Forgot your password?
typodupeerror
Government Security United States News IT

Could Fake Phishing Emails Help Fight Spam? 296

Posted by Soulskill
from the hello-sir-madam dept.
Glyn Moody writes "Apparently, the US Department of Justice has been sending out hoax emails to test the security awareness of its staff. How about applying a similar strategy to tackling spam among ordinary users? If fake spam messages offering all the usual benefits, and employing all the usual tricks, were sent out by national security agencies around the world, it would select precisely the people who tend to respond to spam. The agencies could then contact them from a suitably important-looking government address, warning about what could have happened. Some might become more cautious as a result, others will not. But again, it is precisely the latter who are more likely to respond to further fake spam messages in the future, allowing the process to be repeated as often as necessary. The system would be cheap to run — spam is very efficient — and could use the latest spam as templates."
This discussion has been archived. No new comments can be posted.

Could Fake Phishing Emails Help Fight Spam?

Comments Filter:
  • by patjhal (1423249) on Monday February 02, 2009 @10:56AM (#26694155)
    And the government spam could bilk the gullible out of money just like real spam. They could lower regular taxes by creating this stupidity tax. Also the DOD could spread viruses on this government spam that take over machines to use in web war. And no need to keep it local, it could be worldwide.
  • by mindstorms (788968) on Monday February 02, 2009 @11:05AM (#26694247)

    Your post advocates a

    (x) technical ( ) legislative ( ) market-based ( ) vigilante

    approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    ( ) Spammers can easily use it to harvest email addresses
    ( ) Mailing lists and other legitimate email uses would be affected
    ( ) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    ( ) It will stop spam for two weeks and then we'll be stuck with it
    (x) Users of email will not put up with it
    ( ) Microsoft will not put up with it
    ( ) The police will not put up with it
    ( ) Requires too much cooperation from spammers
    ( ) Requires immediate total cooperation from everybody at once
    ( ) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business

    Specifically, your plan fails to account for

    ( ) Laws expressly prohibiting it
    ( ) Lack of centrally controlling authority for email
    ( ) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    (x) Asshats
    (x) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    ( ) Huge existing software investment in SMTP
    ( ) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    ( ) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    ( ) Extreme profitability of spam
    ( ) Joe jobs and/or identity theft
    (x) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    ( ) Dishonesty on the part of spammers themselves
    ( ) Bandwidth costs that are unaffected by client filtering
    ( ) Outlook

    and the following philosophical objections may also apply:

    (x) Ideas similar to yours are easy to come up with, yet none have ever
    been shown practical
    ( ) Any scheme based on opt-out is unacceptable
    ( ) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    ( ) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    ( ) Countermeasures should not involve sabotage of public networks
    ( ) Countermeasures must work if phased in gradually
    ( ) Sending email should be free
    ( ) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    (x) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    ( ) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough

    Furthermore, this is what I think about you:

    (x) Sorry dude, but I don't think it would work.
    ( ) This is a stupid idea, and you're a stupid person for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your
    house down!

  • Perhaps (Score:3, Funny)

    by lord_sarpedon (917201) on Monday February 02, 2009 @11:05AM (#26694249)

    Perhaps they could hire some kind of outside contractor - with an extensive botnet and lots of spam-sending experience - at some ridiculous fee! I'm sure with significant compensation, these professionals could be convinced to spam the DoJ.

    In all seriousness, all this will do is make a certain few people very very sad inside when they see just how easy it is to fool the common deskmonkey, and just how much info you can get. At best, some of those certain few people will become motivated to make it their profession...

  • by Hatta (162192) on Monday February 02, 2009 @11:15AM (#26694375) Journal

    The only effective thing would be to actually delete all the users files and never give them back. Humans only really learn from cause and effect. Simulations rarely teach them.

    Fire them all after the 2nd time. The survivors would warn the new hires.

  • by CompMD (522020) on Monday February 02, 2009 @11:28AM (#26694547)

    The real solution is to simply tell all respondents that they have won an all expense paid vacation. Send them some fake e-ticket to print out and tell them where to go, and then just put them all on a rocket to the sun. Problem solved.

  • And a lot of times children eat dirt because they're mineral deficient [drgreene.com], not because they're stupid.
  • by B3ryllium (571199) on Monday February 02, 2009 @11:36AM (#26694683) Homepage

    "Congratulations! By responding to this test email, you've received an IRS coupon for a FREE TAX AUDIT. Enjoy!"

    That's one way to teach them. Granted, it's a bit Pavlovian, but ... if it works, it works.

  • by IBBoard (1128019) on Monday February 02, 2009 @11:42AM (#26694769) Homepage

    You mean it'll make people salivate for food at the sound of a bell if they get a tax audit? Now that's some crazy conditioning!

  • by lorenzo.boccaccia (1263310) on Monday February 02, 2009 @11:43AM (#26694781)
    die, you filthy linux kernel mailing list, die!
  • oblig (Score:2, Funny)

    by LunarCrisis (966179) on Monday February 02, 2009 @11:48AM (#26694841)

    Spam is like XML, if it doesn't solve the problem, use more.

  • The "good" spam is sort of like a public education campaign about STDs.

    Ooh, terrible metaphor. By that logic, this "good" spam would be like the government having unprotected sex with people to identify who needs to be educated about proper condom use.

  • by oldspewey (1303305) on Monday February 02, 2009 @11:55AM (#26694945)
    Now that's what I call a stimulus package!
  • by Hordeking (1237940) on Monday February 02, 2009 @11:59AM (#26695025)

    Can you come up with a protocol that will not allow a zombie box to, as you say, authenticate properly?

    RFC 3514 [wikipedia.org] does propose a solution to this sort of thing...

  • by srussia (884021) on Monday February 02, 2009 @12:26PM (#26695391)
    Catch-and-Release
  • by hobbit (5915) on Monday February 02, 2009 @12:27PM (#26695401)

    No, because your metaphor doesn't take account of the fact that the proposed solution causes a lot of spam to be sent.

    It's more like that the condom police just have sex with you bareback, and afterwards they say "okay well this time it was just genital warts... next time it might be AIDS".

  • by qreeves (1363277) on Monday February 02, 2009 @01:08PM (#26695987) Homepage

    "Give a man a phish, and he'll eat for a day. TEACH a man to phish and he'll eat for a lifetime."

    Sorry, terrible pun I know, but it is true; the only way to fight this sort of thing is to make people more aware of it in the first place, knowledge is power. Personally, I think they're at least trying the right thing. My concern is the automatic filtering of "spam" messages done by some ISP's and mail services (especially gMail), and how it will interfere with the success of something like this.

  • by AlXtreme (223728) on Monday February 02, 2009 @01:21PM (#26696179) Homepage Journal

    You'll never get rid of spam until all the dirt-eaters and spam-responders get a dose of common sense, and that'll never happen.

    Two birds, one stone: force all the spam-responders to eat dirt!

    It might not solve the spam problem, but at least we could get a laugh out of it. Hell, you could make a TV show out of it.

    Oh wait, a metaphor? Never mind...

  • by Anonymous Coward on Monday February 02, 2009 @01:47PM (#26696625)

    Rockets to the sun are expensive.

    Just send them an e-ticket to print that has "I'm a terrorist" written on it somewhere. They are probably too dumb to check the ticket carefully, but when the try to get through security at the airport with that bogus e-ticket I'm sure they will learn a valuable lesson.

  • by Locke2005 (849178) on Monday February 02, 2009 @07:05PM (#26701165)
    Sending out spam to decrease spam is like having sex to increase virginity.

There are running jobs. Why don't you go chase them?

Working...