Fight spam by eating their bandwidth?

[bamatone.livejournal.com]

Hey guys, this is my first post here (though I've been reading them for a while). Yes, I work tech support at a major university in the south. No, it's not hard to figure out where, heh. Anyway, I ran across this article on C|NET news today (from the BBC) and I have to share it with as many tech-savvy people as possible. (Because I think it's cool and because I want as many takes on it as I can get.)

And without further adieu...

Screensaver tackles spam web sites
Internet portal Lycos has made a screensaver that endlessly requests data from sites that sell the goods and services mentioned in spam e-mail.

Lycos hopes will it make the monthly bandwidth bills of spammers soar by keeping their servers running flat out.

The net firm estimates that if enough people sign up and download the tool, spammers could end up paying to send out terabytes of data.

"We've never really solved the big problem of spam which is that its so damn cheap and easy to do," said Malte Pollmann, spokesman for Lycos Europe.

"In the past we have built up the spam filtering systems for our users," he said, "but now we are going to go one step further."

"We've found a way to make it much higher cost for spammers by putting a load on their servers."

By getting thousands of people to download and use the screensaver, Lycos hopes to get spamming websites constantly running at almost full capacity.

Mr Pollmann said there was no intention to stop the spam websites working by subjecting them with too much data to cope with.

He said the screensaver had been carefully written to ensure that the amount of traffic it generated from each user did not overload the web.

"Every single user will contribute three to four megabytes per day," he said, "about one MP3 file."

But, he said, if enough people sign up spamming websites could be force to pay for gigabytes of traffic every single day.

Lycos did not want to use e-mail to fight back, said Mr Pollmann.

"That would be fighting one bad thing with another bad thing," he said.

The sites being targeted are those mentioned in spam e-mail messages and which sell the goods and services on offer.

Typically these sites are different to those that used to send out spam e-mail and they typically only get a few thousand visitors per day.

The list of sites that the screensaver will target is taken from real-time blacklists generated by organisations such as Spamcop. To limit the chance of mistakes being made, Lycos is using people to ensure that the sites are selling spam goods.

As these sites rarely use advertising to offset hosting costs, the burden of high-bandwidth bills could make spam too expensive, said Mr Pollmann.

Sites will also slow down under the weight of data requests. Early results show that response times of some sites have deteriorated by up to 85%.

Users do not have to be registered users of Lycos to download and use the screensaver.

While working, the screensaver shows the websites that are being bothered with requests for data.

The screensaver is due to be launched across Europe on 1 December and before now has only been trialled in Sweden.

Despite the soft launch, Mr Pollmann said that the screensaver had been downloaded more than 20,000 times in the last four days.

"There's a huge user demand to not only filter spam day-by-day but to do something more," he said "Before now users have never had the chance to be a bit more offensive."

Download the screensaver here.

Comments

Something kind of stinks to me.

[lepermime.livejournal.com]

Not trying to troll, but has anyone thought of the legality of doing this. You are essentially doing the same thing that spammers do. You are creating unwanted traffic, but not just to their servers/sites. You also have to take into account the backbone providers that you traverse to get to the site. Now 3 or 4 MB a day doesn't sound like much but multiply that by 20000 and you are now talking about 60 GB of traffic a day. And that's just from 20000 downloads. Seems to me like there is just as much liability in using this screensaver to fight back as there is in sending spam out in the first place. Of course being from the US it's quite possibly that this kind of thing just sits different. Any dissenting opinions? Just looking for legal arguments not spam is evil and this is not as bad moral arguments.

Re: Something kind of stinks to me.

[bamatone.livejournal.com]

Ah, but everything you said is exactly the point. We create traffic that eats bandwidth but does not bring a server to its knees. I.E. we're not participating in DDOS attack or anything - I believe that's what gets us off the hook.

As for all the bandwidth we're eating - exactly. If we make it uber-expensive for the spammers to operate their own servers, then we can, in theory, reduce our spam, right?

At this point, I think I speak for the majority when I say fuck the lawyers, I'm tired of worthless spam on the internet. ;)

(Maybe it is my American "cowboy" attitude, but it looks all good to me. :P )

Re: Something kind of stinks to me.

[jecook]

Something tells me that if I used this screensaver, I'd be facing a disco from my internet connection due to abusing my bandwidth and server restrictions.

You are not hurting the spammers so much as you are hurting any legit users of that machine.

personally, I hunt down people who hork the bandwidth I'm paying for. Even if you are not dening the service, you are degrading it, and that is morally wrong, even tho legally right.

and what if the "server" is a trojaned cable modem subscriber? Now you are hurting innocent people whose only real crime is not having a system on the internet with updated patches and AV/spyware protection installed.

Re: Something kind of stinks to me.

[bamatone.livejournal.com]

Every single bit of that is addressed in the article.

Re: Something kind of stinks to me.

[jecook]

Every single bit of that is addressed in the article.

My points still stand:

By getting thousands of people to download and use the screensaver, Lycos hopes to get spamming websites constantly running at almost full capacity

By doing this, you are slowing things down for other users on that server, who may or may not be legit. Perhaps you are familir with the /. effect? unless the server is well connected, if a hobby site gets nailed, the entire bloody machine (with possibly oer a hundred paying customers on it) gets the hose. Not very polite, if you ask me.

Besides, spammers ( and the advertisers who use the spammer's services) will get smarter and write filters for the web sites that will block that user agent, execute DDoS attacks on the people who are doing this, or some other unsavory thing, if it becomes sustainable. Frankly, I have not been subject to that sort of attack yet, and I don't want it. This is like killing an elephant with a 30 megaton nuke, IMHO.

I've had 'users' try hitting my web server with interesting things. As not only the web master of my domain, but also the network admin, I'm saying that this is a bad idea, and that nothing good wil become of it. Spammers are already using bot networks, viruses, and DDoS attacks in order to continue thair practices. Why make it worse?

Re: Something kind of stinks to me.

[microchip.livejournal.com]

I agree with the legal aspect, but not just that - if an unsuspecting web host, who doesn't know that spam is going out from his server - I'm a web host myself, but thankfully haven't had any spammers yet - but as far as they know, they're server is being DDoS'd for no apparant reason. Whilst I agree that specifically known spam robot servers should be taken out by some method, where do you draw the line?