April 05, 2003
Attacking spammers
I say it's high time we all started actively working to expose spammers and people bent on abusing our computing resources. There's a number of things that can be collected that, over time, can offer telling testimony as to who's guilty of not only perpertrating these evils but facilitating them as well.
Combine this with ever growing geographic and social network data and you've got something. Call out the digital town mob near these idiots and start hitting them where they live.
Basically, collect data and then start mining it. Look to see what accounts get used to send, receive or test for spam. That's right, testing addresses. Many of the spammers are using exploits on web servers to proxy their mail. Start tracking the IP address that sent these probes. As well as the return addresses they're using. Track them over time and see what ISPs are facilitating their abuse. Start leaning, en masse, on these ISPs to get their act together.
The start mining the use of those IP addresses in other systems. Start looking at your web logs, your inbound e-mail, your mailing lists, for these same IP addresses. Cross-reference the e-mail addresses and other site specific data used by those addresses. The correlation of where a spammer probes from against what seems like innocent user activity might start presenting a very interesting picutre. Yes, dyanmic IP addresses make this an added challenge. But remember, if you're using an ISP that facilitates spammers you're part of the problem. Lean on your ISP to get them to act responsibly otherwise your use of these hijacked addresses will start resulting in your getting blocked.
Now start combining that data with geographic data. Learn what IP addresses are coming from what areas. Start informing people in those areas of what's going on. Yep, that's right, start forming a local digital posse. Now, I'm not suggesting people take the law into their own hands. What I'm suggesting is that by exposing these perpetrators to their local community it will lead to them altering their behavior. Basically, shame them in public.
Yeah, there's all sorts of risks associated with pointing the wrong fingers at the wrong people. Sitting idly by is getting us nowhere. If there's risk of implicating the wrong people then systems have to be built to allow for corrections.
