it.slashdot.org/article.pl?sid=05/03/23/23
Somehow I do not feel like going after these spammers at all, but more for just better working ISPs to disconnect bots of the net, and disconnect spammers of the net.
My wife's sketchblog Blob[p]: Gastrono-me
No there is a difference.
Spammers misuse a cheap communication medium for unwanted advertising and nothing can stop them. So massive (mis)use of their own reply mechanism (btw. that was exactly what they wanted me to do by sending the spam in the first place) will drive the cost up for them (bandwidth etc.), so in theory at some point their action will be no longer profitable and they will stop.
That's a different story than 'spam them becuse they spammed me'. It's about making spam unprofitable.
What an idea!
Why OH WHY do people buy from them?
I have my doubts about whether this will actually work, but I'm not sure it matters.
I just think getting thousands of complaints should be the natural result of pissing off thousands of people.
The psychopathic behavior of a spammer wouldn't be tolerated for an instant if he were face-to-face with his victims. Try attending a ballet or opera, and yelling "I have cheese in my butt!" at top volume.
Whether it works or not, what Blue Sec is doing should be an expected inconvenience of spamming. Even if it just causes spammers to set up their own filters, at least it will weed out some would-be casual spammers.
The Internet is full. Go away.
What? No it doesn't.
Couldn't it be called self-defense?
Cool! Let THEM start sweating around trying to protect their sites for once. How cool is having a spammer deal with the same kind of shit that they spread around?
That doesn't mean this can reduce their profits, which is always good.
That's just an opinion, not a fact, at least in this particular case.
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
Spamhaus' definition of spam: (the rest of the definition is [here.
The word "Spam" as applied to Email means Unsolicited Bulk Email ("UBE").
Unsolicited means that the Recipient has not granted verifiable permission for the message to be sent. Bulk means that the message is sent as part of a larger collection of messages, all having substantively identical content.
A message is Spam only if it is both Unsolicited and Bulk.
- Unsolicited Email is normal email
(examples: first contact enquiries, job enquiries, sales enquiries)
- Bulk Email is normal email
(examples: subscriber newsletters, customer communications, discussion lists)
Technical Definition of Spam
An electronic message is "spam" IF:
(1) the recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients;
AND
(2) the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent.
(The rest of the definition is here.
How exactly is this different from a bunch of people just filling out bogus information?
Answer: It isn't.
If a significant percentage of us, just did this, the spammers would be hurt by rising costs and sharply reduced product value proposition. (leads)
This company is just making that easier.
No harm, no foul.
Unless you are the spammer making money off of shared resources without giving anything back that is...
I hope this works and it catches on. I would use this service in a minute.
Want to cut down your junk mail? Spend a few days each month filling their postage paid envelopes with their competetors offers and other interesting bits you can stuff in there. For those little card things, fill 'em out with crap.
People have done this for years and this spam service is no different than hiring somebody to send crap data for you.
Blogging because I can...
Sheesh! Slashdot has gotten really lame.
"Other anti-spam workers" is none other than John Levine, Ph.D, co-author of the BEST SELLING INTERNET BOOK OF ALL TIME (I kid you not) "The Internet for Dummies" (Now in its ninth edition). Some of you cretins need to read it.
In Commonwealth of Virginia v. Jeremy Jaynes Dr. Levine served as an expert witness for the prosecution. His testimony helped send Jaynes to prison for nine years.
At the second annual Conference on Email and Spam Levine presented a technical paper on his experiences with greylisting.
Dr. Levine is the chair of the IRTF Anti-Spam Research Group. He's a founding member of the Coalition Against Unsolicited Commercial Email. He runs the Network Abuse Clearinghouse.
"Other Anti-Spam Worker" indeed.
Take a good look at Blue Security's product. I think you'll see that it's little more than an HTTP DDoS tool. BlueSecurity claims that it's okay to DDoS spammers, and that they make very sure that only spammers are DDoS'd (although their careful not to call what they do a DDoS).
I'm given to understand that they moved their hosting to Israel when Verio terminated their service for violations of Verio's acceptable use policy. Verio doesn't allow folks to host denial of service tools on their network (nor will any normal ISP do so).
Someone should ask BlueSecurity about their legal threats against Everyone's Internet for attempting to do the same.
These are not nice people. The only difference between them and the normal crop of script-kiddie miscreants, is that they have found venture capital.
Or whenever someone speaks about standing up for themselves or protecting ones self. It amounts to some form of vigilante act or "Oh GEEBUS!! No, thats not the way to handle it!!!" It's in line with modern day cops. Sure, we'll make an attempt to protect you but if someone robs you or tries to physically harm you. The best thing to do is just give them your money or try to run away; the last thing you should do is try and protect yourself.
I'm sorry to all the SpamProtectors out there but you have been ineffective. You've done nothing to protect the people who need it. Your tools are always one step behind. Seemingly asking one to not retaliate should come from the lips of others. Not you, one with vested interest in Spam. If there is no more Spam, there is no more SpamProtector. You will be out of a job and thats what you should be striving for.
Now, i'm not recommended vigilante acts meaning putting a hot orange in ones eye socket or random acts of grotesque violence. However, I see nothing wrong with complaining or disabling a Spam server to protect not only myself but others who aren't able to protect themselves from this problem.
1. The government has continously failed us
2. You the Spam Protector has failed us
3. Everything to date has FAILED.
You then turn around and ask the honest abiding citizens to continue to be run over the coals at the expense of SPAM?
Not today or tomorrow, so you could kiss my ass. The way I see it, the more vigilantes the better. At the very least they have not failed us and have taken the fight right to the spammers doorstep.
They seemingly understand that the only way to win a war, is to fight one. The spamprotectors seemingly remind me of the weapons dealers who play both sides. You're as bad as the spammers.
So; Cheers! To all the vigilantes out there standing up for the little guy and even the not so little guy! You are welcome round these parts anyday.
No, you are missing the point. Say Company A sells software. Lets say that for some reason (maybe my company competes with them, maybe I'm a disgruntled former employee or customer, who knows) I don't like Company A. I can just get a spammer to send out a chain of spam emails in the name of Company A. When people receive these emails they get pissed off and launch a counter-offensive. Their website goes down, they lose business, and people lose their jobs for doing nothing wrong other than working for a company that pissed of a creative vigilante.
Mathematics is made of 50 percent formulas, 50 percent proofs, and 50 percent imagination.
The plan has been criticised by other anti-spam workers who say it amounts to vigilantism."
Being passive about spam simply does not work. It allows the sending host to continue operation and upstream providers to simply ignore the abuse.
Now if each person who got a spam were to send 30 times as much bytes every minute for 1/2 hour back to the source connection in which the spam arrived it would not take spammers very long before their connection was congested and the upstream provider would close them down.
Having the upstream providers shut down bad systems for a week is not a new concept, just one that needs to be brought back. Call this a collective protest, a collective DoS of a spamer to get their attention.
hey didn't invite you to visit the Web site to waste their computer resources. Saying "We were invited, so it's legal" is like saying that being invited to someone's house for dinner makes it 100% okay to show up, shit on the table, punch the other guests in the faces, and then break a few windows on the way out.
These acts are crimes in themselves. Filling out a web form is not.
The point was, replying with a garbage reply is not SPAM because you were invited to the page, explicitly. The spammer was not invited.
If you believe your own arguments, why wouldn't the spam complaints be legal?
The less clear cut their case, the less likely they are to retaliate legally. It would be hard for the government to make absurd business offers by invited parties illegal, no matter how odd the offers are. They can make DDOS attacks stick in court though. Personally, I don't think that replying to spam is illegal in the first place (unless, perhaps, you provide false information), but even if you do break the law, spammers are unlikely to waste money on legal expenses.
Vigellanteism is okay if you can get away with it and noone is physically hurt and no property damaged.
___
It's the end of my comment as I know it and I feel fine.
All this does is put them out of business. I want to kick them in the nuts too.
wait what? "Terrorism" in which no one is physically hurt and no property is damaged? Wouldn't that just be "protesting?"
Threat of force is as valid a form of terrorism as force itself (which is actually secondary - the point of the violence is to induce fear).
The point of terrorism is the use of terror, not necessarily violence, to achieve your aims. The clue's in the word.
All I want is to live in a world where everyone acknowledges my obvious superiority. Is that so much to ask?
It's the natural reaction. When the government or whoever else claims the monopoly on force can't defend the people anymore, they take up the weapons themselves.
Governments the world over have made it very clear that they don't intend to pursue this problem seriously. We know who the spammers are, and yet they still run around free man. It doesn't get more clearer than that.
Assorted stuff I do sometimes: Lemuria.org
Spammers used to include 800 numbers to place orders for the shit they were selling. I left a couple of truly offensive messages on their answering machines, and one of the assholes actually called me back to complain about it (on my modem line).
;)
Having a real, live spammer on the phone, was highly satisfying... I covered a lot of ground, from his anatomy to his parentage.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
I took a look at Blue Security's privacy policy and found this:
"email addresses that Blue Security establishes for you may be published on the Internet, and your designated email addresses will be provided in encrypted form to senders of unsolicited bulk email. In addition, email messages sent to your named email account will be forwarded to other members of the Do-Not-Intrude Registry." (my emphasis)
So it seems to me that not only are these folks distributing a list of email addresses of real people to spammers on request, they're also forwarding any spam destined for any person on their list to all the others - providing a very valuable service to the spammers themselves.
Is this just a cynical attempt to increase spammers' hit rates? Am I just too cynical? Please tell me I'm wrong.
1) They do not reply directly to the spammers. They first question the company that the spam links to, after checking the distribution of spam to that website versus to others (ie: the worst offenders are targeted).
2) For each user signed up, a honey-pot email account is set up. That email is seeded with your "identity" in places spammers look for addresses. It's bait.
3) For each spam recieved at a honey pot, a complaint is sent to the target company. The upshot of which is that if, like a spamming company, the server takes that honeypot account and says, "Hey, it's real!", the spammer will send out more, recieve more - and bog down the server.
I don't see why this is a bad thing; for one thing, it's the natural evolution based on an environment that contains such systems.
A system that uses "real" addresses to send more "business mail". Etiquette dictates that they send only one unless active business is taking place. Etiquette evolves for a reason. Anyways, these systems, called "spammers" don't take the hint, being mostly automated anyway.
In society, breaking etiquitte is annoying, and if continuous, is dealt with by the society. In human civilization, this is done by the public appointing authority, and insisting that to keep this authority, they take care of the etiquette-breakers. There is no such valid authority on the internet. I suggest there never has to be.
Instead, organizations like this develop as community projects. They can be professional and efficient, because they're also mostly automated, but programmed by those who have a very specific target and intent.
Best way to deal with spammers? Exploit a simple cause-effect relationship between incoming form data and outgoing mail, but never initiate contact. Bait? Sure, but don't initiate. Let them hang themselves.
Which is the point, really. Spammers who don't make it to the top of the list aren't targetted. Spammers who actually remove you from the sender list aren't targetted.
Additionally, the link between spam-collection and target-picking is not automated. It's done by the maintainers of the site, who first ASK the company in question to change their advertising methods away from spam.
As for spoofing your enemy's company, I'm sure they have a way of dealing with that; because there's human interaction before target-picking, these sorts of things can be dealt with.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1