Hmmm...possibly...I just wonder how "reasonable" anyone that puts this in
place will be. Vigilante tactics tend to be emotionally driven, and emotion
and reason...well... you get the idea.
I remember the early days of SpamCop. Lots of false positives, and a lot of
headaches trying to get those removed. They're very good now, but it was a
painful experience early on. I wonder if the time and effort will be taken
to put proper controls in place...and still disagree with what I perceive as
a misuse of bandwidth to perform an attack with this vigilante tactic.
But I think I may just go buy more telecommunications stocks anyway...<grin>
Darin.
----- Original Message -----
From: "Marc Funaro" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, November 30, 2004 10:50 AM
Subject: RE: [IMail Forum] Lycos screensaver tackles spam websites
Resellers of a product at some unsuspecting company who has no
> idea that the
> person/company that just signed up intends to use spam to push
> the product.
> Admittedly this will make the spammer easy to track and
> prosecute...and any
> legit company should/would shut them off as soon as they realize what is
> happening...but for a third party to attack a legit company
> because of what
> one reseller does for a short time is objectionable.
I guess I'd argue that one reseller would probably not be enough to
immediately place a "legit company" in a DDoS database right away. And
promptness of action might actually be a good thing, forcing companies to
really consider their reseller program contracts and make changes rather
than slip under the radar for too long.
>
> This collateral damage concept comes up every once in a while.
> I think most
> people would take a different view of this if they were the ones
> put out of
> business as a result of the "collateral damage". It's all fine and good
> until it happens to you...
Honestly - in all true honesty to myself and to you - I'm willing to be in
the at-risk category. If I started getting DDoS'd today, it would be an
inconvenience to be sure. But if the DDoS service is being run properly,
with proper controls (a big IF, I know... again, it remains to be seen how
Lycos will handle this new service), if I'm a legit company I should be able
to contact Lycos and be removed from their database. Better yet, I should
be able to be proactive and "register" my website so that if I am about to
be added to their database, I can be notified in time to take action. I
don't see such a feature at Lycos, which might be a good suggestion to put
to them, but could be a means of defeating the service.
All of this, of course, is based on some pretty strong assumptions -- that
Lycos is going to handle this service well, that their database will be
accurate, that they will respond in a timely fashion and with proper
attention to removal requests, and that they might implement a
register-and-be-notified-pending-addition-to-the-database feature (which
might defeat their purpose... notifying a spammer before they are added so
they can change the target site or something, of course).
IMO, if Lycos sticks with the top 10 or even 20 real offenders -- true spam,
and true websites that support it -- "collateral damage" should not be any
worse than the percentage that some of you are losing as a result of spam
filters.
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
