Spam Haters Given Right of Reply

rk_cr wrote to mention an Israeli technology firm which has set up a system to allow harried email users the right to reply in force. The system "batters spam websites with thousands of complaints. The plan is to fill order forms on spam websites offering pills, porn and penile health tonics with complaints about the products advertised for sale in junk messages. The plan has been criticised by other anti-spam workers who say it amounts to vigilantism."

fight fire with fire?

[Prophetic_Truth]

so we spam the spammers sending spam...wait..what? This is some strange paradox that i can't understand at 7am EST..

Re:fight fire with fire?

[h4rm0ny]

Right now the Internet is an incivillised place, a sort of new colony, but settled by people who have the benefit of hindsight from the modern societies they have come from. I say let us fight it out for ourselves, establish our own rules, enforecements and bounds of behaviour, not have them imposed from the founding states (physical world).

Re:fight fire with fire?

[v1]

Spammers will continue their work as long as it is proffitable. Normally I'd als append "and legal", but it's been demonstrated ad nausium that the spammers really don't care about what's legal and what's not, so that's out. That leaves us with only two alternatives really - increase enforcement of the laws, (isn't that always a problem?) and make it not proffitable.

The problem with the proffitability is that the average consumer IQ is 100, and that means 1/2 of them are below 100, so you're not dealing with the brightest collection of people in the world. There will always be a ready supply of suckers to reply to the spammers, so we can't stop it that way.

If we can't stop their revenue, the only way to financially affect them is by costing them money. The most straightforward way to do this is by bandwidth charges and fake submissions. Is this vigilante action? You bet it is. But right now even though spam is hated by 95% of the world, there is no effective legal enforcement against it. (try to think of anything else that 95% of people in the world don't hate, that isn't illegal as a result?) The main reason this is the case is that there's so much money in spam - it's very proffitable if done correctly. As long as there is incentive in the form of lots of cash, the problem will never go away. It doesn't matter how many laws you make or any other actions you take - if it remains a very proffitable venture, people will continue to engage in it.

The only thing that makes spam different is that ONE person can annoy the piss out of hundreds of thousands of people at a time, and as far as social injustice is concerned, that's very impressive. Someone with that level of morals doing that degree of harm to the general public deserves no protection from society or its justice, even if vigilante.

Lets say I go driving around town spattering mud on people's houses. It's a nuisance, not really harmful per se, but I'm annoying the piss out of people. How long do you think I'd be allowed to continue to do that before the cops would come haul me away? Now imagine I was managing to do that TO AN ENTIRE CITY. There'd be an APB out on my carcass, you can be sure. The only reason spammers don't have this probelm is they can spatter mud on people's houses from another state or another country. For now this makes them safe. I look forward to the day this is no longer the case.

Legality?

[gunpowda]

Would the users not then be liable for precisely the same kind of charges and punishment that the spammers are?

Re:Legality?

[bobbis.u]

They solicited the business by contacting you first, so there is clear cut difference.

I'm not sure whether the law would reflect this, because as we all know, the law doesn't always reflect justice.

Re:Legality?

Parent's comment feeds nicely into the close of the article:

But the scheme has been criticised by John Levine, a board member of the anti-spam Coalition Against Unsolicited Commercial E-mail.

"It's the worst kind of vigilante approach," Mr Levine told the AP news service. "Deliberate attacks against people's websites are illegal."

Except there's several minor problems with this supposed illegality:

(1) The spammer has sent you email inviting you to the spammer's website. Under the law, this explicit consent makes you an invitee, and not a trespasser.

(2) The company is filling out a form provided by the spammer's website. Arguably, there is implicit consent for the user to fill out the form, and the fact that the response rate has jumped from 0.1% to, say, 10% may be unusual, but it is a foreseeable consequence of the spammer's campaign. If you are replying in exactly the manner intended by the recipient, it's hard to classify the response as a denial of service.

(3) The spam complaints may not be legal in and of themselves, so if the company is smart, it will include an unreasonable counteroffer ("Dear sir, I would like to purchase your product, but I am only willing to pay $0.01 per item, including shipping and handling. You may accept this offer by shipping the product to [P.O. box that nothing is likely to ever appear in anyway owned by company]"), which in fact will be perfectly reasonable because the offer invites counteroffers, and the subjective intent of the person making the counteroffer is irrelevant to a legal analysis of the contract (note: I am not arguing that there is no risk whatsoever, courts are not stupid, but they tend to employ 'cruel' ways of being fair).

(4) The spammers haven't exactly shown that they are willing to disclose their identities. At some point, the spammer has to sue someone. That subjects them to both subject matter and personal jurisdiction for various claims like private nuisancce, misrepresentation, breach of contract, etc. by anyone willing to cooperate with the company based on the admissions that the spammer will have to include in the complaint. Even if a spam association chooses to file suit, the ORIGINAL spammer will have to be identified in the record when whoever brings suit attempts to authenticate the evidence. Given the paltry number of pro-spammer lawsuits based on commercial rather than constitutional theories (where it's easier to hide the identity of the real party in interest), does anyone think that there's a substantial likelihood of civil complaint or criminal prosecution?

Not just getting the spammers though

[intmainvoid]

Sure this might annoy the spammers, but it's also going to cause problems for anyone unfortunate enough to be sharing a network/webhost/isp with a spammer. And what happens when someone sends spam appearing to be from a competitors site, in order for them to be attacked?

Re:Not just getting the spammers though

[Detritus]

If you sleep with dogs, you wake up with fleas.

Nuke them all. If you do business with a spam-friendly ISP, you are partly responsible for the spam.

dupe

http://it.slashdot.org/article.pl?sid=05/07/18/121 4226&tid=111&tid=1

Futurama

[zaxios]

Leela: Hold it Santa! Consider this: you are programmed to destroy the naughty... I submit to you, that you are in fact naughty, and that, logically, you must destroy yourself.

Santa: Nice try, but my head was built with paradox absorbing crumple zones.

You insensitive clod!!!

[rock_climbing_guy]

I'm a spammer and I really don't appreciate this kind of vigilantism. Therefore, I'm going to have my army of spambots crapflood your website with GNAA/Trollkore posts. Have a nice day.

Of course spam fighters find this innapropriate

[NeedleSurfer]

The plan has been criticised by other anti-spam workers who say it amounts to vigilantism.

Have you noticed that everytime a brilliant solution arise, a solution that seems just right and appropriate. A solution that would maybe not stop but at least truly hinder spam or virii and stuff like that, security firm says its a bad idea, its vigilantism and crap like that. Who cares if its vigilantism, it works and thats all that count. The fact of the matter is that none of these company want virii gone or spam dead, they want to sell you stuff that gives you the impression its doing something usefull about it. deleting spam, filtering it, scanning for virii and removing the well known ones, it just doesnt do crap about the problems... retaliating might, so facing a technique that could work the "spam fighters" dismisses it...

Catch a clue

[DynaSoar]

A vigilante is someone who usurps ot assumes power or authority from where it rightfully
exists.

Now, show me an elected or appointed spam cop that this is taking authority away from. There is none. Don't even bother to pretend ISPs fulfill this role. Their role is to keep customers. Some do better than othres at cleaning the trash, but none can act beyond their boundries.

And speaking of boundries, that's where your anti-spam laws stop. And that's as it should be.

This is the emergence of a regulatory force in the absence of any. That is not vigilantism. The net should police itself, including the dirty work. If it doesn't, someone will.

Who was stupid enough to fund this nonsense?

[Arrogant-Bastard]

Unbelievably stupid. Or, as Mitch Wagner observed:

• InformationWeek Weblog: Dumb As A Bag Of Hammers

And even he doesn't cover all the problems; for example, as everyone with the slightest clue about spam has known for years, responding to the spammer in any way is absolutely idiotic.

But since the people involved in this company have no anti-spam credentials, no track record of involvement, and no clue how their "counter-attacks" will be neatly retargeted (surely nobody is naive enough to believe that spammers will sit still for this?) I can't say I'm surprised. This is merely the latest bonehead idea in a long series (e.g. challenge-response, callbacks, SPF, etc.) of bonehead ideas put forth by people who have clearly failed to comprehend even the rudimentary aspects of the spam problem...or who have, but simply do not care about the conequences for everyone else as long as they can selfishly "solve" their part of the problem.

I've already blacklisted the company behind this tripe and null-routed their address space. I recommend the same for everyone else. There's simply no place on the Internet for those who want to profit from our collective misery by making it worse.

Spam Haters Given Right of Reply

[wljones]

This is an old pattern. The bad guys (Spammers this time) inflict themselves on the public. Authority is asked to help, but cannot or will not do so. Victims then search for their own solutions. Authorities see their monopoly threatened and cry,"Vigilantes!" The authorities, whether government or private concerns, feel they have more to gain protecting their monopoly than by fighting the problem, and victims are an easier target than organized thugs. Notice that their protests against the victims do not offer a better solution, only name-calling and threats.

Fully justified

[VGR]

I have my doubts about whether this will actually work, but I'm not sure it matters.

I just think getting thousands of complaints should be the natural result of pissing off thousands of people.

The psychopathic behavior of a spammer wouldn't be tolerated for an instant if he were face-to-face with his victims. Try attending a ballet or opera, and yelling "I have cheese in my butt!" at top volume.

Whether it works or not, what Blue Sec is doing should be an expected inconvenience of spamming. Even if it just causes spammers to set up their own filters, at least it will weed out some would-be casual spammers.

Re:Let's get it done and over with...

[ozmanjusri]

A couple of years ago I submitted a request to the Thunderbird team to include a button which would do exactly this. I still believe it's a good approach, although an Outlook plugin would probably be more effective.
I'll try to address some of your objections, but I think you missed the main one;

(*) Joe jobs and/or identity theft

I've had to deal with dozens of Joe jobs every year, and I'll have to deal with dozens more every month for the forseeable future. It's already so bad, a few more won't make it significantly worse.

(x) Requires immediate total cooperation from everybody at once

No, even a few thousand false records in a spammers database would be enough to increase their costs. That's the goal here, and while more would be better (especially if the company which hired the spammer is paying per response), it's a step in the right direction.

(x) Laws expressly prohibiting it

None.

(x) Eternal arms race involved in all filtering approaches (This time the spammers will be doing the filtering, and that will be quite easy for them.)

It will reduce their profits. That's good.

(x) Extreme profitability of spam

This will reduce it.

(x) Feel-good measures do nothing to solve the problem

Doing nothing will achieve even less.

(x) Sorry dude, but I don't think it would work.

It doesn't have to, at least not by itself. Spammers are just another in a long line of parasites humanity has had to deal with over the years. We're winning more often against most of our parasites, but rarely do we ever eliminate them completely. Spammers are winning now, they're a plague on the internet. Getting them under control in the way we have lice or fleas under control is a process, not a once-off event. This will be one control out of many.

I call BS on the other spam worker claim.

[PotatoHead]

How exactly is this different from a bunch of people just filling out bogus information?

Answer: It isn't.

If a significant percentage of us, just did this, the spammers would be hurt by rising costs and sharply reduced product value proposition. (leads)

This company is just making that easier.

No harm, no foul.

Unless you are the spammer making money off of shared resources without giving anything back that is...

I hope this works and it catches on. I would use this service in a minute.

Want to cut down your junk mail? Spend a few days each month filling their postage paid envelopes with their competetors offers and other interesting bits you can stuff in there. For those little card things, fill 'em out with crap.

People have done this for years and this spam service is no different than hiring somebody to send crap data for you.

"Other Anti-Spam Workers"?

[Caveman+Og]

Sheesh! Slashdot has gotten really lame.

"Other anti-spam workers" is none other than John Levine, Ph.D, co-author of the BEST SELLING INTERNET BOOK OF ALL TIME (I kid you not) "The Internet for Dummies" (Now in its ninth edition). Some of you cretins need to read it.

In Commonwealth of Virginia v. Jeremy Jaynes Dr. Levine served as an expert witness for the prosecution. His testimony helped send Jaynes to prison for nine years.

At the second annual Conference on Email and Spam Levine presented a technical paper on his experiences with greylisting.

Dr. Levine is the chair of the IRTF Anti-Spam Research Group. He's a founding member of the Coalition Against Unsolicited Commercial Email. He runs the Network Abuse Clearinghouse.

"Other Anti-Spam Worker" indeed.

Take a good look at Blue Security's product. I think you'll see that it's little more than an HTTP DDoS tool. BlueSecurity claims that it's okay to DDoS spammers, and that they make very sure that only spammers are DDoS'd (although their careful not to call what they do a DDoS).

I'm given to understand that they moved their hosting to Israel when Verio terminated their service for violations of Verio's acceptable use policy. Verio doesn't allow folks to host denial of service tools on their network (nor will any normal ISP do so).

Someone should ask BlueSecurity about their legal threats against Everyone's Internet for attempting to do the same.

These are not nice people. The only difference between them and the normal crop of script-kiddie miscreants, is that they have found venture capital.

Is it me

[I_redwolf]

Or whenever someone speaks about standing up for themselves or protecting ones self. It amounts to some form of vigilante act or "Oh GEEBUS!! No, thats not the way to handle it!!!" It's in line with modern day cops. Sure, we'll make an attempt to protect you but if someone robs you or tries to physically harm you. The best thing to do is just give them your money or try to run away; the last thing you should do is try and protect yourself.

I'm sorry to all the SpamProtectors out there but you have been ineffective. You've done nothing to protect the people who need it. Your tools are always one step behind. Seemingly asking one to not retaliate should come from the lips of others. Not you, one with vested interest in Spam. If there is no more Spam, there is no more SpamProtector. You will be out of a job and thats what you should be striving for.

Now, i'm not recommended vigilante acts meaning putting a hot orange in ones eye socket or random acts of grotesque violence. However, I see nothing wrong with complaining or disabling a Spam server to protect not only myself but others who aren't able to protect themselves from this problem.

1. The government has continously failed us
2. You the Spam Protector has failed us
3. Everything to date has FAILED.

You then turn around and ask the honest abiding citizens to continue to be run over the coals at the expense of SPAM?

Not today or tomorrow, so you could kiss my ass. The way I see it, the more vigilantes the better. At the very least they have not failed us and have taken the fight right to the spammers doorstep.

They seemingly understand that the only way to win a war, is to fight one. The spamprotectors seemingly remind me of the weapons dealers who play both sides. You're as bad as the spammers.

So; Cheers! To all the vigilantes out there standing up for the little guy and even the not so little guy! You are welcome round these parts anyday.

Re:bullshit!

[PsiPsiStar]

hey didn't invite you to visit the Web site to waste their computer resources. Saying "We were invited, so it's legal" is like saying that being invited to someone's house for dinner makes it 100% okay to show up, shit on the table, punch the other guests in the faces, and then break a few windows on the way out.

These acts are crimes in themselves. Filling out a web form is not.

The point was, replying with a garbage reply is not SPAM because you were invited to the page, explicitly. The spammer was not invited.

If you believe your own arguments, why wouldn't the spam complaints be legal?

The less clear cut their case, the less likely they are to retaliate legally. It would be hard for the government to make absurd business offers by invited parties illegal, no matter how odd the offers are. They can make DDOS attacks stick in court though. Personally, I don't think that replying to spam is illegal in the first place (unless, perhaps, you provide false information), but even if you do break the law, spammers are unlikely to waste money on legal expenses.

Vigellanteism is okay if you can get away with it and noone is physically hurt and no property damaged.