mailing list archives
Re: I'm calling for LycosEU heads and team to resign or be sacked
From: dcdave () att net
Date: Mon, 06 Dec 2004 21:17:24 +0000
two points should be mentioned in this discussion.
1) I have done several investigations of malicious code, intrusions, etc, and discovered it is almost impossible to
avoid "collateral damage". Hackers and spammers working through someone else's machine are common. Does retaliation
which does more damage to innocent people and may not even touch the spammer justify the means?
Of course, you could say that if that person is so unaware that he does not have his security up, he is causing the
problem, but how will he know what he's done if you block his communication channels?
I woud recommend a nice email detailing the real damage and spiritual damage caused by spam, aned what they might do to
find a better way to make a living.. Lots of spammers are simply trying to make a living, and don't feel they have
2) Retaliation leads to retaliation. Not to get into politics, but what opinion do you think the Arab and Muslim worlds
have of George Bush and what he is doing with his bullying/terroristic power play in their back yards? Not to mention
what they think of the American People for (allegedly) electing him again?
As a former member of the National Security Team I can vouch for their (Arab/Muslim) long memories and grudges. The
Arab and Muslim worlds are uniting agaist a common bully. Groups that were on the edge or undecided are now joining the
anti-Americans. We will pay or our children will pay for this.
How will we pay for damages, both direct and collateral?
we need to find a better response.
I thought I was doing the right thing in Viet Nam at the time, but I am paying for it now in my soul.
People who have been in a war know that it is not the right solution to the problem.
If we don't learn from our mistakes, we are doomed to repeat them.
"Peace in your hearts, peace in the world" - Dali Lama
"There is a big difference between kneeling down and bending over" - Bob Dylan
-------------- Original message from Tatercrispies <tatercrispies () gmail com>: --------------
Self regulate is NOT self retaliate.
Why not? Why can't retaliation be a form of regulation? Is your
objection in general, or is there a specific to this case?
To go back to a previous message; in attacking spammers, I see the end
result as being the greater good. Despite what another poster wrote,
the phrase "The ends justify the means" does not immediately
invalidate your argument, this is the essence of virtually all ethical
questions-- does one good outweigh a bad?
. I run a small mail server that services about 10 domains. At any
given time, I have approximately 500MB of spam stored on my server. I
pay, every night, to back up this garbage to tape, and pay the weekly
bandwidth fees to upload disk images to a remote server. Not to
mention the gigabytes of transfer a month I spend downloading spam to
my system an re-uploading it to mail clients.I could enforce mail
quotas, but I will never be able to force a hosting client to check
and clean their mail on a regular basis.
. More than once spammers have leveraged holes in the mail servers of
clients of mine. One mail server hard drive filled up with 60GB of
queued spam, and they had to pay me $100/hr to drive in and clean up
the mess. Plus the company was without e-mail for a weekend and a
Monday. Another time, an improperly configured zombie _elsewhere_ was
attempting to send spam in excess of 10,000 messages a minute to a
server I was managing. It took two days for me to contact the other
administrator and get them to unplug the server.
. Every week I spend hours of what could be billable time cleaning out
my inbox. Sometimes I accidentally delete an legitimate message
without realizing it. This costs me.
All these things cumulate to be a very large cost to myself, but more
so to others with even larger organizations. E-mail is steadily
becoming an irrelevant method of communication, and unless we can
perfect a method to ignore or combat spammers, I really can't see
e-mail being an effective form of communication in five or ten years.
Isn't that worth fighting for?
If I can help shut down a spammer by sending a few MB of traffic their
way every day, I'm for it. What are the downsides?
. Extra traffic for backbone carriers
+ Spammers and their direct carriers will have to pay for it
+ If the spammer is shut down, then this is irrelevant as the net
bandwidth and costs to others will still be less
- Might target an innocent, which is why such a tool is best
coordinated by SPAM professionals
+ If you object, you don't have to participate
. Operates outside the law. Some other people on the list like
making (rather funny) analogies about physically assaulting your
mailman, but the impacts are primarily financial, and if done properly
affect only the ones that deserve it. If a spammer is earning
$750,000USD a month, I feel no pity that I've increased his bandwidth
- May seem morally questionable. Clearly this is subjective. I think
history can demonstrate that while brute force isn't typically the
best solution, sometimes it is the only answer.
Then, what will you do when (not IF) you'll receive X bazillions
polite emails requesting you to remove such-and-such random
IP from your flood-list ? Will you really deal with all of those messages ?
This was intended tongue-in-cheek, but I would stop flooding a spammer
under the following conditions:
. They use opt-in mailing lists only, and no funny business like "We
got your address from a member site"
. They use their own resources to send bulk e-mail, and stop
leveraging the bandwidth and storage of unsecured mail servers
. They respect unsubscribe requests
. They do not attempt to mask the true sender, nor pull stupid
bullshit like "V1.4grAAa". If I want my mail server to block messages
with Viagra in it, then forcibly bypassing my mechanisms is an
personal insult. Personally I can't see why spammers do this, if I'm
actively filtering spam, I'm obviously not going to buy your damn
I DO agree that strong measures should be taken against spammers. Legal ones,
that is. No other way to keep a civilized society still civilized.
That's an interesting point. Is this illegal? Is it illegal to go to
the spammer's website and hit refresh fifty times? A hundred times? A
thousand times? If it is, then I suppose this _is_ illegal, but my
gut feeling says it isn't. If not illegal, then maybe in a gray area.
I'm sending them this traffic of my own cognizance as a peaceful
protest. Is there any law in any country that makes this illegal? If
not specifically defined, then in general what would you call this
sort of 'illegal' activity?
Full-Disclosure - We believe in it.
- Re: I'm calling for LycosEU heads and team to resign or be sacked, (continued)