Slashdot Mirror
Fighting Spam Through Regulation and Economics
Bryan29 writes ""Next door to our offices was a spam operation... One day they weren't there anymore". Apparently in the past several months some black hat SEO companies (comment spammers) closed shop. Mr. Evron explores using a couple of case studies how spam was directly impacted by the UIGEA online Casinos law, disallowing payment processing, and how the subprime mortgage collapse made many former clients of spammers "move on". The article draws its conclusions from an economic standpoint "Perhaps the next step policy makers should take is to work to change this economy, possibly by legalizing and regulating ... More to the point, they can make the act of processing funds for this type of operation illegal.""
Your post advocates a
() technical ( ) legislative (*) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(*) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(*) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(*) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(*) Asshats
(*) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(*) Extreme profitability of spam
(*) Joe jobs and/or identity theft
(*) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(*) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(*) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
If I see a post from him on BUGTRAQ I skip it straight away. Out of all security gadfly individuals he is the most overinflated one. If humans were baloons with egos inside his would have promptly reached escape velocity due to the amount of hot air in it.
Just read his posts on BUGTRAQ. Any of them over the last 3 years.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
Sometimes a good mix of regulation with the market does help instead of just cutting away at it.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
is through a national health care plan that would provide free penis enlargement, viagra and breast implants to all Americans
Previous slashdot discussions have discussed some of the ways that most people try to fight spam. I already said that we need an economic solution to what is an economic problem.
Unfortunately, the suggestion from this article misses the boat. Trying to price the spammers out of operation doesn't get the job done, because there's hardly a shortage of money to keep them running. We need to price the middle men out of operation.
In particular, when the spammers register new domains (which they do by the hundreds or more at a time), they give kickbacks to their favorite registrars, who in turn will turn the other way regarding the illegal operations.
If instead ICANN had some cajones, they could take the bad registrars out, clean up the registration mess that currently exists, and they could make it economically unfeasible for the spammers to continue their game as currently played. A good start would be to enforce an exponentially increasing fee structure for domains - I know of very few people who have a legitimate need for more than about 4 domains. Furthermore, if the bad registrars were to actually lose their accreditation after willingly doing business with these criminals (easy to prove), that would also help.
But as someone else already pointed out, you cannot just simply tax spam out of existence. You need real, working, economic solutions. And if ICANN was worth their own weight in bat guano, they could make it happen.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Would it be too obvious to point out that what enables abuse of services including spam and such in the first place are botnets?
Kill the botnets and you kill spam. A technological solution to a mostly technological problem. Oh, and you'd stop DDoS attacks at the same time, along with other nasty stuff. Sometimes it pays to go for the root of the issue.
Site & blog: http://www.mayaposch.com
Every time government in some form is involved in non-government related technology things go wrong. Think of the DMCA and other laws, if we try to pass laws to "fight spam" all that will do is further restrict our freedoms by perhaps forcing e-mail carriers to do logs of IP address and your real name and such. Yes, spam is a problem, however, when we get out of the "Oooohh A link click it" phase of the internet and finally after 10 years or so after teaching people that, they finally don't go randomly clicking links and double clicking on binaries to run them, spam will cease to be profitable. People don't pay money for advertising only to get .0000001 percent of people to actually buy it. Government (expectantly in the age of the *IAA controlling congress) doesn't need to mess in technology or else it will be horribly messed up, education is the answer (or Thunderbird and SpamAssasin)
There is no "disagree" moderation, and troll, flamebait and overrated are not valid substitutes
If instead ICANN had some cajones, they could take the bad registrars out...
The problme is that most of the registrars, by actual count, are now "bad". See the list of ICANN-approved registrars. There are several hundred, few of which have any real existence. Most are just fronts for some domaining operation. Some are obvious about it: "DropExtra.com, Inc.", "DropFall.com, Inc.", "DropHub.com. Inc", "DropJump.com, Inc.", etc., all of which are fronts for a "wholesale domain registrar". Then there's "Enom1, Inc."., "Enom2, Inc." ...
"enom469, Inc.". Most of the "registrars" are now dummies like that.Those are ICANN's constituency.
It is obvious. If companies don't/can't make money from spammers, they won't pay spammers.
That is what I have been doing. I don't file lawsuits against the people pressing the send button, but the people who are advertised and making money as a result of the spam. A sex dating site I sued years ago, took a strong anti-spam policy after I sued them.
Spammers spam to make money. If people don't pay them to send the spam, they won't do. If a company will not make money from spam, they won't pay the spammer. The same thing happened with junk fax.
Fight Spammers!
However there is also the inconvenient fact that we are not discovering new fields as fast as we are depleting mature fields beyond the point it becomes cost efficient to extract. We are also becoming a lot more adept at extracting oil from very mature fields but it still doesn't change the fact that Oil is a finite resource and it will eventually run out.
Then there is China. The Chinese demand for oil is growing at a staggering rate, both from the peoples desire to drive their own car to work and the countries industrial growth. India is also crying our for more oil due to their economic growth. The fact is the world needs more and more oil as these countries develop but it has less and less.
The oil that is left is becoming more concentrated in fewer and fewer countries in the middle east. It will not be long (50-100 years, I believe) before the only oil left in the world is under Saudi Arabia and Iraq. Unsurprisingly these countries are demanding top dollar for their oil. As less and less countries have oil to sell the remaining ones that do are going to charge more and more.
I dont read
Most spam messages does contain advertisement for something and there is usually a site involved in the end. By tracking down the purchase channel where the money flows it's possible to do a further analysis and possibly prosecute for tax evasion, unlicensed selling of prescribed pharmacy or something else. There is always something that can be prosecuted or at least investigated in a way that requires a temporary close of business.
There are of course some spam messages that aren't directly traceable like the stock spams, but there are possible measures for those too, even if it's more complicated. But if the spammers lose enough of their channels it becomes unprofitable. If it also starts to get dangerous to be a spammer - like a few years imprisonment - it can also help. Since businesses utilizing spammers can be tracked the spammers can be tracked in turn from the investigation of these businesses.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
And what about predatory lending? Consider how they make bonsai trees. If the tree grows in a way the grower doesn't like, he trims it. Eventually the tree looks exactly how the grower wanted it to look. The tree grew under its own power the entire time, its own 'will' (if plants have such a thing). It was in full control of its own growth, and yet it danced to the grower's tune. Who's responsible for that? The tree, or the gardener?
If I am a dishonest lender, I offer these loans. I hawk them loudly, like a carnival barker, knowing that some people won't be able to keep up. There's enough stupid people out there that some of em will fall for it. (This is the spammer's strategy.) Sure, they'll eventually crash and burn, but that won't happen for several years. Meanwhile, I've taken the mortgage contract and sold it for cash - up front - to another broker (who either didn't ask to many questions or was stupid) **. After three years, shortly before the first people I chained to impossible-to-repay loans give up and default -- I get out of the business.
Sure, the people who signed deals they didn't understand, and lost everything, bear some responsibility. But they -- at least some of them -- were systematically taken advantage of by people who absolutely DID know better, and kept their mouths shut.
** - In older times it was common for banks to hold the mortgages themselves. Lately though, the bank just sets it up -- they don't want to sit on 50-year contracts anymore, they sell the mortgages to companies who specialize in that.
I agree you that IF one can enforce regulations on the companies that hire spammers the situation might improve. However, IMHO, unless such regulations are vigorously enforced, the potential profits are always going to outweigh the possible penalties. Reputable companies don't use spammers to advertise. The situation is that disreputable companies are using spammers and there is no accountability.
;-)
Also a few years in a US prison might actually be an incentive to the 419 crowd. Imagine, three square meals a day
... dictates the nature of the solution.
Spam is not simply a technological problem, so a technological solution will be insufficient.
Spam is in large part a social problem. It requires social solutions. If that requires legislation, so be it. Personally I enjoy tracking down spammers, and publicizing their real name and location, including a map showing where they are. To my knowledge nobody ever made use of these and tracked down a spammer, but it really fucked with their heads to be outed so thoroughly and so publicly. I had one call me and rant at me, including threats of legal action as well as threats of bodily harm. But I had a few call and apologize, claiming they weren't aware it bothered people so much. One of these, in fact, became an anti-spammer.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
What actually happened is that they had to change the way they accepted online wagers. There's some gambling site (and I'm willing to admit this is a citation needed too, since I've forgotten the URL) that posts graphs of gambling transactions going back for a few years, including the coming into effect of the USG online gambling ban. There's a slight drop and flattening out of what's previously a linearly increasing course, and then it's business as usual. In other words UIGEA had little actual effect.
The casinos moved overseas, the players switched to using money laundering-style payment channels. All it did was move the problem somewhere else where it's now much harder to track. So UIGEA should really have been called the Money Laundering Enabling Act.
(I don't disagree with his economic argument, but UIGEA hasn't done what he thinks it has).