

My crazy idea to piss off spammers - borisvvz
http://www.indiegogo.com/projects/my-crazy-idea-to-piss-off-spammers

======
shardling
Anyone want to take a stab at filling out the spam solutions checklist? :)

<http://craphound.com/spamsolutions.txt>

~~~
thecyborganizer
Your post advocates a

( ) technical ( ) legislative ( ) market-based (x) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work.
(One or more of the following may apply to your particular idea, and it may
have other flaws which used to vary from state to state before a bad federal
law was passed.)

( ) Spammers can easily use it to harvest email addresses

( ) Mailing lists and other legitimate email uses would be affected

( ) No one will be able to find the guy or collect the money

( ) It is defenseless against brute force attacks

(x) It will stop spam for two weeks and then we'll be stuck with it

( ) Users of email will not put up with it

( ) Microsoft will not put up with it

( ) The police will not put up with it

( ) Requires too much cooperation from spammers

( ) Requires immediate total cooperation from everybody at once

( ) Many email users cannot afford to lose business or alienate potential
employers

( ) Spammers don't care about invalid addresses in their lists

(x) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it

( ) Lack of centrally controlling authority for email

( ) Open relays in foreign countries

( ) Ease of searching tiny alphanumeric address space of all email addresses

( ) Asshats

( ) Jurisdictional problems

( ) Unpopularity of weird new taxes

( ) Public reluctance to accept weird new forms of money

( ) Huge existing software investment in SMTP

( ) Susceptibility of protocols other than SMTP to attack

( ) Willingness of users to install OS patches received by email

( ) Armies of worm riddled broadband-connected Windows boxes

(x) Eternal arms race involved in all filtering approaches

(x) Extreme profitability of spam

(x) Joe jobs and/or identity theft

( ) Technically illiterate politicians

( ) Extreme stupidity on the part of people who do business with spammers

( ) Dishonesty on the part of spammers themselves

(x) Bandwidth costs that are unaffected by client filtering

( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever been
shown practical

( ) Any scheme based on opt-out is unacceptable

( ) SMTP headers should not be the subject of legislation

( ) Blacklists suck

( ) Whitelists suck

( ) We should be able to talk about Viagra without being censored

(x) Countermeasures should not involve wire fraud or credit card fraud

( ) Countermeasures should not involve sabotage of public networks

( ) Countermeasures must work if phased in gradually

( ) Sending email should be free

( ) Why should we have to trust you and your servers?

( ) Incompatiblity with open source or open source licenses

(x) Feel-good measures do nothing to solve the problem

( ) Temporary/one-time email addresses are cumbersome

( ) I don't want the government reading my email

( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.

(x) This is a stupid idea, and you're a stupid person for suggesting it.

( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

~~~
bsenftner
Exactly. Well said.

------
omgtehlion
That’s completely braindamaged approach: imagine I have a competitor which I
don’t like, I order a lot of spam pretending to be from his/her company.

And, viola, my competitor receives loads of fake orders, becomes overwhelmed,
goes out of business.

~~~
gizzlon
Isn't saying "it will never work because of $challenge" a little too
simplistic?

Maybe you're right, maybe it can't be done, but aren't we suppose to be
problem solvers? :)

------
lgeek
It reminds me of another project to fight off spam[0], by automatically
replying to each spam message. That one didn't end too well.

[0] <https://en.wikipedia.org/wiki/Blue_Frog>

~~~
jtheory
Voted up, but this is really worth reading -- not because it failed (it did),
but because before it failed, it was really working.

The spammers put incredible effort into quashing BlueFrog...

I was an early user of BlueFrog (and can confirm that the spammers didn't gain
access to any addresses they didn't already have on their lists), and tried to
contribute to followup efforts... it's a hard problem to solve, though -- how
to make this kind of retaliation without exposing yourself to (possibly very
serious) attack. We're all quite vulnerable online; it's surprisingly trivial
for "the bad guys" to decide to permanently take your website (or the site of
your company, etc.) offline.

------
derekp7
I have a feeling that most spam doesn't pay off for the person selling, but
only pays off for whichever marketing company they hired to send the spam. And
this technique doesn't hurt the actual spammer (assuming they are a separate
entity from the seller), as there are a fairly unlimited number of sellers
willing to take a chance on hiring a spammer for a few bucks.

~~~
Joeboy
> I have a feeling that most spam doesn't pay off for the person selling, but
> only pays off for whichever marketing company they hired to send the spam.

If that's true and anybody has data to back it up, maybe publicizing it would
be a worthwhile spam-combating measure.

------
bediger4000
I've een wondering about this sort of thing (overwhelming a bad actor with
bogus responses) lately. I have in place PHP scripts that send Yandex and
Ahrefs and Cyveillance a semi-random HTML file in respose to any request.
Those semi-random HTML files just lead Yandex, Cyveillance and other bad
actors down a never-ending rabbit hole of URLs that serve up more semi-random
content.

What if some significant fraction of web servers did this? Wouldn't that make
trolling for "IP theft" like Cyveillance does into an economically unfeasible
activity?

What if nearly everyone pressed 1 when "Ann from Account Services" or "Rachel
from Cardmember Services" calls, and then talked to the service rep for as
long as possible?

~~~
jstanley
Why are Cyveillance a "bad actor"?

~~~
bediger4000
They never ask for "robots.txt", and then they download your entire site every
month, for starters. Further, they lie about who they are. They send a User
Agent string that doesn't reflect that it's a bot doing the downloading. The
User Agent string claims to be Internet Explorer on a Windows box, yet p0f
recognizes the requests as from a Linux TCP/IP stack.

Trolling for "intellectual property" infringement for third parties also seems
like a scummy line of work to me. It's in Cyveillance interest to find
infringements, so there's no economic reason for them to get such findings
correct.

So, I conclude they're a bad actor.

------
n3rdy
This sounds a lot like an idea some religious groups had, where they would
sign up to adult websites and then charge back, with the goal to cause the
merchant accounts charge back ratio to exceed 1%.

Don't think this worked out either.

------
mattvot
I think the idea is ok, but you don't need €1 000 000

~~~
jstanley
Exactly what I thought. You could get started doing this with no investment.
£100/yr for a VPS, plus a few hours of your time.

~~~
mattvot
jstanley from staffs?

~~~
jstanley
I don't think so, I'm afraid.

I'm in Bath.

------
TeeWEE
The spam problem was solved by google's spam filtering technique. I get zero
spam in my gmail box.

Sometimes i think it is spam, but then I notice i signed up for it myself :p

~~~
Elhana
I don't get actual spam in gmail, but I get occasional bounced messages when
spammers try to send email with my address in from field. Even google groups
would bounce back the email I never sent. I even got spf/dkim for domain, yet
they still inform me they couldn't deliver a message I never sent.

------
ScottWhigham
Oh, this is a Kickstarter-like campaign. I didn't know what "Indiegogo" was -
this is basically a landing page for someone trying to raise €1,000,000 to
"fight spam". I get it.

To those who say, "stupid idea", I'm very disappointed both in the rudeness
you show, and the smallmindedness you exhibit. Will this work? If implemented
the way Boris writes, I believe it would for the reasons he stated. Those who
say "stupid idea" have never had 4,000 orders to deal with - that's the only
logical thing that can explain such reactions. The problem is in the
implementation of course. Yes, it would be difficult. Yes, it would require
adaptive techniques and technologies. But don't forget that people who have a
really good and innovative idea don't just have one idea in their heads for
their whole life. Ask PG about that...

It's a good idea. I think that, for it to succeed, you would have to work with
one of the big credit card companies. If you could get them to provide honey
pot-style credit card numbers, you would have something.

For those saying that competitors could be put out of business if this was
misused, what's stopping that from happening 20 years ago, 10 years ago, now,
10 years from now? That's not a reason for this to not be considered, is it?
That's like saying, "We shouldn't allow lawsuits because you could sue a
competitor and he could lose his business defending the lawsuit due to the
cost/distraction."

~~~
easytiger
Indiegogo predates kickstarter

------
ari_elle
To be honest, i don't have any(!) Spam on both my active mail accounts. Heck i
used mail.ru for a while and had a very limited amount of spam.

Also: Spam that gets sorted out automatically is like... whatever.. ?! [at
least for me]

And like others pointed out: It's a pretty nonsense approach anyways
(wondering why it got so many votes)

------
nkozyra
A fruitless idea; the very ethos of spam and malware is to scurry when a new
"solution" presents itself to the industry.

So now you basically are presenting a single course "solution" that - once
trumped - leaves you with millions of dollars and a need to come up with a
completely new idea.

Wholly faulted.

------
mdp
Look at the IndieGoGo header image he's using. It's a screencap of Gmail's
spam folder with 5,048 messages. Hasn't this clearly been solved?

I get MAYBE 2 spam emails a month that gets through the filter, and my address
is pretty easy to harvest.

So is this still a problem?

~~~
shardling
It's a problem in so far as I'll occasionally miss real emails because they
get binned as spam.

~~~
mdp
Yeah, I've only had this happen a couple times, and it does make you trust
your spam system less.

That being said, it's seems to be getting better as more companies embrace
SPF.

------
joonix
Spam isn't really an issue for me. I simply don't see it in Gmail.

A bigger annoyance is constant newsletters/emails sent from companies whom I
might have transacted with long ago in the past. I have to take time to
unsubscribe from all this stuff.

------
ohwp
About 70% of all emails send today is spam. Imagine that you reply to all
those emails. It will slow down the internet.

Edit: in 2010 they estimated 294 billion messages were sent per day, more than
2.8 million emails every second.

------
droncancio
i have been close to sales people and cold calling/messaging is one technique,
a really hard one to master, and its what leads most of the time to spam, i
think a good solution would be to teach them how to do it right.. at the end
sales have to be done but brute force shouldn't be a legitimate technique to
it.

So maybe tell them that if you send personal messages and segment the market
that would increase the response rate and reduce the spam?

------
ttflee
Is DDoS-ing a spammer server( or its sponsors') legal?

------
aneth4
Powerful weapons can have unintended consequences.

~~~
danielweber
But, we have only good intentions.

------
narcissus
Couldn't we dust off Lad Vampire and point it at spammed sites maybe?

------
DrinkWater
Childish idea, kind of.

------
waxy
This is like the stupidest thing i ever heard. Sorry Boris.

------
zmonkeyz
"Spammers hate him because of one simple trick..." :)

------
martinced
There was a recent article on HN saying that spam was pretty much a non-issue
nowadays to people using mail services with correct spam filtering.

Since I moved to GMail I don't know what spam is anymore: everytime people
complain about spam I'm confuzzabled because I honestly thought the issue was
solved.

It's great to run your own mailserver and be independant of the evil Google
etc. but face the facts: people on GMail hardly get spam anymore...

Now as to how to fight spammers I'd suggest building a gigantic botnet, taking
control of hundreds of thousands of credit cards numbers and ordering like mad
from these spammers. Make it so big that credit cards companies start noticing
the issue.

This of course should be done by someone who doesn't care about petty money...

~~~
jiggy2011
I still get spam in my gmail inbox, nowhere near as much as I do to my spam
folder but it's still there.

Most of it seems to be of the form "Hi, this is Natalia from the dating site.
I loved your photo and would want to speak with you, please reply soon! xxx"
rather than "buy v1agr4 4 big dikk <http://10.23.133.21/m4dsexcockpillz>, so I
guess harder to filter.

The more annoying thing with gmail is that most of my inbox is legit mail that
was never intended for me. Since the gmail namespace is so cluttered there are
a few people who have almost identical email addresses to me; so I get their
mail in error often.

Also google seem to have merged my account with someone elses, so I get
notifications about stuff that is definitely not mine.

