[extropy-chat] About SPAM again

Robert J. Bradbury bradbury at aeiveos.com
Fri Jan 23 01:55:30 UTC 2004


On Fri, 23 Jan 2004, Emlyn O'regan wrote:

> The cost to spammers of spamming plus the cost of following
> up leads as a result is less than the revenue they ultimately get from
> sales/scam.

Microsoft (and others?) have a proposal (the Penny Black project) out that
would force unsolicited incoming emails to consume something like 10 seconds
of CPU time on the sender CPU before they are accepted.  I think this might
be problematic for managers of large mailing lists.

See: http://slashdot.org/article.pl?sid=03/12/26/1350207&mode=thread

> It's seems like we can't make it more expensive to send spam, and we can't
> reduce sales because the number of terminally stupid people out there seems
> to be a robust constant value. The only manipulable variable is the cost of
> following up leads.
[snip]
> Any comments? Anything wrong with this approach? How do you defeat it as a
> spammer? If it works, how can it be gotten off the ground?

I've thought about this too Emlyn and I don't believe what you are
saying is quite true.

I would propose:
a) SMTP receivers (sendmail) that detect the spam *while* it is being sent.
   The minute you detect incoming spam you slow down or stop your SMTP
   exchange responses forcing the sending machines to timeout.

b) You backtrack through the IP addresses of the incoming email and
   immediately load that link down with useless IP traffic (if you are
   clever you try to find the port/protocol that is causing you problems
   and use it against them -- i.e. if *they* are using an open relay
   against you -- you use it against them.  Its going to make it *much*
   harder for people to retain open relays or corrupted systems when
   a few hundred thousand people start sending a message every minute
   or so against the knowing or unknowing agents of the bad guys.
   (This is based on the "there are more of us than there are of them"
    theory.)  The goal here is to force people to fix corrupted systems
    or alter open relays so they will not accept unauthorized email.

c) If they specify URL's, follow the same process as in (b) to overload
   their servers.  The goal here is to prevent the stupid people from
   gaining access to the information being promoted by the SPAM.

d) If they specify images -- have a text recognition program look at the
   images and figure out the URL and/or phone numbers.  If a URL follow
   (c), if a phone number you plan to have your computer (or at least
   computers in the same region [so there isn't a toll]) proceed to
   dial that phone number and you use some speech generation software
   offer them a piece of your mind.  (Similar to your consuming their
   resources ideas.)

As per my previous note filtering methods can work pretty well.
Combined with the above and I think SPAMing is going to become
much much harder.

Robert





More information about the extropy-chat mailing list