Packet Rat: Rat sees spam bounty idea as a bust
Michael J. Bechetti
The cyberrodent has been struggling to prop up the wall against spam that daily floods his agency's e-mail servers. But, like Custer's men at the Little Bighorn, he's starting to realize that reinforcements aren't coming anytime soon.
'It's the Wild West out past our mail gateway,' he told one of his underlings. 'The only law that's recognized is the Almighty Dollar.'
Confirming the Rat's fears, the Federal Trade Commission recently approved paying bounties for information leading to the capture of distributors of unsolicited e-mail.
'Why don't they just print up some 'Wanted, dead or alive' posters?' the whiskered one wondered aloud.
The only people who could potentially make a killing from the bounty offer are, well, spammers themselves. Techno-bounty hunters, following a trail of e-mail headers, couldn't begin to finger the perpetrator behind a spam campaign accurately enough to hold up in court.
The Rat pointed this out to his offspring, who were already planning to drop out of school and become famous international spammer bounty hunters, armed with network sniffers and now-legal assault weapons.
'Man, why do you always have to spoil our plans for world domination?' his eldest pouted.
The best hope for the bounty program, the report said, was to lure whistle-blowers within a spamming organization to inform on their bosses.
'Let's face it,' the cyberrodent told a friend at FTC. 'If you work for a spammer, odds are that some measly monetary reward isn't going to persuade you to out your boss and lose your job. That would be like expecting Frank James to turn in Jesse.'
Of course, the IT community hasn't helped much either. For a brief, shining moment, it looked as if the Internet Engineering Task Force's InfoTech SuperFriends had come up with a workable answer. They wanted to use lists of approved message transfer agents'the sources of e-mail traffic'for each Internet domain to block spoofed messages or messages sent from zombie PCs within the domain.
The MTA authorization records in the IETF's Domain Name System working group had a couple of decent options on the table'until Microsoft Corp. started to claim patent rights to almost all of them. Naturally, that made open-source developers a bit unhappy. Even America Online Inc. dumped the proposed SenderID standard when Microsoft refused to budge.
The result is that the Rat and others like him are left to do solitary battle against Nigerian scam artists and zombie spam-spewers.
The wirebiter thought he could turn to gray-listing, holding messages for a quick check of their source MTA. He'd already white-listed most legitimate mail servers for the .gov and .mil milieu to ensure that their sluggishness (perhaps due to spam) doesn't turn them into false positives for spam zombies.
But there's a downside, as he found.
The latest acting assistant secretary complained that his invitations to open a Google Gmail account kept getting stopped as spam by the Rat's software.
The wired one was about to respond that those messages were spam, when he thought better of it. If the boss opened a Gmail account, he'd at least have someplace outside the agency network to accumulate spam. The Packet Rat once managed networks but now spends his time ferreting out bad packets in cyberspace. E-mail him at firstname.lastname@example.org/a>.