Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: phranque
A judgement this large can serve as an incentive for anyone who knows the spammers to turn them in for a piece of the action.
Now if we could just replace the federal CAN-SPAM law with a law that really outlawed all spam with similar damages, we might be able to get somewhere.
Considering the fact that some spammers send emails with bogus return addresses. What if that return address is firstname.lastname@example.org
And then people begin to sue you. It's scary thought isn't it, just to say the least.
My solution is to tax ISP's for bulk e-mails. The first hundred addresses are free, then say a penny per address after that. Close to all internet users would never pay anything.
I posted a newsletter via e-mail every month for a while, about 1200 people asked to be signed up. I would have happily sent 12 seperate e-mails (100 addresses each) if that helped stop spam. A spammer with a million addresses would post 10,000 times? I think not.
Even with ISP software to stop splitting addresses up would only have cost me 11 dollars US a month, nothing compared to the lost wages due to deleting junk mail. The typical spammer would pay $30,000 per message.
As it is right now, I've basically stopped using e-mail. My filter at my ISP is set to only allow messages from a couple dozen selected friends. Unfortunately that does nothing to stop spammers.
We could also look at the Ham Radio environment, where everybody who transmits must be licensed by the FCC. It may seem draconian, but remember, by some estimates close to 90% of all e-mail is spam. We do need a major re-work of the protocol, or just dump it altogether.
I think the last suggestion of rewriting the protocols is the best bet. There's two ways I've thought of to do this. The problem right now is that the from address can be easily spoofed, just as easily as you can write a fake return address on a piece of snail mail. The from address of spam is useless.
So the first protocol rewrite method would involve some way to verify identity. Some spam filters do it a little differently. I've seen challenge-response systems that create a whitelist. When someone sends you an email, if their address isn't on the whitelist, it will respond to them automatically with a request to fill out a short form asking why they are contacting you. This form is then sent to you, where you can accept or deny it. The idea here is that a spammer will never fill out that form, and if they did, you'd never accept it. This can be bad for business email, because you don't want your customers having to go through this process.
But I think the easiest and most entertaining fix would be a spam filter with a retaliation module. Let me explain. I use SpamAssassin on my own network and it works great. It finds particular characteristics of spam that are each assigned a certain point value. Once the point value breaks a certain threshold (I've set mine to 5.0), it's marked as spam.
But let's set another threshold; the retaliation threshold. On my system, I'll set that at 7.0. If an email is marked as 7.0, then it's obviously spam, no questions, not a false positive. My spam filter would instantly go out and perform a DoS attack on the originating IP address. Of course, it's likely that my network alone is no match for the spammer's network if they are sending out such quantities of email. However, if others implemented a similar system, that spammer could experience a DDoS attack from various people that they were spamming. After they sent out enough emails, they would be taken down -- Hopefully the number of emails they sent that would cause this would be only a small percentage of those that they would be able to send otherwise.
But there's another possibility here. Sometimes the sending IP address has been forged, which means that the spammer is using someone else's network to send their spam. If this is the case, it means you'll be DDoS'ing some innocent bystander. However, this will accomplish two positive things:
1) The system will go down, and the spam will still be stopped (or interrupted at least), and
2) The innocent bystander would be made aware that someone has compromised their system and it's being used to send spam, in which case it should be taken down.
Once this system is implemented on enough networks, it would make increase the cost of sending spam since any network used for sending spam would be under attack within minutes, the effort needed to send 1,000,000 emails may now equal the effort to send 100 emails. And that's always been the real solution -- Make it so that spam is not cost-effective, and it goes away.
I am sure that anyone who has been around for a little time has been contacted by the 'same' company that contacted them six months prior. The company has renamed itself for "better branding".
These outfits aren't even down for a couple of days. New shell corp... move on. Think they have any assets in the corp.? I highly doubt it.
Hopefully, these charming folks using legitimate email addresses to send their crap around the world will have time to think about the real damage they have caused to millions of people.
Because of spam, AOL cut off my entire country from sending email to any of their customers for more than 6 months this year. I would estimate the damage to be quite substantial. I know it must have cost me at least $20,000 to $30,000 (if not more) alone. I received legitimate requests for info and was denied access to supply that info to any and all AOL customers. As a result, I lost a lot of sales.
Spam doesn't just cost in the obvious ways (time to sort through and delete the junk) ... there is a huge amount of collateral damage as well.
Let them rot in jail if they can't pay! They are directly or indirectly responsible for taking money out of my pocket ... and there are millions of others just like me.
I have no pitty or compassion for spammers whatsoever. In fact, I wish I could condemn them to the worst possible jail in the world where they would be placed in a chain gang and fed dry, mouldy bread and tainted water for the rest of their lives! Unfortunately, they'll likely end up bunking with Martha Stewart and learning how to knit pretty little doilies .. if they get any jail time at all! :(
<Nick, you've got to be kidding.>
Nope.. I think it's a good way to go. You can't legislate spam out of existance; it's just not going to happen. There has to be a way to make it logistically expensive. Passing a lot to charge a tax or make sending spam illegal isn't going to work.
<Didn't anyone learn anything from Lycos?>
Yes.. don't use hostnames (which can be redirected to other IP addresses) as the target; use the source IP :-).
<What you're proposing would be illegal in many countries.>
Perhaps, but that doesn't mean that it's morally wrong; nor does it mean that it isn't the right or best solution.
1] Make it absolutely illegal to forge / spoof / falsify the sending address.
It MUST come from the originator, whether a company, ad agency whatever.
2] Seek cooperative international legislation so other countries do the same.
3] Set up a time-table to restrict, and finally BAN emails from
countries that refuse to do enact these uniform laws.
Individual countries could set their own time tables and allow exceptions.
4] Enact stiff penalties for forged / spoofed sending addresses and enforce them.
Commandeering other people's machines to send SPAM is the by far the
worst case of false addressing. It should be made a felony.
Honest addressing is only one step in the war on spam, but a highly important one.
I'm surprised it isn't brought up more. - Larry
If spamming is illegal then paying others to spam on your behalf is illegal. Go after the companies - open their books and if money can be traced to spammers fine them big bucks.
The threat of this would cut email spam enormously.
This is something I have just never understood about spamming. Why can't they trace spammers through their phone numbers?
Yes, I know that really clever people can reroute phone numbers, I watch television! But how many are that clever and doesn't the technology exist to find them anyway?
I wonder if spammers can be traced by ordering something from them, paying by credit card, and tracing the information through the credit card transaction.
<I wonder if spammers can be traced by ordering something from them, paying by credit card, and tracing the information through the credit card transaction.>
I think that would be a very good idea.. as long as you can verify that they are in a jurisdiction that will enforce this.
If the investigator is in a jurisdiction where the credit card information is supplied to the purchaser, can be obtained by from the credit card company voluntarily, or can be obtained through court order, then the identification and information about the spammer should be obtainable. If the spammer is in a country that does not cooperate with international law enforcement, then the receiver of the spam may be able to block the credit card company from sending payments to the spammer. I don't know if this can be done in the US or other countries. If not, we may need laws that would allow receivers of spam, or ISPs receiving spam, to get a court order blocking the credit card transactions with the spammer/merchant.