Can A Bounty System Cure Spam? 281
dankinit writes "The FTC is considering a proposal made popular by Lawrence Lessig which would offer a bounty to people who help catch spammers. The proposal looks to harness the power of volunteers online who might want a piece of the multimillion dollar fines spammers could incur. Spamhaus founder Steve Linford doesn't like the idea though, explaining '...the FTC already has so much information on their identities that to get anymore would be useless.'"
No (Score:3, Funny)
Re:No (Score:5, Insightful)
Just like the tattle-tale system set up after 9/11 has been misused more than it's been useful, I predict the same thing would happen with this.
Regards,
--
*Art
Re:Could you explain the rule? (Score:3, Funny)
Re:No (Score:2, Insightful)
Re:No (Score:3, Insightful)
It just came to me the solution to spam. (Score:2, Interesting)
I mean spam every address you can find send thousand of duplicate emails a day, bring the entire internet down. We made the thing, lets take it back down. Then leave the unwashed masses out of it. And if we can't take every router in the world down by sending massive amounts of spam, maybe we can make the signal to noise ratio so high that the spammers wont make any money.
Imagine a day when everyone gets 100,000 plus emails per inbox. Each one f
Cure 81 doesn't work, try #82.... (Score:4, Insightful)
The problem is that the worst these people are setting themselves up outside of US jurisdiction, so that FTC and company just can't get to them. Any spammer who doesn't is excessively stupid. There's nothing that the US courts can take from them... and I just don't think offering 20% of $0 is going to do much anyway.
Bottom line is that this plan doesn't connect. As much as spam annoys us, the US Government just can't do anything about it because it's a worldwide problem. On the Internet, if one jurisdiction doesn't like what you're doing, you just need to find another who will accept you.
Re:Cure 81 doesn't work, try #82.... (Score:5, Insightful)
The problem is that the worst these people are setting themselves up outside of US jurisdiction, so that FTC and company just can't get to them. Any spammer who doesn't is excessively stupid. There's nothing that the US courts can take from them... and I just don't think offering 20% of $0 is going to do much anyway.
Yet they can freeze assets of suspected terrorists? Not to mention small time dope dealers.
Spammers need to get paid in some way, too. That means that they will have US bank/merchant accounts. Those can be frozen, assets can be seized.
Seizing assets happens in the war on drugs, but not when it comes to a white collar crime like spamming; by far a less "victim-less" crime.
Credit card charges can be charged back to the acquirer (even if the dumb customer is satisfied). Acquirers can change their merchant contracts to prohibit spamming today.
Profits made by mortgage intermediaries that don't care that their leads are spam-generated can be garnered (the leading mortgage banks could decide to include an anti-spamming clause in the contracts they offer intermediaries today).
Meanwhile, mortgage lenders and credit card acquirers remain complicit, even though they do crack down on other types of crime - namely fraud, which would cost them the most money, as opposed to the crime of spamming where the costs is borne by society at large.
They're just out to make a quick buck, bless 'em..
Re:Cure 81 doesn't work, try #82.... (Score:5, Insightful)
Spamming's so profitable when it works that they can put up with an insanely low response rate... unless you can put up a perfect blockade to catch all money headed their way, you're never gonna get it all.
Re:Cure 81 doesn't work, try #82.... (Score:5, Insightful)
There ought to be no such thing as a "bullet-proof" credit card acquirer or bank when it comes to spamming, but at the moment they all are. Besides, you need to use a domestic bank/acquirer (which is not so when it comes to websites) so it's a lot easier to legislate those than to go after internet resources like mail and web servers, which are a dime a dozen and you can use one in whichever country you like to hide in.
And if it gives spammers an incentive to commit fraud (e.g. use other people's accounts, fake identities), then all the better, that should wake up the Feds to start some serious prosecution.
Re:Cure 81 doesn't work, try #82.... (Score:2, Insightful)
Unfortunately, not true. There are plenty of businesses happy to host a spamvertized website. China is notorious for it. Yahoo refuses to pull the site of a paying customer unless the spam was sent through Yahoo's mail servers.
Heck, if every ISP was white-hat, we wouldn't need SPEWS [spews.org]
Re:Cure 81 doesn't work, try #82.... (Score:3, Insightful)
While I generally agree with this approach, one could also see where this would be abused. SPAM could be sent out advertising a company without the company being involved at all, just to get the company in trouble. An example:
Re:Cure 81 doesn't work, try #82.... (Score:2)
That's nice but what happens when their competitor(s) get into the act and start sending spam under their name?
Re:Cure 81 doesn't work, try #82.... (Score:2, Funny)
Re:Cure 81 doesn't work, try #82.... (Score:3, Insightful)
Finally someone who sees it right! (Score:5, Interesting)
Spamming and spamvertised business have become enmeshed in the otherwise legitmate economy (either through banking, ISPs, list brokering or trickle-down to middlemen like mortgage intermediaries).
Why isn't the FTC leaning on those people? Or at least publicizing their involvement in spam, even if it is indirect?
Furthermore, given the prima faciae fraudulent and/or illegal nature of spamvertised businesses and products, why isn't the FBI starting RICO investigations against these third parties whose implicit cooperation is necessary for spammers to do business at all? RICO has serious penalties and can be used to "bundle" miscellaneous state and federal law violations that would otherwise be unprosecutable or not worth prosecuting individually.
There's too much of this "it's all overseas" mantra and "we can't do anything about it." I say bullshit -- there's a money trail to follow and a bunch of people who would rather not be the target of a Federal racketeering indictment who live right here in the USA.
Re:Finally someone who sees it right! (Score:5, Interesting)
I agree. There is a money trail, and that is the problem. Somewhere in back someone has to be spending some of those profits in kickbacks for protection.
The spam is illegal. The products are fraudulent. The trail exists. Nothing is done.
Why?
Because your politicians never actually read their own email, so they don't have to deal with it.
Start printing the spam and sending it in to Congress, making use of the free postage when contacting your representative, and keep doing that for a few months.
Flood them with paper as you are flooded with spam, and I guarantee they'll finally get off their asses and do something about the problem instead of just lip-service laws with no enforcement.
Re:Finally someone who sees it right! (Score:3, Interesting)
Yes, they'll have you arrested under some vague and frightening anti-terrorist law.
Re:Finally someone who sees it right! (Score:3, Interesting)
I'm not sure that's it, but I'd wager that the DMA or other business lobby groups has put a lot of pressure on the FTC, Congress and other enforcement/lawmaking entities and lobbied them heavily on the value of spam to their respective businesses; they soft-peddle it as only "porn" being a problem, when in reality all
Re:Cure 81 doesn't work, try #82.... (Score:4, Interesting)
A couple years ago someone hijacked my mail server. I kept some of the spams and called the company, a real brick and mortar business, and asked them why they had illegally hijacked my server. They put me in touch with the company they had hired to do the emailing. That company had subcontacted it out and gave me the phone number of the subcontractor who turned out to be a couple with a cable modem working from their home. They had bought some spam blaster program (from a spam) and had gone into business. After talking to them, I really don't think they knew how the program worked. They had just received a package telling them how to use the program and a list of email marketting companies that hired subcontractors.
So, should the dumb couple be sued for everything they own? Should I turn them over to the FTC? How do you separate the willful from the dumb?
Re:Cure 81 doesn't work, try #82.... (Score:3, Insightful)
That is the problem.
Funny how you can go to jail for watching dvd's that you own on an unapproved OS but its perfectly ok to spam and cost billions in damage?
Reason being is under WTO corporate espianage treaties one can be held world wide under American laws. I think its BS and scary but this could be used to harm spam customers.
After customers disappear the spammers wont be able to get paid and will cease.
It won't work, but for a different reason. (Score:5, Insightful)
It seems that those institutions were paying for leads and they didn't really care where the leads came from.
So, do you fine the guy who sent the spam or the company that contacts you after you answer the spam?
If you only fine the guy, there will be another to take his place (and, as you noted, they will move outside of US jurisdiction).
Can a bank that never before sent you any email be fined for contacting you if you send someone an email saying you're interested in a mortgage? Until that starts happening, nothing is going to happen to the spam level.
Follow the money.
Re:It won't work, but for a different reason. (Score:2)
Re:It won't work, but for a different reason. (Score:2)
I've considered the grandparents poster's proposition many times and feel it is the only way we're going to stop spam. The only problem I've found with that solution is what you mention above. Personally, I don't think it will be a major problem. A company under investigation for spaming should be able to prove whether they did or did not pay for that sp
Re:It won't work, but for a different reason. (Score:2)
And how on earth is a company to prove that it didn't pay for a spam run? Even if it opens its books to the court, what's to prove that invoice 10993355.455 for 15,000$ worth of pencils isn't really for spam? Are you going to count the pencils, or are you going to ask them to bring them to court?
Think again.
Re:It won't work, but for a different reason. (Score:2)
Nothing. I never said to fine them without a trial after all. And for the record, it's presumed innocent until proven guilty.
Again it doesn't have to prove that it didn't pay for a spam run. The FTC or DOJ or whoever has to prove that the company did. Courts have been dealing with the tracing of company money for years now. The methods are well established and it's my un
Re:It won't work, but for a different reason. (Score:2)
Re:It won't work, but for a different reason. (Score:2)
Until one of those falsely accused is you, then the cost equation might start to look a little different. You are innocent until proven guilty in a court of law - that holds for all crimes, from murder to spamming.
Vicarious liability (Score:2)
Re:Cure 81 doesn't work, try #82.... (Score:5, Informative)
But you're quite right that almost all spam is trivially trackable to where the spammer wants the money to go. Unfortunately, the CANSPAM act just made it nearly impossible to go after spammers in court, reserving that ability to federal authorities who couldn't find their own IP address if you burned it on their asses with a branding iron.
Re:Cure 81 doesn't work, try #82.... (Score:4, Interesting)
Most spammers are americans in US jurisdiction (Score:5, Interesting)
Very few spammers actually bother to move outside US borders. And even then, unless they officially renounce their citizenship, they are still US citizens and can still be deported + prosecuted -- no matter where in the world they may be.
The US courts can sieze their assets. Their house, their cars, their computers, etc. Ever wonder what all those government auctions are? Most of them are auctioning off siezed property from criminals. There is serious $$ there.
So yes, there's plenty the US courts can take from them, unless they're living underneath a bridge in a cardboard box.
Re:Cure 81 doesn't work, try #82.... (Score:5, Interesting)
What I've noticed is that a fair amount of spam mails still feature .com addresses, and to an increasing amount .biz and .info (I'm already thinking of banning all incoming email which contains a link of any sort to .biz and .info sites...)
What I also noticed is, that the domain names get weirder and weirder. So after all, I also see a responsibility on the domain registrar's site. If someone is registering domains like amsnbxtr.com, amsnbzxw.com, mnevbdsx.com, msnbsczx.com, wiggle6767tabs.us, or coolness6579meds.us it doesn't take much brains to guess the future use and sane registrars would probably deny requests if a bunch of nonsensical domain registrations comes in -- especially after they found spam pointing to the last batch of domain registrations.
So the registration comes from fishy registrars, fine. Then just block all addresses which are registered through one of these registrars... The above examples, for instance, point to just two distinct registrars.
Next generation spam filtering might just mean parsing the incoming mail for the occurrence of links, checking those domains against whois and the whois result against a badlist of known fishy registrars.
It's crude. It's unelegant. But it surely ruins the business of both, the spammer and the greedy registrars who just care for registration fees.
Re:Cure 81 doesn't work, try #82.... (Score:5, Insightful)
I don't think so. As the guy from Spamhaus says, the FTC et al know who the sapmmers are, most of them are American, resident in America. Yet they dpo nothing to stop them. Just look at the ROKSO list [spamhaus.org] Here are names and addresses of 180 of the world's worst spammers, 140 of who are Americans. It's lack of will, not lack of evidence. The direct marketing lobbies have made sure that spamming will not be stopped. If any value was put on the resources these people waste, the FBI's Most Wanted would all be spammers. But because they just look at it individually, it's seen a nickel and dime.
Re:Cure 81 doesn't work, try #82.... (Score:2)
So yeah, basically they can send bounty hunters anywhere to go after you for an
Spam doesn't bother me as much as bad websites. (Score:3, Interesting)
No, for me, it is the websites that authorize Ad Viruses that piss me off. People who host such sites should be permanently shutdown and its owners castrated.
And yes, I know IE sucks, but my girlfriend uses IE regularly and she doesn't know better and it's not as easy to get her to swit
In the words of Darth Vader (Score:5, Funny)
Bounty hunting time! (Score:5, Funny)
Depends, will the FTC hand out Boba Fett type bounting hunting uniforms? I wouldn't mind starting a collection of Spammers In Carbonite on my walls.
Want to catch spammers? (Score:5, Funny)
Oblig simpsons (Score:2, Funny)
Re:Oblig simpsons (Score:2, Funny)
And in the other news: spammer found death, bloody calculator found nearby.
Mutiny (Score:2)
Wanted: (Score:2, Funny)
Re:Wanted: (Score:2)
Re:Wanted: (Score:2)
Re:Wanted: (Score:2)
Is there really a market for anything that's been in intimate contact with a spammer? And even if someone was desperate enough to accept an organ from a spammer, the medical obstacles* would be too great to overcome.
Hey, I know - we could sell the organs to another spammer! Now, how to find one... well, we could start by sending an email to everybody in the... ohwaitnevermind.
(* obstacles such as: donor and recipient must have the same number of chromosomes)
Spammers abusing the system (Score:4, Funny)
Random thoughts (Score:5, Interesting)
Unlikely. But, if the law actually get's off it's ass and actually hands out fines, spammers might be more inclined to stick the equivalent of "this is spam" (the opt-out message, etc.), which could make filtering more effective.
Perhaps we should be fining the ISPs who happily let spam-servers loose on their network?
"It would promote vigilantism on the Net and it probably would not catch any bad guys," said Louis Mastria, spokesman for the Direct Mail Association
There are plenty of technically-skilled knowledgable people out there who might otherwise not have bothered, but who could probably track a few people down.
'the FCC has so much information on their identities that to get anymore would be useless.'
We don't care whether they're known or not. We just want to bankrupt them and get the money we have lost* due to spam.
--
* Most end-users don't lose money, but the amount of stress and anger caused to me by spam has probably shortened my lifespan, and can you put a price on that?
Re:Random thoughts (Score:4, Insightful)
Well, a few years ago, this would have been good, but more and more spammers seme to be shifting to using zombie PCs instead.
Re:Random thoughts (Score:2)
Bingo!!! I want back all instances of 19.95$ that were supposed to enlarge me in some way (except the one that worked, thanks Ron!). I am so tired of waiting for the mail man to bring me my viagara only to find that someone in Jamaica maxed out my credit cards AGAIN!
Re:Random thoughts (Score:2)
Re:Random thoughts (Score:3, Funny)
Re:Random thoughts (Score:2)
ISPs are going to _LOVE_ this, especially now that some brilliant judge decided to let customers keep IP blocks. Think of the situation. The ISP gives a business account to someone. That someone turns out to be a spammer. The ISP is faced with heavy fines if they don't terminate the customer but faced with the clusterbomb of DNS mayhem if they do terminate the customer.
BRILLIANT!
Laws? They don't need no stinkin laws... (Score:3, Interesting)
This is crazy (Score:3, Insightful)
Why we need a different mechnism for capturing these Spam criminals is beyond me.
Re:This is crazy (Score:4, Informative)
The world is not united in supporting us in everything we do, and when we falsely assume that we get ourselves into a deeper problem.
Re:This is crazy (Score:2)
Anyway most spam is orchestrated from the US and a smaller but significant proportion comes from the EU. These unions have international agreements on law enforcement - let's start there.
Re:This is crazy (Score:2)
Re:This is crazy (Score:2)
Just what we need: an excuse for the politicians to garnish more of our wages, mount cameras in our homes, and pay their pampered offspring enormous wages to actively monitor our speech.
BRILLIANT!
Steve Linford (Score:3, Insightful)
one reason. Information about people isn't guaranteed to be evidence that will hold up in court. So getting citizens to help with evidence against the spammers, from different sides than just teh FTC info gathering, helps any case that they would put up agains the Spammers.
Who knows if it will really work
and yes
Yes, it would work! (Score:5, Interesting)
We would need an organized way of combining suits against spammers. Otherwise, those millions of individual suits would clog the courts. A bounty system is the perfect solution. People who collect information on their spammers would organize and report that information to a centralized organization which would handle the actual law suits. Then this organization could pick its targets by employing a pseudo-random, RIAA-style method of picking out random spammers with a boatload of complaints. Any money won would be distributed evenly to those who provided reports on the spammer.
Re:Yes, it would work! (Score:2, Interesting)
I never said there were. I said there could be millions of law suits brought against spammers. And "millions" would not be an unreasonable number for that. There were almost half a million do-not-call telemarketer complaints, and I think it's safe to say that junk e-mail outnumbers telemarketer calls.
It's more likely that the number of spammers (just in the U.S.) is in the thousands, but the principle idea of their job is to reach as many people as poss
Play on the Dumb (Score:3, Interesting)
This may sound like it wouldn't work. They tried giving away a free tv to the first 400 guys to show up at a conference on not paying child support and they caught like 400 some guys who were deliquient. Lets try it on spammers.
Re:Play on the Dumb (Score:4, Insightful)
However, that kind of thing only appeals to the deadbeat dad type who doesn't have tons of money and decided that they could just skip paying child support to make ends meet... if the person is so rich to not need or want an extra TV, the bait just won't be appealing. Spammers are that well off...
Motivation of Spammers and Vigilante Justice (Score:3, Informative)
There was an article recently on Slashdot that talks about the motivation of spammers as being primarily "money" - for college, for a late loan payment, or for just a quick financial pick-me-up. But in order for this type of "vigilante justice" to work for the government and ultimately for everyone, the motivation has to go much deeper. On one hand you could argue that few people volunteer to fight cybercrime because there is little or no money involved - so let's throw some money into it and entice people to do right. But I wonder if the ones who can are simply not doing it because there is a lack of worthwhile motivation. Money seems mundane, even insulting at times, as reward. Contrast this with the h4x0r culture, a meritocracy where your reward is respect and even deferential treatment from your peers when you demonstrate real skills.
It's fine if you want to resort to this type of measure, but what are the motivation and reward of doing good and getting rid of those who do bad things for rewards as trivial as money?
Dealing with Spammers (Score:4, Funny)
Bounty Hunters (Score:2)
I know that's not the sorta of bounty system the article is talkin
Re:Bounty Hunters (Score:2, Funny)
How about something more just ... (Score:2, Interesting)
... so why not have them work at sorting email into spam and non-spam, to provide the raw input to help train spam filters.
You could use a feedback mechanism to prevent lying - for example, if th
There is no "Cure" (Score:5, Insightful)
1. Cut off Spam from the Zombies.
Cable and DSL companies should block all port 25 traffic coming from their customers. If you want to send e-mail, you should have to use use their SMTP servers. Running your own mail-server is against their TOS in many cases, anyway.
In all fairness, however, this could be handled on a case by case basis. If you are such a macho techno-geek that you really really really really just absolutely HAVE TO run your own mail server, you should have to ask them for persmission first and enter into some sort of agreement that you will not be part of the Spam problem.
2. Cut off the Zombies.
Any cable/DSL customers spewing out large volumes of e-mail (without permission to run a mail server) get a nasty letter, telling them that their service has been terminated until they secure their computer.
3. Follow the money. Follow the money.
Spammers have to make money, somebody has to get paid. They aren't doing this for the fun of it. Trace the money trail back to the people who get paid for the herbal viagra and penis enlargement pills. It isn't easy, but it can be done. If you follow the money, and apply EXISTING laws, such as:
* Child Pornography Statute 18 U.S.C. 2252
* Electronic Communications Privacy Act 18 U.S.C. 2701-2711
* Economic Espionage and Protection of Trade Secrets Law Pub. L. No. 104-294
* Computer Fraud and Abuse Act 18 U.S.C. 1030
* Foreign Intelligence Surveillance Act 50 U.S.C. 1801-1811
* Transportation of Obscene Matter for Sale or Distribution 18 U.S.C. 1465
* Federal Wire Fraud Act 18 U.S.C. 1343
you can shut down the Spammers.
Simple solution sounds great, won't work (Score:4, Informative)
point 1)
I agree with the idea behind port 25 issues: having ppl who must run their own mail server get permission in advance does *sound* good. However, legitimate/responsible users who ask for permission in advance will, by definition, have alerted the ISP they are running a server and then be charged more for it. This will not be seen as fair when you consider they may, in fact, be using less bandwidth than the average on-line gamer or true zombies of which you speak. This also speaks nothing to overseas ISPs beyond enforcement and ISPs that don't give a fsuck.
my point here is that legitimate users should *not* have to pay extra (literally) on the account of spammers.
point 2)
shutting down zombies sounds great, but without effective automation it won't be effective because it will be too expensive and further raise the operating costs of ISPs beyond what they are already losing in lost bandwidth. How would you have the ISP distinguish legitimate mail traffic from spam without looking at every email? You could simply measure the volume of mail, but again, legitimate mail users would be cut off or would have to pay more.
I suppose if you dont care about legitimate mail servers from home paying (a lot) more this could work well, but only for mail from ISPs that actually care, and it only takes a few that don't (or pretend to but don't) to ruin this idea while still leaving ISPs free to charge legitimate users more in the name of abuse they cannot truly curtail; I don't like the idea of internet mail becoming corporatized than it alreday is.
Again, overseas/unenforcable spam and its ending money trail will continue. We can try to get financial insitutions to be more responsible with these transactions, but that assumes way to much in the way of co-operation. Most will give lip service and do little or nothing about it because of the costs invloved in curtailing it and lost revenue by someone else picking up the shady sales portal business.
point 3)
existing laws and standards of enformcement are fine for those within the bounds of enforcement, but there are so many who are not that we would not be prudent to expect much out of them.
Human behavior is always the weakest link in every security chain. Towards this end, our efforts would be better spent on education and good bayesian filters.
In short, don't you really think these relatively simple solutions you have proposed would have alreday been applied if they'd work so well? Typically, our world is far more complex than simple solutions allow for.
.
Re:Simple solution sounds great, won't work (Score:3, Interesting)
Re:There is no "Cure" (Score:2)
ISP's could simply let whomever requests outbound port 25 traffic have it. People who know how to set up a mail server are probably also smart enough to keep their systems from being compromised.
It all adds up (Score:3, Interesting)
Although spam looks like a very international problem, I believe that a good number of spammers are based in the USA, they just use machines outside USA to do the dirty work. If this helps FTC to get to those spammers, and make their charges hold in court, all the better.
If they only found a good law to throw at those who hire the services of spammers, sell access to compromised machines, sell address lists for fraudulent purposes, then we might get somewhere.
So (Score:2)
I am in favor of throwing out SMTP because and changing TCP/IP to version 6 on the internet. It would make things harder to hack and more secure.
Both Unix and TCP/IP were never known for security. Sure its more secure than Windows but ask any former VMS or OS/390 administrator about it?
Bounty systems are bad. (Score:5, Insightful)
probably will not work.. (Score:2)
From the article :
The prize for a spammer's virtual pelt? A hefty percentage of whatever civil penalty the FTC is eventually able to collect based on the information.
Sorry, they're not gonna catch a damn person with "eventually" and "whatever" as backing for a reward.
If anyone put half of the effort in to catching spammers as t
This was proposed already ... (Score:4, Funny)
In the book, there's a funny bit about cyberworld residents meeting in a town hall by the Statue of a Last Spammer... built when the last spammer was exterminated by the bounty hunters. Being wise enough, the governments still decided to keep the bounty in effect AFTER the last spammer was caught.
Personally, I think this is crazy enough that it could work. Imagine the unlimited energies of 16 year olds who spend their days glued to the computer, chatting on IRC, cracking porn site passwords, doing various small-scale mischief and playing Counterstrike, directed towards catching spammers. All I can say is, that would be a BAD time to be a spammer.
I can track these guys down (Score:3, Insightful)
The spammers aren't the companies that pay these guys to do it. The spammers are the people who actually queue up the messages and spit them out. Now, I know what you're thinking, the company being advertised is at fault, too. But still, there is an order that you gotta go through in order to get the right people.
After all, you don't go after the gun manufacturers for creating tools of self-defence just because unintended users end up killing people, right? The proper order is, the person who used it, the parents of the minor that used it, the retailer that sold the ammo, THEN the gun manufacturer, right?
Oh wait, nm. I guess the anti-gun sentiment amongst the public tends to skew the proper order you'd think this should be. But still, I'm the kind of person that is capable of hunting down spammers, but I simply don't do it because there is no incentive.
A monetary incetive might be lucrative, but I'd have to see the amount of money given. If it's too low, it's not worth my time. If it's too high, like the Microsoft reward offers for the Sasser and Blaster creators, then I know they aren't actually going to pay out.
Obligatory (Score:4, Funny)
( ) technical ( ) legislative ( ) market-based (X) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
(X) Microsoft will not put up with it
(X) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(X) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
(X) Unpopularity of weird new taxes
(X) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
(X) Joe jobs and/or identity theft
(X) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(X) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
(X) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, l0ser! I'm going to find out where you live and burn your
house down!
Re:Obligatory (Score:3, Insightful)
This is rather the problem that this technique aims to solve, I thought. Compensate directly the people with the skills to find spammers.
(X) It will stop spam for two weeks and then we'll be stuck with it
If there's always a reward, there will always be people working to try to collect it.
(X) Microsoft will not put up with it
Why would Microsoft be upset that someone is fighting spammers? They'd probably be pleased at the reduction in jun
Can A Bounty System Cure Spam? (Score:2)
I agree with Linford (Score:3, Insightful)
The problem with prosecuting individual spammers is that the Justice Department goes after big money criminals more agressively than small fry spammers. They are more interested in capturing the guy that embezzeled millions of dollars, rather than the guy that sent out millions of emails.
Alices Restaurant Updated:
There he was, sitting on the bench with all the bank robbers, embezzlers, serial killers,
"Whatcha in for, kid?"
"Sending 7 Million spam emails"
It could work if... (Score:5, Interesting)
The police issue warrants for bail jumpers.
Bounty hunters get $$$ for bringing them in.
With a spam bounty system, it could work like this:
The feds put up 'info wanted' notices for specific spammers. It would eliminate the objections people have of vigilantes going after innocent legitimate marketers. The feds would be asking for information about specific spammers, much like the FBI's most wanted list.
You call in leads, the feds prosecute, you get $$$.
The idea here being that there are often people out on the internet who are far more skilled or have far better connections than law enforcement, in tracking down miscreants.
There are likely a lot more net-skilled individuals out there than there are law enforcement officials with good net skills.
Why not put that talent to use, a bounty is great incentive (besides the satisfaction of putting spammers out of business).
Pretty simple.
Where are Bin Laden and mullah Omar today? (Score:4, Insightful)
Until the spamming problem is causing buildings to collapse, this FTC bounty system is not going to do anything. And even supposing that the mountain of junk we receive causes computer to be so heavy they start to crack the concrete, it's not because there's a bounty that the capture and conviction becomes easy.
At least not until long-range individually targeted viruses are feasible and bounties are paid for DNA samples of spammers. And if that happens, methinks spam will not be our biggest concern.
Close, but no cigar (Score:3, Interesting)
What we need instead is a law similar to the Tennessee law which simply made spamming a civil offense and set out a clear, punitive civil penalty structure. The problem with the TN law was that the penalty wasn't quite enough.
I suggest a law that simply makes spamming a civil offense, with punitive damages set at $5000/spam and compensatory damages set at $10/spam. There woudl be a 10% bonus for pornographic spam. The law should be worded to give judges little discretion except to determine whether a particular email is spam. If the defendant is on the FTC's list of spammers, then the judge would have no discretion. His job would be to swing the gavel.
Having DA's or AG's go after spammers makes no sense. They have more important cases to deal with usually. Leave this up to people who are the victims. The spammers will die a death of a thousand cuts.
The hardest part is tracking them down, but since the FTC already has a lot of information, they need to make it public to assist.
Why not the sellers? (Score:4, Insightful)
They should be much easier to track down and they are the ones hiring companies to do the naughty work for them.
More motivation really needed? (Score:3, Interesting)
I suspect we'll see more results from private action, now that someone has been foolish enough to crack into some sites with expensive reputations to maintain in order to distribute their junkmail-mirror trojans. Financiers are dangerous dudes, and the damage from the latest horror goes way, way beyond that of the typical defacement prank.
Rivers and Harbors Act of 1899 (Score:2)
Consider a law like this imposed upon spammers and those who hire them. Follow the money, cut off and confiscate the money, reduce spam.
Cowboy Bebop style (Score:2)
User spam reporting (Score:2)
Yahoo should be using these clicks statistically to refine it's filters (which I don't use) and launch complaints against spammer ISPs and/or filter trojan relays.
No. (Score:2)
Better Idea (Score:4, Insightful)
Implementing a bounty system is just a dumb idea. Do cops offer rewards to help them catch common criminals? No, because a system that does so would just flood the phone lines with false leads. Same here. As Steve Linford (who probably knows a lot more about the subject than Lawrence Lessig) said in the article, the problem isn't that the FTC doesn't have enough information on spammers. I think keeping your inbox clean is enough of a motivation for most people to report spam.
I read a book by Lessig once. Internet visionary my ass. The man clearly had no clue what he was talking about.
BTW, just a nitpick, the article refers several times to the "CAN-Spam" law. Such a law does not exist. The "CAN-SPAM" law, on the other hand does. The entire thing is the acronym (Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003), not just the CAN.
Forward this article.. (Score:5, Funny)
Another useless spam idea (Score:3, Insightful)
The problem is, we have hundreds of civil-oriented anti-spam laws on the books that are not being enforced or pursued. It is not economically viable to use the civil courts to attack the spamming industry. The main reason is that it's not cost-effective: good luck finding a lawyer who will take this case which will cost a lot of money and time up front with no guarantee of a pay off. Second, suing someone in civil court generally works when you can find these people and bring them into court, which is very problemmatic with spammers, but more importantly, it assumes the spammers have money in the first place, which is pretty doubtful. If spammers were really making lots of money, they'd be more visible than they are - all indications are that most of these people are transient scam artists with very little long-term equity in their posession. So the bottom line is that civil suits have never proven to make any difference in this field. Who's crazy enough to jump on this bandwagon? What has happened to people when they propose ideas that are based on premises that have shown to be consistently useless and ineffective?
Prosecutions are prohibitively expensive (Score:3, Insightful)
There is an alternative [majid.info], however, that could make anti-spam enforcement much more effective, and nip the problem in the bud. Visa/MC would give the FTC and their European counterparts "poisoned" credit card numbers to use on spammer sites. Any merchant account that attempts a transaction using such a number would be immediately frozen and its balance forfeited. A portion of the proceeds could be set aside to pay for Visa/MC's costs, giving them an incentive to participate.
You could even imagine a next step - since the spammers' clients would be known, you could fine them, since they are the ones who keep spammers in business in the first place.
Re:Not spammers, just their hands (Score:2)
So that was 50c per gopher?
Re:o great, digital cowboy bebop (Score:2, Funny)
So long Spam Cowboy!
Re:Yes, a Bounty System can Work (Score:2, Funny)
The bad tempered girl has no memory? I never knew that. I thought she was just bad tempered. And annoying.
I also never knew Edo was female.
Re:kaboom (Score:3, Funny)
We provide vaporization services all around the world at affordable prices. Call now and get to vaporize 2 people for only $699*.
*offer void when costumer want to vaporize Orbital Laser Services personel or property.