The Grumpy Troll

Ramblings of a grumpy troll.

Spam abatement

Various folks fight the good fight and tackle spammers and we read news reports about "took down the botnet responsible for X% of the world's spam".

Perhaps the volume of spam drops for a day or two. In exceptional cases, for a week.

But the spam returns, and with changed characteristics which do not filter so readily.

At heart, it's an economics problem. There is demand, therefore there will be surprise. As long as people are willing to buy spamming service, there will be spammers available to take the money.

How's that "War On X" coming along for you? Drugs, Terrorism, Spam, doesn't matter which X, it never seems to work so well and is often counter-productive.

Taking out the spam networks is useful for restoring control of machines to their rightful owners, but not much more, and without the user education and a stronger incentive to use secure systems, that situation isn't improving much.

So two concrete proposals, to keep this constructive:

1. Spend more time and money going after the vendors using the spam services, hitting them harder, until folks gulp at the thought of using spammers, much like they might gulp at the thought of getting into bed with the mob. It will still happen though.

2. Legislate (gulp!) that ISPs charge two rates of fee for their customers; a base fee, and a service support fee, which can disappear like an insurance "good driver's" discount. Make the support fee discount transferable, so that folks can switch ISPs. Set a minimum amount of time that the discount is lost for, before a customer can start reclaiming it. Ensure that being detected as a compromised system will lose you the discount. Let market economics come into play, as folks figure out that they'll be $10/month better off if they use something other than a dodgy copy of an old Windows release as their base operating system. For one thing, they'll have a financial incentive to learn what an OS is.

Note that I'm not claiming Windows is worse than Unix here; indeed, modern Windows is arguably better than Unix; but Windows does have the larger market share and much of the problem is folks who do not have access to automatic updates because their install is of dubious provenance. All mainstream OSes have severe issues here and it will only change when there is adequate incentive for a change.

-The Grumpy Troll


Katrina had a great effect on spam. I have argued for some years that sawing off Florida and hauling it out to sea would do more for anti-spam than any number of legislative measures. (Both Florida and Louisiana have laws favourable to fly-by-night businessmen, particularly as concerns bankruptcy.)

What I think might work, though it would never be adopted, is compulsory depeering. Send enough confirmed spam outside your own AS (enough that you've had time to be told about it and disconnect the sender, and you haven't), the entire ISP is depeered for a fixed period - an hour at first, doubled for each subsequent incident. Which will eventually kill the company (it would certainly have killed Google by now).