Spam is everywhere. It’s the “in-box lunch meat” nobody likes, wants or looks
forward too. Unfortunately, many folks enjoy “eating” this product because if
they didn’t, there wouldn’t be any. Read on…
The federal government’s
ill-conceived CAN-SPAM Act did little more than make a few legislators feel
better about themselves. Did this legislation stop spam? No. Did it at least
slow down the flow of spam? Nope.
You can’t eliminate a problem by
treating the symptoms. If you want to eradicate a problem, you must make its
environment one that will not support it.
There’s a new plan recently
hatched by some well-intentioned folks at Blue Security that several of my
clients have asked about. On the surface, it sounds like a good idea but, in my
humble opinion, the model is fatally flawed. Here’s the scoop…
1. You
sign up for their "list" which is basically a "do not spam me list" and that
gives them the authorization to act on your behalf.
2. You then have to
send EACH spam message to them for inclusion on their list.
3. They then
send the spammer a "stop order" (which, if they can even find the spammer, will
be ignored).
4. They then flood the spammer with basically a DDoS
(Distributed Denial of Service) attack hoping to bring down the spammer's
server.
This all sounds great until you think about it
rationally...
1. Spammers use "open relays" and hundreds of addresses to
prevent you from finding their originating location.
2. The "stop order"
they send is just their way of fulfilling the letter of the law under the
CAN-Spam act.
3. The part I have the biggest problem with is they then
effectively BECOME A SPAMMER by sending thousands of messages in a Distributed
Denial of Service attack (DDoS). This is the same thing hackers do when they
bring down a website by sending so much traffic to a server it basically shuts
down.
4. Most spam is sent from your neighbor's PC. I spend a great
amount of my time cleaning “bad guys” from client’s computers. There are
MILLIONS of "zombie computers" that are infected with auto-dialers and trojans
that are being used without the owner's knowledge to send spam. Don’t believe
me? Just run Counter Spy on grandma’s PC and tell me what you find!
5.
How long do you really think it will be until the spammers turn the tables on
Blue Security and initiate their own DDoS attack? It will be interesting to
watch.
Other fight-back tactics against spammers have failed. Last year,
Lycos Europe rolled out a screensaver that conducted DDoS attacks against known
spammers. Within days, however, Lycos buckled under pressure from security
groups, which called it vigilantism, and ISPs, who worried that attacks
originating from their members would make them liable to legal action on the
part of spammers.
Spam will NEVER go away until you attack its real
source engine. If you don't order anything from a spammer and don't even click
on his link to open the message, the monetary incentive for spam is removed.
Spammers operate under the same economic rules as the rest of us...supply and
demand.
Take away the demand and you eliminate the supply.
Simple.
About the Author
Allan Gunnneson is the CEO of Gunner Web Group(http://www.gunnerweb.com), a website design and marketing company based in
Kansas.
Copyright © Gunner Web
Group, 2005
