Spamfighting Since the Death of MakeLoveNotSpam?

vacuum_tuber asks: "The now-defunct Lycos anti-spamsite screen saver, MakeLoveNotSpam, was extremely well received despite the whines and hand wringing from the no-one-should-ever-actively-defend-themselves crowd. There was speculation after its demise that Open Source spam-punishing tools would emerge. Other tools such as SpamVampire, LadVampire (punishes fake bank sites), Spam Research Tool and others were mentioned with increasing frequency, but there has been no coherent followup to gauge what people are doing since the death of the Lycos screen saver. What are you doing that you think is effective in punishing spammers or their spam-site sponsors?"

The best way

[nilbog]

The best way to fight spam is to go home and turn off your mom's zombie computer...

I don't punish spam.

[Man in Spandex]

SPAM punishes itself by giving an "evil" image for their company.

Best way to punish spam is by keeping your friends AND foes aware of what to not pay attention. In the end, hopefully, they'll make less profit. Nonviolence resistance demands patience and is a slow process but always shows progression.

Re:Make it illegal.

[sqlrob]

Like making drugs illegal has stopped drug abuse.

Or like making identity theft illegal has stopped phishing scams.

Or how making unauthorized access to a computer illegal has stopped spam coming from compromised machines.

No sympathy for the spammer...

[Chordonblue]

"...the actual problem: People buy the crap offered by spam! Spam is no longer free. If people would just stop buying based on spam, the problem would solve itself."

So what you are in effect saying is that people who hawk too-good-to-be-true investment schemes and storcks shouldn't be punished? People are gullible, people are going to continue to be taken in by their greed, ignorance, or even illness.

I think these parasites should be taken down. Whether you agree with Lycos or not, I commend them for at least bringing this possible solution to the spotlight.

Re:No sympathy for the spammer...

[IntenetStormCenter]

of course they should be taken down. And they are being taken down at faster and faster rates. But DDOSing them is the wrong way. First of all, you take down an ISP in addition to the spammer, but in addition the ISP may now have to help the spammer to defend itself in order to keep other innocent customers online.

Its important to keep the rules simple. Otherwise you will lose cooperation among ISPs. DDOS is bad. Spam is bad. Lets cooperated and stop both.

Yeah... Murder is illegal too...

[Chordonblue]

...but it still happens, sometimes almost unchecked in foreign countries. How is this really going to help unless you target the companies USING spam to hawk their goods?

The spammers are a symptom of a much larger problem. Don't get me wrong - I wouldn't mind seeing them strung up too - but I'd rather see the CEO of some penis enlarging / Viagra-distributing company do some hard time with big guys...

So it depends on who is doing it?

[the angry liberal]

The now-defunct Lycos anti-spamsite screen saver, MakeLoveNotSpam, was extremely well received despite the whines and hand wringing from the no-one-should-ever-actively-defend-themselves crowd

Yeah, um, right. Say the same thing in regards to the RIAA trying to prevent music piracy and you'll hear endless howls from the /. crowd about how hacking/DDoS is illegal and should be a punishable crime.

If you want anyone to remotely take you seriously, you will have to first drop the double-standard.

Hand Wringing

[fm6]

MakeLoveNotSpam, was extremely well received despite the whines and hand wringing from the no-one-should-ever-actively-defend-themselves crowd.

Hand wringing? Like all vigilantes, you love to emphasis your own macho attitude and the supposed wimpiness of your detractors. Whereas the real issue is the collatoral damage.

Re:Slashdot Hypocrisy

[Anonymous Coward]

Then, of course, there's a possibility that he wasn't serious.
Did you consider that possibility?

Re:Well...

[SirTalon42]

The groin generally gets the message through better.

No war, no innovation

[seachnasaigh]

The Lycos thing was an interesting sortee, but on a day-to-day basis? I'll keep doing what I do now: learn, build better filters, make it harder for the stuff to get through, defeat the purpose, drive their numbers down a fraction. I'm a systems admin; my users don't see much spam, largely because I've spent months tweaking the filters to stop it, building better code into my SpamAssassin, etc. Does it annoy me? Not really. It keeps me employed, and it makes me think, actually. A wise man once said, rather coldly, that without war there would be no innovation. (I'm paraphrasing). Largely, that's true I think ... though he didn't say anyone had to actually be killed. This is a war; spam, phishing, viruses ... they've made us all grow up, realise that the 'net isn't a toy any more, and stretch ourselves just a bit to make it safer, faster, etc. Yes, this doesn't help your Mum's computer, but one day it will. I'm not going to say spam is good, but I will say I think it was inevitable, and that our reaction to it can in fact turn out to be beneficial.

Re:Make it illegal.

[Ph33r th3 g(O)at]

Sure, because the overseas hackers find U.S. broadband connections easy to compromise. And the "bullet proof" hosting is almost all in China and Korea.

Re:The best way

[ravenspear]

But that's where the education part comes in. I agree that more of that is needed. With cars, problems are easy to recognize because you can hear or see that something is wrong. With spam, it happens in the background so most people aren't aware. Unless M$ builds something into the operating system that makes it easy to spot security problems, it's going to be hard to educate everyone.

Heck, even that probably wouldn't work. I can see it now, a window pops up saying:

ALERT!

"You currently have port 25 open and your outgoing data rate is 1.2 mbps on that port. Are you sure this is what you want?

::user clicks ok, returns to browsing pr0n::

Report addresses to abuse desks

[dragonman97]

For 419ers and other spammers that tell you to correspond with them via Yahoo! or other free e-mail services, I strongly recommend reporting them to the abuse department for that provider. This can cause innocent fools from being able to actually contact the 419er, and if the success rate drops, then perhaps some of them will quit, if it's not worth their time. Yahoo! and others do not need their name further tarnished as being supporters of these scams, so cutting them off can only be beneficial to them.

Wasting the bandwidth of these phishers only hurts the Internet, by wasting resources. Do keep in mind that the sites may be using stolen credit cards, and the ISPs will lose money on overspent bandwidth bills when the CC company halts payment.

Re:Make it illegal.

[Feanturi]

I know you're being funny, but that might be a seriously good idea. Dump a whole lot of paper in their offices. Send a letter as you would normally, describing your grief and then, as examples, give hardcopies of every spam you've received in the past week.

Re:I don't punish spam.

[Anonymous Luddite]

I agree.

Why waste effort on this? Just make it a rule: Don't ever, ever buy anything from an unsolicited email. I've got the same rule for phone solicitation - If your company EVER pisses me off by calling me at supper or on my day off or whatever, I won't buy from you. period. I don't care what you're selling. I'm not interested.

If there is no positive response, phone/email spam becomes an expense rather than a revenue generator. The 'invisible hand' of the market place will get rid of it.

Re:Make it illegal.

[Zigbigadoorlue]

I believe that the only way to stop the proliferation of spam is through user education, not only about why one should fall for spam but also how to take care of their computer. Making spam illegal is just another way of limiting freedom of speech. Spam is speech just like yelling at passing pedestrians about the coming apocalypse is speech; illegalizing spam would be just as morally corrupt as illegalizing proselytism.

Re:Report addresses to abuse desks (yeah, right!)

[Antique Geekmeister]

I'm sorry, but the abuse desks almost never do anything useful. They are constrained by the lack of manpower, and they are constrained by ISP policy from doing anything that could ever be considered censorship to avoid losing the "common carrier" protections they currently enjoy.

Moreover, for many ISP's, spammers with "pink" contracts pay good money and help keep pay the ISP's bills. Agis.net tried this, and it wasn't until the Cyberpromo spammers had their upstream routers DOS attacked to death that Agis stopped taking Cyberpromo's checks, despite Cyberpromo's demonstrably criminal and fraudulent behavior.

To an ISP on the edge, a paying customer is very valuable.

Re:The best way

[utlemming]

Educating people about securing their systems is one thing, but expecting everyone to become a security expert is quite another.

Agreed. One of the things that the /. community needs to understand is that some people are incapable, unwilling or just don't have the time to worry about their computer. In general, the /. community is quite intolerant of people who are unaware of what is going on in their computers. I had a tech support friend who used to tell customers that the problem is a "ID-10-T" error. Even though we may know how to fix a computer, upgrade Windows to Linux or whatever FOSS OS that you choose, doesn't mean that we should be intolerant of people that don't know about computers. I am sure that there are many mechanics who feel the same. Case in point -- I would never, ever pay for someone to fix my computer. But I do know how to fix my brakes, change my oil and do just about any mantience on my car; it may take me a while to accomplish a task, but it isn't worth it to me. Some people that use computers are the exact same way. They don't want to fix a computer themselves or learn how to do it because it just isn't worth it to them. I made a $100 because a person didn't want to learn how to fix their computer. Fine by me. But when it comes to changing my oil, I'll happily fork out $35 because I don't want to bother with. The best that we can expect is to train people about basic maintence. The real burden for securing computer is for those of us that have the skills to do it. We're starting to see the nessesity for responsable programming and security in computer systems. Simply put, we need to stop complaining about the unaware computer users and implement systems, designs and policies to make it easier on the user to have a secure system, while protecting the computer and the internet at large. Let's drop the "I am a geek, and therefore superior attitude."

Re:Make it illegal.

[ScrewMaster]

That's pretty much irrelevant. If there's one thing spammers are, it's adaptable, and if the United States becomes an untenable host nation they'll simply move on. I might point out, however, that that 42% figure isn't too meaningful either: that much spam may or may not originate here, but it sure as hell doesn't all go direct from the spammer's domestic server to the target mailbox.

China, India, other up-and-coming high-tech nations have thousands upon thousands of unsecured mail servers and Windows machines to zombie. And hey ... even if we really do generate 42% of the world's spam here, that still means 58% of that crap is coming from somewhere else! A few years back AT&T and some other bigboy backbone providers cut mail service from China for a short period because of the volume of spam coming from China. Any way you slice it, this is an international problem, and it won't go away just because Congress passes the Can Spam Act II or something equally useless.

Costing the insurance companies not spammers

[SCVirus]

Do you really think these spam servers, websites and there bandwith costs are not fraudulently optained? Your not costing the spammers your costing whoever ends up paying the credit card bill. Probably the credit card company will take up the tab, sometimes the acual person.

Re:Make it illegal.

[vandan]

Living on US aid? You haven't even been outside of your own state, have you?

The rest of the world certainly does not 'live on' US aid. The paultry amount of aid that the US offers largely goes into the coffers of military dictatorships that the US actively supports. And ALL US aid comes with a dick rammed up your arse in the form of requirements from the WTO, World Bank and IMF.

You must have a *very* warped take on reality if you think the people of the 3rd world bum around waiting for their next food-drop from the US, and surfing the net looking for new exploits to attack your PC with. Are all people in the US really as stoopid as you? The mind boggles.

Re:Kill their mailing lists

[SlashdotMeNow]

Instead of showing off your 12 year old IQ why don't you wake up and remember that 99.9% of spam does not have a valid reply-to or from adress and thus those 'mailbox does not exist' messages will go nowhere. Most zombie spam / virus mails these days forge the headers to look like they came from one of your contacts, so MSC will compound the problem by spamming a random friend whenever you get spam.

Funny?

[Captain_Chaos]

It's a disturbing sign of the state democracy is in in America that this has been modded "Funny"...