Lessig On Bounties For Spamhunters 317
An anonymous reader submits: "Digital rights (as in yours, not the RIAA's) guru Lawrence Lessig comes up with a Swiftian idea of how to fight spammers -- $10,000 for the first ubergeek to hunt the offender down. The column is at CIO Insight. Wonder if it'll reach its audience there."
This problem cannot be solved! (Score:4, Insightful)
Just like the Nigerian money scam, so long as people continue to fall for it, it will continue to circulate. Blacklists and other technology solutions will never be able to keep out all the spam. Legislation will never be effective against it. The only way to make it die is for people to stop buying from it and so far, it seems that there are far too many people who are insecure about their penis size for the spam to stop.
One small flaw... (Score:5, Insightful)
So, Company ABC doesn't like the competition of Company XYZ. Company ABC makes up a dummy spam email advertsing Company XYZ's products and spams a few million addresses (with an easy-to-find return address for XYZ). Company XYZ, unable to prove that they are innocent, pays the $10k.
I assume Lessig's scenario would have to use a guilty-until-proven-innocent scheme, as it would be as ineffectual as the rest of the laws/anti-spam filters if it were the other way around. To prove someone guilty of spamming, you'd need logs and other evidence from their computers - not easy to get without search-and-ceisure permits. Anything less than that is too easy to duplicate from a malicious hacker's perspective.
As annoying as spam (Score:4, Insightful)
Sites like these shouldn't be linked to by Slashdot.
it's a stretch to claim that spam is a right (Score:4, Insightful)
having said that, it's also clear that having a way to identify the source of a potential spam would create serious privacy concerns - what's to stop that method from being used to identify the source of any email? nor does "identifying the spammer" seem to be as useful as "marginalizing the spammer" - i.e. making sure that spammers are likely to have to pay so dearly that it's not profitable for them. strictly speaking, we may not need to identify them to achieve this result.
so what we really need is a way to marginalize real spammers without sacrificing others' privacy rights in the process.
RBL bad? (Score:4, Insightful)
I think good laws would add to the effectiveness of the RBL, don't get me wrong. But to hear the spammers tell it, the RBL has made their cost of business much higher, so I wouldn't say it is a detriment.
Re:One small flaw... (Score:2, Insightful)
A bigger problem I see is some kind of sense of proportion. Most businesses perform some kind of cold calling. Seems to me like if you sell, say, emergency powergenerators, and you send personalized email to the three businesses in your town who might be potential customers, thats a lot different from sending 2M "enlarge your penis" mails to a database of emails you bought off some other spamming mofo.
Re:uhh, missing something here (Score:1, Insightful)
1- "recover the actual monetary loss suffered by that provider by reason of that violation"
2- "fifty dollars ($50) for each electronic mail message initiated or delivered in violation of this section, up to a maximum of twenty-five thousand dollars ($25,000) per day"
There is no maximum on the first option. If they have greater than $25,000 in damages, thats what they collect.
Re:This problem cannot be solved! (Score:2, Insightful)
Re:uhh, missing something here (Score:5, Insightful)
That part of the law is severely broken. They hit the $25,000 cap after the first 500 spams per day. The bigger spammers send MILLIONS of spams per day. At 1 millions spams per day the fine is 2.5 cents per spam, and at 10 millions spams per day the fine is one-fourth of a cent.
As they can crank up the volume of spam the fine approaches zero. The fine becomes an acceptable cost of doing bussiness.
Before anyone replies to point out the phrase "whichever amount is greater", that phrase reffers to proving "actual monetary loss suffered" which aint gonna happen.
-
What an asshole (Score:5, Insightful)
This is bullshit, and he knows it, but he has to exaggerate and distort the truth in order to highlight his fashionable Bounty idea.
I inadvertedly ran an open relay and quickly ended up on Ordb [ordb.org], and rightfully, I might add. My mail server logs had this nice explanation given in the error message from other servers, complete with a helpful link explaining how to fix and get delisted (fix your server, resubmit its IP for checking, get automatically removed).
3 hours and a sendmail.cf later I was back with the good guys, and had this nice warm feeling
this question's already been answered (Score:1, Insightful)
honestly, the question is valid, but I think the answer is that actually spam itself is an invation of privacy.
On the one hand, isn't it safe to assume that the spammer got my e-mail address through a breach of my privacy?
Re:This problem cannot be solved! (Score:2, Insightful)
The fact is I get junk mail, phone calls, and email. These cost me almost no money directly. It costs the phone company, post office, and ISP money. The phone company and post office are remunerated through charging higher fees. I assume, due to the lack of concern from ISPs that they are also remunerated for their costs.
Don't believe me, let's look at the facts. I get a spam message with a forged Hotmail or Yahoo address. I send a note to this effect. I receive a reply saying that the address if forged and there is nothing they can do. I look up the address of the spammers site and send a note to everyone all the up to NetSol or RIPE. I invariably get a not back saying that the registrars are only responsible for the registration and not the content.
As always, the truth is found by following the money. If spam was a real money losing issue, such as music piracy, the industry would be all over it. However, all we get are public relation solutions such as spam filter and denial or responsibility. I think the truth is obvious. There is way too much money to be made with spam on all levels to let it go.
RBL NOT VOLUNTARY (Score:1, Insightful)
In these days of high turnover in data centers, it is not uncommon to get an address that is on the list from someone else's abuse. Not to mention the fact that the RBL in particular has been known to make mistakes about what an "open relay" is - for a while every postfix installation was labeled as an open relay, simply because that software would "accept" relay messages, but then immediately trash them.
Furthermore, the RBL is NOT voluntary for the end user. Clueless sysadmins make the choice and rarely inform the users.
Ask any CEO, salesperson or small business man and they will tell you that they'd rather get 1000 spams a day than potentially miss one legitimate customer email.