• by Bill McCloskey , December 8, 2004

In one of the most bone-headed decisions by any corporate entity since New Coke was released, Lycos Europe has developed (and until recently) was distributing a screensaver that would issue denial of service attacks against servers housing alleged spammers.

Distributed from the site www.MakeLoveNotSpam.com, the idea behind this ill-conceived brain child was that people would report spam e-mails through the screensaver and if Lycos determined they were from blacklisted servers, they would start bombarding the server with requests in order to "slow the server down" - not shut it down completely (which of course, would be illegal).

So where do we begin in dissecting the idiocy of this decision...

We could start in the fact that by taking on such a high risk project (the chances of something going terribly wrong are high) and leaving the company open to potential lawsuits by engaging in highly unethical if not potentially illegal practices, Lycos exposed the company and their shareholders to a potential financial disaster.

There are already published reports that certain sites were not just slowed down, but where shut down - a completely illegal activity. What is the difference between some hacker shutting a site down through a denial of service attack and Lycos doing it?

Well, Lycos can be found, sued, prosecuted, and suffer outrageous negative publicity, something that probably wouldn't happen to the hacker. But other than that - no difference. Lycos Europe is just as guilty of malicious activity as any hacker would be.

And just like you don't give the finger to Tony Soprano, you don't knowingly put a bull's-eye on your back by purposefully going after a group of people who have absolutely no guilt over targeting you, issuing their own denial of service attacks against Lycos Europe, and disrupting the activities of the clients and patrons of Lycos Europe.

There are already reports that one site redirected traffic back to the MakeLoveNotSpam.com site and shut IT down. (By the way Lycos denies that this happened or that they were responsible for other sites that were shut down. However independent monitoring companies have reported that this happened.)

We could also talk about just how untrustworthy blacklists are: often run by vigilantes with their own ax to grind. I reported recently on my own company's domain being blacklisted because they believed it was possible for our servers to be used a relay for spam, even though it hadn't been.

For now, the site seems to be inactive and Lycos has announced an end of the program after three days of running. But I don't think it should stop there. If I was a board member or a stockholder in Lycos Europe, I would want to know who was responsible for such an act of lunacy. I'd want to know who was responsible and I would want heads to roll. And I would issue my own denial of service attack against the paychecks and bonuses of the Lycos executives.

Dumb, dumb, dumb.