Lessig On Bounties For Spamhunters 317
An anonymous reader submits: "Digital rights (as in yours, not the RIAA's) guru Lawrence Lessig comes up with a Swiftian idea of how to fight spammers -- $10,000 for the first ubergeek to hunt the offender down. The column is at CIO Insight. Wonder if it'll reach its audience there."
How much... (Score:5, Funny)
Related point: (Score:2)
This is big business...with only slightly more positive moral compunctions than drugs.
Re:How much... (Score:5, Informative)
Nothing. The spam doesn't come from Hotmail. Spammers forge hotmail.com dropboxes into the headers, but typically spam through dedicated machines hosted by spam-friendly providers.
If someone were to go apeshit with a SuperSoaker full of saline solution in ELI.NET's or Level3's datacenter, for instance, your load of inbound spam would probably decrease substantially.
There are some "ISPs" allegedly in Mexico and Brazil (but hosted via US-based backbones) that are no more than spammer fronts.
Re:How much... (Score:2)
Some of it does. Hotmail likes to send its users MSN spam about once a month.
Re:How much... (Score:2)
Is this true? I thought it was commonly known that if you create a hotmail account with a suitably obscure name xyxxaqqf2, and use it for nothing, and don't give out the address, you will receive spam (even after turning on hotmail's spam filters).
This is either caused by MS allowing or sending the spam, or selling the addresses of all accounts (which is just as bad).
Anyone know the true lowdown on this?
Re:How much... (Score:2)
Is this true? I thought it was commonly known that if you create a hotmail account with a suitably obscure name xyxxaqqf2, and use it for nothing, and don't give out the address, you will receive spam (even after turning on hotmail's spam filters).
When you sign up, the service will ask if you would like to be listed in the directory. Say no.
-a
Re:How much... (Score:2)
Or Qwest. A Qwest customer used Qwest's network to commit fraud, trespass, harassment and denial of service. Qwest's response was to give him a *WARNING*. Qwest openly tolerates criminal activity from their customers (Which shouldn't be surprising as Qwest has demonstratably engage in criminal activity in the past).
Re:How much... (Score:4, Funny)
Re:How much... (Score:2)
Re:How much... (Score:3, Funny)
Hotmail is not the problem (Score:2)
The real hotmail agressively fights spammers. I know, because I look at the unfiltered spam I receive (for submission to SpamCop and my private blacklist). Rarely do I get spam from hotmail IP addresses.
Re:How much... (Score:3, Funny)
well, it's a start (Score:4, Interesting)
Could someone explain this to me? (Score:2)
If they're sending these damn things out for commercial gain, at some point they have to get your money. They either have a website (which can be tracked down via the hosting ISP, DNS entries, shit - traceroute the bitch & call the next people upstream), or an address, or a phone number. That should get all of the stateside jackasses. Even the ones who host overseas can have the hurt put on them. They have to take credit cards or paypal or something. That means a paper trail & it means that Discover Card or Visa or whoever can lock them out.
All that leaves is chain mail (which is stupid, but sent by your buddies that you can tell to fuck off) and people after bank account info (such as Nigerian princes).
Honestly, why is it claimed to be so hard for spammers to be tracked down? For the average joe, yeah, it's hard. For those enforcing anti-spam laws it should be relatively easy (if a little tedious) to nab the majority. Can someone explain this?
Re:well, it's a start (Score:2)
Re:well, it's a start (Score:4, Interesting)
Because face it, most of these spammers are located in America even if they are going through Chinese relays and such.
I am sure someone will reply to this and give me 10 reasons why this will never work. But either way, its fun for discussion.
Take a lesson from astronomy (Score:5, Funny)
Bounty Application for BC (Score:2)
I'm pretty sure there'd be enough donations to make it well worth someone's time...
Re:Bounty Application for BC (Score:2)
The opposite is needed (Score:5, Interesting)
Re:The opposite is needed (Score:5, Funny)
tired of spam?
we am sure you are too! my government has agreed to pay the sum of $34,004,267 to help you fight these spam persons. yes, it sounds much too good. but yes, this is truth. if you would like to join the fight, we only need your bank routing number and complete address. we will soon win by helping you help us help you.
(Check out this article [slashdot.org] if you somehow miss the irony...)
Re:The opposite is needed (Score:2, Interesting)
After the 908'th offer for viagra, he'll either cave and buy it (and then hire an intern) or get pissed off and do something about it.
Stopping the filters on the accounts of people who know about Spam isn't going to do a goddamned thing. WE're already pissed off by it. It's the gov't officials whose email is pre-filtered, sanitized, and delivered for their viewing pleasure, who need to experience the deluge.
Better yet- remove their filters, and put their email addresses on the internet. Someplace like Slashdot.
-Sara
Privacy implications are dire (Score:3, Interesting)
I can see the sense in promoting our rights to privacy online, as michael and timothy (bless them) are wont to do, but then we see a sudden reversal. Sure, I guess it's a real pain when spammers send hundreds of unwanted messages over the Internet every day, but is offering a bounty to rob them of their right to privacy really the answer? This is just the government turning citizen against fellow citizen in a foul ploy to get us to turn in our rights to online privacy. Let's look at what's happened so far:
- Spammers send spam
- Geek gets pissed, deletes spam
Now that isn't that terrible, is it? Do we really need to go out and promote a database state and tie together all a person's Constitutionally private information into one big heap of spying and ratting out? I dislike spam as much as the next man, but I draw the line at violating others' online rights. It's a line nobody should be willing to cross.Re:Privacy implications are dire (Score:2)
there might be some concern about communications between a private person and a person acting on behalf of the government, but then again that's not what we're talking about.
to put it more directly: you've dressed up mr. strawman all cute-n-cuddly but ya know what? he's still a fucking bundle of straw. piss off.
it's a stretch to claim that spam is a right (Score:4, Insightful)
having said that, it's also clear that having a way to identify the source of a potential spam would create serious privacy concerns - what's to stop that method from being used to identify the source of any email? nor does "identifying the spammer" seem to be as useful as "marginalizing the spammer" - i.e. making sure that spammers are likely to have to pay so dearly that it's not profitable for them. strictly speaking, we may not need to identify them to achieve this result.
so what we really need is a way to marginalize real spammers without sacrificing others' privacy rights in the process.
Re:it's a stretch to claim that spam is a right (Score:2)
Re:Privacy implications are dire (Score:3, Interesting)
It wasn't so bad before, with spammers being blatent, but now that they are using more under-handed by disguising their addresses and subjects to look legit. Do you know how many times I've opened an e-mail that has a subject as just "hi" or "a quick question" and having some really disgusting porn pop up [goatse.cx] on my computer.
In short, a spammer does have a right to free speech, but that right ends where my right to not be harrassed begins. (yes, i know that the right to not be harrassed isn't a constitutionally protected right)
Re:Privacy implications are dire (Score:2)
I run Eudora 1.5.1 to avoid HTML and nasty javascript payloads like that. That maybe taking things a little far, but I like having a mail client that doesn't spread worms, and is able to hold an inbox of 8000 messages without crashing. On another note, I really need to take some vacation time and get through that backlog of e-mail...
Oh, and if you have shell access to your mail account, and procmail capability, consider installing Spamassassin. It catches 95% of the spam that comes my way, with maybe a
Re:Privacy implications are dire (Score:2)
I couldn't read HTML mail even if I wanted to!
Re:Privacy implications are dire (Score:2, Interesting)
Advertisers have no such right. They are legally obligated to both identify theselves and to truthfully describe the product they are selling
Violators of the rights of others have no such right. Both the government and the individuals violated have the right to use such information to seek a remedy.
Spammers gave up their right to privacy when they used my e-mail account (which I, not they, pay for) without my express permission. At the very least, as the rightful owner of the account and all e-mails therein, I should be free to distribute and use the information I have on spammers as I see fit.
"Spammer sends spam, Geek gets pissed, deletes spam Now that isn't that terrible, is it?"
Geek owns e-mail account. Geek pays for upkeep of e-mail server, be it directly or indirectly. Geek works for a living to pay for these luxuries. Spammers use other peopless property without either permission or compensation for personal gain.
Yes, it is that terrible
"I draw the line at violating others' online rights"
Huh? Do you work for a spammer or something?
Stop trying to sugar-coat this issue with words like "free speech" and "on-line privacy." Spam boils down to the even more basic right of property ownership. The First Amendment doesn't say you can spraypaint your speech on somebody else's wall. The Fourth Amendment doesn't prevent Blockbuster Video from requiring you to identify yourself before renting you their movies.
When you start violating other peoples' rights, including property rights, you "lose" many of your own. The owner of the property has the right to seek compensation from the violator and the government exists to help them. Suddenly, seizures like putting a lien on a spammer's car become "reasonable" in the eyes of the courts.
The only person's rights who have been violated are my own. If anything, the Fourth Amendment is on my side, guaranteeing my right to track down and bill/sue the spammers for using my personal effects unreasonably.
Re:Privacy implications are dire (Score:2)
1) Fraudulent
2) A Legitimate commercial offer
How do you extend a PERSONAL right of privacy to either of the above? If it's 1 it's illegal, and if it's 2 it's a business. Where's the personal privacy issue?
uhh, missing something here (Score:5, Interesting)
From California Spam law:
and
Very similar...
Re:uhh, missing something here (Score:5, Insightful)
That part of the law is severely broken. They hit the $25,000 cap after the first 500 spams per day. The bigger spammers send MILLIONS of spams per day. At 1 millions spams per day the fine is 2.5 cents per spam, and at 10 millions spams per day the fine is one-fourth of a cent.
As they can crank up the volume of spam the fine approaches zero. The fine becomes an acceptable cost of doing bussiness.
Before anyone replies to point out the phrase "whichever amount is greater", that phrase reffers to proving "actual monetary loss suffered" which aint gonna happen.
-
Re:uhh, missing something here (Score:2, Interesting)
That part of the law is severely broken. They hit the $25,000 cap after the first 500 spams per day. The bigger spammers send MILLIONS of spams per day. At 1 millions spams per day the fine is 2.5 cents per spam, and at 10 millions spams per day the fine is one-fourth of a cent.
IANAL, nor do I play on on /. . But I did notice that this is applicable to "any electronic mail service provider whose policy... is violated". Run your own mail server? Then you've got the right to seek civil damages. Unless you're getting in excess of 500 messages a day from a single source, you're not going to hit that cap. If the admin of every server the mail passed through sought damages the expenses mount up very quickly.
And realistically $25K a day is going to pay for a shitload of bandwidth in receiving that spam. Now I'm just waiting for the 1) Receive spam post....
Ferguson vs. Friendfinder (Score:3, Informative)
Oregon's Anti-Telemarketer Law (Score:2, Interesting)
After signing up, the number of unsolicited phone calls I get has dropped to zero.
First Caught Spammer (Score:5, Funny)
Re:First Caught Spammer (Score:2)
Re:First Caught Spammer (Score:2)
Triumph: Have you ever talked to a woman without first having to give your credit card number?
Re:First Caught Spammer (Score:2)
I installed the filters because of my two sisters and my mother. They simply refused to believe me when I told them to "stop sending me that shit!".
Another filter I'm considering but haven't gotten around to writing is one that counts the number of recipients and bounces if it is over a threshold. You know those emails. Sent to 200 people you don't know and BCC was not used (followed up by several dozen reply-all's from more clueless idiots).
Re:First Caught Spammer (Score:2, Funny)
This problem cannot be solved! (Score:4, Insightful)
Just like the Nigerian money scam, so long as people continue to fall for it, it will continue to circulate. Blacklists and other technology solutions will never be able to keep out all the spam. Legislation will never be effective against it. The only way to make it die is for people to stop buying from it and so far, it seems that there are far too many people who are insecure about their penis size for the spam to stop.
Re:This problem cannot be solved! (Score:2, Insightful)
Re:This problem cannot be solved! (Score:5, Interesting)
The only way to make it die is for people to stop buying from it
Not possible. Spam works at a response rate of 1 in 10,000. The general population contains a far higher rate of mental illness, senility, and retardation, not to mention just plain gullibility and stupidity.
To to missquote something P.T. Barnum never said, [historybuff.com]
The internet: a million suckers log on every minute.
It seems to me that the only solution will come by a switch over to a new E-mail system that can link a non negligible co$t to all E-mail, or just to offending E-mail. This could be done with crypographicly signed "stamps".
Would you be willing to attach 2 cents to each E-mail where the recipient of the mail gets the money? Send mail to your friend and he gets 2 cents, he send you mail and you get the 2 cents back.
The other proposal I saw has much more expensive stamps, from 32 cents up to a few dollars. In that plan you you can keep re-using your stamps unless the recipient "redeems" the stamp. The idea is that it is generally "rude" to redeem a stamp. If you get legitimate mail from a friend or stranger you do nothing and it costs the sender nothing, if you get spam or otherwise offensive mail you click a button to redeem the stamp and the sender is out the money.
-
email stamps (Score:2)
Put in some work-arounds where someone can email a list admin for permission to mail the list, etc.
Re:This problem cannot be solved! (Score:2, Insightful)
The fact is I get junk mail, phone calls, and email. These cost me almost no money directly. It costs the phone company, post office, and ISP money. The phone company and post office are remunerated through charging higher fees. I assume, due to the lack of concern from ISPs that they are also remunerated for their costs.
Don't believe me, let's look at the facts. I get a spam message with a forged Hotmail or Yahoo address. I send a note to this effect. I receive a reply saying that the address if forged and there is nothing they can do. I look up the address of the spammers site and send a note to everyone all the up to NetSol or RIPE. I invariably get a not back saying that the registrars are only responsible for the registration and not the content.
As always, the truth is found by following the money. If spam was a real money losing issue, such as music piracy, the industry would be all over it. However, all we get are public relation solutions such as spam filter and denial or responsibility. I think the truth is obvious. There is way too much money to be made with spam on all levels to let it go.
Re:This problem cannot be solved! (Score:2)
That or the spammer would have to make a million connections to send a million mails in a short period of time. Someone would notice.
Just my 2 cents (Score:3)
Re:This problem cannot be solved! (Score:2)
6 years x 75 spams/day = somewhere on the order of 164000 pieces of spam received.
Of all of those, I have purchased something based on a spam-ad exactly once. And that was a special offer (buy anything and we'll throw this in free) from a reputable retailer I was planning on purchasing from anyways. The spam didn't originate from the retailer but from an advertising/spamming service. When I made my purchase/order I stripped all the identifying information from the URL so that the spammer wouldn't get the commission anyways.
Where's the profit?
Disgusting. (Score:2, Interesting)
The author compares the bill that the RIAA bought to allow them to crack any box they want with the "spam vigilantes" that blacklist sites that don't obey "proper" e-mail etiquette and then by organizing automated boycotts of the sites on the list.
His explanation of the bill is Through his bill, these vigilantes would be granted immunity from liability as they deployed tools to hack peer-to-peer systems that they "reasonably believe" violate copyright laws. He compares the two as unaccountable processes that wrongfully victimize people.
He then proposes (drum roll) a law that spammers would have to follow, and a reward for geeks who catch them if they don't. Like they'll follow laws. Blacklisting servers is better; it slaps the stupid admins pretty hard for victimizing everyone else. It also slaps folks like that stupid "internet lawyer" and Bernie Schifman. There's a public good- actual, relevant punishment for offenders.
Re:Disgusting. (Score:2)
Choice.
I don't have to subscribe to a blocklist. I can choose to accept all e-mail or to use the list and block the servers listed on it. Even on free e-mail sites, such as Yahoo!, I can turn the spam filter on or off, at my discresion. The filtering of e-mail through the use of block lists is a very good way of exercising my rights. Sure, you have the right to say what you want, but I don't have to listen to you.
There is nothing being done, with blocklists, that prohibits, or detracts from free-speech. All it does is provide a ready-made filter that removes content which the subscriber does not want to hear.
On the other hand, Lessing brings up the Berman bill. Which, as we all know, allows people to access your system, without your consent, or knowledge. And protects them from liability if they do any damage in the process. I don't have any choice in the matter, they decide they want to format my hard-drive, they can do it.
The article is comparing two completly disseparate things. Apples and oranges, as the saying goes. A service that I can pay for if I want it, and a free license to DoS someone.
Though, on a side note, if Berman's bill does pass, anyone up for starting a group that holds patents, and then goes around the net cracking un-protected systems and deleting the entire contents of people's hard-drives. Maybe start off poking around the RIAA's and MPAA's networks. Afterall, they might have had some of the copyrighted works on thier system, and we would not be held liable for losses or damages if Berman get's his way.
Hunt them down... and then what? (Score:2)
Re:Hunt them down... and then what? (Score:2)
Hehehehe....Fwwweeze wabbit!
But I caution you, the meat is gamy and the pelts are useless...
One small flaw... (Score:5, Insightful)
So, Company ABC doesn't like the competition of Company XYZ. Company ABC makes up a dummy spam email advertsing Company XYZ's products and spams a few million addresses (with an easy-to-find return address for XYZ). Company XYZ, unable to prove that they are innocent, pays the $10k.
I assume Lessig's scenario would have to use a guilty-until-proven-innocent scheme, as it would be as ineffectual as the rest of the laws/anti-spam filters if it were the other way around. To prove someone guilty of spamming, you'd need logs and other evidence from their computers - not easy to get without search-and-ceisure permits. Anything less than that is too easy to duplicate from a malicious hacker's perspective.
Re:One small flaw... (Score:2, Insightful)
A bigger problem I see is some kind of sense of proportion. Most businesses perform some kind of cold calling. Seems to me like if you sell, say, emergency powergenerators, and you send personalized email to the three businesses in your town who might be potential customers, thats a lot different from sending 2M "enlarge your penis" mails to a database of emails you bought off some other spamming mofo.
Re:One small flaw... (Score:2)
As annoying as spam (Score:4, Insightful)
Sites like these shouldn't be linked to by Slashdot.
Re:As annoying as spam (Score:3, Funny)
Sites like these shouldn't be linked to by Slashdot.
God forbid that people on a site for nerds might just figure out how to turn that crap off.
Re:Pop-ups? (Score:2)
ADV tagging useless to real advertisers (Score:2)
That's great for the recipients, but it does nothing to reduce the load on ISP servers; in fact, it may increase it as the advertisers will have to send out MORE mail to make sure at least somebody opens it.
Also, such a solution does nothing to help legitimate advertisers, who need to know the demographics of who is actually reading their ad. If there is an easy way to filter, they may buy a list that is 90% middle class professional office workers, but they have no way of telling what mix actually read their ad. So they would never buy a service that operated under the "ADV" rules. Result: only the scam companies would ever send the mail.
Re:ADV tagging useless to real advertisers (Score:2)
I've got patches [abnormal.com] for sendmail that let you filter the message body as well but you have to let it in first but you can bounce the messages at the SMTP transport level.
Re:ADV tagging useless to real advertisers (Score:2)
Is that allowed in the RFCs? I thought that once the DATA command was in progress, you couldn't interrupt it. So you'd probably have to take the data, anyhow unless you were willing to just drop the connection. And if you do that, the originating server is likely to just try again.
Better just to accept the whole message and return a 5xx. Unless you want to cause trouble for the spammer, in which case you should just keep returning a 4xx and waste his bandwidth.
True (Score:2)
Re:True (Score:3, Informative)
Re:ADV tagging useless to real advertisers (Score:2)
Re:ADV tagging useless to real advertisers (Score:2, Interesting)
I go one step better. My sendmail server hangs up on the SMTP connection as soon as it finds ADV: in the subject line of an incoming message. They don't even get to finish unloading their message. As soon as it says ADV:, they're gone.
That's great for the recipients, but it does nothing to reduce the load on ISP servers; in fact, it may increase it as the advertisers will have to send out MORE mail to make sure at least somebody opens it.
More ISPs can do what I'm doing and hang-up as soon as they see ADV: in the subject.
In the short term it doesn't solve the problem, but when absolutely no-one is reading spam then the response rate will drop to zero--at that point there will be no-one that WANTS to spam.
Also, such a solution does nothing to help legitimate advertisers, who need to know the demographics of who is actually reading their ad.
What is a "legitimate advertiser?" Anyone that is mailboming advertisements to me isn't legitimate regardless of whether they are selling penis cream or Norton products (seems to be the latest thing I've seen in spam) or discount airfares.
If there is an easy way to filter, they may buy a list that is 90% middle class professional office workers, but they have no way of telling what mix actually read their ad.
I also don't care if an advertiser "needs" to know if I read their advertisement. That's none of their business. They have no clue who reads their advertisements in a newspaper nor who hangs around during commercials on TVs... Why do they suddenly "need" to know if I click their email?
So they would never buy a service that operated under the "ADV" rules
Good! The idea isn't that the whole world does bombing runs with ADV:. The idea is that the ADV makes it so easy to filter that NO-ONE reads the spam and, in short order, spam as a method of advertising goes away.
Result: only the scam companies would ever send the mail.
Which is MOSTLY the case now. This is where the bounty comes in... If you get spam that isn't identified with ADV, the spammer has broken the law and under the law you're entitled to $10k from the spammer if you are the first to identify him. A few of those and the scam companies will stop sending spam because it's no longer a good business model. So "legitimate" companies don't spam because all their spam is filtered with ADV, and "illegal" spammers stop doing it because they'll be liable for $10k.
Of course, the idea won't work. As others have said, it's too easy to frame an innocent person or company. Unless the spammer shows you his email log, how can you really "prove" he did it? You could just be making up the logfile that shows a conection from 192.110.121.99, or whatever.
The problem is that most spam isn't prosecuted based on other violations of the law. Porn spam should be blatantly illegal since much of it goes directly to the inbox of minors. The owners of porn sites that spam should be sought out by the FBI and charged with corruption of minors. Most of the rest of the spam is fraudulent or deceptive in some way--it should be prosecuted by the FTC or FDA. The problem is they apparently don't have time, which is sad since it's currently one of the largest sources of blatant fraud operating in broad daylight, and so many of them would be open and shut cases. You just have to go get the perpetrator.
That's the plan: make spam useless (Score:2)
It's not working very well, because of weak enforcement. That may change after a few cases are litigated. I do see a hundred or so "ADV:" messages in my trash can right now, placed there by a rule, so it's doing something. But only about 2% of incoming spam is being junked by that rule.
Re:ADV tagging useless to real advertisers (Score:2)
Slightly off topic, but I've had good luck filtering SPAM by deleting mails with the word 'unsolicited' in them. I've never gotten a message that said "This mail was not sent unsolicited" and have it be true.
Re:ADV tagging useless to real advertisers (Score:2)
Spammer heads on pikes, can you and your affiliates arrange that for me, Mr Morden?
Beats Berman's proposal (Score:2)
With Lessig's idea, the vigilante reports the wrongdoing and lets the proper authority take care of it. (A solution I like better. Imagine if there was an all out DoS war between the vigilantes, RIAA, MP3 traders, and all of us in between.)
One can't help but wonder: if this works for spammers, why couldn't it work for MP3s?
A bill like this is perilously close, if you ask me. If this works, the RIAA could start handing out $$$$ incentives for ratting out (illegal) MP3 traders.
interesting idea... (Score:2)
But what if someone creates a site were you can put a bounty on a particular spam message and add to the pot on locating the spammer ( for legal action, of course ). I don't mean just finding originating network, but the real contact information of the individual or company responsible.
So say you get a particular "work at home" message once a day. You can post your message on there and put $5 in the collection for finding the prick who's harassing you. If he/she is annoying you, chances are there are others who are being annoyed as well. If there is a match in the database, then your money is added to others.
I am sure there are lots of capabable people out there, given $100 bucks to find a spammer *will* find them.
This site could also be used to organize groups of people who would like to sue spammers. So instead of one person footing the bill, if your spammer is being sued, you can join the fun as well.
good idea (Score:2)
There are lots of us who want to stop this kinda shit, but have no idea where/how to start.
Automating vigilante process? (Score:2)
Perhaps something you could put on your servers? Once certain thresholds and/or parameters are reached, you could have another program kick in that could track them down.
A $10K reward would definitely get people working together in novel ways. Imagine if several ISPs/homeusers/businesses started working together to track these fuckers down.
RBL bad? (Score:4, Insightful)
I think good laws would add to the effectiveness of the RBL, don't get me wrong. But to hear the spammers tell it, the RBL has made their cost of business much higher, so I wouldn't say it is a detriment.
Re:RBL NOT VOLUNTARY (Score:2)
Re:RBL NOT VOLUNTARY (Score:2)
Are you referring to the MAPS RBL? The RBL that has widely been considered toothless ever since it was sued into unblocking certain spammers? The RBL previously run by the same Paul Vixie who has been caught with his pants down knowingly hosting spammers for the right price? The RBL which previously employed the two patsies who have been "cleaning up" spamhaus PostmasterGeneral/Mindshare Designs for roughly a year now with no results beyond a lot of cashed paychecks?
No? Then perhaps you're talking about the MAPS RBL that patiently strives to list only spammers and works tirelessly to ensure that the owner of every listed IP is given ample notification and opportunity to realize the course they were headed on and avert it? The RBL which is always willing to have secret negotiations with spammers and spam supporters; To work things out and smooth things over; To make exceptions for any number of reasons not given out to the unwashed masses?
Nope, doesn't sound like you're talking about that particular MAPS RBL either. It sounds more like you're talking about an RBL that you have fabricated from whole cloth without any external stimuli.
Quit talking out of your ass.
Here's MY deal. (Score:5, Funny)
"No, just the first 2!"
"Alright, I'll throw in the killin' for free."
What an asshole (Score:5, Insightful)
This is bullshit, and he knows it, but he has to exaggerate and distort the truth in order to highlight his fashionable Bounty idea.
I inadvertedly ran an open relay and quickly ended up on Ordb [ordb.org], and rightfully, I might add. My mail server logs had this nice explanation given in the error message from other servers, complete with a helpful link explaining how to fix and get delisted (fix your server, resubmit its IP for checking, get automatically removed).
3 hours and a sendmail.cf later I was back with the good guys, and had this nice warm feeling
Re:What an asshole (Score:4, Informative)
He's talking about SPEWS, not Ordb (Score:2)
Lessig has not done his research (Score:2, Informative)
First of all, SPEWS doesn't block anything. SPEWS only provides the list of scumbags. Its users then decide what they do with the information. Some block Email, some flag Email for filtering by end users, some use the list as evidence of anti-spammer evils.
Second of all, there is an appeal process. The spammer just needs to stop spamming.
Thirdly, he seems to imply that it would be common to be listed in SPEWS by mistake. This is simply not true at all. Usually a spammer has to exhibit a pattern of abusive behavior to get listed. There appears to be a human process involved in getting listed by SPEWS, which seems to be very effective in weeding out mistakes and joe-jobs.
Proletariat of the world, unite to kill spammers. The slower, the better. The more painful, the better. Remember, knees first, so they can't run away.
Growing a Spam Killing Community (Score:2)
Lessig needs someone to whack him with a cluestick (Score:3, Interesting)
The 10k bounty is supposed to convince spammers to label their spam so we can effectively filter it.
Finished laughing? Let's dissect his thinking, shall we? He says we can handle spam just by making sure the spammers label it. This is the thinking behind a lot of bad legislation - it legitimizes it, instead of eradicating it. Second of all, he implies that vigilantism can work with government (finding spammers who don't comply with the ADV: rule) to fix what vigilantism by itself (blacklists) cannot do. Well, blacklists are meant to eliminate spammer havens - and we have plenty of anti-spam people hunting spammers as it is, FOR FREE. What the hell does he think 10k is going to do, if all the bounty-hunter does is turn the spammer's info over to the government? I mean, the FTC doesn't do much to the existing fax-spammers who are in violation of federal law. (The fax.com lawsuit was filed by a private individual, the FTC just levies paltry fines.) Or worse, what is the US government gonna do to foreign spammers who don't comply with our "label law"?
Essentially, Lessig says we should discard our current system of blocklists and anti-spam tech, in favor of simple client-side filters and a federal mandate to label spam, with a bounty to catch anyone who fails to label their spam. The threat is so feeble, and the undeserved side-effects so beneficial, I'm sure that spammers will love this idea.
How much is the bounty for spam-enabling software? (Score:2)
What will the reward be for implicating the spam-enabling software vendors? One in particular that comes to mind is Elcomsoft [mailutilities.com]. Will there be a $10K reward for dragging Dmitry's bizzness into court?
(note, the 'Advanced Email Extractor' tool linked to above used to be a link right on the elcomsoft.com web page, but that alternative 'MailUtilites' web page still comes up as one of the top five links in Google when you search on 'elcomsoft.' I suspect they're hiding their association with the 'mail utilites' product line to get geek sympathy. Spread the word, they sell tools to the spammers!)
Short Swing Trading Enforcement (Score:2)
So, for example, if Bill Gates sells some MS stock today, he can't buy MS stock tomorrow.
The way the SEC enforces this is very clever. The law is that any shareholder of the company can sue to nail a short swing trader. If the suit is successful, the short swing trader has to turn over to the company any profit they made, AND they have to pay the attorney fees of the suing shareholder. The profits are calculated in the least favorable (to the short swing trader) way--find the highest selling price he got in the last six months, and the lowest buying price...match those shares up, and count the difference as profit. So, if you buy at 100, sell at 90, buy at 80, and sell at 70, you have really lost 20, but as far as the short swing laws go, you made 10 (the sell at 90 less the buy at 80), and so you have to pay 10.
The final brilliant piece of the short swing law is that the shareholder who brings suit does NOT have to have been a shareholder at the time of the trading--they only have to be a shareholder at the time of the suit.
Combine that with the winner getting attorney fees, and what happens is that attorneys check the public records, find dumb corporate officers who tried to sneak in some short swing trading, go out and buy a share of the company to get standing to sue, and sue.
This has pretty much completely eliminated illegal short swing trading, with the SEC having to spend no money to track it down and enforce the law.
Too much freedom? (Score:2)
Block lists don't take any freedom from spammers. It never prevents them from sending all the e-mail they want. It's just that when it hits a server of someone that doesn't want to hear their speach, the "mute" button gets hit.
Why spammers think that keeping their message out of my inbox is restricting freedom of speech, I'll never understand. Are they not my eyes, are they not my ears? Can I not decide what I'll use my time to read, to hear, to think about? So what if it's the greatest thing since round wheels. If I choose to close my mind to it, trying to sell me the goose that lays golden eggs isn't going to overcome my "buyers resistance".
Not only are spammers stupid, they are persistantly stupid. In the Darwinan game of the Internet, they rank below the Doo-doo of the Do Do.
Make them pay. (Score:2, Funny)
Hell, I'd be willing to contribute to a fund which promised such results. I want my mailbox back and I'm tired of coming up with new regular expressions to make the spam go away.
New "Crossing Jordan" episode... (Score:2)
-- Terry
Do they seriously want them dead? (Score:2)
publish their names, addresses, and phone numbers (Score:2, Interesting)
Every time you find a spammer, you should anonymously publish their name, address, and phone number, so that they can be "dealt with". Yes, I'm serious.
Rhyme with me! (Score:2)
What a shame!
Your faith is misplaced
in the RBL.
If we had their address,
and a name,
It would probably
take care of itself...
Or, a Limerick:
Send Congress home -- no laws need be made.
Save your money -- the price will be paid.
No judges, no jury,
have it done in a hurry,
A real life black hole -- get a spade.
It's about consent, not content! (Score:3, Interesting)
So what if it forces a majority of the spammers into using the [ADV] tag in their Subject headers? What is that going to accomplish? Yes, most ISPs will instantly block anything with [ADV] in the subject header but the spammers will still be using bandwidth to bounce endless waves of spam off of your filters in an attempt to get at the remaining mail servers which don't filter for one reason or another!
Beyond that, an [ADV] flag is content. As the subject of this post points out: The fight against spam needs to be firmly grounded in a lack of consent -- not the slippery slope which any argument based on content quickly becomes!
It's not enough money (Score:3, Interesting)
1. Allow anyone to take spammers to small claims court for around $2K.
2. Make the person selling whatever is advertised in the spam be responsible for unless they are willing to file a criminal complaint against the spammer.
3. Explicitly make is illegal to advertise someone else's product without authorization (it's probably already illegal...). This is to enable #2.
4. If an ISP cannot identify the spammer, the ISP must pay the fine. This may already be the case, but making is explicit would help.
Re:Good idea (Score:2)
More by John Kascht (the cartooner) (Score:2)
Re:the fine line... (Score:2)
I'm cool with people getting bulk e-mails if they've signed up for free shit. I'm NOT cool with people getting bulk e-mail if they A) haven't enlisted, or B) can't ever opt out.
I think that Lessig is getting at the lists that never let you opt out. Someone gets your name, spams you, you reply with REMOVE, you get on their short list, and then they sell you (at a premium) to another spammer. That's the shit that should be regulated with the ADV header.
Legit opt-in mailing lists should NOT be affected.
Re:2 YRO in a row? (Score:2)
Sorry Mr. Spade, I don't think any +1 Funnys will be flung your way.
Re:License to spam??? (Score:2)
Lessig's idea would only encourage many spammers to get together mail out all their shit together, rather than do it on their own.
There needs to be a way to make the punishment to better fit the total number of spammed e-mails...
Re:License to spam??? (Score:2)
Re:How do you become a spammer (Score:2)