[extropy-chat] About SPAM again

[Emlyn O'regan]

Robert replied: 
> On Fri, 23 Jan 2004, Emlyn O'regan wrote:
> 
> > The cost to spammers of spamming plus the cost of following
> > up leads as a result is less than the revenue they 
> ultimately get from
> > sales/scam.
> 
> Microsoft (and others?) have a proposal (the Penny Black 
> project) out that
> would force unsolicited incoming emails to consume something 
> like 10 seconds
> of CPU time on the sender CPU before they are accepted.  I 
> think this might
> be problematic for managers of large mailing lists.

Horrible solution, for the reason you've just suggested. Email's broadcast
mechanisms are useful.

Anyway, how do you define unsolicited email at that level?

> 
> See: http://slashdot.org/article.pl?sid=03/12/26/1350207&mode=thread
> 
> > It's seems like we can't make it more expensive to send 
> spam, and we can't
> > reduce sales because the number of terminally stupid people 
> out there seems
> > to be a robust constant value. The only manipulable 
> variable is the cost of
> > following up leads.
> [snip]
> > Any comments? Anything wrong with this approach? How do you 
> defeat it as a
> > spammer? If it works, how can it be gotten off the ground?
> 
> I've thought about this too Emlyn and I don't believe what you are
> saying is quite true.
> 
> I would propose:
> a) SMTP receivers (sendmail) that detect the spam *while* it 
> is being sent.
>    The minute you detect incoming spam you slow down or stop your SMTP
>    exchange responses forcing the sending machines to timeout.

Not bad.

> 
> b) You backtrack through the IP addresses of the incoming email and
>    immediately load that link down with useless IP traffic (if you are
>    clever you try to find the port/protocol that is causing 
> you problems
>    and use it against them -- i.e. if *they* are using an open relay
>    against you -- you use it against them.  Its going to make 
> it *much*
>    harder for people to retain open relays or corrupted systems when
>    a few hundred thousand people start sending a message every minute
>    or so against the knowing or unknowing agents of the bad guys.
>    (This is based on the "there are more of us than there are of them"
>     theory.)  The goal here is to force people to fix 
> corrupted systems
>     or alter open relays so they will not accept unauthorized email.

Yes, I agree with this. One of the big problems with spam at the moment
(imo) is that viruses like Sobig aren't cleaned and open relays closed,
because the host is basically unaffected - why bother fixing it? There needs
to be a penalty for open relays that is enforceable and provides motivation
to stop being open; plus, it will stop open relays being useful anyway.
> 
> c) If they specify URL's, follow the same process as in (b) 
> to overload
>    their servers.  The goal here is to prevent the stupid people from
>    gaining access to the information being promoted by the SPAM.
> 

Not so good; you can use it to DOS any website you please. Just send spam
with a link to google...

> d) If they specify images -- have a text recognition program 
> look at the
>    images and figure out the URL and/or phone numbers.  If a 
> URL follow
>    (c), if a phone number you plan to have your computer (or at least
>    computers in the same region [so there isn't a toll]) proceed to
>    dial that phone number and you use some speech generation software
>    offer them a piece of your mind.  (Similar to your consuming their
>    resources ideas.)

Attacking phone numbers is just as bad as attacking web sites.

> 
> As per my previous note filtering methods can work pretty well.
> Combined with the above and I think SPAMing is going to become
> much much harder.
> 
> Robert
> 

The filtering merry-go-round will continue. The attack tactics above may be
useful in part, but do leave you open to legal action, I'd warrant. I still
like the idea of wasting the spammer's time as an additional tactic.

Emlyn