[SURBL-Discuss] Lycos Screensaver that attacks Spammers

Kevin A. McGrail kmcgrail at pccc.com
Wed Dec 1 16:29:57 CET 2004


Below is an interesting article from The Washington Post where it details a 
new screensaver from Lycos.  The screensaver visits websites while your 
computer is idle that are referenced in SPAM and make it to a bad spammers 
list.  This is done in an attempt to limit the website ability to server 
traffic efficiently by causing extra traffic.

While I question the 100% legality of such a tactic, it DOES make sense that 
we could make a SURBL site-still-online-verification-list that would cause 
an LWP request to URLs per incoming email. This could be used to verify that 
websites are still online which is valid and is done in response only to 
email received at your server.

Perhaps this information wouldn't be used Real-time to prevent mail server 
delays but simply collected in the background and reported to a central 
service.  If it has the added benefit of costing spammers extra money or 
slowing down their site, they should throttle their improper email outbound 
having a direct 1:1 correlation.

Thoughts?

KAM


http://www.washingtonpost.com/ac2/wp-dyn/A22311-2004Nov30?language=printer

Lycos Offers Program to Attack Spammers

By Daniel Woolls
The Associated Press
Tuesday, November 30, 2004; 9:50 PM
MADRID, Spain -- At the risk of breaching Internet civility, a European Web 
portal is offering its visitors a weapon against spam: a screensaver program 
that tries to choke spam servers by flooding them with junk traffic.
As of Tuesday, about 65,000 people have signed up for the controversial tool 
from the German-based Lycos Europe, whose sites get 20 million users 
monthly.
The company insists the technique is legal - it says the culprit servers are 
simply choked a bit, not completely asphyxiated - and dismissed concerns 
that its "Make Love not Spam" offensive can further clog the world's digital 
pipeline.
Still, computer experts are worried.
"You don't stop a bad thing by being bad yourself," said David Farber, 
former chief technologist at the U.S. Federal Communications Commission. 
"The idea of somebody coming and hitting you and you hitting back, you both 
end up very hurt. It just aggrevates an already serious problem."
When a computer with the free Lycos screensaver is idle, the program sends 
junk commands to Web sites identified by Lycos as selling products pitched 
in spam. When done in masse, this eats up precious bandwidth, causing the 
sites to overload and slow down.
The goal, said Lycos Europe spokesman Kay Oberbeck, is to "show the owners 
of such spam Web sites that there is massive interest of thousands of users 
who are not willing to just give up against more and more spam each day."
The targets generally are not the servers used to do the actual mailings; 
these days, those servers are most often legitimate ones co-opted into 
spamming by viruses and worms.
Lycos chooses its targets by reviewing lists of suspect sites identified by 
independent spam monitors such as SpamCop. The company said it checks each 
manually to make sure it genuinely carries products promoted by spam, though 
Oberbeck acknowledged the risk of going after a legitimate site that has 
been hijacked by a spam-spewing site.
He said Lycos takes care not to crash spam servers altogether, ensuring that 
they will never go below 5 percent bandwidth. Thus, he said, the offensive 
isn't the same as denial-of-service attacks commonly used by hackers to 
incapacitate Web sites.
Cyberspace activism - such as virtual sit-ins in which computer users gang 
together and use automated tools to flood a Web site - is not entirely new, 
said Dorothy Denning, a professor of defense analysis at the Navy 
Postgraduate School in Monterey, Calif.
But in this case a for-profit company is the driving force.
"The interesting question is whether or not that company might be liable 
under some law, and would probably be liable, certainly, at least under a 
lawsuit by the spammers," she said.
Denning believes any impact on spamming will be minor at best. Though spam 
sites have to pay for bandwidth required for the extra traffic, she said, 
"the cost off adding extra bandwidth may be worth the reward that comes from 
spamming."
© 2004 The Associated Press 




More information about the Discuss mailing list