Lycos Europe's new approach to stop spammers is dangerous at the least, and in this writer's opinion, downright wrong.

Does the end justify the means? That’s a question that’s been asked a million times throughout the ages. Shakespeare addressed it in Hamlet; Truman wrestled with it towards the end of World War II. And I can remember countless after school specials that addressed Machiavelli’s infamous theme.

Some argue that the end never justifies the means -- I’m not so sure. I had a philosophy professor back at Uconn who used to delight in these types of moral discussions. I was always game for a good chat, particularly when we held our discussions at the local watering hole. Anyway, at some point last week, Machiavelli made his way to the Internet space -- in the context of the great crusade, better known as the war against spam.

The question posed -- albeit indirectly -- was this: Would a company be justified in taking extreme measures in order to keep spam messages from polluting our inboxes? Whether they meant to or not, Lycos Europe has apparently given us their answer. The company recently released a screensaver that is designed to make spam a more expensive and less lucrative business. The screensaver, dubbed “Make Love Not Spam,” is designed to endlessly request data from the sites of known spammers. The basic premise is that if enough users download the software, the cumulative effect of many data requests will tax the spammer’s servers, costing them more money.

I must admit, the thought of giving the spammers an old fashioned butt whooping is pretty enticing. And Lycos has indicated that their user base has received “Make Love not Spam” very positively. According to company spokesperson Malte Pollmann, “We have been totally overwhelmed by the success of the program.” By last Wednesday, the software had been downloaded by more than 100,000 users.

The company has clearly tapped into user frustration with spam. Moreover, according to the company, their proactive approach to combating spam has already had an impact on the number of spam messages. “We already see a decline of spam messages directed towards the mail accounts of our user base,” says Pollman, in an email statement last week.

Very few people would criticize the general aim of Lycos’ new program. Just about all of us have felt the frustration of having to weed through all those messages, and everyone would like to see spam reduced. I’m not convinced that “Make Love Not Spam” would put a huge dent in the proliferation of spam. But even if I concede that it would, the question in my mind is – “at what cost?”

Denial of service?

I’ve read countless articles and blog entries that allege Lycos’ program utilizes a denial of service attack. For those of you who don’t know, a denial of service attack is designed to “bring the network to its knees by flooding it with useless traffic.” It’s typically used by hackers and other miscreants to wreak havoc on a site, and is usually designed to shut the site down.

Spokespersons for Lycos have repeatedly insisted that “Make Love Not Spam” does NOT employ any form of denial of service attacks. Their rational is that each individual request coming from “Make Love Not Spam” is so small (only a few bytes) that its impact upon the spammer’s servers is relatively insubstantial. The problem with that rational is that we aren’t talking about a single request -- we’re potentially talking about millions of requests. Lycos Europe boasts 7.7 million unique users, so if only a percentage of them were to download the screen saver, logic (as well as the law of large numbers) would dictate that the impact would be significant.

In any event, I don’t want to get into a technical argument regarding the “true” definition of denial of service. Call it what you want, but releasing a program that is designed to endlessly request information from other company’s servers with the stated aim of draining their bandwidth is a bad idea. How can I call it anything else? Imagine what would happen if this were deemed a legitimate business practice. Would iMedia release a screen saver designed to negatively impact Mediapost or the DMNews servers? Could Coke do the same to Pepsi?

Collateral damage

Another issue with “Make Love Not Spam” is that the program could easily impact other organizations. According to Steve Linford of the UK-based anti-spam organization Spamhaus, “The problem is, most spammers' sites are hosted on Web servers using Virtual Hosting', so the same Web server is often serving hundreds of Web sites, of which almost all will be innocent users.” So by overloading the spammer’s servers, Lycos could also be inadvertently impacting the servers of companies that happen to be hosted with the spammers.

Moreover, determining which sites are actually used by spammers can be problematic. Lycos plans to obtain much of their information from various blacklists. In my experience, while some blacklists are pretty accurate, others, well… not so much. Anyone who’s ever been in the email business has a story about a “responsible” marketer winding up on some blacklist and having a real hard time removing themselves from the list. And many spammers are known to hijack other IP addresses in order to send their messages.

So my point is that a good deal of innocent sites could easily find themselves caught in Lycos’ net -- and find themselves subjected to the added costs of having their servers receive endless data requests. According to Pollmann, Lycos manually checks each of their blacklists everyday, which surely limits the number of innocent organizations that are impacted. I’m sure that’s a small consolation to any site unlucky enough to slip through the cracks.

The bottom line

At the end of the day, Lycos released a product that interferes with the operations of other businesses. And that’s not just wrong -- it’s outright dangerous. It’s dangerous because it causes collateral damage. It’s dangerous because it represents an endorsement of questionable business practices and vindicates the actions of hackers. And it’s dangerous because if repeated by too many others, it would require a complete redefinition of the concept of bandwidth ownership. And by the way, it could cause the entire Internet to crash. Is stopping the spammers worth that risk? You tell me.

Editors Note: As of yesterday, research and analysis firm Netcraft was reporting that Lycos Europe was taking down the MakeLoveNotSpam.com Web site and bringing the anti-spam campaign to an and. According to reports, the company said it had acieved its objective, which was to ignite a debate about anti-spam measures.

Alan Chapell is a consultant focusing on Privacy-Marketing -- helping companies understand privacy and incorporate consumer perception into product development. He has been in the interactive space for more than seven years with firms such as Jupiter Research, DoubleClick and Cheetahmail. Mr. Chapell is the New York Chapter Chairman of the International Association of Privacy Professionals, and he publishes a daily blog on issues of consumer privacy.