Spam The Spammer - Will It Work?

Spam is everywhere. It's the "in-box lunch meat" nobody likes, wants or looks forward too. Unfortunately, many folks enjoy "eating" this product because if they didn't, there wouldn't be any. Read on?

The federal government's ill-conceived CAN-SPAM Act did little more than make a few legislators feel better about themselves. Did this legislation stop spam? No. Did it at least slow down the flow of spam? Nope.

You can't eliminate a problem by treating the symptoms. If you want to eradicate a problem, you must make its environment one that will not support it.

There's a new plan recently hatched by some well-intentioned folks at Blue Security that several of my clients have asked about. On the surface, it sounds like a good idea but, in my humble opinion, the model is fatally flawed. Here's the scoop?

1. You sign up for their "list" which is basically a "do not spam me list" and that gives them the authorization to act on your behalf.

2. You then have to send EACH spam message to them for inclusion on their list.

3. They then send the spammer a "stop order" (which, if they can even find the spammer, will be ignored).

4. They then flood the spammer with basically a DDoS (Distributed Denial of Service) attack hoping to bring down the spammer's server.

This all sounds great until you think about it rationally...

1. Spammers use "open relays" and hundreds of addresses to prevent you from finding their originating location.

2. The "stop order" they send is just their way of fulfilling the letter of the law under the CAN-Spam act.

3. The part I have the biggest problem with is they then effectively BECOME A SPAMMER by sending thousands of messages in a Distributed Denial of Service attack (DDoS). This is the same thing hackers do when they bring down a website by sending so much traffic to a server it basically shuts down.

4. Most spam is sent from your neighbor's PC. I spend a great amount of my time cleaning "bad guys" from client's computers. There are MILLIONS of "zombie computers" that are infected with auto-dialers and trojans that are being used without the owner's knowledge to send spam. Don't believe me? Just run Counter Spy on grandma's PC and tell me what you find!

5. How long do you really think it will be until the spammers turn the tables on Blue Security and initiate their own DDoS attack? It will be interesting to watch.

Other fight-back tactics against spammers have failed in the past. Last year, Lycos Europe rolled out a screensaver that conducted DDoS attacks against known spammers. Within days, however, Lycos buckled under pressure from security groups, which called it vigilantism, and ISPs who worried that attacks originating from their members would make them liable to legal action on the part of spammers.

Spam will NEVER go away until you attack its real source engine. If you don't order anything from a spammer and don't even click on his link to open the message, the monetary incentive for spam is removed. Spammers operate under the same economic rules as the rest of us...supply and demand.

Take away the demand and you eliminate the supply. Simple.

Allan Gunnneson is the CEO of Gunner Web Group (http://www.gunnnerweb.com), a website design and marketing company based in Kansas.

Online reprint rights granted as long as the article is published in its entirety, including links (http://www.gunnerweb.com).

Copyright © Gunner Web Group, 2005