Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Spam Haters Given Right of Reply

Zonk posted more than 9 years ago | from the hitting-back dept.

Spam 278

rk_cr wrote to mention an Israeli technology firm which has set up a system to allow harried email users the right to reply in force. The system "batters spam websites with thousands of complaints. The plan is to fill order forms on spam websites offering pills, porn and penile health tonics with complaints about the products advertised for sale in junk messages. The plan has been criticised by other anti-spam workers who say it amounts to vigilantism."

cancel ×

278 comments

Sorry! There are no comments related to the filter you selected.

fight fire with fire? (4, Funny)

Prophetic_Truth (822032) | more than 9 years ago | (#13143180)

so we spam the spammers sending spam...wait..what? This is some strange paradox that i can't understand at 7am EST..

Futurama (4, Funny)

zaxios (776027) | more than 9 years ago | (#13143202)

Leela: Hold it Santa! Consider this: you are programmed to destroy the naughty... I submit to you, that you are in fact naughty, and that, logically, you must destroy yourself.

Santa: Nice try, but my head was built with paradox absorbing crumple zones.

Re:Futurama (0)

Anonymous Coward | more than 9 years ago | (#13143512)

...you know thats not really a paradox. It just means he is supposed to commit suicide.

Re:fight fire with fire? (2, Insightful)

FyRE666 (263011) | more than 9 years ago | (#13143260)

Why not fight fire with fire? These scum have placed themselves outside of the "law" (such as it is when applied to the 'net), and so should not be protected by it. I say do whatever works. The sort of scum who send spam and run spamvertised sites care about nothing other than making money, no matter what the damage is. The only thing they will respond to is a force that affects their ability to make money. Forcing them to pay stratospheric bandwidth bills, or wade through tens of thousands of garbage "sales enquiries" will affect their "business model".

As for the hand-wringers and navel gazers claiming it's "vigilantism", I'm assuming they also considered the US' attack on Afghanistan after 9/11 "vigilantism", or Europe fighting back against the Nazi's as "vigilantism" too? Yeah, we should just sit down and have nice pleasant debates with scum... sure... that'll work... <rolls eyes>

Re:fight fire with fire? (5, Insightful)

h4rm0ny (722443) | more than 9 years ago | (#13143299)


Right now the Internet is an incivillised place, a sort of new colony, but settled by people who have the benefit of hindsight from the modern societies they have come from. I say let us fight it out for ourselves, establish our own rules, enforecements and bounds of behaviour, not have them imposed from the founding states (physical world).

Re:fight fire with fire? (0, Offtopic)

TheScorpion420 (760125) | more than 9 years ago | (#13143326)

Me fail english, thats unpossible!

mabye uncivilized would be the correct usage, i don't think incivilized is even a word.

Nope [webster.com] , just as I had suspected.

Re:fight fire with fire? (1)

inode_buddha (576844) | more than 9 years ago | (#13143441)

Interesting point you have there. IMHO the 'net won't be any more civilized than the people using it.

Re:fight fire with fire? (1)

FidelCatsro (861135) | more than 9 years ago | (#13143344)

We fight fire with fire , then what will most likely occur is that the definition of spam will broaden.
Ok first comes chain e-mails , Fair enough . They are annoying.
Then what , well newsletters people signed up for , perhaps they didn't know how to unsubscribe or maybe there is an error in the code.
Then perhaps Notifications by your E-mail provider or ISP for which you can cease to get ,.
The problem with vigilantism is never the first thing that is achieved by it , its the escalation .
Enforcement of Good without boundaries will lead to problems .

My definition of good and your definition of good are probably fairly similar , but there may be a few subtle differences. For example person A may enjoy nudity , whilst Person B finds it immoral .
Person B goes on a vigilante quest to destroy the sick and evil porn industry.
Person A will not like this.
and etc.

Re:fight fire with fire? (2, Interesting)

SuperWebTech (901620) | more than 9 years ago | (#13143345)

"Why not fight fire with fire? These scum have placed themselves outside of the "law" " - FyRE666 "The sort of scum who send spam" - FyRE666 Technically, according to the CAN-SPAM Act, spamming is legal (though I cringe at the thought). A spammer is allowed to send you an unsolicited commercial email as long as he provides his return address and a way to opt out of the message. If you DDoS'd a spammer who followed these rules and he took you to court, he'd win. Please don't be mean to the law-abiding spammers! *snicker*

Re:fight fire with fire? (2, Interesting)

DrSkwid (118965) | more than 9 years ago | (#13143381)

yay, lets all burn

Re:fight fire with fire? (0)

Zeinfeld (263942) | more than 9 years ago | (#13143387)

Why not fight fire with fire? These scum have placed themselves outside of the "law" (such as it is when applied to the 'net), and so should not be protected by it. I say do whatever works

The reason that these schemes always fail is that they have no way to determine the real source of the spam. So what they amount to is a denial of service attack that can be targetted at will.

The Lycos spam vigilante scheme was blackholed after a bunch of hackers took over the command node and started to target entirely innocent sites. Lycos has denied this was the case but the people who put the block in place have told me that the opposite.

Even the targetting is exact there will be a lot of innocent people affected. The spammers use hijacked machines.

Re:fight fire with fire? (1)

SuperWebTech (901620) | more than 9 years ago | (#13143277)

In a blog entry [June 20, 2005] [bluesecurity.com] , Blue Security representatives responded to the DDoS issue. Apparently the company has decided to drop its technique of forwarding every spam and multiplying the reply rate. Instead, only one complaint per spam is generated. They also said that the responses are staggered to minimize the possibility of a DDoS attack from Blue Frog's network.

Re:fight fire with fire? (1)

Lance4999 (902065) | more than 9 years ago | (#13143327)

I am a fairly peace loving guy but give me a loaded machine gun and I will finish off spammers personally. They have rendered one account useless with over 1000 SPAM emails a week and all this without my using it or advertising it, so guess who is spreadding it. I have always considered that ways of protection are defensive rather than offensive and bound to fail as spammers improve their techniques. Hotmail has my vote where it blocks anybody who isn't on my address list which they kindly offer to let me import instead of retyping everything. So far nobody has penetrated this defence.

One message != vigilante (1)

A1kmm (218902) | more than 9 years ago | (#13143341)

Many people sending one message to one people != Spam

One person sending one(or more) messages to many people = Spam

Where each of a large number of people do something which is individually a lawful action when carried out in isolation, but in aggregate becomes harmful to some person, it is hard to see how that makes the actions of each individual then become illegal(unless there is a law to the contrary). For it to be vigilantism(in the common English usage of the word), each individual would have to do a reasonable harm to the spammer(e.g. chase him/her down, or send a death threat).

Re:One message != vigilante (1)

jacksonj04 (800021) | more than 9 years ago | (#13143368)

I disagree. Frequently I recieve many spams from one person, they're otherwise called chain mails.

Also, one person sending to many? Ever heard of mailing lists? There are some places, such as many organisations, where you *need* to email several people at once.

Re:One message != vigilante (2, Informative)

Rick Zeman (15628) | more than 9 years ago | (#13143417)

Spamhaus' definition of spam: (the rest of the definition is [here. [spamhaus.org]

The word "Spam" as applied to Email means Unsolicited Bulk Email ("UBE").

Unsolicited means that the Recipient has not granted verifiable permission for the message to be sent. Bulk means that the message is sent as part of a larger collection of messages, all having substantively identical content.
A message is Spam only if it is both Unsolicited and Bulk.

- Unsolicited Email is normal email
(examples: first contact enquiries, job enquiries, sales enquiries)

- Bulk Email is normal email
(examples: subscriber newsletters, customer communications, discussion lists)

Technical Definition of Spam

An electronic message is "spam" IF:

(1) the recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients;

AND

(2) the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent.


(The rest of the definition is here. [spamhaus.org]

Legality? (5, Insightful)

gunpowda (825571) | more than 9 years ago | (#13143184)

Would the users not then be liable for precisely the same kind of charges and punishment that the spammers are?

Re:Legality? (1)

Gentlewhisper (759800) | more than 9 years ago | (#13143196)

Would the users not then be liable for precisely the same kind of charges and punishment that the spammers are?

No worries then, then they can appear in court in PERSON, and I will gladly pay them $100,000 for the "damages" I caused for that 1 incident, and likewise they can pay me $100,000 for EACH incident they sent me the spam.

Who will win in the end?

Re:Legality? (4, Insightful)

bobbis.u (703273) | more than 9 years ago | (#13143199)

They solicited the business by contacting you first, so there is clear cut difference.

I'm not sure whether the law would reflect this, because as we all know, the law doesn't always reflect justice.

Re:Legality? (2, Insightful)

kfg (145172) | more than 9 years ago | (#13143249)

No, because the spammer has solicited. The repsonses are not spam, they are responses.

KFG

Re:Legality? (5, Insightful)

Anonymous Coward | more than 9 years ago | (#13143276)

Parent's comment feeds nicely into the close of the article:

But the scheme has been criticised by John Levine, a board member of the anti-spam Coalition Against Unsolicited Commercial E-mail.

"It's the worst kind of vigilante approach," Mr Levine told the AP news service. "Deliberate attacks against people's websites are illegal."


Except there's several minor problems with this supposed illegality:

(1) The spammer has sent you email inviting you to the spammer's website. Under the law, this explicit consent makes you an invitee, and not a trespasser.

(2) The company is filling out a form provided by the spammer's website. Arguably, there is implicit consent for the user to fill out the form, and the fact that the response rate has jumped from 0.1% to, say, 10% may be unusual, but it is a foreseeable consequence of the spammer's campaign. If you are replying in exactly the manner intended by the recipient, it's hard to classify the response as a denial of service.

(3) The spam complaints may not be legal in and of themselves, so if the company is smart, it will include an unreasonable counteroffer ("Dear sir, I would like to purchase your product, but I am only willing to pay $0.01 per item, including shipping and handling. You may accept this offer by shipping the product to [P.O. box that nothing is likely to ever appear in anyway owned by company]"), which in fact will be perfectly reasonable because the offer invites counteroffers, and the subjective intent of the person making the counteroffer is irrelevant to a legal analysis of the contract (note: I am not arguing that there is no risk whatsoever, courts are not stupid, but they tend to employ 'cruel' ways of being fair).

(4) The spammers haven't exactly shown that they are willing to disclose their identities. At some point, the spammer has to sue someone. That subjects them to both subject matter and personal jurisdiction for various claims like private nuisancce, misrepresentation, breach of contract, etc. by anyone willing to cooperate with the company based on the admissions that the spammer will have to include in the complaint. Even if a spam association chooses to file suit, the ORIGINAL spammer will have to be identified in the record when whoever brings suit attempts to authenticate the evidence. Given the paltry number of pro-spammer lawsuits based on commercial rather than constitutional theories (where it's easier to hide the identity of the real party in interest), does anyone think that there's a substantial likelihood of civil complaint or criminal prosecution?

bullshit! (0, Interesting)

Anonymous Coward | more than 9 years ago | (#13143510)

And there are several major problems with your proposed legality:

(1) The spammer invited you to visit the Web site to do business with them. They didn't invite you to visit the Web site to waste their computer resources. Saying "We were invited, so it's legal" is like saying that being invited to someone's house for dinner makes it 100% okay to show up, shit on the table, punch the other guests in the faces, and then break a few windows on the way out. The host invited you, so you weren't doing anything wrong, huh?

(2) "Filling out a form provided by the spammer's Web site" is not any more okay than what the spammer was doing - they were sending a message to an address provided by your mail server. Doing it maliciously is still bad even if the victim's computer, following orders from the victim, was a necessary part of the process. Note that this is really just point 1 again in different words.

(3) If you believe your own arguments, why wouldn't the spam complaints be legal? And if you don't, why would including a counteroffer - through a channel you KNOW isn't set up to take anything except orders under the already-agreed terms - make anything any better?

(4) Come on, they're operating a Web site, taking orders, and accepting money. If they're willing to do that, they're certainly willing to "disclose their identities" in the amount needed to file a lawsuit.

Not just getting the spammers though (5, Interesting)

intmainvoid (109559) | more than 9 years ago | (#13143192)

Sure this might annoy the spammers, but it's also going to cause problems for anyone unfortunate enough to be sharing a network/webhost/isp with a spammer. And what happens when someone sends spam appearing to be from a competitors site, in order for them to be attacked?

Re:Not just getting the spammers though (2, Interesting)

tomstdenis (446163) | more than 9 years ago | (#13143208)

I don't think you have to worry about the latter. How many legitimate penis-pill and "get rich quick" websites are there anyways?

Chances are if the website is trying to sell you herbal penis-happy-happy pills they too use spam at one point.

Though I agree with your former comment. However, realize that you don't need excess bandwidth. The idea is to fill their databases with useless information to make it harder to find any [if at all] orders were made.

Tom

Re:Not just getting the spammers though (1)

nwbvt (768631) | more than 9 years ago | (#13143492)

" I don't think you have to worry about the latter. How many legitimate penis-pill and "get rich quick" websites are there anyways?"

I don't know, but any that exist do have a right to exist. And there are plenty of legit companies that could be offering low mortgage rates or great deals on software which could easily be framed. All someone has to do fake a couple of emails and their website gets smashed.

And some junk mail may simply be an honest mistake. I had a friend once who when he got mad at you he would sign you up for all these mailing lists. Or someone might sign up for something and then forget about it. They may then interpret legitimate product announcements as spam. A legit approach to fighting spam would include safeguards to protect companies against this, but here the guy can go ahead and launch an attack on the innocent business.

Legal crimes (1)

Arru (771173) | more than 9 years ago | (#13143509)

I don't think you have to worry about the latter. How many legitimate penis-pill and "get rich quick" websites are there anyways?"

I don't know, but any that exist do have a right to exist. And there are plenty of legit companies that could be offering low mortgage rates or great deals on software which could easily be framed. All someone has to do fake a couple of emails and their website gets smashed.
To get hit, those companies would have to spam wouldn't they? And that is not legit AFAIK. The products may be fine and dandy, but it's the spam we're discussing here. Also, the scale of spam (which is the very problem) makes this self-regulating. If 10% do this reply action, a company sending a thousand ads won't be seriously affected - but someone shoving out millions of mails will. Convenient, no?

Re:Legal crimes (2, Insightful)

nwbvt (768631) | more than 9 years ago | (#13143576)

"To get hit, those companies would have to spam wouldn't they?"

No, you are missing the point. Say Company A sells software. Lets say that for some reason (maybe my company competes with them, maybe I'm a disgruntled former employee or customer, who knows) I don't like Company A. I can just get a spammer to send out a chain of spam emails in the name of Company A. When people receive these emails they get pissed off and launch a counter-offensive. Their website goes down, they lose business, and people lose their jobs for doing nothing wrong other than working for a company that pissed of a creative vigilante.

Re:Not just getting the spammers though (5, Insightful)

Detritus (11846) | more than 9 years ago | (#13143209)

If you sleep with dogs, you wake up with fleas.

Nuke them all. If you do business with a spam-friendly ISP, you are partly responsible for the spam.

Re:Not just getting the spammers though (1)

Stauf (85247) | more than 9 years ago | (#13143480)

Nuke them all. If you do business with a spam-friendly ISP, you are partly responsible for the spam.

Of course, this argument only works if the ISP is aware of the spammers. A web hosting company with automated sign-up could have a spammer come along, sign up, and send out 10,000 emails in a few minutes before they're caught and their account is cancelled.

Is it then fair to a) call them a spam-friendly ISP and b) do harm to their other customers? More then that - is it fair to blame those customers, who are now losing out on traffic and possibly business, for the spam just because for a few minutes out of one day a spammer managed to be on the same subnet as they are?

Re:Not just getting the spammers though (0)

Anonymous Coward | more than 9 years ago | (#13143504)

What responsible web hosting company has automatic account activation?

Seriously, this tactic would only hurt hosts that leave leave their form up after their account gets canceled. If they simply delete the account info the bot looking for a web form to spam will get a 404, and that's the end of it. Unless they've got a honkin huge 404 page it will practically have no impact, and certianly less of an impact than even a minor slashdotting.

Re:Not just getting the spammers though (0)

Anonymous Coward | more than 9 years ago | (#13143400)

So, filter the websites that will be replied to. Use SpamAsassin scoring, for that matter! Mail that redirects to innocent sites could be sorted out and not replied to, mail that directs to any penis-pill site is fair game. Who cares if such a site gets taken down? Probably the owner, but not me.

Nice DoS tool, not much good for spam. (1)

Fzz (153115) | more than 9 years ago | (#13143554)

Agreed. The main problem with such automated vigilante DoS tools is that you can't control who they'll be targetted at. The spammers will just send a wave of pretty obvious spam linking to a few high profile sites like the FBI or the Whitehouse or Slashdot, and this service will promptly disappear like all the previous similar services.

dupe (5, Informative)

Anonymous Coward | more than 9 years ago | (#13143195)

If only we could reply with force (0)

Anonymous Coward | more than 9 years ago | (#13143216)

Maybe Zonk would learn to READ THE FRIGGIN SITE.

Clan of the redundancy clan. (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#13143201)

see subj. Sorry for offtop

"spam solutions checklist in..." (1, Funny)

Anonymous Coward | more than 9 years ago | (#13143204)

5.. 4...3...2..1...

(you know, the "your solution to spam is unworkable because..." one)

You insensitive clod!!! (5, Funny)

rock_climbing_guy (630276) | more than 9 years ago | (#13143207)

I'm a spammer and I really don't appreciate this kind of vigilantism. Therefore, I'm going to have my army of spambots crapflood your website with GNAA/Trollkore posts. Have a nice day.

First Reply! (-1, Troll)

Anonymous Coward | more than 9 years ago | (#13143520)

First Reply!
GNAA

Wrong approach (3, Interesting)

giorgiofr (887762) | more than 9 years ago | (#13143211)

FTA, I will quote a whiner: "Deliberate attacks against people's websites are illegal."
WTF?! Are you an idiot or what? Since when, exactly, are there laws on the web?
Before you reply with witty comments and dates, please understand I'm not saying that there should not be or that there are no written laws, I'm saying that (almost) nobody respects them. Go on, enforce laws on the web. Come back when you succeed.
Given that it's impossible to regulate the web beyond the very basics like domain registration etc., people like the whiner above should just accept the fact that the lack of laws on the web make this a no-man's land, where criminals are free to do what they want (which they are doing) and those who object are free to take arms and destroy them (which they are not doing).
So who gives a fuck when it's illegal - laws that are not enforced are simply not there. Now do you prefer sitting and whining and blaming it on the innocent ones or actually *doing* something to solve the problem?

Re:Wrong approach (0)

Anonymous Coward | more than 9 years ago | (#13143487)

This is 5, insightful? My god. The depth Slashdot has sunk to these days truly boggles the mind.

WTF?! Are you an idiot or what? Since when, exactly, are there laws on the web?
Before you reply with witty comments and dates, please understand I'm not saying that there should not be or that there are no written laws, I'm saying that (almost) nobody respects them. Go on, enforce laws on the web. Come back when you succeed.


Several DoSers have been convincted in a court of law in the US. Several high-profile cases have ended in lengthy jail terms.

There are laws against this, and they are being enforced. When they're not, it's often because the culprit resides in a country not governed by US law, but that point is moot in the context of this article since we are, and we are the people being asked to participate in this.

Given that it's impossible to regulate the web beyond the very basics like domain registration etc., people like the whiner above should just accept the fact that the lack of laws on the web make this a no-man's land, where criminals are free to do what they want (which they are doing) and those who object are free to take arms and destroy them (which they are not doing).

That criminal behavior is rampant on the web does not criminal behavior on your part either right or legal.

So who gives a fuck when it's illegal - laws that are not enforced are simply not there.

This is untrue. You are obviously uninformed.

Now do you prefer sitting and whining and blaming it on the innocent ones or actually *doing* something to solve the problem?

What's with the tone? You are the asshat here, clown.

Rejected non-dupes. (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#13143215)

So many dupes, while my unduped are always rejected.

Like Monkeys Don't Write Shakespeare [wired.com] or 'Human-brained' monkeys [news.com.au]

Re:Rejected non-dupes. (0)

Anonymous Coward | more than 9 years ago | (#13143319)

The first article is excellent, by the way.

Oh boy... (-1, Troll)

Anonymous Coward | more than 9 years ago | (#13143217)

These comments will be against spamming spammers because that's not the christian way...

If the headline said Spammers spam. these comments would be against spammers who spam because they're evil.

Hypocrite and twofaced slashdotfreaks...

I'm game! (0)

Anonymous Coward | more than 9 years ago | (#13143225)

Sign me up!

Where's the, uh, bittorrent?

This is how the world works actually. (1, Insightful)

mrRay720 (874710) | more than 9 years ago | (#13143232)

People get bent over and anally raped by the entertainment/corrupt bribery industry - the solution - bend them over and take their stuff for free.

Some nutter in the middle east kills thousands of people - the solution involves killing thousands of people.

Some lowlife scum spam the world - the solution is obviously to spam them back in return.

This is just how things work now. No point trying to fight it.

Re:This is how the world works actually. (0)

Anonymous Coward | more than 9 years ago | (#13143245)

Where does the anal rape fit in here precisely? Myself, I'm having difficulty figuring out how the "corrupt bribery industry" manages to anally rape so many people. Please try and keep your subconcious desires and sexual fantasies out of future /. posts.

Re:This is how the world works actually. (2, Insightful)

sim82 (836928) | more than 9 years ago | (#13143302)

No there is a difference.
Spammers misuse a cheap communication medium for unwanted advertising and nothing can stop them. So massive (mis)use of their own reply mechanism (btw. that was exactly what they wanted me to do by sending the spam in the first place) will drive the cost up for them (bandwidth etc.), so in theory at some point their action will be no longer profitable and they will stop.
That's a different story than 'spam them becuse they spammed me'. It's about making spam unprofitable.

Re:This is how the world works actually. (1)

ezzzD55J (697465) | more than 9 years ago | (#13143471)

Spammers misuse a cheap communication medium for unwanted advertising and nothing can stop them. So massive (mis)use of their own reply mechanism (btw. that was exactly what they wanted me to do by sending the spam in the first place) will drive the cost up for them (bandwidth etc.), so in theory at some point their action will be no longer profitable and they will stop.

Except that these sites are mighty likely to be living on hacked machines spammers don't pay the bill for in the first place.

Re:This is how the world works actually. (0)

Anonymous Coward | more than 9 years ago | (#13143533)

"Tit for Tat" is not just a good strategy in game theory, it is the foundation for cooperative behavior. If someone gets smacked in the face every time the hit someone else, they sooner or later try less painful methods of interacting.

Of course spam fighters find this innapropriate (5, Insightful)

NeedleSurfer (768029) | more than 9 years ago | (#13143234)

The plan has been criticised by other anti-spam workers who say it amounts to vigilantism.

Have you noticed that everytime a brilliant solution arise, a solution that seems just right and appropriate. A solution that would maybe not stop but at least truly hinder spam or virii and stuff like that, security firm says its a bad idea, its vigilantism and crap like that. Who cares if its vigilantism, it works and thats all that count. The fact of the matter is that none of these company want virii gone or spam dead, they want to sell you stuff that gives you the impression its doing something usefull about it. deleting spam, filtering it, scanning for virii and removing the well known ones, it just doesnt do crap about the problems... retaliating might, so facing a technique that could work the "spam fighters" dismisses it...

Re:Of course spam fighters find this innapropriate (1)

ebuck (585470) | more than 9 years ago | (#13143402)

If you want all viruses gone, then you just need to destroy all the hosts. It hardly matters if that host is biological or computer.

The problem with solutions that "just work" is they often don't solve anything, they just replace a problem with a new problem because they are not well thought out. That's where the catch phrase "just works" comes from, someone who didn't want to explain why, as the cure was worse than the disease.

VIRUSES, NOT VIRII! (0)

Anonymous Coward | more than 9 years ago | (#13143406)

VIRUSES, NOT VIRII!

Why the heck do people write "virii"?

Re:Of course spam fighters find this innapropriate (1)

Stauf (85247) | more than 9 years ago | (#13143506)

Have you noticed that everytime a brilliant solution arise, a solution that seems just right and appropriate. A solution that would maybe not stop but at least truly hinder spam or virii and stuff like that, security firm says its a bad idea, its vigilantism and crap like that.

This is hardly a brilliant solution. A spammer could send spam, that looks just like the spam of his competition, and he's got a free DDOS.

Also, most spam sites are brand new hosting accounts set up on legitimate hosts with an automated sign-up process - not necessarily related to their mail servers. This means a response like this could be expected to catch a whole lot of innocent bystanders in the cross-fire - people who's only crime was to be hosted by a certain company. (And don't try and blame the companies. All the anti-spam policies in the world don't protect you from users who only need access for an hour or two before they move on.)

Retaliating may help. But this is retaliation only insofar as it's a blind flailing of the limbs in the general direction of the spammer.

Re:Of course spam fighters find this innapropriate (0)

Anonymous Coward | more than 9 years ago | (#13143577)

There's a problem though: You will be able to DDOS someone by sending spam pointing to his homepage.

Unreflected retaliation can do more damage than good (*cough*Iraq*cough*).

Catch a clue (5, Insightful)

DynaSoar (714234) | more than 9 years ago | (#13143236)

A vigilante is someone who usurps ot assumes power or authority from where it rightfully
exists.

Now, show me an elected or appointed spam cop that this is taking authority away from. There is none. Don't even bother to pretend ISPs fulfill this role. Their role is to keep customers. Some do better than othres at cleaning the trash, but none can act beyond their boundries.

And speaking of boundries, that's where your anti-spam laws stop. And that's as it should be.

This is the emergence of a regulatory force in the absence of any. That is not vigilantism. The net should police itself, including the dirty work. If it doesn't, someone will.

Re:Catch a clue (2, Interesting)

Trailwalker (648636) | more than 9 years ago | (#13143352)

A vigilante is someone who usurps ot assumes power or authority from where it rightfully exists.

Other way around. Vigilantes arise when there is no authority, or when authority is corrupt and part of the problem.

The ultimate responsibility for protection lies with the community. As circumstances warrant, they may establish a police force to do this, or if police are powerless, do whatever is necessary themselves.

It is seemingly forgotten that governments, and the services they provide, are established by communies to serve those communities.

People who take advantage of lawless conditions can expect no protection from those they harm.

Let's get it done and over with... (3, Interesting)

tamnir (230394) | more than 9 years ago | (#13143237)

Your post advocates a

(x) technical ( ) legislative ( ) market-based (x) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

(x) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
(This time the spammers will be doing the filtering, and that will be quite easy [captcha.net] for them.)
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Re:Let's get it done and over with... (2, Insightful)

ZorbaTHut (126196) | more than 9 years ago | (#13143285)

Also missing . . .

(x) Anyone could anonymously destroy anyone else's career or business

(x) Joe jobs and/or identity theft

(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
(x) Countermeasures should not involve sabotage of public networks

Re:Let's get it done and over with... (0)

Anonymous Coward | more than 9 years ago | (#13143297)

where did this stupid ass list come from?

Replies (2, Informative)

rbarreira (836272) | more than 9 years ago | (#13143357)

(x) Requires immediate total cooperation from everybody at once

What? No it doesn't.

(x) Laws expressly prohibiting it

Couldn't it be called self-defense?

(x) Eternal arms race involved in all filtering approaches
(This time the spammers will be doing the filtering, and that will be quite easy for them.)

Cool! Let THEM start sweating around trying to protect their sites for once. How cool is having a spammer deal with the same kind of shit that they spread around?

(x) Extreme profitability of spam

That doesn't mean this can reduce their profits, which is always good.

(x) Feel-good measures do nothing to solve the problem

That's just an opinion, not a fact, at least in this particular case.

Re:Let's get it done and over with... (4, Interesting)

ozmanjusri (601766) | more than 9 years ago | (#13143365)

A couple of years ago I submitted a request to the Thunderbird team to include a button which would do exactly this. I still believe it's a good approach, although an Outlook plugin would probably be more effective.
I'll try to address some of your objections, but I think you missed the main one;

(*) Joe jobs and/or identity theft

I've had to deal with dozens of Joe jobs every year, and I'll have to deal with dozens more every month for the forseeable future. It's already so bad, a few more won't make it significantly worse.

(x) Requires immediate total cooperation from everybody at once

No, even a few thousand false records in a spammers database would be enough to increase their costs. That's the goal here, and while more would be better (especially if the company which hired the spammer is paying per response), it's a step in the right direction.

(x) Laws expressly prohibiting it

None.

(x) Eternal arms race involved in all filtering approaches (This time the spammers will be doing the filtering, and that will be quite easy for them.)

It will reduce their profits. That's good.

(x) Extreme profitability of spam

This will reduce it.

(x) Feel-good measures do nothing to solve the problem

Doing nothing will achieve even less.

(x) Sorry dude, but I don't think it would work.

It doesn't have to, at least not by itself. Spammers are just another in a long line of parasites humanity has had to deal with over the years. We're winning more often against most of our parasites, but rarely do we ever eliminate them completely. Spammers are winning now, they're a plague on the internet. Getting them under control in the way we have lice or fleas under control is a process, not a once-off event. This will be one control out of many.

Re:Let's get it done and over with... (1, Insightful)

Anonymous Coward | more than 9 years ago | (#13143389)

Your list is easily defeated, especially if this service is offered as a browser-based plug in:

(1) Person receives spam (preferably this should be through a 'fake' email address, so that they're willing to respond to the email)

(2) Person forwards spam to service through browser-based submission

(3) Service scans spam for URL of website or order page, and matches it against a human-investigated list of spam websites, or if there is no match, places the spam into a queue for investigation (with duplicates screened out by the aforementioned URL)

(4) Service returns confirmation, offering a button that forwards the user to the spammer's order page and pre-enters the order/complaint

(5) User performs any image recognition task that the spammer may devise

(6) User submits the email

-----

This does not require everyone to cooperate at once, since the spam reply rate is anecdotally so low, it just requires more people to respond with junk than respond with genuine orders.

This becomes a filtering war, but it's a war between two companies, not one company and ten million individuals who are just sitting back and taking it.

It chews up staff time. Staff time is expensive. Spamming becomes much less profitable as it becomes much more labor intensive.

and what if it says (1)

a.d.trick (894813) | more than 9 years ago | (#13143240)

From: Spammer To: The_Spammed Hilarity ensues. I'm kind of out of loop, cause I haven't had any spam in ages, but I would assume that most spammers don't use an address of theirs in the From header.

Re:and what if it says (2, Insightful)

DogDaySunrise (829682) | more than 9 years ago | (#13143275)

FTA: The plan is to fill order forms on spam websites...

No 'From' header required...!

A pedant writes (0)

Anonymous Coward | more than 9 years ago | (#13143295)

The (rfc2822 [ietf.org] ) "From header" is part of the message, not to be confused with (RFC2821 [ietf.org] ) "envelope sender" or "reverse path". Both of these could be spoofed in a spam but the http uri for the products they are advertising will always point to a webserver that costs the spammer practically nothing or has been compromised.


A complete waste of time.

Who was stupid enough to fund this nonsense? (5, Interesting)

Arrogant-Bastard (141720) | more than 9 years ago | (#13143257)

Unbelievably stupid. Or, as Mitch Wagner observed:

And even he doesn't cover all the problems; for example, as everyone with the slightest clue about spam has known for years, responding to the spammer in any way is absolutely idiotic.

But since the people involved in this company have no anti-spam credentials, no track record of involvement, and no clue how their "counter-attacks" will be neatly retargeted (surely nobody is naive enough to believe that spammers will sit still for this?) I can't say I'm surprised. This is merely the latest bonehead idea in a long series (e.g. challenge-response, callbacks, SPF, etc.) of bonehead ideas put forth by people who have clearly failed to comprehend even the rudimentary aspects of the spam problem...or who have, but simply do not care about the conequences for everyone else as long as they can selfishly "solve" their part of the problem.

I've already blacklisted the company behind this tripe and null-routed their address space. I recommend the same for everyone else. There's simply no place on the Internet for those who want to profit from our collective misery by making it worse.

Re:Who was stupid enough to fund this nonsense? (1)

DogDaySunrise (829682) | more than 9 years ago | (#13143298)

This isn't about spamming the spammers - it's an attempt to grind the websites spammers get paid through to a halt.

If nobody can buy their product, they can't make any money, right? The motivation for spamming in the first place becomes redundant.

Since we can't find the bastards to collect even after a successful suit, this may be the only way to hit back where it hurts...

However... I completely disagree with the methodology. It's far too easy for the spammers operating the sites to redirect this attack to legitimate websites, where it'll fall foul of the law in a way that it'll be accountable.

Re:Who was stupid enough to fund this nonsense? (2, Interesting)

InfraRED (18385) | more than 9 years ago | (#13143451)

the biggest problem with this may be that it opens yet another attack vector to you

Re:Who was stupid enough to fund this nonsense? (0)

Anonymous Coward | more than 9 years ago | (#13143549)

This isn't about fighting spam. It's about getting the strategic ability to DDOS anyone in the world, and getting someone else to pay for it. I'll bet this company gets a shitload of under the table "government contracts" for their idea.

keen observations from BBC (1)

wormuniverse (818854) | more than 9 years ago | (#13143262)

From the article: "If you have an e-mail account you get spam"

Re:keen observations from BBC (1)

Rosco P. Coltrane (209368) | more than 9 years ago | (#13143399)

Even more astute: if you have spam, you have an e-mail account.

Re:keen observations from BBC (1)

wormuniverse (818854) | more than 9 years ago | (#13143413)

I am sure Hormel would take exception to that.

We Need a Noticeboard (1)

artson (728234) | more than 9 years ago | (#13143272)

I don't have a problem with doing harm to those who employ spammers. It would be nice to have a public noticeboard giving the URLs of entities who pay spammers for driving traffic to their sites. I'm not advocating that we collectively attack the spammers or spam employers, just let's see their names, the same way they show the names of the guilty on the crime page of the newspaper. Leave the action to the public. In some cases, I imagine that it would actually drive shopping traffic figures up. In others, the results might not be so ... salubrious.

Re:We Need a Noticeboard (1)

SuperWebTech (901620) | more than 9 years ago | (#13143390)

Check out ROKSO on Spamhaus [spamhaus.org] .

Spam Haters Given Right of Reply (5, Insightful)

wljones (79862) | more than 9 years ago | (#13143274)

This is an old pattern. The bad guys (Spammers this time) inflict themselves on the public. Authority is asked to help, but cannot or will not do so. Victims then search for their own solutions. Authorities see their monopoly threatened and cry,"Vigilantes!" The authorities, whether government or private concerns, feel they have more to gain protecting their monopoly than by fighting the problem, and victims are an easier target than organized thugs. Notice that their protests against the victims do not offer a better solution, only name-calling and threats.

Excellent for therapy and anger management (1)

Shadez666 (736779) | more than 9 years ago | (#13143279)

It may not work the way it is intended to but it will make me feel better to be able to do *something* Let the fun begin!

Actually it might work (0)

Anonymous Coward | more than 9 years ago | (#13143287)

The reason is this: To make money, spammers have to read and process replies. If 50% of the spams produced a reply useless to the spammer, the actual profitable replies would be lost in the noise. There's no way they could afford to pay someone to read all the useless replies looking for the ones that actually want to buy the product.

The message could be generated by your spam filter. "We're sorry, your email message was filtered as spam and not delivered. If your message is legitimate, please reword it and try again." You would need enough different messages that the spammers could not apply their own spam filters of course.

Same as the (2, Insightful)

jurt1235 (834677) | more than 9 years ago | (#13143294)

1. DOS on spammers proposal: http://it.slashdot.org/article.pl?sid=05/07/18/121 4226&tid=111&tid=1 [slashdot.org] ;
2. The, I believe english, innitiative to reply on spam by going to the websites and not buy anything (1/3 of users responds on spam advertising: http://it.slashdot.org/article.pl?sid=05/03/23/238 205&tid=95&tid=111 [slashdot.org] )

Somehow I do not feel like going after these spammers at all, but more for just better working ISPs to disconnect bots of the net, and disconnect spammers of the net.

Re:Same as the (1)

Konerak (902066) | more than 9 years ago | (#13143320)

Hmmm.. so I send some fake spam mails in name of a concurrent company and they get DDoSsed by antispam people? Woot! Black Cat Agency, away!

I just won't buy anything from them (3, Insightful)

hydrino (131216) | more than 9 years ago | (#13143304)

What an idea!
Why OH WHY do people buy from them?

Re:I just won't buy anything from them (1)

wormuniverse (818854) | more than 9 years ago | (#13143354)

because my grandparents have email addresses.

Re:I just won't buy anything from them (1)

msim (220489) | more than 9 years ago | (#13143370)

1) they are stupid
2) because they don't see it as wrong to get their poison loaded Vi@g----Ra this way.
3) see 1)

Re:I just won't buy anything from them (0)

ZeroExistenZ (721849) | more than 9 years ago | (#13143425)

I think the correct answer would be;
"because they have small genitalia [has-a-small-penis.com] ".

Did I win!? Did I win?



Mental note: Check AC box.

Heh (1, Insightful)

Dunbal (464142) | more than 9 years ago | (#13143313)

The plan has been criticised by other anti-spam workers who say it amounts to vigilantism.

What's wrong with vigilantism?

A person who has been wronged has the right to be redressed.

The theory behind a civilized society is that this redress cannot be undertaken personally, but must go through proper channels (law enforcement, the court system, etc).

The practice is that no state in the world is currently capable of enforcing all of its laws and punishing all offenders. There aren't enough courtrooms, hours, resources or jail cells. So people's right of redress has been taken away, and criminals can get away with their behaviour. That's not right.

Give some authority back to the people through vigilantism and you will see a dramatic drop in antisocial behaviour. Oh sure, it will be abused. Just as the current system can also be abused. But if you spam me and my buddies get to go to your house and beat the crap out of you, you will think twice about that line of business in the future. Word gets around.

Re:Heh (0)

Anonymous Coward | more than 9 years ago | (#13143445)

vigilantism- Hey, it worked for Batman

I do something similar to phishing attempts (1)

StrayJay (228526) | more than 9 years ago | (#13143328)

Whenever I get a phising e-mail, I go to the website that the e-mail directs me to, and fill out the forms with data that I make up. I even memorize (or jot down) what I enter in each field, because some phishing attempts claim I made a typo and ask me to fill out the form again --I guess this is an attempt to make sure I'm entering actual data.

When enough people do this, it 'drowns' the credit card numbers and identification codes from people who are too gullible to know that their banks would NEVER invite them to update their data this way.

Re:I do something similar to phishing attempts (1)

Yorkshire (263318) | more than 9 years ago | (#13143545)

some phishers are already wise to this and actually test your submitted details against paypal/ebay in realtime

Fully justified (5, Interesting)

VGR (467274) | more than 9 years ago | (#13143331)

I have my doubts about whether this will actually work, but I'm not sure it matters.

I just think getting thousands of complaints should be the natural result of pissing off thousands of people.

The psychopathic behavior of a spammer wouldn't be tolerated for an instant if he were face-to-face with his victims. Try attending a ballet or opera, and yelling "I have cheese in my butt!" at top volume.

Whether it works or not, what Blue Sec is doing should be an expected inconvenience of spamming. Even if it just causes spammers to set up their own filters, at least it will weed out some would-be casual spammers.

Why not... (0)

Anonymous Coward | more than 9 years ago | (#13143396)

Why not just save all the spam you get and script out forwarding it all to them to let them know all the different types of solicitation you do not wish to receive? True, it will be a tad redundant, but hey, you don't have the time to weed all that crap out! After all they are the ones getting paid to deal with this stuff.

Can give it but can't take it? (1)

erroneus (253617) | more than 9 years ago | (#13143404)

I don't know why we talk so much about vigilantism. Okay, it's "wrong" and all. But let's dismiss the discussion and look at it from another angle.

These jackasses are making millions by pissing off hundreds of millions of people using means clearly designed to skirt protections from their crap. They are armed, in essence, with internet assault weapons. Why shouldn't we see if their defenses are as strong as their offense?

I call BS on the other spam worker claim. (4, Interesting)

PotatoHead (12771) | more than 9 years ago | (#13143429)

How exactly is this different from a bunch of people just filling out bogus information?

Answer: It isn't.

If a significant percentage of us, just did this, the spammers would be hurt by rising costs and sharply reduced product value proposition. (leads)

This company is just making that easier.

No harm, no foul.

Unless you are the spammer making money off of shared resources without giving anything back that is...

I hope this works and it catches on. I would use this service in a minute.

Want to cut down your junk mail? Spend a few days each month filling their postage paid envelopes with their competetors offers and other interesting bits you can stuff in there. For those little card things, fill 'em out with crap.

People have done this for years and this spam service is no different than hiring somebody to send crap data for you.

John Levine being paid off. (0)

Anonymous Coward | more than 9 years ago | (#13143443)

There has been talk that
John Levine is being paid off buy the spammers, and I mean LOTS of cash.
One of his charges,who he gives a percentage to, evidently spilled the beans by accident at a party.

Given Right? (1)

Mensa Babe (675349) | more than 9 years ago | (#13143458)

I know a guy [thespamletters.com] who's been replying for years. And unlike this moronic idea, he's damn Funny.

Vigilantism?!?! (1)

codesurfer (786910) | more than 9 years ago | (#13143461)

"It's the worst kind of vigilante approach," Mr Levine told the AP news service. "Deliberate attacks against people's websites are illegal."

To be honest, I'm not that concerned with the rights of spammers. Although there are some problems with this approach, it may have have the desired effect to a certain degree...have at it!

from spam to worse (1)

rhendershot (46429) | more than 9 years ago | (#13143477)

from the article:" A software program downloaded by those signing up then visits the spammers' websites and fills in any online order forms it finds with complaints about the unsolicited mail."

I don't think so!

"Other Anti-Spam Workers"? (5, Informative)

Caveman Og (653107) | more than 9 years ago | (#13143484)

Sheesh! Slashdot has gotten really lame.

"Other anti-spam workers" is none other than John Levine, Ph.D [johnlevine.com] , co-author of the BEST SELLING INTERNET BOOK OF ALL TIME (I kid you not) "The Internet for Dummies" (Now in its ninth edition). Some of you cretins need to read it.

In Commonwealth of Virginia v. Jeremy Jaynes [pcworld.com] Dr. Levine served as an expert witness for the prosecution. His testimony helped send Jaynes to prison for nine years.

At the second annual Conference on Email and Spam [www.ceas.cc] Levine presented a technical paper on his experiences with greylisting [www.ceas.cc] .

Dr. Levine is the chair of the IRTF Anti-Spam Research Group [asrg.sp.am] . He's a founding member of the Coalition Against Unsolicited Commercial Email [cauce.org] . He runs the Network Abuse Clearinghouse [abuse.net] .

"Other Anti-Spam Worker" indeed.

Take a good look at Blue Security's product. I think you'll see that it's little more than an HTTP DDoS tool. BlueSecurity claims that it's okay to DDoS spammers, and that they make very sure that only spammers are DDoS'd (although their careful not to call what they do a DDoS).

I'm given to understand that they moved their hosting to Israel when Verio terminated their service for violations of Verio's acceptable use policy. Verio doesn't allow folks to host denial of service tools on their network (nor will any normal ISP do so).

Someone should ask BlueSecurity about their legal threats against Everyone's Internet for attempting to do the same.

These are not nice people. The only difference between them and the normal crop of script-kiddie miscreants, is that they have found venture capital.

Is it me (4, Insightful)

I_redwolf (51890) | more than 9 years ago | (#13143517)

Or whenever someone speaks about standing up for themselves or protecting ones self. It amounts to some form of vigilante act or "Oh GEEBUS!! No, thats not the way to handle it!!!" It's in line with modern day cops. Sure, we'll make an attempt to protect you but if someone robs you or tries to physically harm you. The best thing to do is just give them your money or try to run away; the last thing you should do is try and protect yourself.

I'm sorry to all the SpamProtectors out there but you have been ineffective. You've done nothing to protect the people who need it. Your tools are always one step behind. Seemingly asking one to not retaliate should come from the lips of others. Not you, one with vested interest in Spam. If there is no more Spam, there is no more SpamProtector. You will be out of a job and thats what you should be striving for.

Now, i'm not recommended vigilante acts meaning putting a hot orange in ones eye socket or random acts of grotesque violence. However, I see nothing wrong with complaining or disabling a Spam server to protect not only myself but others who aren't able to protect themselves from this problem.

1. The government has continously failed us
2. You the Spam Protector has failed us
3. Everything to date has FAILED.

You then turn around and ask the honest abiding citizens to continue to be run over the coals at the expense of SPAM?

Not today or tomorrow, so you could kiss my ass. The way I see it, the more vigilantes the better. At the very least they have not failed us and have taken the fight right to the spammers doorstep.

They seemingly understand that the only way to win a war, is to fight one. The spamprotectors seemingly remind me of the weapons dealers who play both sides. You're as bad as the spammers.

So; Cheers! To all the vigilantes out there standing up for the little guy and even the not so little guy! You are welcome round these parts anyday.

Couldn't We Just... (1)

Greyfox (87712) | more than 9 years ago | (#13143537)

Enact a law making harvesting of their organs legal? Spammer organs might taste like spam, but they're STILL organs!

Almost a dup (1)

surprise_audit (575743) | more than 9 years ago | (#13143539)

Near enough a dupe of this article [slashdot.org] , I think...
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>