Why does this group have so much spam?

Steven D'Aprano steve at REMOVE-THIS-cybersource.com.au
Tue Sep 1 20:17:05 EDT 2009 

On Tue, 01 Sep 2009 20:48:19 +0200, David wrote:

> Il Tue, 1 Sep 2009 11:50:14 +0200, Andre Engels ha scritto:
> 
> 
>> What about mailing lists? There exist well-functioning mailing lists
>> with thousands of subscribers. Being a posting member of those will
>> significantly increase your internet bill under your proposal.
> 
> It's an implementation issue, it doesn't touch the sense of proposal.
> One possibility is register the mail list to official registers and mail
> from a subscriber to other subscribers will be excluded from taxation or
> will have a lower tax rate.
> An excessive mailing from a single or few subscribers can be easily
> detected, traced, filtered and, if the case, prosecuted.

This can be done already, without the need for an email tax. ISPs could 
easily detect spammers, if they cared to.

There are a few things that can already be done to cut the spam problem 
to manageable size:

(1) Why aren't ISPs blocking port 25 for home users by default? My home 
ISP does, I can only send email through their mail server unless I ask 
them nicely, in which case I'd be responsible for any spam that leaves my 
home network. If I send spam, I'll be breaking my terms of service.

(2) Why aren't ISPs cutting off detected spam bots? Owners of zombied PCs 
are menaces to society. ISPs are in the best position to detect PCs which 
are spamming, and alert the owner. If no action is taken in a week, warn 
the owner that they're in breach of their terms of service, and if the 
behaviour persists, cut the owner off until they clean up their PC. 
Repeat offenders should be banned.

(3) ISPs who won't cut off spam bots are either incompetent or have a 
financial incentive to do business with spammers. Therefore, responsible 
ISPs should cut them off. If this means the email universe divides into 
two halves, the Wild West where 999 emails out of every 1000 are spam, 
and Civilization where only one in a thousand is spam, I'm okay with that.

As for the argument that home users who send spam are the victim, that's 
true up to a point, but not very far. Here's an analogy: suppose that 
terrorists sneak into your house after picking the lock -- or in the case 
of Windows users with no firewall or anti-malware, stroll through the 
unlocked front door -- and spend the next six months camped in your spare 
bedroom, using your home for their base of operations while they make 
terrorist attacks. When the FBI kicks your doors down, don't you think 
you would be arrested and would have to prove that you couldn't be 
reasonably expected to know they were there? If millions of spam emails 
are coming out of your PC, that's prima facie evidence that YOU are 
spamming. You would need to prove that you're an innocent victim who 
couldn't *reasonably* be expected to know that your machine was hijacked 
-- you would need to prove that the spam bot was so sophisticated that it 
infected your PC despite the firewall, that you didn't install it 
yourself in order to get some stupid game, that no commonly available 
anti-malware program detects it. Anything less than that is *at least* 
negligence, and possibly willful negligence.

Negligence is a crime too, especially willful negligence. Perhaps a 
lesser crime than deliberate bad behaviour, but if you kill somebody 
because you neglected to service your car, the argument "I'm the victim 
here, blame somebody else!" wouldn't get you very far. Not knowing how to 
service your car to keep it in good working order is not an excuse -- if 
you don't know how to change the brakes, there are people who do. If you 
don't know how to set up an effective firewall and anti-malware software, 
there are people who do. Stop hiding behind your ignorance, and pay an 
expert to service -- and secure -- your computer. It is 2009, and the 
malware problem isn't some theoretical threat that only a handful of 
people know about. Anyone with an infected PC who does nothing about it 
is, in my opinion, *equally* responsible for the spam being sent out as 
the criminals who hijacked the PC in the first place.

Yes, I'd like to see the criminals, the malware authors and the spammers 
punished, but I'd be satisfied to see them put out of business. The weak 
link is the zombie PCs -- fix the home users' PCs, or block them, take 
them off the Internet, and spam becomes manageable again.



-- 
Steven

More information about the Python-list mailing list