|
Spam the Spammer. Will It Work?
|
By Allan Gunneson
[Hits: 27868]
|
|
Spam is everywhere. It¡¯s the ¡°in-box lunch meat¡± nobody likes,wants or looks forward too. Unfortunately, many folks enjoy¡°eating¡± this product because if they didn¡¯t, there wouldn¡¯t beany. Read on¡
The federal government¡¯s ill-conceived CAN-SPAM Act did littlemore than make a few legislators feel better about themselves.Did this legislation stop spam? No. Did it at least slow downthe flow of spam? Nope.
You can¡¯t eliminate a problem by treating the symptoms. If youwant to eradicate a problem, you must make its environment onethat will not support it.
There¡¯s a new plan recently hatched by some well-intentionedfolks at Blue Security that several of my clients have askedabout. On the surface, it sounds like a good idea but, in myhumble opinion, the model is fatally flawed. Here¡¯s the scoop¡
1. You sign up for their "list" which is basically a "do notspam me list" and that gives them the authorization to act onyour behalf.
2. You then have to send EACH spam message to them for inclusionon their list.
3. They then send the spammer a "stop order" (which, if they caneven find the spammer, will be ignored).
4. They then flood the spammer with basically a DDoS(Distributed Denial of Service) attack hoping to bring down thespammer's server.
This all sounds great until you think about it rationally...
1. Spammers use "open relays" and hundreds of addresses toprevent you from finding their originating location.
2. The "stop order" they send is just their way of fulfillingthe letter of the law under the CAN-Spam act.
3. The part I have the biggest problem with is they theneffectively BECOME A SPAMMER by sending thousands of messages ina Distributed Denial of Service attack (DDoS). This is the samething hackers do when they bring down a website by sending somuch traffic to a server it basically shuts down.
4. Most spam is sent from your neighbor's PC. I spend a greatamount of my time cleaning ¡°bad guys¡± from client¡¯s computers.There are MILLIONS of "zombie computers" that are infected withauto-dialers and trojans that are being used without the owner'sknowledge to send spam. Don¡¯t believe me? Just run Counter Spyon grandma¡¯s PC and tell me what you find!
5. How long do you really think it will be until the spammersturn the tables on Blue Security and initiate their own DDoSattack? It will be interesting to watch.
Other fight-back tactics against spammers have failed. Lastyear, Lycos Europe rolled out a screensaver that conducted DDoSattacks against known spammers. Within days, however, Lycosbuckled under pressure from security groups, which called itvigilantism, and ISPs, who worried that attacks originating fromtheir members would make them liable to legal action on the partof spammers.
Spam will NEVER go away until you attack its real source engine.If you don't order anything from a spammer and don't even clickon his link to open the message, the monetary incentive for spamis removed. Spammers operate under the same economic rules asthe rest of us...supply and demand.
Take away the demand and you eliminate the supply. Simple.
|
|
|
|
|
|
