Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Spam Your Rights Online

Will Bounties Cure The Spam Problem? 242

An anonymous reader writes with a pointer to a piece in today's Mercury News about Lawrence Lessig's proposed spam-bounty legislation, excerpting: "If the law passes, citizens could be eligible for rewards of thousands of dollars or more if they're the first to provide the government with proof and the identity of offending spammers."
This discussion has been archived. No new comments can be posted.

Will Bounties Cure The Spam Problem?

Comments Filter:
  • by spoonist ( 32012 ) on Saturday April 26, 2003 @02:25PM (#5815824) Journal

    SADDLE UP, BOYS!

    I'M PUTTIN' ME TOGETHER A POSSE!

    We're gonna round up them bandwidth rustlers and get us the bounty!

    • Re:YEEHAW!!!!!! (Score:3, Insightful)

      by H310iSe ( 249662 )
      but pa, howdowhe know which ones to round up? I mean, whose a gonna say whose a spammer and who'se just some wetbehindthears adMIN-nostrator with one of those there open relays? I mean to say that I know when I'm looking at porn (you know that olde sayin' about how to tell porn from art?) but spam ... say I russle up some of those there Real Audio executive, for example, now I'd say their tricky sign up where the check boxes for 'send me spam' are hidden below the margin in a combo box so's you have to sc
    • Too bad we can't make a poll about who will be the best bounty hunter, because the CowboyNeal [slashdot.org] option is gone [slashdot.org].

    • by doktor-hladnjak ( 650513 ) on Saturday April 26, 2003 @04:37PM (#5816383)
      Hmmm... Perhaps, we've stumbled on a new opportunity for unemployed Slashdotters.

      Setting: cocktail party

      "So what do you do for a living?"
      "I'm a bounty hunter--a spammer bounty hunter."

      How cool would that look on a resume? Boring freelancers and consultants eat your hearts out!

  • Lovely idea... (Score:4, Insightful)

    by johny_qst ( 623876 ) on Saturday April 26, 2003 @02:27PM (#5815833) Journal
    but what proof must the prompt geek provide that he hasn't 'trespassed' on others systems? would this type of legislation just create a lot of crap civil-litigation?
  • bounty hunters (Score:5, Insightful)

    by Frostalicious ( 657235 ) on Saturday April 26, 2003 @02:27PM (#5815837) Journal
    Sounds pretty much like outlaw bounties from the old west. This system has been successful for over a hundred years and there is a large modern day bounty hunter business. The same could work for spam.
  • by bergeron76 ( 176351 ) * on Saturday April 26, 2003 @02:28PM (#5815839) Homepage
    Mike Wendland [freep.com] - public enemy number 1.

    Now where do I pick up that check...?

  • Well... (Score:5, Insightful)

    by Avsen ( 556145 ) on Saturday April 26, 2003 @02:28PM (#5815847)
    It could cause a lot of problems to those who spammers masquerade as -- since most spammers don't use their real emails. We could end up with innocent individuals with bounty charges because the spammer forged their emails.
    • Re:Well... (Score:3, Insightful)

      by jaxle ( 193331 )
      Well if the summary of the post is correct it wouldn't be a bounty on the spammers head... it would be a reward for the person who provides PROOF that a spammer is a spammer. This wouldn't put innocent people in danger of being screwed (probably...). This would probably encourage people involved in spamming to screw over their superiors and get sum cash dollas while at it. Or do they work alone? Hell if I know.
    • The bounties arn't paid for capturing people, but for identifying them. And the government isn't going to take some iliterate moron's word if they don't even understand that "From:" != actual sender.
    • Re:Well... (Score:5, Insightful)

      by anonymous loser ( 58627 ) on Saturday April 26, 2003 @03:17PM (#5816116)
      I don't really believe that would be as big an issue as you imply. Spammers' Achilllies Heel is that they (or those who use them) *must* provide some tracable contact information in order to get your money. Sure, the email address might be spoofed, but since most people (especially law enforcement) already know this, it will probably be disregarded unless it happens to correlate with all the other evidence.

      The same thing happens with snail mail, e.g. when someone sends a threatening letter. I'm sure they check out the return address on the envelope, interview the folks, etc., but they probably don't throw whoever's address in on there in jail unless there's plenty of other supporting evidence.
      • Re:Well... (Score:3, Interesting)

        by firewood ( 41230 )
        I don't really believe that would be as big an issue as you imply. Spammers' Achilllies Heel is that they (or those who use them) *must* provide some tracable contact information in order to get your money.

        But they don't always have to ask for the money to be sent to them. If they mix random victims addresses in with their own send-me-money addresses, they'll get lots of citizens screaming to vote down this law as harrassment.

        • If they mix random victims addresses in with their own send-me-money addresses, they'll get lots of citizens screaming to vote down this law as harrassment.

          Uh, who's doing the harrassing here?

          The spammers are, not the law - and that is harrassment (I say "is" not "would" because they already do it) irrespective of whether any anti-spam laws exist.

          At best, they'll be calling for the spammers head's for framing them - not calling for repealing in the law.

          Besides, it should still be possible to track

      • A month or 2 back I saw a page on the linux.org website about spam. It turned out they had had troubles with some bunch of spammers forging the linux.org domain not only in the From: field, but also in their Received from: field so that stupidly large numbers of people thought they'd really been sent spam by linux.org. And complaining to them about it.

        So obviously the people at linux.org have now become a tad annoyed about this, and the page [linux.org] they put up goes on at length. But it is worth noting that they'v

        • When people are spamming for others, the people hiring them can't easily be shown to be responsible.

          Nonsense.

          Subpoena the spammer and the suspect. One of them must have records. If the spammer has no accounts, jail them for tax evasion!

  • Proof? (Score:5, Funny)

    by jasonditz ( 597385 ) on Saturday April 26, 2003 @02:29PM (#5815849) Homepage
    "If the law passes, citizens could be eligible for rewards of thousands of dollars or more if they're the first to provide the government with proof and the identity of offending spammers."

    Proof? What year do they think this is?!

    Hasn't it already been established that the act of accusing them is proof enough? Send them to Guantanamo Bay, they'll confess in due course.

    • Re:Proof? (Score:2, Funny)

      by RLiegh ( 247921 )
      1983?
    • This is why we need to be able to use spectral evidence. I'll say right now last night a spectare came to my house and put spam in my e-mail box. I'll say that at any trial for anyone. It will only cost you $5.
    • Re:Proof? (Score:5, Interesting)

      by abhisarda ( 638576 ) on Saturday April 26, 2003 @04:23PM (#5816348) Journal
      Ok..if this becomes a law, then the law enforcement agencies will be compelled to help track the spammer. The person who receives the spam will contact the police, who in turn will ask the ISP(of the spammer) for details.

      Now that this law is proposing thousands of dollars in bounties. It is not difficult to envisage spam bounty help centres opening up(true american entrepreneurship ;)) who will help track down the identities of the spammers for a cut from the bounty-say 30 %.
      People would be more than willing to agree to that if they they are assured of results.

      Now assuming this will be successful, spammers would have to move their bases offshore. How will we deal with that? I don't know.

    • Hasn't it already been established that the act of accusing them is proof enough? Send them to Guantanamo Bay, they'll confess in due course.

      Please correct me if I am wrong, but I don't think those held at Guantanamo Bay have been officially accused of anything illegal.

      Officially they're not prisoners of war and they're not accused of any crime.

      That makes them hostages, no ?

  • ok sure (Score:5, Insightful)

    by Anonymous Coward on Saturday April 26, 2003 @02:31PM (#5815863)
    And then how long before this plan is turned against p2p file sharers?

    Do you really want the government to go there?
  • I'm skeptical.... (Score:5, Interesting)

    by mark-t ( 151149 ) <markt AT nerdflat DOT com> on Saturday April 26, 2003 @02:31PM (#5815864) Journal
    The same plan could be used to find people who illegally copy music or who pirate software, but that isn't going to happen anytime soon, is it?

    Nope... this is a waste of time for them to even be talking about.

    • by lommer ( 566164 ) on Saturday April 26, 2003 @03:01PM (#5816028)
      I doubt it would be nearly as effective in that regard, as pirating mp3s is not something that the public seems to care about (let alone the fact that a large percentage partake). Spam, however, is something that really pisses people off and a little extra incentive might be all that's needed to get some technologically inclined bounty hunting groups to actively pursue spammers...
  • Isn't that how Jango Fett got started???
    • After seeing Jango Fett in Attack of the Clones, I don't think spammers have anything to worry about.

      After about 5 minutes, Jango will have lost his rocket pack, will be ungracefully knocked over by a giant 3-horned lizard, and after a few more minutes of him bumbling around, his head will be cut off by a lightsaber in a very anti-climatic moment 2/3 though the movie ...
  • Purpose of Spam (Score:5, Insightful)

    by Anonymous Coward on Saturday April 26, 2003 @02:31PM (#5815868)
    One of the problems is the hiding of origin. Many spam laws make such lying specifically illegal, but can be hard to enforce.

    Let's remember that business spam has to offer some way for a victim to buy the item which is being advertised. That invites a subpoena to search that business for evidence that they hired the spammer...if laws accept that as sufficient evidence.

    There is the problem of a competitor sending spam which advertises stuff from someone else, to cause problems for someone else.

    And some things are distributed -- like spam which promotes some worthless stock and tries to make the stock price rise. Any of the current stock holders could have hired the spammer.

    • Re:Purpose of Spam (Score:2, Insightful)

      by amber_lux ( 630446 )

      to buy the item which is being advertised.

      For some items, yes. For stock scams, and the like, no. Just blast 10 000 000 emails out, and enough idiots will buy the stock in question to push the price up. Spammer sells his stock at a profit, and is virtually untraceable.

      if laws accept that as sufficient evidence.

      Washington State has statutory damaages of $500 for spamming. People can sue the spammer, once they track them down. The problems are:

      • Proving that the forged header was really sent
  • by Anonymous Coward on Saturday April 26, 2003 @02:31PM (#5815870)
    Average Joe is just starting to realize [cnn.com] that the "From:" field on e-mails is like the return address on an envelope, you could write whatever you want.

    But there's no reason why electronic mail cannot be better than snail mail in that respect. Make the "From:" field unspoofable!
    • "But there's no reason why electronic mail cannot be better than snail mail in that respect. Make the "From:" field unspoofable!"

      No. There's a valid reason behind that feature. I don't want to have to check a large number of accounts for incoming mail just because I use different mail servers to send email depending on where I'm located.

    • Notes... (Score:5, Insightful)

      by pr0ntab ( 632466 ) <pr0ntab@gma i l .com> on Saturday April 26, 2003 @03:12PM (#5816086) Journal
      if you read the article, it explains how techniques like using PGP to sign messages can make the From field unspoofable, but they are not relevant when privacy or anonymity is crucial (whistleblowing, etc.). Hence, it cannot be demanded that everyone follows this practice. It suggests recipients should check your email more carefully to see if its legit (the article also explains this; checking your headers for a "postmark" that looks abnormal).

      The last quote was somewhat encouraging, that "the Internet is a rough and tumble place" (paraphrasing) but we'll cope because it is often the best way to reach people.

      If an unspoofable From: is what you want, demand your mail server administrator only accept signed messages, or filter them yourself in your client.
      Another option is to convince her (and/or the administrators of any other MXs you care about) to relay with SMTP AUTH only. Most mail clients support that feature nowadays. If enough people start using that new RFC, we shouldn't have to worry about hijacked ISPs mail servers being used to send spam, and their netblocks being RBL'd.
      • Re:Notes... (Score:3, Insightful)

        by mark-t ( 151149 )
        Sure... but then how do you convince them to only accept connections from systems that relay with SMTP AUTH... and so on, down the line?

        AFAIK, you can't... which is why we have this problem.

        • No, you can't. (Score:4, Informative)

          by pr0ntab ( 632466 ) <pr0ntab@gma i l .com> on Saturday April 26, 2003 @03:35PM (#5816192) Journal
          But doing so on the people you can influence (the operators of legitimate mail servers serving local users) will prevent the situation where a RBL captures a whole domain due to the compromise of a local account. You don't need to figure out how to do a full authentication chain yet (that's the role PGP fills right now).
          Once you get to a certain critical mass acceptance, then you can go full force (forcing the servers to authenticate to each other using shared secrets).
          Presumably, at this point there would be trusted MXs that allow connections from mail servers not running SMTP AUTH because they can't use it for whatever reason, but they would be whitelists.

          That situation doesn't seem to far in the future. My ISP (Cox) already uses cram-md5 SMTP AUTH. At least I don't have to worry about someone impersonating me through their server. That's one step closer.
  • by exhilaration ( 587191 ) on Saturday April 26, 2003 @02:33PM (#5815883)
    "If the law passes, citizens could be eligible for rewards of thousands of dollars or more if they're the first to provide the government with the scalps or the severed heads of offending spammers."

  • by Anonymous Coward on Saturday April 26, 2003 @02:34PM (#5815886)
    Dead or alive?
  • Well I can see it now: "Tonight on America's Most Wanted, spammers." or in Canada "I'm Constable Bob of the RCMP, we are requesting your assistance in solving the spam problem."

    Not likley. Rewards will not work any better than penalties. But I do like the idea of 2 year sentence of no telecomunication devices for spammers.

    Nah, Never mind.
  • I believe this will bring and end to the profit motive of spam -- break the law and it will cost you. And it will not cost you a piddling $50, as in the California, Washington, and other state laws. Oh no. It will cost you a thousand PER OFFENSE.

    You better believe spammers will want to do things the legal way.
  • Dead or Alive I think spam would quite possibly be a thing of the past from citizens of the country. It may take a few people to loose their heads under the guilotine, but some iron maidens could be used too.
  • Foreign Spam (Score:2, Insightful)

    I guess this law will help halt spam from foreign servers as well, because people in other countries respect our laws.
  • Go after the people who pay them to send all the spam.
    If there are no clients, spam will cease to exist.
    • I agree 100%! If they (spammers) can't get any clients, then they'll hopefully turn to a different (hopefully less annoying, sleezy, etc) business model.
    • by mark-t ( 151149 ) <markt AT nerdflat DOT com> on Saturday April 26, 2003 @03:10PM (#5816073) Journal
      Wrong.

      Some people throw all sorts of crud into their spam, for exactly that reason. You don't know which companies actually did pay for the spam and which didn't.

      I wrote some shareware once and ended up getting several nasty emails one week accusing me of spamming them because my web page was mentioned in a spam email they received. I have never participated in or authorized any sort of email advertising campaign in my life, spamming or otherwise, but having seen this, I know you can't just go out and blame the web pages that the person is advertising.

  • by argoff ( 142580 ) on Saturday April 26, 2003 @02:38PM (#5815908)
    ...that people keep trying to find legal solutions to technology problems.

    We created this technology, and now that it does exactly what it was designed it to do, people try to make impose laws to restrict how it's used. I have a better idea, change email's design.

    It reminds me of Singapore. A poor subway design allowed for a mischievious kid to shutdown the whole system with a stick of chewing gum. Their solution was to outlaw chewing gum. Sure it was wrong for the kids to act that way, sure they should have been punished, but seriously quit trying to create legal solutions to technology based problems.
    • Chewing gum was banned along with spitting and long hair for the same reason, that the people in charge are control freaks.

      Wherever you got that subway idea, it's nonsense.
      • Well, they may be control freaks, but there are supposedly "good reasons" behind the ridiculously high penalties. (For example, spitting on the street spreads disease.)

        And regarding chewing gum, they had problems cleaning it up. But the ban came in 1992, after chewing gum, stuck on the photo cell of a subway car door, stopped the entire subway system, making thousands late for work. And in the Singapore "ant hill", doing something which distrupts work seems to be the worst crime. (At least chewing gum use
  • I'll be sure to send a list. After all the cutbacks at work last year, I could use the money. Not to mention the fact that my home dialup received 1038 e-mails last month - out of which perhaps 2 dozen were desirable. I also have my mail archived back through May of last year.

    All I can say is, "Come 'n get it!"
  • Jail Mail (Score:2, Funny)

    by kmahan ( 80459 )
    That'll be fun -- put the guy in jail. The slashdot can post his new address (down to the jailcell) and we'll be able to see how many catalogs his jail cell can hold.

    He'll be real popular around mailcall.
  • Tank! (Score:2, Funny)

    I think it's time to blow this thing.
    Get everybody and the stuff together.
    Alright, Three Two One lets Spam...
  • Just one more step towards a nation of snitches...
  • A simpler solution would just be to put a bounty on the head of the spammer, and let us hunt them down and bring them in dead or alive, but preferably the former. First few bounties collected this way would do a lot to resolve the problem.
  • by SYFer ( 617415 ) * <syfer AT syfer DOT net> on Saturday April 26, 2003 @02:52PM (#5815972) Homepage
    From the article: "The bounty hunters would need to trace the offending e-mail to its source, identify the sender and provide proof to the Federal Trade Commission. The FTC would investigate and fine the offender, if appropriate. The bounty hunter would get 20 percent of the fine." If the main problem is not having the manpower to trace and catch these spammers now (as posited earlier in the piece), how is this queuing system going to help? I would think that the in-basket would quickly fill up and it would still require huge manpower to investigate each claim. There would certainly be loads of helf-assed cases presented and for that matter, why wouldn't spammers simply flood the queue with bogus "proofs" to bog the proceedings?
  • by MyNameIsFred ( 543994 ) on Saturday April 26, 2003 @02:58PM (#5816013)
    I can't wait until John Walsh appears on TV giving us the profile of this week's "Most Wanted" spammer. I just want to see the mug shots and police identikit sketches.

    This spammer goes by many aliases including spammer@aol.com and fred@slashdot.org. He is considered armed and dangerous and is known to use forged headers.

  • They're expecting us to squeal on suspicious activity (re: terrorists) for free, even though that could put us in danger. Lessig expects those chepskate bastards to pony up for spammers? Never gonna happen.
  • Just get rid of email as we know it. This is getting much too complicated for me.

    Just do away with email. I've already done it with my US Mail. Every day, I'd open my mail box and find trash. Honest to God TRASH. So I told them I didn't want mail any more, just like in Seinfeld, only they actually did it.

    I still have email, but I'd be happy to use this protocol [ietf.org] instead, if only there was an effective reference implementation.
    • > I still have email, but I'd be happy to use this protocol instead, if only there was an effective reference implementation.

      I agree, instead of hunting the people who exploit the problem, why not fix the problem by removing the exploits? A new, standardized protocol is in order. It would not be an easy transition, but it would probably be better down the road than bounty hunting.

  • by mrseigen ( 518390 ) on Saturday April 26, 2003 @03:09PM (#5816066) Homepage Journal
    Well, apparently if it works here, it might just cross over into other lines of justice, thus making the police in many urban towns completely useless and creating an angry, distrusting populace, ready to turn each other in for fabulous prizes. What's that? Operation TIPS?

    I have no idea what you're talking about.

    The government should have a program where they pay bounty out to the first person to publicly execute known spammers.
  • Jurisdiction (Score:3, Insightful)

    by pugh ( 631207 ) on Saturday April 26, 2003 @03:10PM (#5816068)
    This is a global problem. How would you deal with spam that originates outside the jurisdiction of this law?
    • What's the point of sending spam to Americans about a store in China? No matter if it's comming outside of the US, or not, the money is, no doubt, comming from companies with a presence inside the US, meaning they are liable.

      That said, I still, STRONGLY believe that, not only should no laws be passed, but that very little needs to be done to make our current e-mail system SPAM-free.

      Spamcop's blacklist, trashing all e-mail without the correct word in the subject-line, etc. Both can be done with minimal h
  • by ratfynk ( 456467 ) on Saturday April 26, 2003 @03:11PM (#5816083) Journal
    Seems to me that the majority of spam is not traceable, and the spam problem is exacerbated by .NET stupidity. If ISPs get their act together and set up filtering to route only verifiable addressed mail then the problem will go away. There are many ways to detect and differentiate between mail that is direct and mail that does the spam central routing crap. Some filters that I have set up already do exactly that. There is no reason to believe that legitimate ISPs cannot do the same. However is blocking spam in the interest of ISPs? Perhaps not if their main source of revenue is automailers! The sensible solution is to pressure your ISP to block and refuse bulk mail that is from phony addresses. One good filter blocks any mail with @yahoo if the address before @yahoo is longer than 9 characters. Likewise with @hotmail, @aol etc. Sure this might block some legit mail but so far this has not been the case. Setting up bounties to bust email spammers is like putting sheep in wolves clothing. Alot of bah bah bah and then loud howling, when the spam revenue stream dries up.
  • by irving47 ( 73147 ) on Saturday April 26, 2003 @03:12PM (#5816087) Homepage
    This would prompt a lot of people who run mail servers to learn how to monitor their logs and finally close their danged open relays.
  • Spammers and proxies (Score:5, Informative)

    by httptech ( 5553 ) on Saturday April 26, 2003 @03:15PM (#5816101) Homepage
    Spammers almost always use proxy servers to disguise their true IP address. This blind dependence on an army of proxies is actually a weakness. The more proxies they use, the more likely one is actually a honeypot (honeyproxy). Recently it was discovered that the Internet is being seeded with hidden proxy servers by the Sobig.a (BigBoss) virus. Unfortunately for the spammers, the password for the proxy server console was also discovered, allowing anti-spammers to watch their comings and goings and log their true IP addresses. Not that I recommend doing that, (as it could be illegal in most countries), but the password is here:

    http://www.lurhq.com/sobig.html [lurhq.com]

  • Why can't the EFF (or someone similar) pay the bounties? I'm a member and I'd be happy to see my membership dues go toward that.
  • Step 1) set up a porn site with an 'affiliate' program.
    Step 2) convince spammers to sign up for affiliate acounts.
    Step 3) turn them over to the government when they send out spam. Step 4) profit!

    I doubt it would really be that hard to frame someone for spamming, btw...
  • Easy Money (Score:3, Funny)

    by sik0fewl ( 561285 ) <xxdigitalhellxx&hotmail,com> on Saturday April 26, 2003 @03:41PM (#5816205) Homepage
    1) Start my own spam company
    2) Turn myself in
    3) ???
    4) Profit
  • $100 bounty offer (Score:5, Interesting)

    by Animats ( 122034 ) on Saturday April 26, 2003 @03:54PM (#5816259) Homepage
    I repeat my bounty offer:

    I will pay $100 to the first person to provide me with the identity of the actual person or persons operating the following spamvertised sites:

    • contipay.com
    • profitabill.com
    • alphabill.com
    • quantumbill.com
    • girlswhocry.com
    • girlswhocry.net
    • girlraped.com
    • incestuals.com
    • hardgiants.info
    • spywiper.com
    • internetsweeper.net

    The name and address obtained must be within the United States and must be usable for service of process.

    "whois" addresses have been checked and are not useful.

    These sites move from ISP to ISP frequently. Many no longer work, but others in the same family appear.

    We've received over 16,000 spam bounces because of this spammer.

    • Thanks, you have improved my Kmail filters file. You rock.
    • Could you clarify what you are looking for? They can be traced to their US-based ISPs (Rackspace, for one!), and to their PO Boxes in the Bahamas.

      Some provide whois info that seems straigh-forward enough:

      whois quantumbill.com

      Administrative Contact:
      Demley, Richard quantum@qlshop.com
      Quantum Communications, Corp.
      80 Halsey St.
      Islandia, NY 11749
      US
      +1-866-324-3964


      etc. Could you explain what you are looking for, and what your aren't looking for/problems you've
      • Been there, done that. QuantumBill seems to be defunct. The site is gone, and so is "qlshop.com". (They're still in archive.org. [archive.org]) Calling their answering machine hasn't yielded much. Quantum Communications is a valid New York corporation, but their address for process of service is a P.O. box. (That's not a dead end, but it takes some time to trace.) I haven't been able to find a "Richard Demley" in Islandia, NY. "80 Halsey St." shows as a vacant lot in Earthviewer. So the obvious searches didn't yie
  • The US Constitution, Article 1, Section 8, clause 11, gives the gov't the right to issue Letters of Marque and Reprisal. This is a formal declaration given to a private citizen by a gov't giving him/her the right to seize the assets of a citizen of a foreign nation. So, we can have international bounty hunters, too. Unfortunately the letter of M&R went out of fashion about a century ago, but hey, it's still in the Constitution. This came up during the debate about what to do in the "war on terror" .
  • I wonder (Score:4, Insightful)

    by tmark ( 230091 ) on Saturday April 26, 2003 @04:15PM (#5816320)
    I wonder what the hue and cry would sound like if someone was proposing bounties for "proof" that one of their fellow citizens was a terrorist.
  • If it becomes profitable to identify spammers, then everyone will be a spammer. Yes, even you.
  • What's wrong with the following solution? I can't see anything wrong - and it ought to be simple to implement. (SMTP would need some minor changes) It seems too easy :-)

    Every time mail is routed from one server to the next, the receiving server should 'stamp' the mail with the IP address of the sending server. That way, genuine mail has a valid sequence of IP addresses, and spam can be traced back to either the originator's IP, or the first mailserver to "lie" on the stamp.

    Either way, we then have an auth
    • Simple workaround: 'Stamp' your outgoing spam with three or four bogus relays, and a bogus orgination point.

      Just make sure that one or two of the ones upstream from you actually have mailservers and it would be hard to say where the bogus trail stops and the real trail ends.

      Oh, by the way: check your incoming mail headers. The stamps are there.
    • Every time mail is routed from one server to the next, the receiving server should 'stamp' the mail with the IP address of the sending server. That way, genuine mail has a valid sequence of IP addresses, and spam can be traced back to either the originator's IP, or the first mailserver to "lie" on the stamp.

      What do you think it does right now? ALL mail servers stamp the IP address of each server in the chain, along with a date/time stamp and resolved hostname (where possible). Look at the header of any e
  • by Billly Gates ( 198444 ) on Saturday April 26, 2003 @04:35PM (#5816377) Journal
    AOL is doing something right for once by not just suing the spammers but also the companies that advertise their products with spam.

    If the risk of being sued is too much then the spam stops.

    Only 18 people send the half of the world email in
    spam according to another slashdot article. It costs alot of money to pay for a t3 line to spam. My guess is spammers might look for wireless networks next or go to a starbucks because they have high speed access. But will be severly restrained and may quite spamming altogether since its risky legal ground now.

    It can take months or years to bring a spammer to court. You need proof and the spammers hack and hide there tracks. Its difficult to prove if they use openrelays and hack routers to hide there tracks. However advertisers can not do this so easily. If they hide there tricks customers will not find them.

    Its the easiest and most effective way to get rid of it.

  • by chip rosenthal ( 74184 ) <chip@unicom.com> on Saturday April 26, 2003 @04:45PM (#5816402) Homepage

    I blogged my rebuttal [unicom.com] to Larry last January.

    The problem, in a nutshell, is that the success of his proposal depends upon the efficacy of filtering. His bounty, if it works as desired, ensures that we have subject tags to do that filtering. My claim is that even if Larry's proposal allows for perfect filtering, we're still in store for a mail system meltdown.

    This claim has not been well received. :)

    The problem is that too many people--a significant number of them hang out on this web site--believe filtering is a magic bullet. It isn't, and Larry's proposal provides an example of the situation where you can implement perfect filtering and still have a mail system meltdown.

    I do think there may be a remedy that may save Larry's proposal. If the filtering tag is moved from the Subject header into the tranport session (say, an ESTMP parameter), that may reduce the cost of rejecting spam enough to avoid the system meltdown problem.

  • by Anonymous Coward
    As we all think of exactly how wealthy we shall become from this latest whack a mole^H^H^H^H spammer plan, we might also think about this:

    Big dollar potential from the government rewards.

    Large resources at major ISPs.

    Major ISPs are a major target for spammers.

    Major ISPs look to generate income from alternate revenue sources.

    Like we all will have a chance at being first. Dream on.

    Still, even with this in mind, the plan is creative and might go a ways in putting a dent into the spam problem.

  • by Rai ( 524476 )
    And I had only joked about this idea before.
  • by Resident Geek ( 16074 ) on Saturday April 26, 2003 @06:47PM (#5816782) Homepage
    ...who thinks that this would make a cool anime series? Imagine, a group of shady characters with dubious histories, coming together through necessity and circumstance to bust baddies. Think of the storytelling possibilities!
  • I do like Lessig's efforts. However, let's be real. We live in an era in which the president gazes upon the cinders of the WTC and mutters something about preserving "free trade," while also equating shopping with patriotism. Moral: with the right wing in power, Americans stand about as much chance of being protected from spammers as the antiquities in the Baghdad museum had of being protected from looters. Minds attuned only to money can conceive of no competing values. A view of privacy that doesn't
    • Well then do the opposite right - vote for left wingers? I think we'd both say no to that since spam isn't a political or legislative problem.

      It seems to me that spam is a technical plague that is fairly easy to overcome by end users. I have a "white list" of domains that I receive messages from. If someone needs to send me a message I either add their email or their domain to my allowed list. Everything else gets bounced back to the sender as if I don't exist.

      Sure this may take a few minutes to initially
  • Not that 9mm rounds cost all that much, but I'll be going through a bucket of those a week until I find and eliminate the last living spammer.
  • no (Score:2, Interesting)

    by Anonymous Coward
    it'll just make it even more intruiging to spammers. higher bounty on there heads for doing something wrong or illegal must mean it's got higher value to doing it, right? wrong, this is sooo the wrong thing to do. They know how to stop spam, just no-one will do it. no-one has the balls to simply make illegal the use of any open stmp relay capable servers. because they make too much money off of anti-spam tools and filters that don't work. spam is a very easy problem to fix, yet typically greed and lack of h

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...