Date: Sat, 6 Feb 1999 00:33:33 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: sef@kithrup.com (Sean Eric Fagan) Cc: chat@FreeBSD.ORG Subject: Re: ports/9864: make rblcheck use relay.orbs.org instead of Message-ID: <199902060033.RAA20089@usr02.primenet.com> In-Reply-To: <199902052336.PAA15733@kithrup.com> from "Sean Eric Fagan" at Feb 5, 99 03:36:53 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> You do not understand spammers, Terry. > > Most of them are ignorant; there's a lot of first-time abuse that stops. The ignorant ones are not the problem. They SPAM from example, not frm malice. > Of the rest, they are thieves. Many of them are attracted to the > "something for nothing" idea; many of them use throw-away accounts, > sending email to 100k to 4M addresses at a shot (yes, seriously -- > get to talk with AOL postmaster people periodically), at what is > very close to free. And this is what you have to address. You either front-load the costs, or you institutionalize financial penalties. > Or is free in many cases -- many professional spammers commit credit > card fraud in order to get a throw-away dialup account that will be > used for about 10 hours, and then never used again. These guys are easy to deal with. Interstate wire fraud is 20 years, without parole, in a Federal prison. You only have to deal with each of these guys once every 20 years. Even if it's "just" credit card fraud, the penalties exceed the benefits, if the defrauding party is dilligently pursued. If not, well, you deserve to be used to send SPAM, and you desrve the listing you'll get in the RBL as a result. Oh well, so sad. > Trust me, Terry: if "cost effectiveness" entered into it, my system > would receive *no* spam. And yet it does, and this has cost spammers > hundreds of thousands of dollars. (One today claimed I had cost him > seventy thousand dollars in sales since Wednesday.) He's not going to SPAM you again, is he? > Spam is theft. And thieves are stupid, immoral, and not to be tolerated. Thieves aren't necessarily stupid. Do not underestimate your opponent. Many thieves make a conscious risk analysis before engaging in their trade. As an example, I had a CD changer stolen from me. The theft occurred when the risk to the thief was lowest. The thief took the gamble based on the cost/benefit and the reduced probability that he would be seen engaging in his trade. The thing about dealing with opportunistic thieves is that you have to identify and proactively remove opportunity to foil them. One way to do this would be a financial penalty associated with the act of violating the contract entered into between the provider and the customer-cum-SPAMmer sufficient that it was not worth going to that ISP, since throwing away a 'throw away" account would cost more than they were making from the deal. This is probably what should be in all AUP agreements before allowing people an account in the first place. Another way to do this would be to force domain registration before allowing mail in from the other end. This is slightly different than what DUL tries to do, since this would allow a dialup to send mail from a registered domain. The domain is mapped to the sender by a certificate authority. That's $70 for a two year lease on a domain, per SPAM sending session; ARIN and other authorities would also frown quickly on "domain churning", and start refusing new registration based on the persons real-world identity. The point is, Sanford Wallace was driven out of the business of engaging in theft of services, and other SPAMmers can be similarly driven out of business the same way. You can't argue with success. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902060033.RAA20089>