Tim Bray writes about Crooks in Plain Sight and asks “What am I missing?”. Why do we have web criminals when the sources are so easy to identify?

In fact the lack of sense it is much worse (or better - depending on your point of view).

It is easy to shut down script kiddies, if you have lots of time to waste. It is not too hard to identify machines sending spam, or websites hosting scam artists. In the end this is about as effective as playing a game of Whack . A . Mole. There are an almost endless number of clueless teenagers, unsecured machines, and careless webhosts.

Still the problem is entirely solvable. How do you avoid scam artists in real life? Know who to trust.

Trust can be built into algorithms.

Want to shut down spammers at the source? Block outgoing SMTP connections for most customers. Count the number of emails sent per hour or day. Shutdown accounts with unusual activity. Trust your users as you would in real life - let experience be your guide. A new user who starts posting hundreds of messages should get your attention. An old user (someone you have come to trust) would get less attention.

Handle irresponsible ISPs by blocking all traffic until they get their act together. Script kiddies are easy to spot - setup honeypots.

Want to shutdown scam artists? Follow the money. Create “poison pill” accounts with the credit card companies. Shutdown the business account of anyone who trys to use a poisoned account. Cut off a scam artist’s money, and you make their business a lot less attractive.

Want to spot spammers who harvest email addresses and clearly are in violation of “opt-in” requirements? Plant “poisoned” email addresses on USENET newsgroups and bogus websites. Anyone sending to a “poisoned” email address is almost certainly dishonest.

Cutoff the money, the email, and the ISP used by dishonest folks and you can pretty much wipe out the problem.