TrustE Launches Trusted Spammer Program

Silverhammer writes: "InfoWorld is reporting that such luminaries as TRUSTe, ePrivacy Group, MSN, and DoubleClick are getting together to develop a "trusted senders" program to certify "commercial email" and "elevate" it above ISPs' and end users' spam filters. Why, you ask? Because they believe it's actually our fear of fraud that's hurting their response rates. Apparently all that stuff about invasion of privacy and theft of resources is just a big misunderstanding..." The Infoworld story linked above has the best information about this seal program, but CNet has another story including a quote forecasting 1400 pieces of spam per person per day in five years. Update: 01/31 17:02 GMT by M : The FTC is announcing a crackdown on spam.

Oh Goody Goody.

[Animol]

See, I just didn't have enough things to do with the computer when I got online. I found myself feeling isolated, unrecognized, and downright bored. I'm just relieved to know that somebody knows more about me than they should, and that they can target not just the occasional pop-up web ad to me, but hundreds - nay, thousands of e-mails inviting me to partake of their oh-so-wonderful business opportunities.
Seriously, people, this could be a good idea potentially, if a few things were true:
1. It decreased the amount of "non-certified" spam, just because almost anything that decreases spam is a good thing.
2. You had an option to block the "certified" spam in addition. I wouldn't mind a few extra seconds of effort if I could take care of the whole group of approved spammers all at once.
3. If they agree to only "approve" non-porn spammers. I have the distinct disadvantage of being an AOL member, and my god, I tire quickly of the same "incest-with-beasts-vegetables-and-more" crap. It's not even funny anymore.
But, since I don't see any of those things happening, once more we find ourselves at the mercy of the big businesses who obviously know what's best for us.

Spam is spam

[Polaris]

The definition of spam is unsolicited bulk email. If I didn't request it, it's spam. I don't care about verifiable senders, guaranteed content, or genuine remove methods: I JUST DON'T WANT IT AT ALL.

Absolutly right on

[Nf1nk]

I do web development and we had a customer state intrest in becoming a TrustE member

It has fewer requirements than being BBB member.

1. First a Privacy statement (use your own or cut and paste one of ours)
2. send a check (for more than you would think)
3. Place "Trusted Site" Seal on your page (with a link back to them)

It just makes me wish I had thought of it first, but at no point did they ever say thatwere not suppossed to send out reams of e-mail to the unwary.

Re:Trusted Spam?

[Frater+219]

Question how can any spam be trusted?

How can any thief be trusted? How can any vandal be trusted?

Spam is theft. Never forget that. Sending email to someone requires the use of resources which that person legitimately owns or controls, and you do not. Therefore, if you are habitually sending email to people who do not want it, you are appropriating resources to which you have no right. That's stealing.

It doesn't matter if the commercial offers made in a spam message are themselves legitimate or if they are fraudulent. A legitimate advertisement wrapped around a brick and thrown through my window is just as offensive to my rights as a fraudulent advertisement delivered in the same way.

Opposing spam is not about opposing commerce, or "commercialization of the Net", or the free market. It is about defending private property from trespass and theft -- and defending a useful service (the email facility) from its ruination. For if spamming is "legitimized" by crooks such as these, the email facility as we know it is not long for this world.

Email should work more like ICQ...

[NanoGator]

I don't rely on e-mail much anymore, just at work. I have Trillian to keep in touch with my friends. I like it because people have to get my authorization to see me on-line. Why can't email act like this? Heck, it'd only require a client really. It works like this:

Somebody sends an email, it sits on the mailserver. The new mail client checks the from field of the address and attempts to match it up to its address book. If it finds it, the mail goes through. If not, then a mail is sent back saying "You are not authorized to send this mail. Would you like to acquire authorization? Then please send a message back with exacctly this in the Subject 'INSERT PASSWORD HERE'." (that part is an image like a .JPG file or a .GIF file, preventing spammers from writing a script to automatically seek authorization.) Then, once it's sent, I get a message on my mail client saying "So and so has requested authorization", alot like ICQ. If I authorize it, they're good to go. If I deny it, then I dont recieve any more messages from them.

I'd get this client installed today if it were available. Right now I manually add filters to put people I really want to hear from in a different folder. Everything else sits out in the inbox until I do a cleansing. I'm starting to see patterns in what I'm getting too. I think I'm going to filter the words diploma, enlarge, and celebrity.

Re:Email should work more like ICQ...

[WNight]

Despite the comments from the nay-sayers, I have seen this system in action and it seems to work just fine.

The system held incoming email from a new correspondent for 24 hours until they emailed back a randomly generated password that was sent to them.

Even just stopping here would be enough to remove 99% of spam because almost all return addresses are forged.

To go further and encode the password in a picture file would stop almost all automated systems you could make, and a few little tweaks (using a striped background) that you changed every few months would keep them from using OCR.

And finally, who gets enough email from new people every day that the fraction of a second to encode a .GIF (or .PNG if you wish) file and email it is going to add up to more than a few seconds? It might inconvenience the emailer and if for example you applied for a job with that email address it might be a bad thing, but you could always either tell it to let anything from a certain domain through beforehand.

Re:Makes it easy to filter now

[Erasmus+Darwin]

"How about using one of the two tried and proven protocols which are available for the purpose of receiving and retrieving email instead of relying on web mail?"

...says the person using a web-based message board instead of good ol' Usenet. Both web-based messaging and web-based email have advantages that're sometimes missing and sometimes completely unavailable when using their more traditional counterparts.

It's fairly obvious, for example, that you can't beat the ease with which I can use hotmail or slashdot in a "foreign" internet-enabled environment (such as an internet cafe). It's a toss-up whether or not they'll have a smart email client that can seamlessly integrate with your account, but you know they'll have a web browser capable of letting you do what you need to. Given that you can't always predict, in advance, when you may wish to access your mail in such an environment, that does make web-based mail a valid alternative for an everyday account.

Furthermore, I don't see why people insist on whining about web-based email clients, when said clients don't inherently cause an interface problem. If a given web-based email client decides to send out HTML-ized mail, it's a problem that's particular to that client (and it's a problem particular to non-web clients, as well). If a given web-based email client has a high incidence of spam comming from it, it's a problem that's particular to that free email service (regardless of whether or not the end-user uses the web to view his/her mail). Ditto for services that append advertising to outgoing email.

In short, it doesn't matter whether a person has their email displayed via the web, psychic energy waves, or even an old-school teletype. Your only concern should be with the protocol and formatting of the messages they send to and receive from the outside world.

Re:Why does Spam matter?

[Frater+219]

To put it bluntly, what's the big freakin' deal?? Delete it and move on....or am I missing a larger point?

Well, first of all, spam is theft. But on the practical side ... did you miss that part about "1400 pieces of spam per person per day in five years"?

Spamming has no marginal costs. It costs the spammer the same amount (i.e. nothing -- a free one-month AOL account) to send a million spam messages as to send a thousand. Therefore, it is in every spammer's interest to spam as much as possible. That is to say, the demand that spammers place upon the email facility is by nature unlimited.

However, the demand that legitimate users place upon the email facility is finite. Compared to the number of people a spammer targets, a real user only exchanges email with a small number of people. Moreover, real users write their email individually -- they don't send the same message to a million addresses.

If spam is "legitimized", then that infinite demand will take over. The number of spam messages you get will dramatically outnumber the legitimate messages you get from people you actually want to converse with. The email facility will become useless, drowned in the noise, just like many USENET newsgroups.

Better to get spam then junk snail mail...spam doesn't have to be recycled.

Interesting you should mention that. When someone sends you junk snail mail, s/he is paying for the privilege. In the United States, the postal service actually makes so much money off of bulk mail that even though bulk mail gets a discount for pre-sorting, it ends up subsidizing non-bulk mail.

The cost of sending bulk mail varies in proportion to the number of pieces of mail sent. If I want to send out a million postcards advertising herbal Viagra, it will cost me about a hundred times as much as if I sent out only ten thousand. I have to pay the postage, as well as costs such as printing, sorting, and getting the things to the post office.

However, as mentioned above, spamming has no such marginal cost. If I write a Perl script to send spam messages, it doesn't cost me any more to send a million than ten thousand. It just takes a bit longer.

Authenticated Spam

[Alan]

While reading the article on info world, I first thought "great! finally I won't have to filter my spam, I'll actually be able to get off the lists!", but then I realized a a few of the larger implications.

• Remember when some large company (I think it might have been ebay) reset all the user preferenes for "send me newletters" and "share my info with spammers^wpartner companies", claiming that there was some problem and they were resetting the user preferences because the users didn't understand? This is very similar to that. Suddenly all the nice, mostly working spam filters on places like hotmail, yahoo mail, or pretty much any large free email service that has spam filters will stop filtering these emails. Result, now you get just as much spam, but now a chunk of that will go into your inbox instead of your spam folder.
  
  Users then get to go through their spam, clicking on the 'click here to be removed' and wasting their time and bandwidth, until the next bout of spam comes through.
  
  
• People will get just as much spam as before, just now some will be digitally signed. Chances are you will NEVER get off all the "certified spammers" lists, so you'll still get spam in your inbox, and have extra hassle as now users feel they have to go through the removal process for them. I'd much rather have a "never have any certified spammer send me any mail" service, which goes and removes you from all the certified spammers' databases. The services is to try to give the user control right? So give us the control to not get spam that we don't want!
  
• How long do you think it'll take for these groups to really get it right? There are always glitches that show up in new systems and I'm anticipating that there'll be more than a few people who are spammed multiple times from companies that are not only certified, but the user has said "I don't want spam from you anymore!" Just a start up glitch or two, yea, that's it....
  
• How long before someone figures out a way to beat the system? Sure, I know that it's a signed cert, but think of the potential for a non-certified spamming bastart to manage to spoof the 'seal of approval' and be assured that their spam gets into everyone's inbox. Not only that, but when people email them back with the 'remove' emails, they get a nice list of 'live ones' that they can spam merrily along using perhaps a different company name, from address or approach as not to make the user suspicious.
  
• Along those lines, what stops companies from not spamming multiple times for different products, or from different spinoffs. Use the database of 'removes' to feed into a list of emails to send out for their next product, promotion or whatever... hell, just sell the list to non-legit spammers!
  

Basically, it's a good thought, but there looks (to me) to be so many potential fuckups, especially with the assumption that becuase it is "legit" people want to see it, that I don't think it'll be any better, and will probably be worse, as now you have two different types of spam to deal with. No thanks, it's spamassassin for me! :)

Re:my cunning plan

[Tazzy531]

One ISP that I had worked with a while ago setup his sendmail so that with each subsequent message it sends, it takes a quarter of a second longer. So, the idea was, spammers send thousands of messages at a time. So after the 100th email, they would have to wait a couple minutes to send. At this point, not knowing that the ISP set this up, they would cancel the send.

A couple of things lept out at me

[kingosric]

From the Infoworld article

This seal, which will appear in the top corner of the body of the message

and

When the consumer clicks on the seal, they are connected to the Trusted Sender computer, which verifies the digital signature

So does this mean that a) the e-mail is HTML only and b) the sender knows that I've tried to verify it?

How does this help me?

DCMA and 'authorised' spam

[duncan+bayne]

Here's a thought - what if I wrote an email client that forced users to read TrustE-authorised spam. Say, before you could read any non-TrustE-spam, you had to spend at least 5 seconds on each spam, scrolling from top to bottom. This would be to put it mildly a trivial addition to any existing mail client (except telnet :-).

Hey presto, you have a spamming tool that is legally enforced in the U.S.A. by the DCMA. Want to remove the spam? You're breaking the law.

Of course, if I was being a *real* bastard, I would prosecute any clients that don't enforce spam, but use my mail-server. Yep, if you're using an unauthorised mail client to strip spam from mail you receive, that's a DCMA violation as well.

Do you doubt this could happen? Imagine having a conversation with someone twenty years ago, trying to explain to them the DCMA, DVD encryption and the Skylarov case.

Re:You don't pay for junk mail via postal service

[madmancarman]

Bulk mail, presorted stuff, stuff mailed and labeled by machines is actually cheaper for the Post Office to deliver, but the PO doesn't pass ALL of this cost savings on to the Bulk Mailers. You see, those folks sending out junk mail are actually SUBSIDISING YOU! That Valentine's Day card you're about to send to your grandmother costs you less than it should because of all those coupons and solicitations you receive.

If you eliminated junk mail from the US Mail, the Postal Service would cost _more_ per piece to maintain, the price of stamps would go _up_ and it wouldn't save a dime from the Federal Budget.

A few points:

• I think many people (myself included) would be willing to pay a small fee if they were guaranteed that they wouldn't receive a single piece of junk mail.
• Just because "advertising" slightly decreases the overall cost of something (junk mail, television, web sites) doesn't justify its existence for everyone. I would rather pay $10/month/channel for in-demand streaming video to a set-top box without commercials than pay $100/month for all the channels and have to put up with annoying advertisements.
• Who cares if the price of stamps goes up? If you need to send a letter, use email or fax. If you need to send a package, use UPS or FedEx; they have better tracking systems anyway. If the postal service can't compete in some areas of communication and in light of new technology, then maybe they shouldn't.

First they ignore you, then they laugh at you, then they fight you, then you win. -- Ghandi