Can vigilantism stop spam?
by ZetaGecko | Add Your Comments | Email
One spam solution I've often heard bandied about is to launch DDoS attacks against the perpetrators. This would be done by having spam filters automatically load and reload every web page linked to from email it identifies as spam, and perhaps crawl the websites pointed to. With enough spam filters responding this way, the spammers' websites would get so bogged down in traffic that no one who actually wanted their products (or was fooled by their scams) could get through, and ultimately, the servers might even crash. Also, the spammer would have to pay an enormous amount of money for the bandwidth that was used.
At first blush, vigilante methods like this taste good. We finally have a chance to strike back and make it hurt. But are these methods good?
A little thought reveals that the kind of automated system described above is a terrible idea. If enough people start using spam filters that do this, spammers will simply start putting huge numbers of links to other people's websites in their emails. By linking to a lot of places other than their sites, they will diffuse the power of the spam filters, directing their attacks elsewhere. The bogus links will be hidden in some way or another so that email recipients won't go to the wrong place. If a particular piece of spam has enough links in it to enough different places, then probably no one will be hurt much, but a tremendous amount of bandwidth will be wasted on something entirely ineffective.
The greater danger of this type of retaliation is that it will be exploited to bring down innocent websites. Anyone who has a bone to pick with some other company or individual webmaster will be able to easily launch a DDoS attack against them by sending out large numbers of emails with lots of spam-like text and containing links to the victim's site. This will be so easy to do that it is certain to happen.
A final danger of this type of technique is that a legitimate mass email (a subscription based email list) may someday accidentally trigger a bunch of spam filters and launch an attack against a site that is providing a valued service by the people who are benefiting from the service.
Another vigilante technique is to do away with the automated system, instead specifically targeting known scammers. This site is an example of how that would work. Once a scammer's website has been found, a website is set up with loads images from the scammer's site. The page is set up so that it reloads automatically, so that all one has to do to help in the attack is to leave one's browser open and pointed to that page. (You also have to turn off your browser's cache--otherwise, the images will just be continually reloaded from your cache rather than the target website).
Finding the potential problems with this kind of system is a little trickier. But the problems are less likely to become issues, and there are ways to mitigate them. The problem is that once a scammer discovers that they are under attack, they can protect themselves in at least two ways:
1) Change their DNS records temporarily to point to someone else's IP address. All of the attacks will them be directed to the wrong place. In this case, the IP address targeted might be injured, but since they're not likely to have images in the same locations as the target images, the amount of bandwidth wasted will be much lower than would have been wasted on the scammer's site.
2) A more dangerous countermeasure they might take is to set up redirectors on their site. When a web browser participating in the attack first comes to load an image, the scammer's web server tells it that the image has been moved to someone else's website. This can be done in such a way that most web browsers won't ever come back to the scammer's website to try to load it again. If the scammer redirects to a large image or other large file on someone else's site, and even if they redirect to a small file, but enough people participate, the site being redirected to could be brought down.
Sites such as the one linked to above must take care that they are not abused by the scammers to attack innocent sites. Especially on days when they have scheduled a mass attack, they must continuously monitor the target site to ensure that they haven't modified their DNS records or set up redirectors for their images. If either of those things happens, they must immediately update the attack page to point elsewhere. (I emailed the site's administrators to point these issues out, but feel free to email them yourself to help ensure that the message gets through).
Vigilante techniques may be useful in reducing spam, but they must be done carefully, and probably cannot be done without human supervision. Otherwise, the risks involved outweigh any benefits that might be gained.