On Thu, 29 May 2008, Luke S Crawford wrote:
Peter Beckman <beckman@angryox.com> writes:
If you are taking card-not-present credit card transactions over the ...snip "hard to charge fradulent customers" and also "verifying customer identity annoys the customer"... points-
The goal here is to give abuse a negative expected return. One way to do this is to charge (and collect) a fee that is greater than what the spammer can earn between when they sign up and when you shut then down. There are two ways to do this - 1. raise (and collect) the abuse fee, or 2. lower the amount they can earn before you shut them down.
All these charges do is line the coffers. Sure, a few might be prevented from doing it in the first place, but the rest will continue, and everyone else here, including Barry, will continue to get hit by spam and DOS and backscatter.
I wanted to point out another option providers now have. IDS technology has matured. Snort is free and pretty standard. Personally, I find monitoring incoming traffic to be... of limited utility. However, I believe snort is an excellent tool for lowering the cost of running an abuse desk, if you run it on the outgoing traffic. Snort is pretty good about alerting you to outgoing abuse before people complain. Heck, if you trust it, you can have it automatically shut down the abusive customers.
This is what I think we should ALL be doing -- monitoring our own network to make sure we aren't the source, via customers, of the spam or DOS attacks. All outbound email from your own network should be scanned by some sort of best-practice system before delivery to prevent or limit spam from originating on your network. IMO. But let's be realistic -- the reality is that not everyone does, due to financial or resource or management constraints, and that receiving spam and being hit by DOS attacks and being slashdotted is simply part of the cost of being on the 'net. Profiting MORE from those that proliferate these attacks may hurt you less in the bottom line, but it still hurts everyone else who is the target of the attacks enabled by high AUP abuse fees. I know I'd be just as ticked off about a spam attack from Amazon EC2, whether or not Amazon got paid extra to enable it. Beckman --------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------