We are developing the social individualist meta-context for the future. From the very serious to the extremely frivolous... lets see what is on the mind of the Samizdata people.

Samizdata, derived from Samizdat /n. - a system of clandestine publication of banned literature in the USSR [Russ.,= self-publishing house]

Spammers spammed (but too successfully)

I am confused (as Americans often say when they are about to be nasty in a very unconfused way – but I really am rather confused) by this BBC report about a scheme to make spammers wish that their parents had been further into birth control than they were, at about the time when they, the spammers, were actually born.

Here is the first paragraph:

A plan to bump up the bandwidth bills of spammers seems to be getting out of control.

But from what I can grasp of the rest of the article, what the BBC calls “getting out of control” is what the rest of use would describe as “working extremely well”.

Earlier this week Lycos Europe released a screensaver that bombards spam websites with data to try to increase the cost of running such sites.


…which seems an odd word to use here. I would have gone with “And”…

…analysis shows that, in some cases, spam websites are being completely overwhelmed by the traffic being directed their way.

As that Sergeant Major (played by Windsor Davies) in It Ain’t Half Hot Mum used to say; “Oh dear. How tragic.”

But monitoring firm Netcraft has analysed response times for three of the sites the screensaver targets and has found that the campaign is being too successful.

What was that? Too successful?

Two of the sites being bombarded by data have been completely knocked offline. One other site has been responding to requests only intermittently as it struggles to cope with the traffic the screensaver is pointing its way.

Too successful. Too successful!!! Sounds like for once the punishment has fitted the crime perfectly.

But yes.

The campaign has come under fire from some corners of the web.

Many discussion groups have said that it set a dangerous precedent and could incite vigilantism.

“If you do manage to swamp the spammers then you set yourself up for more attacks in return,” said Graham Cluley, senior technology consultant at anti-virus firm Sophos.

Which, I suppose, would make this Cluley man a Sophist, twice over. This is like saying that if you use force against a burglar, he might get angry and burgle you even more ferociously in the future. As he might, I suppose. Best roll over and surrender. But I reckon that Cluley does not understand economics. I mean, if you were a spamster, would you make a point of picking a fight with people clever enough to have swamped your entire site?

This corner of the web (the corner that consists of me) is extremely attracted by the whole idea of what Lycos is doing here, and wonders what the downside of it is, if any. This corner of the web is in favour of what other corners of the web call “vigilantism”. To this corner of the web, this all sounds absolutely splendid.

But is this corner of the web missing something? What does this discussion group think?

The only real problem in what Lycos is doing seems, to this corner of the web, to be that the state, in all its various geographical manifestations, is minded to make it illegal. What is that thing that Perry keeps saying?

But so what? Even if this process is declared illegal, something resembling it could still proceed, could it not? If enough people wanted that? No? But at this point I really am rather confused.

21 comments to Spammers spammed (but too successfully)

  • Rob

    I’m afraid you’re missing the technological point behind this. Spamming the spammers sounds like a terribly good idea, until you consider the unintended consequences.

    Firstly and most importantly, spammers don’t operate in isolation. The internet, as the name implies, is an interconnected network. Any traffic on the net has to travel via several pathways in order to reach its destination, and all of these have limited capacity. Anything which causes unnecessary traffic causes bandwidth wastage, resulting in lower bandwidth available for other (legitimate) customers.

    This is compounded by the fact that sites on the internet are often “multihomed”; that is, multiple sites are hosted at a single location, using a single connection to the internet. Ramping up the traffic to a spammer’s hosting account will raise his costs, but sending so much traffic that the entire site is knocked offline also punishes the other, entirely legitimate, sites hosted there.

    The “too successful” phrase is also explicable in this context. The stated objective of the Lycos plan was merely to ramp up costs for spammers, not to take down whole servers, with all of the unintended damage that causes. By Lycos’ own standards (which are, presumably, the only standards to judge this by) the plan has exceeded its stated aims. Your view may differ, but you’re not the guy setting the aims.

    Lycos’ claims that this is not a DDoS attack are plainly untrue. As someone whose servers have been on the receiving end of malicious DDoS attacks in the past, I can tell you it’s not a pleasant experience, and what Lycos are doing is quite clearly an example of a DDoS attack. Whether it is justified is a matter for debate; if they are sure that the servers are exclusively used by spammers, then I really don’t care. But if, in the attempt to make nuisance for the spammers, they are in fact attacking the sites of legitimate businesses this can only be seen as a bad thing.

    Suppose Samizdata’s hosting provider also provided hosting for a spam company (or, more to the point, a company Lycos thinks is a spam company), use of this technology against said company would also result in Samizdata being knocked offline.

    Furthermore, if Lycos’ methods are deemed acceptable, other less reputable DDoS networks would feel entirely justified in attacking other sites. If Lycos can do it, why can’t they? Only their criteria might be different; they might target sites based on political or religious views, or simply for the kick of taking down a big site. Major corporate websites tend to get attacked by small DDoS networks periodically, but this has been limited by the fact that most people see DDoS attacks as bad. Log files can store the IP addresses of the attackers, and these can be forwarded to their ISPs. Since most computers participating in these attacks are probably “hacked” (for want of a better term), ISPs often insist on the customer performing a thorough virus scan to remove or disable the malicious program. Users refusing to do so generally have their accounts disabled. It’s not a perfect system, but it prevents permanent DDoS networks from building up.

    The Lycos system turns the whole thing from a black and white issue into a grey area; it suggests that there are “good” DDoS attacks, an idea I find dubious at best. I’d rather put up with the occasional bit of spam than have to deal with sites going down left, right and centre due to DDoS attacks becoming commonplace.

  • zem

    Perhaps a minor point, but one I think we’ll hear regularly in future: Lycos claims it’s not a DoS attack because they’re only consuming 95% of the targets’ bandwidth, not 100%.

  • Ray

    Lycos shouldn’t worry about accusations of a DDoS attack. If they had implanted viruses in the machines of thousands of people all over the world without their knowledge, and programmed or triggered traffic to the spammers’ sites, that could be considered a DDoS attack.

    If a large newspaper published the fax number of a wrong-headed sender of junk faxes, and hundreds of thousands of people decided to fax their opinion of his activities to that fax spammer, so that his fax machine ran out of paper, would that be a DDoS attack? No. It’s called freedom of speech and public pressure. Automate the process, so that it’s easy to send multiple faxes at times of your choosing. It’s still not DDoS. People are still choosing to make their voices heard. If the spammers’ sites crash, tough.

    I have been a sysadmin for decades and I know about the “unintended” consequences of loading a multi-user platform or network. But if this helps cut out the billions of spam messages clogging the internet, and everyone’s mailboxes, by killing the sites responsible, then the traffic effects may be neutral or even positive!

    I think it’s a splendid idea.

  • It seems to me that if a spam has an link in it (which they all do), then they are sending you that link in an attempt to get you to visit their site.

    It was very nice of Lycos to automate the process for me and them. Now I need not bother reading the mail in order to make all those spam companies happy…by increasing the visitations to their site. Thanks Lycos!

    It’s not vigilantism, its just progress. As computer systems evolve, more and more tasks get done by the computer, with less intervention from the user.


  • zmollusc

    I think it is worth pointing out that the target being hit is the spammers’ CUSTOMER(s). ie the nigerian viagra salesmen who pay the spammers to flood the net with spam in the hopes of getting some fool to fall into their clutches.
    By hugely ramping up the number of responses to the spam, the costs to the snake oil salesmen go up and so spamming becomes less attractive. This is an economic attack upon the spam business model as much as a DDoS attack.

  • Rob argues that Lycos is hurting innocent bystanders by potentially knocking out multiple sites on a shared server. However, think about it this way: if customers who share a server or isp with a spammer keep getting hurt, they will leave that service for a competing one. This will force hosting providers/isps to get serious about cracking down on spammers.

    Also, the bandwith consumption by the Lycos system is not a long-term phenomenon. If the system really does succeed in increasing spammers’ bandwith costs to the point where spamming is unprofitable (at least in its current form), then the bandwith consumed by the system will gradually decrease over time as spammers stop spamming.

  • Uni Slave

    Hmm as im currently in a block containing about 2000 high end computers im tempted to start running this on as many as i can find.

    But sadly the good ‘white hat’ part of me is not letting me. Whilst im all to happy to see spammers get what the deserve this is probably not the way to go. As other respondents have noted it would have a knock on effect on other sites and the ‘net as a whole (although a small one).

    I hate spam but i console myself that its sown the seeds of its own destruction. As more and more people get sick of spam and either ignore it or filter it, and spamers start facing legislation the problem will (hopefully) decline……at least until the next big marketing idea comes along…….

  • I must confess to a similar level of confusion and an overwhelming desire to clatter BBC heads together. Not only is it impossible for this to work too well, personally, I would be happy if the scheme could be extended to fry computers at the spammers end (I suppose someone is going to object if I suggest Ebola for the individuals concerned).
    I also agree with your burglary analogy. Perhaps we can persuade our esteemed Home Secretary to abolish all forms of censure on criminals on the basis that it only makes them come back and do it to us again, but this time in a really nasty way.
    I think it was actually “Oh dear, how sad, never mind”

  • Rob

    I also agree with your burglary analogy

    I think a better analogy is firebombing someone’s house for leaving chewing gum on the pavement (and burning down the rest of the street in the process).

    Spammers are annoying, but DDoS attacks are worse.

  • Julian Morrison

    There are two other good counterarguments nobody above has raised:

    1. What if Lycos is mistaken about who’s a spammer? Or what if they are intentionally misled into bankrupting an innocent? Pre-existing spam blacklists are often wrong, if only temporarily. But who will refund someone for a week-long “temporary” mistake?

    2. What if Lycos gets hacked, and this ready-made DDOS network is taken over by some crook?

    I have nothing against vigilantism. In fact, I reckon the proper sort (involving nail-studded baseball bats, and/or ropes and trees) would be quite effective.

  • Sylvain Galineau

    As Bill Gates could tell you, too successful means you are about to be sued and made liable for something. And yes, in this case, someone – one of the entities between Lycos and the spammer sites, whether network owners, other ISPs, hosting providers – will argue that Lycos is taking matters in their own hands and that its actions are having negative consequences on other third parties. Sure, the last-mile wire to the site of the spammer is swamped. But all that data also swamps the hundreds or thousands of miles of network it takes to reach them.

    Without proper data, it’s hard to say whether we replaced one expensive stream of crap – spamming – with another equally large stream of junk – counterspam. It is quite possible that as Lycos’ screensaver becomes more and more popular, Lycos has realized that it could be replacing one problem with a bigger one. In which case, too successful is a rather apt description of the situation.

  • Alan G

    I think a better analogy is firebombing someone’s house for leaving chewing gum on the pavement…

    I had to close down one email account because I was getting in excess of 150 spam messages a day. For the most part, these were the usual viagra / medical type scams but there were also some very nasty pornographic emails. Not upsetting for me but certainly upsetting for my wife who occasionally saw some of this material. No, this isn’t like a piece of chewing gum on the pavement. This is more like somebody stuffing excrement through your letterbox. Firebombing the guilty persons house is indeed out of proportion but I would certainly love to push some of this crap back through their letterbox. If somebody can facilitate this for me then that’s fine. After all, what’s wrong with returning unsolicited and unwanted goods to the sender?

  • Julian Morrison

    BTW, to keep away spam, the program I use, “spambayes”, seems to be very impressive indeed. I get hundreds a day and all but maybe one a day get dumped straight into my spam folder. Plus because it has an “unsure” category for manual review, I’ve never had it dump valid mails.

  • The website and the screensaver itself seem to be down now, so either:

    i) Lycos genuinely messed up with this, got burnt on the response and pulled the project.
    ii) Lycos didn’t exactly mess up, but were naive about the response, and pulled the project.
    iii) It was a fairly clever marketing ploy, and the project has worked perfectly.

    Time will tell.

  • Julian:

    “I get hundreds a day and all but maybe one a day get dumped straight into my spam folder. Plus because it has an “unsure” category for manual review, I’ve never had it dump valid mails.”

    Filters are good but not perfect. I use BT Yahoo and although 98% of the stuff they catch is spam, the odd genuine email also gets caught. This means I still have to review it all personally and that takes me a bit of time.

    I think we should be careful about treating either spam or counter-spam as unlawful. Much better to kill the business model which is what the Lycos thing seems to do.

  • Mashiki

    Wait a sec…so some spammer comes along and uses my bandwidth to dump crap on my servers and I should do nothing?

    The ISP’s won’t, the government doesn’t, the police refuses to. What does that leave me with?

    Laws only work when someone prosecutes, when the police works with the people, and the courts are rendering fair justice. None of that is happening. That only leaves the people to take things into their own hands.

    Sure we can start blacklisting IP’s at the router level. Some ISP’s have blacklisted all of S.Korea, Brazil and Eastern Europe because of the amount of spam. That ofcourse breaks the email system itself.

    So what’s left? Shut down the spammers, that leaves you with getting their ISP’s to shut them down…most don’t care. Or using up all their bandwidth.

  • limberwulf

    Lycos making a mistake about who was guilty of spamming could be solved with a lawsuit. Servers allowing spammers on their list of clients are guilty of helping the spammers, and deserve what they get. What Lycos is doing is just a market force. Besides, Lycos merely wrote the software. Their screensaver would do nothing if people were not using it. This means that the responsible party is actually all of the people actually using the screen saver, and that is a pretty solid market force action, not like vigilantism at all. Vigilantism would be an individual hacking the spammers’ sites.

  • Rob

    Besides, Lycos merely wrote the software. Their screensaver would do nothing if people were not using it. This means that the responsible party is actually all of the people actually using the screen saver

    From my understanding, only Lycos can add new sites to the list of sites to be attacked. So the responsibility for deciding who to attack and when rests with Lycos. A mob boss doesn’t kill people himself, he gets his lackeys to do it for him. Does that mean he’s not responsible?

    If Lycos isn’t responsible for the attacks carried out by the DDoS network they set up, does that mean that anyone can set up a similar network and claim its actions are not their fault?

    I’ll say it again: if this system is only used against genuine spammers, without hurting anyone else, then it’s OK. But once we accept the principle that DDoS attacks are a legitimate method of attacking sites that are allegedly connected with spammers, what would prevent DDoS attacks on sites entirely innocent of spamming?

  • A few technical comments to start off:

    For people manually checking their spam folders, try sorting by subject and going through it that way. You can knock off entire blocks of spam because of their similar subject lines. Once you’ve taken out these big blocks, resort by sender and, again, you can quickly eliminate a bunch of spam. For me, the rest is pretty easy to go through manually.

    The real problem is that the Internet can be a well run, efficient anarchy with a high level of trust facilitating things or bad behavior can spark an arms race taking down the efficiency of the network step by step until the whole thing breaks down. This is really what I see as the problem with Lycos’ effort. They stepped up the arms race a bit too much and they saw the edge of the cliff.

  • Shaun Bourke

    Most of your spam email has a notification tag on it for the spammer to know if you actually downloaded the spam. Most spammers have huge email boxes btw. This tag will likely indicate an ID to allow it through the spammers own anti-spam programme.

    If you have an email programme that is capable of capturing this tag as it gets your email…….. Pegasus Mail is one… http://pmail.com ……before it can be sent you are now in business.

    Always keep all your spam in its raw form and you add them all to your ‘newsletter’ programme which you send out to each spammer and company/advertiser the spammer is doing business with everytime you get spam. Try to keep each ‘newsletter’ below 10-15Kbs in size and do vary the size. Subject lines should relate directly to a new promotion or forth coming programme (program) or even the great success that a recent promotion achived with a/the promoting company/outfit. Always make sure your spelling is correct and regular everyday words and expressions are used.

    If you screw with your mailer script you can put the ‘newsletter’ mailer into continuous loop. A little tinkering with the script again and you can have the tag return notification address on your ‘newsletter’ mailing identical to the addressee. For a return address in the ‘newsletter’ body try to use an actual spammer/spam advertiser email address. Otherwise there are a couple of scripts out there that will generate ‘whatever’ email addresses you might need. BTW these email generating scripts are great for web-bots that harvest email addresses off web sites.

    Before you get underway do check with your ISP so they know what you are up to and you will likely get their blessing. Mine asked me to limit the times to ‘offpeak’ and it does consume bandwidth !

    Each spam email that is selling a product will likely have a redirection in it usually directly to the company’s server selling the product and even better if it is a ‘secure’ site. This is where you can DoS them yourself via a remote proxy. Most of these ‘fly-by-nighters’ are on hosting servers with little bandwidth available to them unless they pay more for increased bandwidth.

    To insure that none of the spammers can hack you get an external modem and a Firewall equipped NAT router.

    For those who just dont want to be bothered with spam there are several excellent filter programmes and quick look programmes out there that are free.

    Now have a wonderful day.