Below is an interesting article from The Washington Post where it details a new screensaver from Lycos. The screensaver visits websites while your computer is idle that are referenced in SPAM and make it to a bad spammers list. This is done in an attempt to limit the website ability to server traffic efficiently by causing extra traffic.
While I question the 100% legality of such a tactic, it DOES make sense that we could make a SURBL site-still-online-verification-list that would cause an LWP request to URLs per incoming email. This could be used to verify that websites are still online which is valid and is done in response only to email received at your server.
Perhaps this information wouldn't be used Real-time to prevent mail server delays but simply collected in the background and reported to a central service. If it has the added benefit of costing spammers extra money or slowing down their site, they should throttle their improper email outbound having a direct 1:1 correlation.
Thoughts?
KAM
http://www.washingtonpost.com/ac2/wp-dyn/A22311-2004Nov30?language=printer
Lycos Offers Program to Attack Spammers
By Daniel Woolls The Associated Press Tuesday, November 30, 2004; 9:50 PM MADRID, Spain -- At the risk of breaching Internet civility, a European Web portal is offering its visitors a weapon against spam: a screensaver program that tries to choke spam servers by flooding them with junk traffic. As of Tuesday, about 65,000 people have signed up for the controversial tool from the German-based Lycos Europe, whose sites get 20 million users monthly. The company insists the technique is legal - it says the culprit servers are simply choked a bit, not completely asphyxiated - and dismissed concerns that its "Make Love not Spam" offensive can further clog the world's digital pipeline. Still, computer experts are worried. "You don't stop a bad thing by being bad yourself," said David Farber, former chief technologist at the U.S. Federal Communications Commission. "The idea of somebody coming and hitting you and you hitting back, you both end up very hurt. It just aggrevates an already serious problem." When a computer with the free Lycos screensaver is idle, the program sends junk commands to Web sites identified by Lycos as selling products pitched in spam. When done in masse, this eats up precious bandwidth, causing the sites to overload and slow down. The goal, said Lycos Europe spokesman Kay Oberbeck, is to "show the owners of such spam Web sites that there is massive interest of thousands of users who are not willing to just give up against more and more spam each day." The targets generally are not the servers used to do the actual mailings; these days, those servers are most often legitimate ones co-opted into spamming by viruses and worms. Lycos chooses its targets by reviewing lists of suspect sites identified by independent spam monitors such as SpamCop. The company said it checks each manually to make sure it genuinely carries products promoted by spam, though Oberbeck acknowledged the risk of going after a legitimate site that has been hijacked by a spam-spewing site. He said Lycos takes care not to crash spam servers altogether, ensuring that they will never go below 5 percent bandwidth. Thus, he said, the offensive isn't the same as denial-of-service attacks commonly used by hackers to incapacitate Web sites. Cyberspace activism - such as virtual sit-ins in which computer users gang together and use automated tools to flood a Web site - is not entirely new, said Dorothy Denning, a professor of defense analysis at the Navy Postgraduate School in Monterey, Calif. But in this case a for-profit company is the driving force. "The interesting question is whether or not that company might be liable under some law, and would probably be liable, certainly, at least under a lawsuit by the spammers," she said. Denning believes any impact on spamming will be minor at best. Though spam sites have to pay for bandwidth required for the extra traffic, she said, "the cost off adding extra bandwidth may be worth the reward that comes from spamming." © 2004 The Associated Press
On Wed, 1 Dec 2004, Kevin A. McGrail wrote:
Below is an interesting article from The Washington Post where it details a new screensaver from Lycos. The screensaver visits websites while your computer is idle that are referenced in SPAM and make it to a bad spammers list. This is done in an attempt to limit the website ability to server traffic efficiently by causing extra traffic.
This is a very bad idea for a number of reasons:
1) In a lot of places, people's bandwidth is metered, so this will cost them money. (The people running the screensaver, I mean.)
2) Just on principle, I don't approve of software that causes this kind of network traffic silently and in the background.
3) The potential for DoS'ing an innocent third-party is too great.
4) If spammers can commandeer huge armies of zombies to send spam, it's not a big jump for them to install Web servers on the zombies so they have a distributed network serving up their content that is resilient against the Lycos attack. (In fact, this is the logical next step to counter SURBL.)
My anti-spam philosophy has always had as a basic principle: "First, do no harm." I don't think the Lycos screensaver adheres to this principle.
Regards,
David.
On Wednesday, December 1, 2004, 8:46:10 AM, David Skoll wrote:
On Wed, 1 Dec 2004, Kevin A. McGrail wrote:
Below is an interesting article from The Washington Post where it details a new screensaver from Lycos. The screensaver visits websites while your computer is idle that are referenced in SPAM and make it to a bad spammers list. This is done in an attempt to limit the website ability to server traffic efficiently by causing extra traffic.
This is a very bad idea for a number of reasons:
- In a lot of places, people's bandwidth is metered, so this will cost them money. (The people running the screensaver, I mean.)
- Just on principle, I don't approve of software that causes this kind of network traffic silently and in the background.
- The potential for DoS'ing an innocent third-party is too great.
- If spammers can commandeer huge armies of zombies to send spam, it's not a big jump for them to install Web servers on the zombies so they have a distributed network serving up their content that is resilient against the Lycos attack. (In fact, this is the logical next step to counter SURBL.)
As long as they use a domain name in their spam URIs, which seems likely even with distributed (stolen) web service, we've got them covered with SURBLs.
My anti-spam philosophy has always had as a basic principle: "First, do no harm." I don't think the Lycos screensaver adheres to this principle.
I agree with your comments. Bad idea.
Jeff C. -- "If it appears in hams, then don't list it."
On Thu, 2 Dec 2004, Jeff Chan wrote:
As long as they use a domain name in their spam URIs, which seems likely even with distributed (stolen) web service, we've got them covered with SURBLs.
Well, I assume they'd use IP addresses, not domain names. It would be exceedingly hard to use a domain name to point to one of several hundred zombies.
Regards,
David.
On Thursday, December 2, 2004, 6:25:48 PM, David Skoll wrote:
On Thu, 2 Dec 2004, Jeff Chan wrote:
As long as they use a domain name in their spam URIs, which seems likely even with distributed (stolen) web service, we've got them covered with SURBLs.
Well, I assume they'd use IP addresses, not domain names. It would be exceedingly hard to use a domain name to point to one of several hundred zombies.
They could engineer some kind of dynamic DNS to go along with it.
IP addresses might be problematic for them to use since their hard coded IP address servers could go away at any time, rendering the particular spam mentioning any fixed address useless.
Jeff C. -- "If it appears in hams, then don't list it."
Kevin A. McGrail (kmcgrail@pccc.com) @ 2004.12.01 10:29:57 -0500:
Below is an interesting article from The Washington Post where it details a new screensaver from Lycos. The screensaver visits websites while your computer is idle that are referenced in SPAM and make it to a bad spammers list. This is done in an attempt to limit the website ability to server traffic efficiently by causing extra traffic.
And today's followup news article where said service goes down in a ball of flames:
http://www.zdnet.com.au/news/security/0,2000061744,39168558,00.htm
-
David F. Skoll -
Jeff Chan -
Kevin A. McGrail -
Sean Ware