Shostack + Friends Blog Archive


Lycos' attack spammers@home

I’d like to add one bit about Lycos’ new attack spammers screensaver. Ed Felten writes most of what needs to be said about it:

This is a serious lapse of judgment by Lycos. For one thing, this kind of vigilante attack erodes the line between the good guys and the bad guys. Spammers are bad because they use resources and keep people from getting to the messages they want to read. If you respond by wasting resources and keeping people from getting to the websites they want to read, it’s hard to see what separates you from the spammers.

This kind of attack can be misdirected at innocent parties. The article says that Lycos is attacking sites on the SpamCop blocklist. That doesn’t fill me with confidence — this site has been on the SpamCop blocklist at least once, despite having nothing at all to do with spam. (The cause was an erroneous complaint, coupled with a hair-trigger policy by SpamCop.)

I’d like to add that the screensaver might somewhat usefully do nothing, while promising to strike at spammers. This gives its users the satisfaction of thinking they’re fixing the problem, without actually doing any harm. Its better to get that result by folding them into a network that applies human discrimination to the spam problem, such as the one made by Cloudmark. (Cloudmark uses a cool reputation and voting system that’s much like Google’s Pagerank: Spam is what the accurate voters say spam is. (Shades of the beauty contest problem, but that’s ok here.)

Anyway, Jordan Ritter, who’s one of the founders of Cloudmark, pointed out that people love to feel they’re involved. Lycos’ screensaver could usefully do nothing, while pretending to attack spammers. Of course, it would be far more useful to spend that CPU on evolving new anti-spam algorithms, or weather prediction, or something else.