Devil's Advocate: Death to spammers?

Or is there a more effective way to deter online criminals?

Last week it was reported that a Russian spammer had been beaten to death. My views on appropriate penalties for internet 'crimes' are still ambivalent. Especially as I am sometimes sorely tempted to commit them myself.

The stream of email scams is little more than an irritant, although it seems enough people fall for them to make them financially viable. Usually they can be filtered out quite easily, and one wonders why ISPs do not do more to eliminate them closer to source, freeing up bandwidth for more useful purposes.

But it is attacks on a wiki that have upset me. Part of my website uses the very neat wiki technology to provide documentation as a collaborative venture. Anyone can add to it, correct it or extend it. This is very much in the spirit of open source. Clearly one could use a system that required registration with login and password. The ability to just come along and contribute an improvement without any barriers is part of the appeal, though.

Unfortunately, such an open system is an irresistible attraction to some people. Spammers are no longer an undifferentiated group, and wiki sites attract the 'link spammers'. Their automated bots look for wiki sites and insert large numbers of links, usually to gaming or porn sites. The aim is to improve their search engine rankings.

There are ways to resist this without spoiling the openness of the wiki. The wiki can use HTML to instruct the search engines not to take account of a document for at least 24 hours, by which time the damage has usually been undone. The spammed links are retained on the site as history but the wiki software can nullify the links so that the text remains but no longer points anywhere. Sadly the spammers are not so picky as to worry about their bots wasting effort in this way.

Now the temptation that comes my way is that when the link spammers mess up my wiki, they leave a record of the IP address from which they operated. Often, I block that address from further access to my web server. It is tempting to go further, and if I had the resources to launch a denial of service attack against the websites promoted by the link spammers, would I be able to resist?

There is little point in attacking the IP addresses from which the attacks come, since they are most likely to be ordinary computers that have been subverted unknown to their users. But in the nature of things, link spammers have to disclose the websites that are being pushed. At least in theory, two can play at that kind of game.

Armies of subverted computers are available through highly dubious sources. Would I be able to use Google to search for 'denial of service attack service' and be put in touch with their controllers? Presumably, I would finish up dealing with someone like the dead Russian spammer. Quite apart from the doubtful company I would be keeping, there is the issue that governments seem keen to make denial of service attacks a criminal offence.

That probably does not concern Russian gangsters too much but it would certainly be a deterrent to me. Yet that makes me wonder if legislation in this area is too much of a blunt instrument. Almost anything can be used for good or ill, and denial of service attacks are no exception. Surely it would only be justice if sites that promote themselves by defacing other people's websites found themselves subjected to attack?

While governments look unlikely to take effective action against spamming, either through emails or web links, it seems unfair to invoke criminal sanctions on the one thing that would be a means of retaliation. After all, it should take only a few counter attacks to force the ISPs to take more action against anti-social behaviour on the internet. That would be better than any amount of criminal legislation.