• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

RFC: A final solution for SPAM

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Goto page 1, 2  Next
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion

View previous topic :: View next topic  
Author Message
EricTheBald
Just Arrived
Just Arrived


Joined: 06 Feb 2003
Posts: 3


Offline

PostPosted: Wed Aug 27, 2003 5:51 pm    Post subject: RFC: A final solution for SPAM Reply with quote

Let me cut to the chase:

1) Blocking SPAM has limited effectiveness and doesn't really address the bandwidth wastage issue at all.

2) Legislation is a waste of time. It would be the practical equivalent of censorship and we all know how the internet deals with that.


As long as SPAM is profitable, we can't kill it. It's just that simple. Sure IPv6 shows some promise of being able to help, but ultimately I don't believe that you can really stop spammers who don't want to be stopped.


So what are we left with?
The only meaningful way to kill SPAM is to take the profit out.

Easier said than done of course.

It would call for Social Engineering on a massive scale.

Simply put, if everyone who received SPAM refused to do business with the company or website being advertised, those companies would stop using spam.

Rather difficult thing to accomplish, no doubt.
Perhaps impossible.

Other than getting the word out all over the world, two other things would have to happen for this crazy scheme to work:

1) People would have to actually begin doing this on a large scale.

2) The people PAYING for SPAM would have to be aware of the connection.


People who use the internet are sufficiently fed up with SPAM that they would be willing to participate, providing that they believed they were part of a larger movement and that the "boycott" had a chance of working.
This is a very important point because NOBODY is going to bother participating unless they truly believe the movement is widespread and has a good chance of succeeding.


So the first challenge in killing SPAM is this:

If a group of people wanted to try this crazy idea and needed to get the word out, over as broad a portion of the internet using public as possible, how could that best be accomplished?


When commenting, please avoid being pessimistic.
Let's approach this from the standpoint that it is not actually impossible, merely extraordinarily difficult.
Back to top
View user's profile Send private message AIM Address
Navarro
Just Arrived
Just Arrived


Joined: 25 Aug 2003
Posts: 0
Location: Brazil

Offline

PostPosted: Wed Aug 27, 2003 5:59 pm    Post subject: Reply with quote

It's a simple idea that might work well if we could get to the point.

But the way I see, this cultural idea will not work until we have all departments and decision makers involved and maybe that's the hard part of it. Confused
Back to top
View user's profile Send private message Visit poster's website
EricTheBald
Just Arrived
Just Arrived


Joined: 06 Feb 2003
Posts: 3


Offline

PostPosted: Wed Aug 27, 2003 6:49 pm    Post subject: Reply with quote

I'm not talking about departments and decision makers per se.

I am talking about PEOPLE.

End users.

Ultimately, everyone is an end user.
Back to top
View user's profile Send private message AIM Address
Sgt_B
Trusted SF Member
Trusted SF Member


Joined: 28 Oct 2002
Posts: 16777215
Location: Chicago, IL US

Offline

PostPosted: Wed Aug 27, 2003 8:31 pm    Post subject: Reply with quote

Quote:
If a group of people wanted to try this crazy idea and needed to get the word out, over as broad a portion of the internet using public as possible, how could that best be accomplished?

Best way? That'd be Spam. Razz
There's no way to reach everyone. If you put up a site that got popular enough, then maybe a good majority of people (who are concerned about spam) might see it. People already concerned with spam probably don't buy from spam-based advertisement, so it'd kind of be a waste. People not concerned enough with spam to seek out means of destroying it will never see your site.

Hmmm....that was pessimistic I guess, but valid just the same. Smile
Back to top
View user's profile Send private message Visit poster's website
squidly
Trusted SF Member
Trusted SF Member


Joined: 07 Oct 2002
Posts: 16777215
Location: Umm.. I dont know.. somewhere

Offline

PostPosted: Wed Aug 27, 2003 10:17 pm    Post subject: Reply with quote

That or companies could start suing the spoofing spammers.
I really like what happened to the spammer who got /. ed Twisted Evil
As they say turn about it fair play.

If they want to make spam legal I say confirmed opt-in lists for spam.

http://www.theregister.co.uk/content/6/32502.html
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger
97cr250
Just Arrived
Just Arrived


Joined: 16 Apr 2003
Posts: 3
Location: S34TTL3

Offline

PostPosted: Wed Aug 27, 2003 10:27 pm    Post subject: Reply with quote

I can't remeber where I read it or who wrote it but a while back I read an acticle about a guy who was at his breaking point.. He decided to subscibe to every spam list he could find and was in the process of writing software that would not only reply to spam emails but send false credit card info and names and such.. His logic was to make spamming unprofitable by forcing the spammers to go through each return message to "weed out the fake ones".

I fully realize this is not only illegel but stupid as well (seeing how it punishes the ISPs most of all) but I just thought it was an interesting solution...
Back to top
View user's profile Send private message
hydride
Just Arrived
Just Arrived


Joined: 05 Aug 2003
Posts: 0
Location: Windsor Ontario

Offline

PostPosted: Wed Aug 27, 2003 10:45 pm    Post subject: Reply with quote

We could set up a website, and start sending messages to everyone email address to visit that website and see the plan.... Though that might defeat the purpose
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger
squidly
Trusted SF Member
Trusted SF Member


Joined: 07 Oct 2002
Posts: 16777215
Location: Umm.. I dont know.. somewhere

Offline

PostPosted: Wed Aug 27, 2003 11:57 pm    Post subject: Reply with quote

97cr250 wrote:
I can't remeber where I read it or who wrote it but a while back I read an acticle about a guy who was at his breaking point.. He decided to subscibe to every spam list he could find and was in the process of writing software that would not only reply to spam emails but send false credit card info and names and such.. His logic was to make spamming unprofitable by forcing the spammers to go through each return message to "weed out the fake ones".

I fully realize this is not only illegel but stupid as well (seeing how it punishes the ISPs most of all) but I just thought it was an interesting solution...


Interestring however not practical. The average email costs a fraction of a cent to send. And replying with known bad information is not bad.. (unless he was sending random credit card infomraion that could lead to a real person's info). It would also make spammers just setup someway for them to just use correct informaion.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger
EricTheBald
Just Arrived
Just Arrived


Joined: 06 Feb 2003
Posts: 3


Offline

PostPosted: Thu Aug 28, 2003 2:20 am    Post subject: Reply with quote

We do all know people in real life, right?

Forget sending this in e-mail...


What if we picked a date to start "boycotting" and started spreading this through word of mouth.

Remember that annoying shampoo commercial from the 70's?

"I told two people and they told two people, and so on and so on..."

Look at al the trivial nonsense that gets passed around the internet.


I mean...
"All your base are belong to us!"?

THAT made it into the mainstream media.


Look, the california election is going to end eventually and people will need something new to entertain them.

Plus, you know how much people like to scapegoat a group or gang up on someone.


I know, this sounds pretty silly, but I don't see anyone else with any better ideas.

Plus, nothing has to get developed or written.
No money has to be spent.


If we had a dozen people who thought it was a good idea and would be willing to commit to it, it could be done.

And I've already figured out how.

That is, if anyone cares.
Back to top
View user's profile Send private message AIM Address
Pciber
Just Arrived
Just Arrived


Joined: 13 Jul 2003
Posts: 0
Location: hell

Offline

PostPosted: Thu Aug 28, 2003 3:32 am    Post subject: Reply with quote

ok, simpler solution, one you say doesn't work.. although Indiana already has this solution in place..

in the state of indiana(and every email that gets sent to it) ALL spam is forced to have the first letters in the subject bar be a specific thing.. SPM: or somethingrather.. if you don't have this, and you are sending mass emails, you can be sued, somewhere around $500/per person who wants to make a little bit of cash off of spam(right now, who lives in indiana). Simple fact is, you put a simple rule in your email proggy saying block all emails that start with SPM: or whatever it is, so only the illegal spam(if you live in indiana) is filtered through, and then, you have a right to sue them. Simple as that. Spam quickly becomes unpopular, because nobody sees the stuff with the SPM: tag(or whatever it is), and the rest of the stuff nobody sends, because even one person suing them is likely to cost more then they will make off of the spam.(enlarge your err... member! stick it in our special pudding![thats how you spell pudding, btw]). The only way this works, however, is if many US states pass this law. Otherwise, it is worth the spammer's trouble to look up where the spammer is from and not use any from indiana or such(which works to block stuff in indiana anyway)...

uhh, yeah, thats my rattle. I'll go back in my corner now.
Back to top
View user's profile Send private message Visit poster's website AIM Address MSN Messenger
hydride
Just Arrived
Just Arrived


Joined: 05 Aug 2003
Posts: 0
Location: Windsor Ontario

Offline

PostPosted: Thu Aug 28, 2003 3:52 am    Post subject: Reply with quote

A good idea is create a hillarious flash with a catchy slogan, a good enough flash will circulate the net as it is, probably start it off on newgrounds, put it up on a few sites, submit it to ebaumsworld.com, and then you could have people circulating it around the net for you in IRC topics and posted on forums and chatrooms. All you need is the flash and the catchphrase.
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger
squidly
Trusted SF Member
Trusted SF Member


Joined: 07 Oct 2002
Posts: 16777215
Location: Umm.. I dont know.. somewhere

Offline

PostPosted: Thu Aug 28, 2003 5:33 am    Post subject: Reply with quote

Pciber wrote:
ok, simpler solution, one you say doesn't work.. although Indiana already has this solution in place..

in the state of indiana(and every email that gets sent to it) ALL spam is forced to have the first letters in the subject bar be a specific thing.. SPM: or somethingrather.. if you don't have this, and you are sending mass emails, you can be sued, somewhere around $500/per person who wants to make a little bit of cash off of spam(right now, who lives in indiana). Simple fact is, you put a simple rule in your email proggy saying block all emails that start with SPM: or whatever it is, so only the illegal spam(if you live in indiana) is filtered through, and then, you have a right to sue them. Simple as that. Spam quickly becomes unpopular, because nobody sees the stuff with the SPM: tag(or whatever it is), and the rest of the stuff nobody sends, because even one person suing them is likely to cost more then they will make off of the spam.(enlarge your err... member! stick it in our special pudding![thats how you spell pudding, btw]). The only way this works, however, is if many US states pass this law. Otherwise, it is worth the spammer's trouble to look up where the spammer is from and not use any from indiana or such(which works to block stuff in indiana anyway)...

uhh, yeah, thats my rattle. I'll go back in my corner now.


There are laws in individual states that say that.. however there are spammers who have no fear of the law. There is one spammer who got nailed and low and behold he's living in poverty all of the sudden.

Also some spammers think they are doing a service (yea go figure killing mail??) Just by having a law does not mean that it will be followed. Enforcement of the law will be much different. A law like the one you describe.. how can you sue someone who lives in a country that wont let you sue them. Yes you can sue them in your country, but how will you get any money from them if they say your court has no jursdiction over them?

Fixing the spam problem will require either a massive amount of international government co-operation on a scale not seen ever. Or users will have to make it non-profitiable for them. IMHO the second option is the more likley of the 2. I do like the law though.. sue for $500/per person/per spam. Man I could make a killing off a law like that!
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger
Pciber
Just Arrived
Just Arrived


Joined: 13 Jul 2003
Posts: 0
Location: hell

Offline

PostPosted: Thu Aug 28, 2003 3:36 pm    Post subject: Reply with quote

Ok, i hadn't thought of that, international spam, but it would kill <most>.. other major countries would likely follow suit, if it worked fairly well in the US, forcing spammers off to smaller countries.. So it would really greatly reduce the amount of spam, not stop it(remember, most spam is from your average teenager in california w/ a new weener enlargement plan)
Back to top
View user's profile Send private message Visit poster's website AIM Address MSN Messenger
nimrodsun
Just Arrived
Just Arrived


Joined: 21 Apr 2003
Posts: 0
Location: UK

Offline

PostPosted: Thu Aug 28, 2003 4:09 pm    Post subject: Reply with quote

Quote:
Ok, i hadn't thought of that, international spam, but it would kill <most>.

According to this article, a lot of spam is sent out of China.

http://www.theregister.co.uk/content/6/32504.html

So what's being suggested here?

Is the plan for each person to note the companies that have sent them spam and not use their products? Or is it for a central list to be held, whereby people forward or report the spam and the list is published.

The problem with the second idea is that I've read that spamming companies have tried to sue companies who provide spam blocking lists. So I'm sure they'd do the same for a central list of companies. Unless we hosted it in China! Laughing

A question about the first idea. If it became very successful, what would stop a company sending out spam in competitor's name?


BTW running on sod all sleep, so please excuse (and point out) obvious error and omissions - Thanks
Back to top
View user's profile Send private message
uncletom
Just Arrived
Just Arrived


Joined: 21 Jun 2003
Posts: 8
Location: Isle of Man

Offline

PostPosted: Thu Aug 28, 2003 4:33 pm    Post subject: Reply with quote

I think the answer has to be to spread it by word of mouth, like Eric... said. However, the problem I see is that you can educate people in the problems with spam, how it's cr@p, pointless etc etc etc, it's just that some people won't take telling and won't believe anything anyone tells them, this is why I think decision makers, sys admins, CEO's and IT Directors need to get involved and enforce rules on users. The whole event could be publicised in the press, media and specialist publications.

I get the feeling that this plan is enforcable, but it'll involve standing on a few toes and pi55ing a few ppl off, but this isn't always a bad thing
Back to top
View user's profile Send private message Send e-mail
Navarro
Just Arrived
Just Arrived


Joined: 25 Aug 2003
Posts: 0
Location: Brazil

Offline

PostPosted: Thu Aug 28, 2003 4:49 pm    Post subject: Reply with quote

uncletom wrote:
I think the answer has to be to spread it by word of mouth, like Eric... said. However, the problem I see is that you can educate people in the problems with spam, how it's cr-at-p, pointless etc etc etc, it's just that some people won't take telling and won't believe anything anyone tells them, this is why I think decision makers, sys admins, CEO's and IT Directors need to get involved and enforce rules on users. The whole event could be publicised in the press, media and specialist publications.

I get the feeling that this plan is enforcable, but it'll involve standing on a few toes and pi55ing a few ppl off, but this isn't always a bad thing


That's what I tried to point out. This is really a great idea and I believe it could work, but we need to have everybody involved and use executive's, sys admin's power to make it easy to spread it out.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion All times are GMT + 2 Hours
Goto page 1, 2  Next
Page 1 of 2


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register