Slashdot Mirror
Fighting Spam Through Regulation and Economics
Bryan29 writes ""Next door to our offices was a spam operation... One day they weren't there anymore". Apparently in the past several months some black hat SEO companies (comment spammers) closed shop. Mr. Evron explores using a couple of case studies how spam was directly impacted by the UIGEA online Casinos law, disallowing payment processing, and how the subprime mortgage collapse made many former clients of spammers "move on". The article draws its conclusions from an economic standpoint "Perhaps the next step policy makers should take is to work to change this economy, possibly by legalizing and regulating ... More to the point, they can make the act of processing funds for this type of operation illegal.""
Your post advocates a
() technical ( ) legislative (*) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(*) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(*) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(*) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(*) Asshats
(*) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(*) Extreme profitability of spam
(*) Joe jobs and/or identity theft
(*) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(*) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(*) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
If I see a post from him on BUGTRAQ I skip it straight away. Out of all security gadfly individuals he is the most overinflated one. If humans were baloons with egos inside his would have promptly reached escape velocity due to the amount of hot air in it.
Just read his posts on BUGTRAQ. Any of them over the last 3 years.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
Sometimes a good mix of regulation with the market does help instead of just cutting away at it.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
This oughta work well. His premise seems to be to remove the economic incentives for spammers to make money, you either trash the economy and / or make everything illegal. That's a bit hyperbolic but not a whole bunch. I, for one, haven't seem much of a decrease in spam since the mortgage industry tanked and the online gamblers have move to Bali.
I guess V1ag7a is always in style.
Faster! Faster! Faster would be better!
What about these unregulated Hedge Funds Too many people insist that they be given a free ride because they cater to intellect investors. The subprime mortgage basically proved that more than a few of these businesses are little better than pyramid schemes( example: bundling of crappy mortgages and selling them as AAA bonds).
When they address something that actually cost the US a couple of TRILLION dollars, then lets worry about Spammers.
I seems every time we make new regulations to make something illegal, we make something legal. For example, by passing laws against pornography to "protect the children (TM)", we told pornographers exactly what they had to do to avoid breaking the law. Now, with no legal uncertainties, pornographers flourish. Better, they now had a definite set of laws to challenge which, if overturned, made their operations more open and profitable - which, by the way, is exactly what they did. The CAN-SPAM act had the same effect. Do we really want to do this again with instructions on how to handle their ill-gotten gains?
is through a national health care plan that would provide free penis enlargement, viagra and breast implants to all Americans
"R" as in relocation or as in russification? Yes it'll be a good idea to move all the spammers over to Siberia. It'll stop spam at least until they get fiber over there...
please excuse my apathy
Previous slashdot discussions have discussed some of the ways that most people try to fight spam. I already said that we need an economic solution to what is an economic problem.
Unfortunately, the suggestion from this article misses the boat. Trying to price the spammers out of operation doesn't get the job done, because there's hardly a shortage of money to keep them running. We need to price the middle men out of operation.
In particular, when the spammers register new domains (which they do by the hundreds or more at a time), they give kickbacks to their favorite registrars, who in turn will turn the other way regarding the illegal operations.
If instead ICANN had some cajones, they could take the bad registrars out, clean up the registration mess that currently exists, and they could make it economically unfeasible for the spammers to continue their game as currently played. A good start would be to enforce an exponentially increasing fee structure for domains - I know of very few people who have a legitimate need for more than about 4 domains. Furthermore, if the bad registrars were to actually lose their accreditation after willingly doing business with these criminals (easy to prove), that would also help.
But as someone else already pointed out, you cannot just simply tax spam out of existence. You need real, working, economic solutions. And if ICANN was worth their own weight in bat guano, they could make it happen.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
...as long as the Internet is involved.
ISP spoofing, proxies, etc make it impossible to determine the licensed spammers from the unlicensed.
No, I didn't RTFA. Why waste my time on a concept so obviously flawed.
Require ISP's to include in their TOS agreements a clause which would give email recipients the option of allowing the spammer's ISP to charge the sender some very small amount (call it 1/10 cent) for the delivery.
BENEFITS:
- ISP's would should go along with this; another revenue source, plus it let's them use the community to flag spammers
- Wouldn't impact legit emailings, such as LISTSERV groups or those from overt opt-in sources
- Would have a financial impact for those less-than-scrupulous email marketers that blatently spam the world or simply use deceptive but technically legal tactics but are nevertheless considered "spam" by their recipients
- Mailings coming through ISP's outside the sphere of this legislation? Easier to differentiate for internal spam rules! Less false positives from legit sources because email coming from compliant ISP's will quickly become almost fully legit.
- Mailings coming from zombie machines? Good! Nothing like an extra charge on the computer owner's ISP bill to get them to fix and patch their computer. Also, the ISP could be required to immediately notify the user of any email charge-backs so they don't die of sticker shock. Also, there could be a process of appeal that would give the owner of a zombified machine the opportunity to have the charges dropped if/when they fix their computer - think about that!!
That's my 2 cents (or about 20 spam messages) worth!
RJBeery
TFA begins saying the spammers worked next door. So poster knows the former physical location of the spammers. They should post it. That could lead to clues about who the spammers are/were.
I find that most spammers are reasonable people when you discuss it personally with them, or call their mother and ask her to ask them to stop. It's when they hide behind internet anonymity that they do ungood things like spam. [Internet anonymity overall is a good thing, but it has costs including spam.]
This guy has found a miraculous way to fight spam with a mono-strategy approach. It is so good that the guy has sent many posts to /. offering anybody to bet about it with him. Hence his product must be real and what he says must be true, hence no need for regulations, just buy his product, according to him, his mono-strategy approach is the best way, no need for regulations ;-))
Everything I write is lies, read between the lines.
Would it be too obvious to point out that what enables abuse of services including spam and such in the first place are botnets?
Kill the botnets and you kill spam. A technological solution to a mostly technological problem. Oh, and you'd stop DDoS attacks at the same time, along with other nasty stuff. Sometimes it pays to go for the root of the issue.
Site & blog: http://www.mayaposch.com
Every time government in some form is involved in non-government related technology things go wrong. Think of the DMCA and other laws, if we try to pass laws to "fight spam" all that will do is further restrict our freedoms by perhaps forcing e-mail carriers to do logs of IP address and your real name and such. Yes, spam is a problem, however, when we get out of the "Oooohh A link click it" phase of the internet and finally after 10 years or so after teaching people that, they finally don't go randomly clicking links and double clicking on binaries to run them, spam will cease to be profitable. People don't pay money for advertising only to get .0000001 percent of people to actually buy it. Government (expectantly in the age of the *IAA controlling congress) doesn't need to mess in technology or else it will be horribly messed up, education is the answer (or Thunderbird and SpamAssasin)
There is no "disagree" moderation, and troll, flamebait and overrated are not valid substitutes
If instead ICANN had some cajones, they could take the bad registrars out...
The problme is that most of the registrars, by actual count, are now "bad". See the list of ICANN-approved registrars. There are several hundred, few of which have any real existence. Most are just fronts for some domaining operation. Some are obvious about it: "DropExtra.com, Inc.", "DropFall.com, Inc.", "DropHub.com. Inc", "DropJump.com, Inc.", etc., all of which are fronts for a "wholesale domain registrar". Then there's "Enom1, Inc."., "Enom2, Inc." ...
"enom469, Inc.". Most of the "registrars" are now dummies like that.Those are ICANN's constituency.
It is obvious. If companies don't/can't make money from spammers, they won't pay spammers.
That is what I have been doing. I don't file lawsuits against the people pressing the send button, but the people who are advertised and making money as a result of the spam. A sex dating site I sued years ago, took a strong anti-spam policy after I sued them.
Spammers spam to make money. If people don't pay them to send the spam, they won't do. If a company will not make money from spam, they won't pay the spammer. The same thing happened with junk fax.
Fight Spammers!
You can't win against spam.
Spam is here to stay.
You can find other ways to fight it, and the author Gadi Evron shows one way that worked, whether it was intentional or not.
Yes, that's what we need... more regulation of the economy... to fight something as significant as spam. I'm sure there won't be any side effects to this regulation.
What about the REST of the impact of this legislation? Where's the discussion of that?
This is like nuking China and then applauding ourselves for accidentally curtailing hacking.
... dictates the nature of the solution.
Spam is not simply a technological problem, so a technological solution will be insufficient.
Spam is in large part a social problem. It requires social solutions. If that requires legislation, so be it. Personally I enjoy tracking down spammers, and publicizing their real name and location, including a map showing where they are. To my knowledge nobody ever made use of these and tracked down a spammer, but it really fucked with their heads to be outed so thoroughly and so publicly. I had one call me and rant at me, including threats of legal action as well as threats of bodily harm. But I had a few call and apologize, claiming they weren't aware it bothered people so much. One of these, in fact, became an anti-spammer.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Some of the spammers are tightly linked to their customer base, so they go away when the customers do - such as mortgage brokers running spam themselves or hiring it out. But many of the spammers are in the spamming business, so if they lose customers they'll go find others. It takes some time to find customers and convince them that *you're* the best one to send their ads, so some go out of business, but what I have seen has been a resurgence in the V1ag7a spam and fake Rolexes, which I guess are what spammers sell when they don't have a better product.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
...many former clients of spammers "move on".
That spamming is reduced when they have fewer clients?! Who'da thunk? Betcha nobody expected that.
What?
What actually happened is that they had to change the way they accepted online wagers. There's some gambling site (and I'm willing to admit this is a citation needed too, since I've forgotten the URL) that posts graphs of gambling transactions going back for a few years, including the coming into effect of the USG online gambling ban. There's a slight drop and flattening out of what's previously a linearly increasing course, and then it's business as usual. In other words UIGEA had little actual effect.
The casinos moved overseas, the players switched to using money laundering-style payment channels. All it did was move the problem somewhere else where it's now much harder to track. So UIGEA should really have been called the Money Laundering Enabling Act.
(I don't disagree with his economic argument, but UIGEA hasn't done what he thinks it has).
You mean actually examine the source of underlying problems in the first place Batman?
As TFA mentions, the said spammer was located in the nearby office is Netanya, Israel.
Finding real botnet based spammers in Netanya is not that difficult. Netanya Academic College has hired in the past the services of botnet-based spam to advertise its services. In 25 January 2007 a spam message advertising them was received by me. The source was a consumer dsl connection in Verizon's network in Santa Monica, California (http://www.dnsstuff.com/tools/ipall.ch?ip=71.109.181.242) and it was positively identified as being sent by a known spammer (MailMedia of Israel) whose activity certainly looks like botnet-based spam, as spam messages it sends arrive from a multitude of IP addresses that are mostly consumer dynamic connections (http://israblog.nana10.co.il/blogread.asp?blog=383074&blogcode=5950596 Hebrew. Links to DNSstuff are in English, though).
The Academic College of Netanya is not some kind of illegal or semi-legal operation such as gambling sites or unlicensed online pharmacies. It's a real academic college. The same spammer has advertised many other Israeli higher education institutions, financial institutions and other so called legitimate businesses. There is no way to make the financial activities of these institutions illegal. If law enforcement wanted they could get information from these institutions leading closer to the botnet-operating spammer. For all I know they did. The spammer is contactable as he advertises his cellphone number as a means of contacting him and he hosts a website marketing his services at one of the major Israeli ISPs (013.net). The police knows about the spammer. They cannot do anything about the email advertising which is legal, and they cannot get a conviction on charge of using computer viruses just based on the evidence that the spam arrives from many different locations.