Slashdot Mirror
Email (As We Know It) Doomed?
Mephie writes "A pretty interesting article at Slate.com takes a look at how spam may be killing email as we know it. With the increase of spam, the argument is made that more users will switch from blacklisting spammers to 'whitelisting' specific, trusted addresses, making email more like instant messaging: if you're not on someone's 'buddy list,' you have to prove you're an actual person (e.g. identify a word in an image) to send a message." May be?
Right now, my email box gets about 30 spams a day. I almost never receive legitimate email anymore.
.. Email is just becoming outdated as a method of communication, funny how fast that happened. Spam didn't help though, that's for sure.
Additionally, I find that email communication is too slow, which is ironic since its so much more efficient than the old way everyone used to communicate by post.
Instant messaging clients have more than replaced email for me. They can do everything email clients can do, without spam.
Email will always have a place of course, like websites will need email addresses for contacts, and other such things. But for person to person communication, instant messaging clients are much easier to use
Tolerate no spamming what so ever. If one complain about a customer with an proven case of spam would arrive at a abuse department, shut that account down. There is no need to allow this, and no need to "warn" users doing this.
My ISP limits me from commersial activities at my homepage, why not limit the e-mail account from spamming.
The biggest problem today is that the price of spam is not charged from the spammer, but the poor user who recieves the shit. For all you americans out there, sue a spammer, make him/her pay for all loss of productivity he/she has caused. It'll make you rich, and perhaps make spammers think twice before clicking that send button.
Another doomsayer, give me a break, the Internet is going to fall apart in $random years, we'll be swimming in spam and popup ads, hackers will wage "cyberwar" on our "infostructure" unless we do something about it. Whatever. Use the proper tools. By now if you're still swamped in spam/popups/adware, then you're an idiot.
The moron who cut me off on the road this morning is a danger to motorists, highways are doomed to failure!
Previously bayesian spam filtering was demonstrated on slashdot to be very effective. Once this becomes commonplace, and seamless, no extra configuration required on the users behalf, hopefully we will see the end of spam.
However, combined with whitelists this could be quite useful. Bayesian filters to filter out spam, except for whitelisted spam. Eg mailing lists of advertisements you sign up to being whitelisted could be effectively. I suppose that when you sign up to a mailing list that would normally be recognised as spam, when it sends a confirmation e-mail your client could recognise it and ask if you want to add it to your whitelist.
Anyway, with the introduction of bayesian filters into an ordinary client means that the future of e-mail may not necessarily have to be so bleak.
It would be like internal phone systems? I don't know, as much of a double-edged sword as it could be, it would be useful. The vast majority of my email is at work anyway, and I only email people I personally know or have at least talked to, so could this be a good thing?
Qualitas edurus commercium, nullus penitus net rimor, nullus deus beneficium
2 things i propose we should do to prevent spam, if you have more feel to share. First of all things like whitelisting won't work too tell since spammers can send mail using fake email adrresses from a whitelisted company. The best things to do to kill spam is to set up 3 or more mail accounts sign up with about 50 or so mailing list and then wait for the spam to come in. The spam that comes in to these mail account should be filtered globally to all mail ccounts listed under the provider(ie. hotmail), in theory this would work well. The second thing we should do as a community is to find out exactly who these spammers are and give them a taste of thier own medicine by spamming thier coporate email accounts. The govvernment should help and sponsor such programs if they can't legitamely stop spammers.
I had spam yesterday where they spelt Viagra wrong. Unless Viagrea is a new wonder drug?
This is as likely to happen as that Europe-only internet thing from a month back.
Doom! Gloom! The sky is falling! Email will never be the same!!!
SpamAssassin
It solved most of my SPAM problems. I get the rare spam in my normal mail box, but the rest gets put away as soon as it comes in.
Here's the secret to immortality:
Then, I should ofcourse plug this Openchallenge submission about Learning e-mail classifier:The use of a naive bayesian algorithm in automatically filtering spam and classifying e-mail has been discussed and also implemented in the past. Implement an automatic e-mail classifier system which works together with an IMAP server. The system should: a) constantly refine the database used to classify messages either by periodically re-analyzing the IMAP folders or by tracking each incoming message and periodically checking to which folder the user actually moves each message. b) assign each incoming message an extra header item which contains the path of the IMAP folder where the message belongs according to the classification algorithm.
Also, you could also mine your site for smammers like this.
So, my point is that just during last two years the spam problem has exceeded so much that there is enough interest in fighting it seriously. Spam will die.
At least with email, some people feel obligated to write it in an understandable format, with periods and paragraphs and all of that jazz.
I'm not looking forward to a client sending me a message asking "hay u - can u plz giv me ur hostin $$s 4 a dedicated surver cuz r bizniz haz a webby n we wood lik ur survece 2 suply r webby thnx b ur bud 4eva"
so what happens when person A emails person B? if both of them have this whitelist-filter..
B's whitelist emails back saying "identify yourself", A's whitelist respons with "identify yourself"
infinite loop?
I would have no problem with public crypto. If a message isnt cryptographically signed by someone who you care about, then you could just nuke it. I'd be all for this.
Kan jeg få en pils, vær så snill?
CloudMark or other systems that use peer based filtering seem like the way to go. If 10 people have said this is spam, why should I have to see it?
"A language that doesn't affect the way you think about programming, is not worth knowing" - Alan Perlis
Checking the early morning Hotmail... *sigh* another ad for me to get a bigger penis. Imagine if my real friends were always telling me to get a bigger penis? I'd have no where to turn.
Saskboy's blog is good. 9 out of 10 dentists agree.
Actually i don't know why - but i don't get spam. Maybe my provider filters it out, or i am just lucky. But i receive usually several "normal" emails per day, but i didn't get a single spam mail since about half a year now. Before that i got about once or twice per month some spam.
Btw., i am somewhat careful, like not giving out my email-address more often than necessary. But it's for example available at my web-page (i heard that's enough for other people to receive spam).
Am i the only lucky person on the Web?
Be honest, besides some hotmail addresses that I use to register to some news sites, I don't get that much spam, maybe 8 a day...
I added some filters in Mozilla, since then, what I know falls in specific directories while potential spam falls in the inbox, making it quite easy to delete, unless it appears to be legitimate *or* interesting (I actually found one spam to be interesting...).
Anyway, email is like telephone : you may still get wrong calls but it should not make me consider this medium as doomed...
I have^H^Hd more issues regarding web popups or onLeave( window.open...) stuff (Thanks Mozilla, it won't happen much, now).
Trolling using another account since 2005.
"I've got root on your toaster. "
Oh yeah! Well I got toast on your rooster!
One of the advantages of being a lot smarter than my computer is that it takes me probably less than 1 second to read the subject line of a mail and delete it in the case of spam.
Even at 50 spam mails a day, it probably will take less than a minute of my time... Like most people I have multiple accounts, one for subscribing to god knows what and the other as my genuine address.
I know it's irritating, but surely people aren't getting that pissed off with it ? I mean, maybe they need to gain perspective rather than change email, because lets face it, it's damn handy.
tom-george.comBecause geeks rate higher t
I just can't really see email going away, especially not in favor of IM. Emails true usefulness, the thing that makes it a 'killer app' is that it is asynchronous. Unlike IM, when I send someone an email, it is unnecessary for them to be online, or have their IM client running in order to receive my message. Their email server is more than happy to hold their email for them until they can get it, and allows them to respond when they can.
Additionally, it's not like IM is spam-free. A quick google search reveals a growing business in providing anti-spam tools to IM users, so I doubt that making email more IM-like will help, though I do see some limited use of whitelists to be beneficial.
Businesses however, can never get away with using whitelists, or even most blacklists to reduce the amount of spam they have to deal with. I know that at our company, we cannot block nearly the number of netblocks that we would like to, as we need communicate with customers almost exclusively by email, and cannot afford to lock out potential buyers for any reason.
The solution to the spam problem is not an easy one, especially not for businesses, but small steps forward are made all the time, in better pattern matching, address lookup, etc that one day will (hopefully) allow for spam to be stopped, or at least to stem the tide...
to more carefully read the agreements that you are supposed to agree to when you sign up for your email account. If people used a bit more scrutiny, they would save themselves a lot of hassle in the long run.
Either that or maybe people don't understand that "free" email usually means "spam supported" email. A lot of the reason the email is free is because the host is prodiving lists of addresses to companies.
I use www.myrealbox.com as my host. It's free pop3 and there is even a provision to report spam. Worth checking out.
~my 2 cents
If you get an error, type "OVERRIDE" or "SECURITY OVERRIDE" and then try the optimize command again.
Spam is easy to detect. an opt-in method is tricky to set up. We just need baysian filtering built in to email software.
The anti-spam movement has been saying this since 1997. It's about time the world woke up and realized how badly the spammers have trashed the effectiveness of email. I know I block using several DNSbl's, a huge access.db with spamassassin picking up the slack that the others miss. I have had to whitelist people whose email gets caught in the other traps.
To me, I dream of the day we can go back to simply leaving email unfiltered and where we receive only that mail we would normally expect, not drivel from marketoons who think that email is the next best thing to handbills posted on my front door. I'm tired of having to update my access.db. I'm tired of keeping up all the diligence, watching logs to see what legitimate mail might have bounced.
Thank you, you rotten, spamming assholes and all the idiots that ever bought anything advertised in spam email.
Rich
Like everyone else, my inbox is flooded with spam, even though I only gave my address out to close friends/family. But my address is such that it can be easily guessed (first initial/last name.) To get around this, I was going to make my address some random string of alphanumeric charaters -- until it was pointed out that this is what spammers do and no one would read my mail. :(
Long live Spam Assassin!!
The worse spam gets, the more people will look to alternatives. Maybe it's time to set up some infrastructure for Internet Mail 2000.
I guess this is where PGP signatures would come in handy. Simply refuse to accept anything without a valid PGP signature (and possibly all unencrypted mail too). Of course, you would be very reliant on the concept of "trust" that is already present in PGP - although on a different basis. The web of trust today only reflects how much people are who they claim to be, whereas a new model also would have to reflect how much people "like" the person sending the mail. Spammers could obviously "validate" each others, and thus the would system would break down :(
The obvious "problem" with e-mail is that anyone can send anything to any valid adress (this also makes it a Good Thing (TM) though), so it would also be an idea to make it harder to get e-mail adresses. Never typing ones e-mail adress - even in "encoded" form (my-email at thisserver dot com) - is definately a start, but all it takes is one AOLer to type it on a webpage, and you are f***ed. Honestly, putting you e-mail available only as an image is not going to help much. There will be a breach of "security" somewhere along the line, and then the flood of spam commences.
The only solution I can see is to just outlaw spam and prosecute them hard and fast. Fat chance that'll ever happen in good 'ole business-friendly US of A.
________
Entranced by anime since late summer 2001 and loving it ^_^
A better way to implement white lists is TMDA. If it don't know the one that is sending the mail, it automatically sends an email asking for a confirmation, so that defeats most spammers and gives normal people the opportunity to not be ignored by a plain white list scheme.
If one complain about a customer with an proven case of spam would arrive at a abuse department, shut that account down.
I don't think it's quite as easy as that. If one customer using my laptop gateway sends a spam from my IP address, is that the end of my cybercafe? If one angry employee at IBM sets off a spamming program as he walks out the door, does IBM vanish from the Internet?
A while back our server got blacklisted for a week or so by SPEW because it was in the same 16-bit IP range as a machine that has been used for spam. That's potentially 65k machines! It was at this point that I vowed not to co-operate with any of these anti-spam measures, which inevitably martyr innocent users at random and don't touch the big spammers with the resources to change IP address and ISP three times a day if necessary. The cure is worse than the original disease!
Virtually serving coffee
... has been discussed here before: Hash Cash.
How about this idea:
:-)
Use paypal (or some other micropayment system) to include a small token payment (say 5 to 25 cents) with each email message sent.
Real people who email each other will simply send the 25 cents back and forth.
Email readers can be set to discard any messages that contain less than x cents. Since mass spam mailings will not be able to include 25 cents with each message, they will be automatically discarded. Or, maybe advertisers will be willing to pay you to read their ad!
Anyway, this could all be automated, and work invisibly to the users, but would automatically weed out any non-paying spam.
I hereby donate this idea for the good of humanity
os x's default email app, mail, seems to toss spam directly into the trash with (about) 99% accuracy... that is, 99% of spam is correctly identified as spam. perhaps twice i've found emails that i've wanted to receive in the trash, but that's over many months, and the mistakes will never be repeated after a quick "whitelisting".
anyway, if you're really upset by spam, it's pretty friggin' easy to avoid it... do NOT put down your regular email address for any site that wants to email you a password for registration. get a trashy hotmail account (or whatever) just for verifications, and use your regular email addresss for real communication.
perhaps spam, collectively, is a huge problem, but the problems it causes for typical individuals are small, especially given the existence of spam filters. that's why spam won't "kill" email by any measure.
.
For a long time, there were doomsday predictions of the "web as we know it". The pessimists claimed that the signal-to-noise ratio was constantly decreasing and that things would soon degrade to such a point that it would be untenable. Well, what happened? The link structure of the web serves to greatly amplify useful content on the web and filter out noise (so neatly exploited by google).
This is only the latest in a long line of articles saying "spam is increasing at an exponential rate. So in X years Y% of our time will be spent deleting SPAM. E-mail is doomed!!!". This author, for example, says nothing of bayesian spam filters . What is likely is that spam and anti-spam will both mature in a few years, and that a combination of filtering methods will weed out most junk from our mailboxes; users will have so problem manually sending the handful of remaining penis enlargement offers to
Hushmail.com has a feature for premium subscribers that automatically filters all email that is not encrypted. They claim it is 99% effective. However, that would work well for strictly human interaction, assuming you have enough friends and colleagues who either also use Hushmail or are savvy enough to know how to integrate PGP with their email. For mailing lists, etc., how can you avoid having maintaining a whitelist?
Maybe Yahoo and MSN will implement user by user Bayesian spam filtering now :) It would also be interesting to see if they could do the filtering on their entire user base instead of person by person.
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
Subject: bulk email received from one of your account
hi,
I just received a unsollicited bulk email from one of your email adress : e8johan@etek.chalmers.se
Here's a copy of the first few lines of this email :
Received: from mail.etek.chalmers.se (129.16.32.20)
by mta448.mail.yahoo.com with SMTP; 10 Oct 2001 17:48:42 -0700 (PDT)
Message-Id:
From: e8johan@etek.chalmers.se
Subject: product for you... but i think u need to buy it
X-Priority: 3
X-MSMail-Priority: Normal
Date: Thu, 11 Oct 2002 3:47:35 +0200
Mime-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Online Drugstore can have your order of discounted Viagra shipped to you for
only 5 minutes of your time!!!
http://www.justgottago.com/od/azzbc/
No Prior Prescriptions Needed
-Licensed U.S. Physicians are ready to fill your order
-Guaranteed Lowest Prices Available
-Discreet Mailing directly to your home or office
Just visit http://www.justgottago.com/od/azzbc/ and enjoy the good life today!!!
So now, your account will be shut down without any warning, that's it ?
#include "coucou.h"
Hopefully some spammers read this article, because among spammers there are the ugly, the bad, and the - more or less - good.
Let me explain: I hate spam, and so I fight it every way I can, and this includes trying to find out who sent me the spam. Thus I got to know this guy who spamvertized his book to me. We exchanged a few eMails on the subject, especially why I do not agree with his "free enterprise" marketing tool. Hopefully this article will add an argument to my list.
Yes, I believe a good deal of spam is sent by people who honestly think "Hey, this is not doing any harm", but it is.
After this, please excuse me while I rant:
DIE SPAMMER, DIE, DIE, DIE!
Thank you,
Alex
Absinthe makes the heart grow fonder
So I've had the same email address for 10 years, another alternate email address, and two *@mydomain catch-alls that all forward to the same inbox. I get about 30 spams AN HOUR. Pine has ok filters, but some of the stuff just can't be filtered.
It's a massive annoyance... in the mid 90's I was sending over a thousand emails a month, now I'm sending less than 100 and a lot of that has to do with spam. Feh...
sig.
Not sure how having an email address that no-one knows about helps strangers to contact you, unless the strangers are clairvoyant or trying addresses at random.
Wouldn't one solution be for people to put non-mailto email forms on their websites for people who don't know them and keep their email addresses for people they do know?
Virtually serving coffee
You can still keep the system open by forcing the sender to spend a little bit of CPU time to send a message (e.g. finding a collision of a short hash function). The idea is explained at:
Am I the only person who doesn't receive spam? OK, that's a little bit of a lie, but by and large, I reckon less than 2% of my email is real spam. It's not like I don't get any email - I receive probably 60-100 emails per day over about 3 different accounts, including several mailing lists.
.net about a year ago (I think???), and then these settings were added and enabled for everyone so if you didn't notice it, it will still be enabled.
I think the secret with spam is to stop spreading your email address around the internet. I object to having to provide my email address to forms to register for every damn website (eg. download.com) - I always give a false address if I can. If I can't, I will very seriously reconsider whether I need access to that site (I usually don't). I have an email account that is used solely for the purpose of registering for websites or what have you. Whenever I stick my email address into any form on the web I always check to see whether there is a checkbox that lets me opt out (or in) any mailing lists. The only sites I don't mind signing up for are those that I am genuinely interested in receiving future correspondence from, but they are few and far between.
I also have an email address that is used solely for usenet - this one receives by far the most spam.
Another interesting thing that people may not be aware of is that the default setting for hotmail accounts allows your email address and personal information to be shared. Go to options->personal profile and have a look at the check boxes at the bottom. This never used to be the default setting until the service switched over to
"Because it's there." - George Mallory, when asked why he wanted to climb Mt Everest, March 18, 1923 (New York Times)
The telephone gets bombarded with equally determined spammers and yet that hasn't changed. Certainly, you might not pick up the phone if it's not a number you recognise, but you're still going to look. It's the same for email.
The only reason email will go away is when mobile (cell) phones become as convenient and cheap a way to communicate as email currently is.
While I don't use email, myself, anymore, simply because I find it all too encumbering, I find the idea that email itself will die amusing. Yeah, sure. That's like Ford Manufacturing just up and going out of business. What do you suggest? We all begin using carrier pigeons again?
It suddenly makes me wonder, though, has the spam industry really contributed anything overall to the technology at hand? HAve they developed anything open-source and worthwhile that everyone can use, in an attempt to come up with a 'better way to spam'. Further, I wonder how those people are able to sleep at night. I wonder how truly effective spam actually is. At motivating the user to purchase the product, that is, not just pissing them off so badly that they swear away eCommerce all together (as I've seen happen).
I digress - Email isn't going to die. It's just one of those struggles of good versus evil where new tech rises to combat bad tech and the bad tech turns around and does something else. Rinse and repeat.
Informatus Technologicus
Why not set up a fake address (somespammer@obl.org) or some blackhole list?
Then simply block all IP addresses/ranges that send email to this.
Add to webpages, sigs, newsgroup posts, and wait.
Obviously it means that we all have to use some blocking method on our mailservers.
Get your own free personal location tracker
I think part of the reason why is because I'm careful about giving out my email address in the first place. I don't post it on slashdot.org (I did as my old retired account, and while I got a couple of compliments and some constructive critisism I also got deluged with hate mail - so I stopped doing that). I don't think people should need to do this, but unfortunately I think people have to.
Somehow my work account gets more spam, I think some people make a few extra bucks by selling the company roster. This would be supported by the fact that I'm pretty sure employee information is also sold, a few recruiters have known just a little too much about what I do for an educated guess.
Chris Kuivenhoven is a thief, beware
Spam is liberating (http://radio.weblogs.com/0108150/2002/08/23.html# a94) With SpamAssassin, my spam is down to about two messages a day (clever spammers).
Whitelist your known correspondents and filter your whitelist messages into a priority folder. Once a week check your unwhitelisted messages for real correspondents. It's a darn site better situation than four years ago when I used to receive 100 spams a day with no useful way to check for them....
The explosion of spam is in a way similar to population explosion -- looks life-threatening at first sight but is actually something that will stabilize over time. Game theory gives an insight to what happens in the long run. Consider a population of peaceful creatures. If there is a mutant creature that is agressive, it will have an advantage over the peaceful creatures, and will multiply. But soon, there will be enough agressive creatures that they will start to fight with and kill each other. Thus the populations of both peaceful creatures and aggressive creatures will stabilize. Such situations are well-studied in game theory; the resulting steady state is known as a Nash equilibrium .
It is early days yet for spam; that is why spammers are so successful and predictions based on extrapolation of spam based on the current growth rate are unnecessarily alarmist. But soon there will be so many spammers that spamming no longer guarantees a profit. The ratio of spam to total mail will stabilize, and spam filtering technology will mature so that the vast majority of spam will never reach the user. Sure, spam will be a minor inconvenience, but no more than that.
I reinstalled Windows the other day, and started up my email program and when I got like 30+ spam to just one email account, I realized I forgot to backup my great blackfilter with countless of blocked domains.
Email isn't as fun as it used to be. I think people just LOVE to ruin your day, I don't think that they can possibly have any other intent, because that is the only consequence! Nothing good has ever come out from this phenomenon called spam. Nothing.
Part of the idea with email is gone once everyone starts whitelisting instead of blacklisting. If that happens, we have to have one real email and one "spam magnet". You can then use this on your website, on usenet or wherever. Then if someone sends you an email and you think this person is worthy, you can give him/her your real address. That way everyone can reach you. The problem is still that you have to wade through massive amounts of spam to catch the real ones. The only upside is that you will have an account that doesn't get any, or little, spam.
This wouldn't happen. Anyone who lives in the EU: check your emails - are any sent from EU nations? NO. If the US would stop this stupid insistence on your personal details being everyone else's property but your own - then we wouldn't have to put up with so much sh*te being sent to our inbox about mortgages on another continent. I hope the EU goes through with the (jokey) threat to find and list the names of the people breaking the law - so if they ever take a holiday to Paris, we can be waiting.
Pimping my Karma Whore since 1847.
Why not make it illegal to respond to spam? If no-one responds, the spammers don't get paid, so they stop. Of course it might upset the civil liberties people, but if we can just get 'spammer' and 'axis of evil' into the same sentence I think Congress might go for it.
Virtually serving coffee
I wrote my own email client and I added rules to it. One part of the rules is if the email address is not from someone I know (ie: I know their email address(es)), then it may be subject to automatic deletion from the server.
Most of my email gets filtered into a junk folder where its later given a quick glance to make sure I am accidently losing an email that I really wanted to keep.
$ wc -l .whitelist .whitelist
804
It works, but it's a pain, and I still have to manually check the spam folder once in a while to catch people writing to me out of the blue about my software. And there are still a few false positives in the archive (tell me about them, and I'll try and weed them out).
Rich.
Gratuitous spam archive advert: http://www.annexia.org/spam/
libguestfs - tools for accessing and modifying virtual machine disk images
...can someone explain why spam even exists? I mean, everybody I know - without exception - hates it and considers it a blight. What makes spammers think they can generate business by pissing people off? I honestly don't get it. 8-(
if i'm a grammar nazi, you're an illiteracy nazi.
Many people are also just ignoring e-mail and switching to using IM-only.
-- 'The' Lord and Master Bitman On High, Master Of All
Since ISP's give you so many email addresses, or you could run your own mail server, or whatever - when I sign up for something on the net that requires a valid email address, I create an email address just for them.
This serves two purposes. One, if I start getting spam then I know who did it. Second, I can simply shut down that email address.
So, for example, if I wanted to download AVG, then I'd create an alias email address "avg@zerion.com" that simply gets routed to my normal email address, that way when I check it I get my serial number for AVG, and if they start spamming, I know it was AVG because no one else knows that address.
"They said I probly shouldn't fly with just one eye," "I am Bender. Please insert girder."
I get bugger all Spam, at work or at home. Could this be because I always tick the "don't spam me" boxes. And because I don't put real email addresses on the internet.
Strange isn't it.
An Eye for an Eye will make the whole world blind - Gandhi
There is a simple way to beat spam.
Spammers spam because they make money out of it, they are not just doing it because they hate you. All we as a community have to do is to make sure it isn't profitable. If someone wants to sell you something they have to leave you some contact details. Use these to waste THEIR time.
Tell them you want to buy their rubbish and send them a cheque for zero cents.
Send emails to their webmaster saying their site doesn't work with IE4, Netscape, Mozilla, whatever. (use a fake address)
Write a loop in your favourate language to reload their website once a minute.
Fax them the same sheet that just says "F**K YOU" a few hundred times. Use reverse font to waste their ink.
If everyone on slashdot went out of their way to waste just a little time, bandwidth or money from a spammer every day or two it would really hurt their profit margins. And no, they won't take you to court for pissing them off. They are in it for the money, not to prove a point.
Personally I used to receive loads of spam a few years back. These days I receive none. How? I stopped using USENET, changed my email address, and refuse to give my real email address to web sites (a@b.com or something similar normally suffices) - and I don't use Hotmail.
However that isn't a real solution. What would be better would be an improved email system where it's impossible to send messages without providing a genuine return address. The big problem with the current email system is it's very easy for spammers to hide and avoid responsibility. We need a "trusted" email system, which we're not going to get if we stick with simply SMTP gateways.
Even if you did, it takes a couple of seconds per email to manually spot and delete the spam, so what's the big deal?
It's not like junk faxes, where the bastids use your paper - or like junk mail, where you have to dispose of the crap sent to you physically.
It's not that important - it's just something for the anally retentive to whinge about.
Personally, I'd rather not be bothered by any of it, but until they make unsolicited telephone cold calling illegal (soon, please!!!), email spam is far less time consuming and a whole lot less irritating.
oh brave new world, that has such people in it!
One answer is for everyone to move to using PGP and digital signatures, any mail thats not encoded with your key is blocked or whatever.
Another answer is this:
1.you have a whitelist that contains anyone you send an email to (would be added automaticly by some kind of filter or proxy) as well as anyone you add specificly (for example you could add *@mycompany.com to whitelist your company mailserver)
2.anyone that emails you who is on the whitelist automaticly gets through
3.when you post your email to newsgroups, message boards, web sites or otherwise give it out, you include some kind of small "key" (perhaps in a signature or something), basicly its a small text string or number.
4.if the person emailing you has included the "key" in their message somewhere or whatever, its let through and that person is added to the whitelist.
5.any other mails are bounced with a "if you want to get in touch with me, include xxx in your message body somewhere to get past my spam filters (where xxx is the "key"). If its a genuine email, the person who sent it in the first place will, if its important enough, respond to the bounceback and include the key, thus getting past the filters and getting on the whitelist.
I like this "real person" approach to things... identifying a word in an image seems like a pretty good way forward to me. If nothing else, it will greatly enhance OCR technology...
Apparently porn will save my marriage... or so I'm told by Jim@fouryourmarriage.net.
Perhaps slashdotting of spammers is a better way forward...
You fool! You've given cheese to a lactose intolerant volcano god! Do you know what that means?
to spam on the IM networks. I remember an option on ICQ (I use MSN now) to 'chat to a random person'. I'll say that sort of things will be used to spam people. You can't run from advertising. Just install a good filter, don't give everybody your e-mail address, don't post it plain text on a website and you will be okay.
-- The Internet is a too slow way of doing things, you'd never do without it.
The problem is the receiver of the spam.
I have a friend who is a spammer, I told him that what he does totally sucks, his come back was that his making good cash out of it.
I receive about 10 emails per day that are spam, and this is through my regular ISP email account - not an MSN/Hotmail-we-sell-your-email-addresses service.
The simple fact we have spam is because the recipient either buys the viagra or views their website on how to make some serious cash. So obviously there is food out there that is supplying the food chain.
Spam isn't going to go away - lets hope the Internet community becomes a bit more clued in on the ramifications of buying some crap from the spammers.
Knuth killed his email address in 1990,
Knuth vs Email
Analytic & algebraic topology of locally Euclidean meterization of infinitely differentiable Riemmanian manifold
Some people are stupid enough to buy stuff advertised in spam. With such a low cost to sending email, it only takes a few. Especially when what you're "selling" is something like a Nigerian 419 scam, where you'll be taking the idiots for thousands of $currency.
One thing I have observed about spam is that seems to especially target free webmail services, and in particular, MSN Hotmail. I have several email accounts, some of which are webmail accounts I signed up for, others came with dial-up or hosting accounts, the universities I've studied at, and the companies I've worked for. The webmail accounts I signed up for are the ones that receive the spam, the others get zero or next to none.
It is worth mentioning that my Hotmail account fills up in three days if I disable the `delete mail from unknown users' filter. The reason is that I enter my Hotmail address whenever I think it's going to be used for spamming. This keeps my other addresses clean.
The reason I use my Hotmail account for that, as opposed to another free-as-in-beer service, is that I have noticed that Hotmail accounts attract spam no matter what. Even though MicroSoft claims they do their best to protect their customers from junkmail, I have noticed that next to everyone who uses Hotmail complains about spam, email that is sent to a long sequence of ASCII-ordered addresses are delivered as if it wasn't obviously spam, a Hotmail account will receive junk mail even if you just let it sit there and never use it or give the address to anybody, and countless other badnesses. I don't know how this compares to other providers of free webmail, but I do know that my Yahoo account gets an acceptible (for me) amount of spam, despite having only the default level of spam protection, whatever that amounts to.
Now there is an additional issue here. I do not use my webmail accounts for everyday email; I prefer POP and SMTP for that. I don't know if more frequent usage would result in higher volumes of spam, but I could see a scenario of how this would work. Most modern email clients, whether they be stand-alone programs or web interfaces, keep an address book. The address books of notable email programs are known to contain exploits that allow hackers access to the stored addresses, and malicious (money-hungry?) webmail interfaces could easily read their clients' address books and sell the information to third parties. In this case, by sending an email to somebody, I expose myself to the risk that my email address will eventually be known by spammers.
Having said all this, I will come up with a couple of hints for avoiding spam. There work for me, YMMV:
1. Avoid using free webmail services (especially Hotmail) for accounts you don't wish to recieve spam on.
2. Use an address other than your primary account when dealing with a party you don't trust.
3. Don't leave your email address on webpages. Even encoding or scrambling your email address won't protect you - if humans can understand it, programs can be made to do so as well.
These practices have left my mailboxen uncluttered for years, aside from the incidental win32 virus. Which brings me to another point: make sure your email client does NOT execute code attached to emails. Most versions of MicroSoft Outlook and Outlook Express are known to be vulnerable. For your own good and that of the rest of the Internet: DO NOT USE THESE PROGRAMS.
I hope my comments will prove helpful to some of you. Feel free to redistribute as you see fit.
---
(1) Everything depends.
(2) Nothing is always.
(3) Everything is sometimes.
Please correct me if I got my facts wrong.
I've found that 99% of spam is either from your ISP selling thier email list, or from email addresses given out for signing up for things.
Virtually all spam can be eliminated by using one simple trick.
Get a second email account, use it ONLY for important emails from those who you know aren't going to spam you. Use the first email account for signing up for websites, everything sent here will either be email you know to look for(Signup confirmations) or stuff you don't want to see.
Now assuming you have the second email account from a good source(an isp that doesnt sell your email address), and stick to using the other address for spam-risky situations, spam will be a thing of the past.
Still, instant-messaging is going to end email, the only real advantage to email is the ability to send files to people who aren't online.
I have various e-mail accounts, mostly web-based ones. Most sites, nowadays, require registration, so I register with one of those web-based e-mails...all spam goes to those addresses.
My job e-mail though is trusted only to job-related contacts, therefore keeping spam as low as possible.
So, one solution is to have different e-mail accounts, according to the acceptable level of spamming.
Back in the bad old days of packet radio, there was a thing called a "bud list". By adding somebody's callsign to the list, you could either never allow him/her to connect to you at all, or *only* allow those on your bud list to connect to you.
... and she checks her email every few days. Yikes! She needs this "white list" ability even more than I do!
I've been looking for this ability in an email program for a while. If you're on my list, you get through. If not, the mail gets bounced back as though my account had ceased to exist.
I "only" get some 40 spam messages a day now. Just yesterday, a friend complained that she is getting some 180 spam messages a day
So, what email clients have this???
Lemon curry?
I'm not one to preach violence -- and I don't condone this -- but if one or two spammers got their legs broken, or woke up with dead equestrian heads in their beds, maybe they'd get the point...? ;-)
evil adrian
Why not just develop a bayesian filter for the MTAs, so most of this junk will quietly disappear at the source?
,and who to report it to would help - surely any potential "customer" of these scumbags would think twice about using their services if they saw them being nailed to the wall day in and day out...
Failing that, isn't spamming just wire-fraud, and so subject to severe fines anyway? It's obvious the Bush administration is very "tolerant" of any "business" that rakes in cash by whatever means (let's face it, they're all potential donations!) but surely it doesn't take Sherlock Holmes to track these scumbags down - their ISP, the open relay, the headers all provide evidence. If there were a few arrests each week, and very very high fines, with lots of publicity, this problem would virtually disappear.
Hell, just publicity, and information to the layman about how to report the problem
Is it really that hard to stop this? Or at least drastically reduce the problem? I get twice as much spam as legitimate email now (easily 30 - 40 a day), it passed "ridiculous" long ago...
Code, Hardware, stuff like that.
No idea how they implemented it, but I wouldnt be suprised if it was based on bayesian principles as well, since it learns from its mistake (it marks junk emails as such, but allows you to change a mail's status if it guessed wrongly).
Since it starts of in "learning mode", where it only color junk mail but does not delete them, you get to check its efficiency before putting it in "real mode". And even there, by default it only moves the mail in a "junk mail" box, so you can check once in a while if there was anything important there.
Since using it, my father found that it caught something like 95% of emails, and very very rarely had false positive. Even when it had, correcting the mistake meant it was not repeated.
I expect such anti-spam systems to get a lot more frequent... and they DO work. Not flawlessly, but well enough to stop spam being such a pain.
BTW, Apple's filter also have an elemnt of whitelisting, since emails from people in your address book go through without checking.
Just my 0.02 E
What do you know about World Politic? Find out in this quiz
Unless Viagrea is a new wonder drug?
Given what it rhymes with (with the stress on the "e"), could it be an especially potent laxative?
...you were allowed to send e-mail not only to the people who have whitelisted you, but to those people who have whitelisted the people that have whitelisted you.
Something like a network, a "web of trust" of people that have verified each other of not-spammers.
The recipient could check on an e-mail: "who authorized this sender to send me an e-mail" and see a chain of authorizations, like this:
You authorized John Dewey
John Dewey authorized Bill Gates
Bill Gates authorized G.W.Bush
Bush authorized Saddam Hussein
However, combined with whitelists this could be quite useful. Bayesian filters to filter out spam, except for whitelisted spam. Eg mailing lists of advertisements you sign up to being whitelisted could be effectively. I suppose that when you sign up to a mailing list that would normally be recognized as spam, when it sends a confirmation e-mail your client could recognize it and ask if you want to add it to your whitelist.
This is unnecessary, due to the wonder of the Bayesian filter. When you train your Bayesian filter for YOUR email, it will learn what lists you subscribe to, and even what topics you care about. I am sure that my filter would allow just about anything related to running through, since I receive a lot of valid commercial email about local road races and running catalogs, no need to whitelist stuff.
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
c'mon folks, the problem needs to be stopped at the source. we need to discourage internet companies from selling our email addresses when we sign up for one of their services.
if you have your own domain and mail server, do this:
if signing up for a efoto.com account, make a efoto@yourdomain.com email alias. when getting spam, examine the full email header. if efoto@yourdomain is listed there, then you know efoto.com sold you out. you might want to see if they violated any contract you agreed with regarding privacy issues. GIVE THEM HELL.
also, doing this also protects your real email address. if you start getting tons and spam sent to efoto@yourdomain, just kill the alias.
only give out your real email address to friends and family and tell them NOT TO FUCKING GIVE YOUR ADDRESS TO INTERNET GREETING CARD COMPANIES DAMMIT!
Yahoo E-mail accounts have particularly good filtering. I switched from evil Hotmail and noticed the difference immediately.
Problem of the 'buddy list' proposal, is that it wont work in business where most of email traffic occurs.
You cant filter out potential customers.. or existing ones you haven't listed yet.
However i guess you could send all unknowns to a central location to process by some poor employee that gets
stuck with the job of sorting and forwarding the good ones back to their recipients..
Also, I've notices a lot lately that fake the senders address to match others in our organization, ( sometimes
guesses, others are legit ) and thus would fly right past the 'buddy-filter'...
Rather frustrating. I spend a lot of item dealing with Spam for a 10,000+ user base.
---- Booth was a patriot ----
How many times have you had to send an email twice because someone deleted it thinking it was junk or because it was in with a bunch of other junk emails?
The email client which ships with Mac OS X 10.2.2 routinely flags all sorts of legitimate emails as junk. Fortunately, there's a "Not Junk" button.
Poor signal to noise ratio has limited the usefulness of the internet's first "killer app".
Wansu, th' chinese sailor
I know there are massive technical problems with implementing such a system, especially with respect to international mail, but this is at least for the sake of argument: one way to crush spam would be to put a per-message fee on sending mail.
Currently a spammer needs very few responses to a spam campaign, maybe a couple hundred out of hundreds of thousands of messages sent, to break even on it. Change the economics and perhaps spam won't be profitable.
Even the best spam filters still tend to return *some* false positives, which is why they still include 'whitelist' facilities.
s t . And <mode="deep nerd">one of the joys of e-mail is the opportunity to make *new* friends, interact with people you never even knew existed.</mode>
But whitelists are a pathetic non-solution to the wrong problem. Most of my friends change e-mail addresses all the time, and many people who write to me are not on the list of people-I'd-think-of-if-I-were-compiling-a-whiteli
Filtering is a cure that says "I'm all right Jack, the hell with you." To me filtering is a way of giving in to spammers, much as ID cards are a way of giving in to terrorists. The only honourable answer is to fight until *they* are driven off the net. Not me, not my friends, not my elderly father who still doesn't even know how to download mail using Outlook - but *them* - the spammers - the vile criminal vandal scum who have made the net all but uninhabitable for innocents like him.
In the earliest days, people filtered on mail sender; and spammers learned to falsify or mask that. Now more people filter on subject, and spammers are fast learning to disguise those. Better filters are just a way of contributing to the evolution of spam, and ensuring that life becomes ever harder for newbies on the net.
Let's think outside the (mail)box for a second.
Imagine a system where only whitelisted e-mail with a confirmed return address gets through. That would be enough to kill spam. The problem is, how can we allow previously unknown people to get on this whitelist without human intervention and gray/blacklists. Complicated? Not necessarily.
Here's the idea: suppose that we have a certifying service attached to our e-mail address. Say, my e-mail address is me@foo.com and my certifying address is certify.me@foo.com. Now I would want to send e-mail to you@bar.com but you do not know me and you are using a whitelist. No problem. I send you an electronically signed e-mail, and my mailing program, upon deciding that you are not already on my buddy list, cc:s the message (or relevant parts of it) to certify.me@foo.com. When your program receives my message and checks that I am not on your buddy list, it sends a signed query to certify.me@foo.com. The automatic service behind that address verifies that
Upon receiving the certification your program adds my address to your whitelist and accepts the original message. After all, you now know my e-mail address. Even a spammer who would be willing to reveal his identity would be pummeled to a certain death by millions of certify requests (which would make his ISP very unhappy). And should a spammer once get on your whitelist, just blacklist him.
This would not be a burden for mailing lists, because the certifying procedure is only invoked during the first contact.
This scheme would triple the initial number of e-mail messages, but because it's a one time event, the overhead is small. Considering that 95 some percent of all e-mails seem to be spam, this could actually reduce the traffic significantly after all the spammers have either been auto-spammed back for every single piece of spam that they send, or vanished into oblivion if none of their messages ever reach people.
So, anybody willing to implement this?
Existence usually comes as a surprise (Idem)
(lame anti-flame prediction pre-response: No, I don't work for a big company with lots of money that could afford to buy something. I work for a non-profit college)
I can handle it quite well, although I believe I receive more spam than the average use (too many mailboxes are my own).
However, something is changing my email habits quite drastically: Worms are becoming more and more common which take snippets from old mail found on the disk and resend them. As long as only Word documents were leaking, my secrets were relatively safe at the receiver's end, but they aren't nowadays.
Unfortunately, the set of I people I trust to handle senstive information responsibly is much large than the set of people who are unlikely to make themselves victims of email worms.
Spam is just a nuisance, but such information leaks are scary.
the most amusing one i've gotten this week....
/. editors: PRICELESS
Online Pharamcy - No Percriptions Needed!! NyGdHuyaWP
I can only imagine....
Commision from sale of Viagra: $12
Commision from a case of FDA-regulated Painkillers: $46
Sending out 3,000,000 e-mails: $0
Finding out that Laura Bush has submitted an order,
despite the fact that your spelling skills are worse than
Chaos, Mayhem, and Destruction: Not
Until I started using TMDA, just recently. 100% effectiveness, no more spam. It works on the whitelist-centric strategy of only allowing mail from known senders through, and allowing unknown senders to confirm themselves.
You may share my original fear: that important clients wouldn't be able to get through. The fact of the matter is that with a well-populated initial whitelist, you've already taken care of most of those scenarios.
For the remaining population of legitimate senders that aren't whitelisted, you may worry about them not taking the time to confirm themselves. But as the TMDA FAQ notes, we used to have the same worry about confirming mailing list subscriptions, and now that's completely standard. If someone took the time to write you an important message, they'll probably take the few seconds it takes to respond to a confirmation request once and for all. But, my friends, as the article notes, I think we've reached that point where such minor inconveniences are well worth the net drop in junk mail.
No, TMDA does not stop spam at the source, and it barely reduces the resouces required to receive spam, but it does address the most notable waste of human resources, because once you start using it, you don't have to look at spam any more. If you're an end user looking for a fix, check it out.
Ya, this has been predicted by Nostradamus. ;)
Seriously, Usenet has been drowning in spam for years now, before spam email hit the radar. Depending on where you read, anywhere from 30 to 60% of the messages posted in newsgroups are either spam or cancelspam.
I use four emails currently. Two are spambait, the other two are work and home emails. If I get spam at either my work or home email addresses, I can fairly easily track down where it came from. The two spambait emails, one at hotmail, one at yahoo, I just go in and clear them out every so often.
I use a whitelist, but not the automated kind. It's easy to figure out which emails are spam, and which aren't... how likely are your friends to send you Viagra? =P
Julie Moult is an idiot.
Time to a send-serve e-mail system. I send an e-mail, the company I pay for my e-mail services holds that e-mail on their system, sending only a one line message 'index' to the recipient. The recieving mail software can show the user a from and subject line summary. If the user choses to open the e-mail, it is retrieved from the sending mail server.
This dosen't take care of the 'I have 600 spam letters in my in-box' issue, but it dose begin the trend of placing financial responsability on the sending party. It also removes re-mailing. "where am I downloading this message from... myself? Wha?" I think not.
Ultimately the only way to make Spam stop, is to place the crushingly expensive bandwidth and hosting costs on the sending group.
-GiH
Spam filtering in mail clients is futile. The filtered messages still consume network bandwidth, CPU cycles and storage space on the MTA's and MDA's. Almost every spam message I have ever received had forged sender addresses, and were relayed through a third party MTA. An MTA should ONLY accept messages SENT BY or DESTINED TO users in their own domains. This way the spammers would be unable to hide their identities, and shutting down the offender's accounts would be easy. IMHO, blacklisting open relays is perfectly acceptable. Heck, we should even DNS-blackhole them out of existence !
"And you are dying so slowly, you believe to be living" - Bertrand Besigye
Sure, its annoying but i dont think its going to stop e-mail. Heck i even watch tv and they have chopped the damn shows up into small bits. Im more annoyed by popups and banners that any spam ive ever received.
HTTP/1.1 400
That is what freaks me out about whitelisting. What is the email that gets tossed is "you are hired"?
By your post I deduce that you read your junk email folder every so often. How is the problem solved this way?
We're few and far between but we're watching you!
A plan9 users orgy would no doubt be a truly frightening experience.
With names like DeGood, Bitting, Cox, Pike, Yigit, Boyd, Digby, petra, Skip - throw in a couple of the Japanese [you know what *they're* like] it would be a night to remember.
There's only one female poster on the mailing list that I can recall [luckily Scandinavian so at least she's probably broad minded].
So, dress up in your Glenda the Bunny suit and come and join the fun.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
And that is without a load of "133t d00d5" speak. It is easy to dump Viagra and penis enalrgement ads automagically into the trash but misspellings and alternative representations can cause problems, even a space between letters (i.e., V I A G R A) can fool simpler filters. Also there is the problem of false positives, a problem when you discuss your visit to Scunthorpe.
See my journal, I write things there
I think we all should make them pay somewhere, not just deleting the e-mails. If it is not possible to sue them, there are other alternatives:
:-)
1. If they include a response e-mail address, send them an e-mail with a 1 Mb image that reads sth like "I don't want your shit. Stop mailing me".
2. If they include a web link, I would like to see some functionality added to my browser like "Slashdot spammer". This would do something like continuously send http requests to the servers in my black-list when my connection is iddle.
This way, spammers will be the ones who really need bayesian filtering
Neither legislation nor litigation against spammers has stemmed the tide.
CIA Swat teams killing SPAMMERS would work out well. Amreica is already spending the money, may as well put it to good use. Put US Spammers in stocks in the public square and leave baseball bats lying around. It would stop REAL SOON. Install a webcam at each location. Simple, take back the net! Cowardly cunts.
E-mail's openness is doomed when faced with massive traffic and a few bad actors.
On behalf of the Bad Actors Guild, I plead Not Guilty.
I mean, it's hard enough to make a buck when you've been typecast to play dog-catchers.
I think the commercial software vendors are largely responsible for the massive increase in spam. IE is basically an ad delivery system; there's no way to control pop-ups, and no way to block images from ad servers. This is because from the corporate perspective our job as computer users is to view as many ads as humanly possible. Don't expect MS to be of any help. And don't expect any useful legislation either, as the DMA has a powerful and generous lobby in Washington.
But where proprietary software fails us, free software supplies the features that people actually want. Mozilla has built-in pop-up blocking and a great deal of work is going into spam filtering. On my linux box, I use spamassassin and vipul's razor for email, and filterproxy and mozilla to block ads and protect my privacy on the web. Very rarely does any spam make it into my inbox, and I almost never see ads of any kind online. However, it fills me with horror to use other peoples' computers. How can anyone stand all the flashing and blinking?
Conclusion: decent tools are the answer, not bug-eyed rants about the death of email.
At least 90% of the Spam we get here has either totally fake or someone else's email address ( the cute ones is when you appear as the sender of the Spam you get ) in their header. And most often bounced from somewhere overseas..
Who am i going to contact? Some innocent person that has NOTHING to do with it?
---- Booth was a patriot ----
While I fully agree spam is a serious problem - is it really that bad? I don't know what you are doing with your addresses to attract spammers, but at least for me, the DNS-based blacklists are still effective enough. Whitelists wouldn't make my life any easier, and they would surely complicate things for those who want to send me mail.
I get less than one actual spam message per day, and most of those are to the (unfiltered, as per RFC recommendations) postmaster@ address on my domain. All other addresses use blacklists only for spam prevention; there's a fair amount of spam blocked and very few legitimate messages are blocked - it has happened to me exactly once, even though I use somewhat aggressive blacklists. My main address have been in use for several years and I can't say I've been careful about revealing it - it has been used on mailing lists, various sign up forms, it's published on a number of web pages, etc.
Content filtering (Bayesian or whatever) seems to be popular among slashdotters. With an IP blacklist, erroneously blocked mail will bounce, making the sender aware of the problem. A content filter, on the other had, usually can't bounce so the message will be sent to /dev/null or stuffed in a trash folder together with other spam - the message is effectively lost. Sure, the filters may be good, but they still do make some mistakes and the cost of those mistakes are higher than it is for blacklists.
So I still prefer blacklists, despite their shortcomings (politics for one). They may be out of fashion, but the fact that messages are blocked before being accepted by the mail server feels right on principle - the spam never gets to waste my bandwidth or disk space.
Email shouldn't die. If mailserver admins do their jobs right, it should be possible to block out loads of spam.
For instance, look at www.myrealbox.com -- I've had accounts with them for over a year and never received ONE spam in them. Ever! I don't give my address out publicly or to untrusted sources. They do a damn good job of blocking spam.
You see? You see? Your stupid minds! Stupid! Stupid!
Most decent clients anymore will let you set simple filters on subject and from. Just make a bunch of filters on From: and only let messages that pass them into the inbox. Everything else can be dumped straight to the trash or at least another mailbox. There's your white "bud list". Mozilla 1.1 has this sort of simple filter although I use KMail myself.
It's still a good idea to quickly skim the subject lines of the remaining messages and most decent clients will let you quickly reassign a message back to your inbox. The subject lines alone usually suffice to quickly id spam. You can whack em en masse without ever opening them.
Actually, in spite of what the article says, Apple's "Junk" filter for their OS X.2 works amazingly well!
My domain registry email address receives roughly 70 to 120 spams per day. I clean out the mailbox once a week. Only one or two spams get through the Junk filter, if at all. I am seriously impressed. To further this observation, I forgot to check that email address for the entire month of September and most of October. Still, only a few spams got through when I downloaded the email.
It's a pity that I can't apply this filter directly to my hosting service to remove spam at that level. I think Apple really nailed together a good AI for anti-spamming.
Whew! This water sure is cold!
Part of the problem with ICQ is that your username is a number. Not only that, but a sequential number so a spammer can message a whole range of people with a simple broadcast. Nothing like having your boss sit next to you when your spam just pops up at you. A lot of people don't do IM whitelisting. Friends change screen names, or maybe you give it out to someone and you just don't have theirs yet.
Let the sender prove that he is indeed a human being and not a spamming machine by letting him recognize some distorted characters displayed as a png-image. This is hard for a machine to calculate and thus hinders automatic spamming. I think I already saw this on google or yahoo when you wanted to sign up for a new email account.
Okej, some extension to the smtp-protocol is then needed and this is somewhat inconvenient for the sender but the bussiness oportunities for a spamming company would be drastically worse if they had to have employees just do the pattern recognition for each email sent.
Erik SjölundStockholm
Sweden
The interesting thing to me about spam is that I do not understand why I get very little spam, if any at all. I have an email account at my university. I have an email account at work. I have 3 email accounts at earthlink.net. I shop occasionally on the Internet. I get most of my spam (about 2 - 3 a week) thru the xxu.edu email system. Nearly every unwanted email message (maybe 1 a day at one of the earthlink accounts) that I get can be traced back to subscribing to a specific service or buy a specific thing at a specific commercial site. My address does not seem to have been sold or handed around. (That would make me feel so *cheap*.) I was job-hunting for a while so, being seen on those job db's, that email got around to some other job hunters, but it's not too bad, considering the messages seen here about the spam abuse. (Is that redundant?) I probably do not realize what it is that I am NOT doing, but I do not enter my email in a form unless required and then only if I really need the thing I am filling out the form for. My email addresses(es) are on no web page that can be seen w/o a userid/passwd. I do not put my email address in my messages nor in any discussion messages. It'll probably turn out that the reason that I am so spam-free is that I never passes on any chain-messages. They were probably all email-address collectors. BAHAHA. Have fun. }:{)||
why not extending the smtp protocol, and smtp servers only accepting connections from other certified smtp servers. and everybody who gets their smtp servers certified is liable and responsible for all the traffic=mails their servers send...
servers need to log connections, need to get certificate renewal regularily, and other smtp servers will only accept smtp connections from certified servers (=trusted servers).
no spammer will be able to send bulkmail from their own dial/dsl/cable ip any more.
and enforce/require smtp authentification, so only people with accounts on an smtp server can use it as a relay...
fucking spammers MUST die!
Email is not dead. It's just too dull, too boring. Spam is not a problem as long as you don't advertise your mail account or use a hotbar account. I (along with my collegues) am currently creating the future of email at youemail.com.
My girlfriend opened a Hotmail account at about the same time; she opted out of everything, except the Hotmail Member Directory. She receives an average of 5 spam messages every day.
About three months ago, I opened a new account, just for testing. Opted out etc., didn't give the address to anyone, but I still receive trash (one or two every day).
Go figure.
Most web based e-mail services offer very tiny mail boxes, for instance Hotmail has a default size of 1MB. If you receive a decent amount of spam a day then your mail box will fill up pretty quickly and an important message for you may bounce back. These days we're being offered larger mail boxes instead of better spam protection.
Which begs the question: Is spam being encouraged so that Microsoft/Yahoo et al can make money out of us?
Summation 2
I get nearly as much spam on AIMCQ (AIM+ICQ) as I do in email. Hopefully all the people I know on AIM will stop using the outdated proprietary protocols and switch the Jabber soon...
Luke-Jr
He blames the blockers like MAPS... Why spam could destroy the Internet. I don't agree with him.
The spam problem is getting bigger and bigger every day. I've always archived my Spams and now have ca. 12000 in my Spam box. Appr. 8000 have been sent in 2002. That means, I've got 2 times more spam this year than in the 5(!) years before.
BUT I'm not the only one. People will start fighting. Bayesian filtering is a wonderful and elegant solution. It's not perfect, but it works good enough. After only 6 days of active filtering and training with POPFile, it detects nearly 60% of my spam correctly, with just one false positive. And it's getting better every day.
It's a POP proxy on your computer and should work with nearly every mail client on earth. POPFiles configuration and management is done in your browser. The documentation makes it failsafe to configure Outlook (Express), Eudora and some other. Installation is done in 2 minutes. Written in Perl and therefore works under Windows and Unix. A new version has been released just yesterday and now works better with international charsets, allows white-list (or magnets in POPFile jargon), configurable stop-word-lists.
The perfect solutions for all, who don't have IMAP and don't have admin access for their mail server (or simply do not have time to install server based filtering).
If POPFile manages to detect 90% of my spam with no false positives after 2 weeks of training, I will be perfectly happy.
Check it out at POPFile Homepage. It's worth it!
Bye egghat.
-- "As a human being I claim the right to be widely inconsistent", John Peel
They used to, then I took a course in marketing and learnt the art of manipulating perception. Now I don't have a small penis: I have a Compact Dick.
Works wonders.
Use ISO 8601 dates [YYYY-MM-DD]
you have a simple rule, if the mail is signed by someone within the web of trust then I see it, else throw it in the garbage bin. Likewise, if I see someone spamming from a trusted account then we cut it out of the web and revoke its trust. It becomes a collective white list.
Mozilla with enigmil, kmail,evolution, and there are outlook plugins for GPG and PGP. Start signing your email today!
Personally I'm really only interested in getting mail from people I know and receipes for things that i buy online. I think one way to help enforce this would be for people to start using digital certificates to sign thier mail. They are available for free from thawte.com. It would be nice if you could configure your email application/spam filter to give special treatment to mail from someone that your have a certificate for. On the otherside of the coin, spamassasin works pretty darn well at identifying spam, unfortunately it also tends to identify any kind of mass mailing as spam (ie. mailing lists) which makes it a little hard to trust. Hopefully it will get to the point where I can feel confident that I can just delete everything it marks without having to check.
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
I get a ton of junk a day, and I almost never see it. I simply have a rule on my inbox that deletes everything except from people on my exception list.
I rarely need to add people to my list, but when I do, I simply add their address by manually entering it, or finding it in my deleted folder and add it to my exception rule.
If you require a human reaction before you accept e-mail, they might start hiring people to sit at a computer for hours and respond to them for minimum wage, and pay them based on their speed and accuracy, just like data entry.
OK i thought of a way to stop spam. It is very simple. Charge people to send e-mail. Yep, let's say you charge .0001 per e-mail that is sent out. That would be 100 e-mails for a penny. Spamming would then be unprofitable, and people would gladly pay a few cents a month to stop spam.
Now this may be a situation like the mouse putting a bell on the cat, great idea impossible implementation, but I don't understand enough about e-mail to know.
Comments as to why it wouldn't work?
Usenet, great and thriving discussion and publishing system. Then someone realizes they can profit by exploiting it. People think, "Well that will only work until people get sick of it and stop reading..." Wrong - it's still there, with almost nothing left but spam in the unmoderated groups.
The same thing will (has already?) happened with email - as long as the cost of exploiting it is less than the percieved profit opportunity, it will be exploited. Given the costs of sending email, it's unlikely to stop being exploited - ever.
Recently I picked up a piece of mail that hadn't been redirected to the trashcan. I checked properties and got the source for this HTML mail and lo, the crudtacular spamcimen was infested with nonse<!--4711-->nsical comment tags.
I don't know if I was more irritated with the spam originator or the lack of functionality in my filter.
/ Per
Found a sort of trick. It seems that I have two addresses within my domain on the same spam list. (One of which doesn't actually exist apart from being vanitydomain@Vanitydomain. ) So it's easy to just match up email body md5sums, and clear out those which match...
Course, if anyone sent me a message to both addresses then it'd trash them, but since one isn't supposed to exist...
I bet they (the spammers) will find ways around whitelisting too. What stops them from automatically sending a reply to each "authentication request"? There will be some schemes for such a request, 10, 20, perhaps 100 schemes. So what - they can reprogram their robots. Character recognition gets better every day.
So what? Useless, if you ask me. It's just the same as spam filter - delaying tactics, not more.
I have 5 different email accounts. ISP, 2 at uni, one myrealbox, and one hotmail. I give out the myrealbox address for registering on websites, and the hotmail for junk stuff or where I don't want a chance of being identified. I know not to give out my address to just any old site.
And I do not receive a single piece of spam.
Well, actually - very, very occasionally there is an ad on the debian-user list to which I am subscribed, now that I think of it, but I would hardly call that a problem.
So how exactly do people get spam? Is it just by giving out your email address? I do that, and I have 5 of them, and yet I get exactly 0 spam! I am sure myrealbox and hotmail are doing some filtering, but I don't do any filtering myself.
I just wonder what people are doing to get such high rates of spam? I really don't think spam is inevitable.
One thing i like about IM, or in particular AIM:
You can warn contacts that send junk, spam, whatever. When their warning goes high enough, they are prohibited from sending more junk/whatever for a certain period.
Can do that with email? Ah-ah.
I have been using a bayesian spam filter for about a month now and have found it to be highly effective (Not a single spam has got through it yet, and no false positives). I feel that it will become the de facto standard for spam filtering, and one that spammers cannot effectively combat.
I am not the only one who swears by bayesian filtering and once all the major email providers (Hotmail, Yahoo, Aol, etc.. ) provide server side bayesian filters, the spammers will find it unsustainable to send spam because most (all?) of it will be effectively filtered out. While blacklists will still be employed to an extent, I do not think they will need to be as harsh as they are now. And e-mail will live happily ever after ;)
I have an email account that I just don't want to receive any spam. And it receives just once a while.
When I receive a spam I always try to contact all responsibles for all the domains involved in it. I look at the From field, the Reply-to field, the sender field (usually hidden at the email header), and retrieve the responsibles' names and emails for the domains with whois.
Once with a list of all the responsibles of all the related domains (including the responsible for the responsible of the related domain) I just send an email with a notice that probably there was a mistake and I received a email from them, and that I just don't want to receive this kind of email anymore.
Of course I also notice them that all responsibles are being notifyied and that if the spam continues I will contact the authoraties.
It always works fine for me! ;o) Why don't you try it too?
-=-=-=-=
I know life isn't fair, but why can't it ever be un-fair in MY favor!?
I'm serious: spam three times and ride the lightning. Maybe that will deter some of the bastards.
Whitelists are nothing new. I've had a whitelist as part of my .procmailrc for years. "Sophisiticated internet users" are not going to block everything unrecognized by the white list. They are going to prioritize whitelisted items, and save the non-whitelisted items for a secondary check. (It's only prudent.)
--
bachiatari na torisetsu o yome!
I'm still doing VERY well with domain-based blocking. Probably gets 99%+ of all my spam - A total of 4 messages got by my filters today.
2 were virii (haven't gotten around to filtering them, going to start that soon, I've been getting some "Spoon River" virus a lot lately.) These are easy to filter, plenty of virus scanning filters out there.
1 was to a mailing list I'm subscribed to - Automatically whitelisted. I'm yelling at the listadmin to close the goddamn list to nonsubscribers now.
Only one was an actual spam from a new domain.
In addition to domain blocks, I recently implemented four new procmail rules. Three are for detecting fake Yahoo, Hotmail, and Netscape webmail mails (ones that don't originate from any of their servers.) No false positives yet, and no @yahoo.com, @msn.com, or @netscape.net spams have gotten through. The last rule detects malformed HTML-only messages without a charset - This catches 25% of my spam, no false positives.
retrorocket.o not found, launch anyway?
I tend to believe that the more people whitelist, the better email will be. It always has the advantage over instant messaging in that it can be viewed at the end user's convenience and without being online. I've already implemented a whitelist procmail script with my email, and the only spam that gets through is the idiots bothering to respond to my auto-reply to be put on the whitelist. Currently, I see about one spam message every 2-3 months. If it gets to the point where everybody does whitelist, however, it'll be interesting to see just how complicated it gets so that spam bots can't be made smart enough to get on those lists.
This article reminds me of a quote from the Simpson in the episode where Flanders flashes back to his childhood and hippy parents
We tried nothing and where all out of ideas
First, very little has been tried to stop spam. Most bills that have passed have been slanted towards the spammer interest. The most simple ways to stop spam have been seen as too much of a burden on the spammers, and therefore have not been implemented. Simple stuff like real headers, confirmed opt-in, and physical addresses in the email, are nowhere to be seen.
Second, most businesses cannot use a white list. They need to be open to new customers as well as current customers that may change email addresses without notice. Individuals need this kind of openness to deal with job searches emails from teachers, etc.
That said, I do see white-list filtering as a good extra feature on clients. Perhaps all unknown email can be filtered to a separate mailbox. The user can mark an email as not spam. There could then be a button that puts the good address in the white list and transfers all email to the trash. Of course, we would want autopreview and autoload of images and cookies turned off for this box.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
There are other flaws in E-mail beyond spam, which include trying to find specific information.
O'WONDERWe're working on it.
i've had the same set of working email addresses for 5+ years and i get maybe 1 spam out of 1000+ legitimate emails a day. i never spam-proof my email addresses on message boards/usenet/mailing lists either.
i block mail using dsbl.org, spamcop and a few simple procmail rules (when a spam does get through, i block that company via procmail). i don't ever lose legitimate mail, and i don't get any of the "anonymous spam" i used to get from people pretending to be @hotmail.com/yahoo.com/etc.
clearly the reason that these people claim that blacklists don't work is because they're not using them.
They are killing general web browsing.. and eating tons of bandwidth too.
And dont tell me i can block them at the client level, it doesnt address the bandwidth waste to my house. Even if you block at ISP server/router level, it doesnt address the backbone traffic..
---- Booth was a patriot ----
This suggestion of yours just comes down to making email cost more for the sender. E-stamps, in a way, that cost time rather than money.
The problem is the enforceability of this. Spammers would just use email servers and relays that don't apply these checks.
I've been forced into whitelisting because some spammer thought it would be a good idea to start using my email address as the reply-to address for all his spam. All the bounced messages come back to me. I get about 200 bounced messages per day from so many different domains. Add that to the regular 30-40 spam messages per day. I've had my email address for almost 5 years and I use it for work as well so I don't want to change it.
I've set my mail programs to see if it's email from someone on my whitelist and if it's not then it replies with a text message explaining why I can't accept email from them but if it's important to email me or they should be on my whitelist then to email a throwaway account that I check less frequently and I'll add them.
The only boxes I've ever seen pounded by spam are hotmail accounts -- just about every other E-mail account I've had recently is spam-free. How? Just don't give your address to assholes(ie. free registration). Even my yahoomail account is fine.
It's been a long time.
A friend of mine says he's only gotten one piece of spam in years. And that piece got through because the spammer used my friends email address as the from address. My friend removed his own name from his whitelist...
Another friend takes a slightly less drastic approach and just blacklist entire domains (yahoo, hotmail) and countries (china).
My Hello World is 512 bytes. But it's also a valid Fat12 boot sector, Fat12 file reader, and Pmode routine.
2 were virii http://dictionary.reference.com/search?q=virus virus n. pl. viruses Get off the bandwagon.
Providers should immediatly block all traffic to any server, which is used for spamming.
/dev/null
Webspace-Providers, who host homepages which are promoted via spam email, should delete these homepages.
-----
spammer of month: netm*ils.com
let's mv netm*ils.com
as a side note, after using cloudmark, I have yet to recieve a single piece of spam.
People who think they know everything really piss off those of us that actually do.
I think Werbach's piece, while serving excellently to force thought about this issue, overreaches a bit. I've posted my comments at length at my weblog:
http://www.truthlaidbear.com/001511.html#001511
Microsoft is heavily promoting MSN v8, complete with instant messaging service!
This message brought to you by msn.com, the same web site proclaiming email to be dead!
I get very little spam. I think I average about 1-2 spam per day in my Inbox. My e-mail address is on my web site, as well as easily locatable via several search engines. Hiding it seems pointless to me.
` dnsbl',`bl.spamcop.net')dnl. spamhaus.org')dnlo sirusoft.com')dnl
.procmailrc:
:0 Wc
:0 Wa
My mail server rejects unresolvable domains, which gets rid of a TON of spam.
I also use a few blackhole lists with sendmail:
FEATURE(`dnsbl',`relays.ordb.org')dnl
FEATURE(
FEATURE(`dnsbl',`sbl
FEATURE(`dnsbl',`spews.relays.
I also use Vipul's Razor in my
| razor-check
| mail submit.someaccount@spam.spamcop.net
I recognize the problems associated with 3rd party moderators, and I've not had a problem with sites like Yahoo or Hotmail being blackholed. The legitimate mail gets through. That's all that matters to me after all.
Lastly, any mail not addressed To or CC me, and not from any mailing list I subscribe to, goes directly in the Trash.
How about false negatives? I'd be curious to know how much valid mail was filtered out.
Yesterday I went to may mail box and found that I had a bill for heat, a check from the state of Maryland, 5 catalogs, 3 flyers, 2 letters from charities, 4 ads wanting to refinance my house, and a bunch of coupons I already got in my Sunday paper. If the USPS would just stop delivering this spam I might be able to handle this mail thing, but I'm thinking of going back to a human messenger service instead.
Today is a gift. Save the receipt.
Looks like the Postal Service may be able to step in by creating a system of certified email accounts for US citizens. But the implicit Big Brother overtones (expecially in light of post-9-11 legislation) may prove too much of a incentive not to participate in a system as such. Or we could just make spam illegal.
Fat chance of that happening though...
0.1 cents an email would be unoticeable by the legitmate user, but bankrupt the spammer.
I think this works in the long term better than whitelists:
1. Sending mail server generates a tx content key based on the contents of an e-mail being sent.
2. Sending mail server uses the tx content key with a private key to create a confirmation key.
3. Sending mail server sends the e-mail, along with the confirmation key to the receiving server.
4. Receiving mail server generates a rx content key from the e-mail contents.
5. Receiving mail server sends the rx content key and the confirmation key back to the sending mail server.
6. Sending mail server uses its private key plus the rx content key to re-generate the confirmation key.
7. Sending mail server compares the confirmation keys.
8. If the keys match, the receiving mail server allows the mail to enter the recipient's mailbox.
9. If the keys don't match, the mail is bounced.
This should eliminate spoofed e-mail, which is the only type I get. This technique also keeps the second transaction to a minimum exchange of keys. The keys add traffic, but the eliminated SPAM traffic more than makes up for the penalty. As more and more mail servers are updated with this feature, spoofing is all but eliminated. The remaining "spoofable" domains can be explicitly severed from the net or blocked.
Xesdeeni
Can I see this for Joe with the private account, but not where it really counts.
--
Plug for an example of a consulting website that won't use whitelists: Seliger + Associates
I've been fighting a battle against spam for years. I think I've hit on some basic rules that work well.
:deny entries in tcp.cdb, and the number of bouncing messages dropped to an acceptable level.
1. Whitelist everybody you know - It's the polite thing to do.
2. Different addresses for different purposes - I use several addresses at several domains, and I make heavy use of qmail's -tag syntax. All of these addresses reach the same mail account, but each address has it's own set of rules - most of the mail sent to hotgrits@yourpants.net goes right into my junk box for later checking; only the ones that get very low spamassassin scores are diverted into my main box. Conversely, some addresses have much higher thresholds, or even bypass all of the spam checks entirely (mailing lists have special aliases that go right into a folder just for them).
2.5 Give each business or website you deal with a unique address so you know who sold your info.
3. Keep machine readable e-mail addresses off of webpages. I used to just use some light cloaking which displayed either a graphic or a encoded address based on the user agent. Last night, I wrote a more advanced cloaker which always displays a graphic, and provides a web based form to send an email.
4. Spamassassin - it is a wonderful program. I use the scores it assigns for pulling low scoring mail out of a stream of crap, labeling higher scoring mail, and for the very highest diverting them to the dreaded junk box.
5. When all else fails, block. Someone was pounding random addresses on my mailserver with hundreds of messages apparently from a nonexistant domain. The number of bounces stuck in the queue was well over several hundred and rising. A few
Try PopFile which uses a Bayesian algorithm to filter spam, is free, and does a great job.
I loaded it last week and my spam has gone from 90% of my email to 0% with no false positives (so far).
I can't recommend it enough.
Josh
I mean think about it, people will start writing more letters in a few years :-)
IM is no better. Unless you have a client denying riff raff access to your system you will receive spam that way as well (personally I like LICQ security options)
Has Comcast disconnected your Internet account? Same here. You can read about it at http://comcastissue.blogspot.com
Please send it to my email address.
D'oh !!!!
ESR's bogofilter checks tokens from the headers as well as the message body, so telling it that a message from a mailing list is not spam will allow all further messages from that mailing list thru.
It would be more effecient to just filter whitelisted mail out first, though.
Would your ISP have terminated their spammer if SPEWS hadn't escalated their listing to the whole /16?
Read what he said first. He clearly stated that SPEWS starts by blocking smaller IPs and notifies the ISP. If the ISP doesn't response, they block a larger range, until the ISP feels compelled to terminate the spammer's account.
If you're an ISP and want to avoid being blocked by SPEWS, it seems like all you really have to do is reply to abuse reports and terminate the offending account. See, Was THAT so hard?
How's that for a brilliant plan?
Jesus, I'd hate to see how you blow your personal problems out of proportion.
"Communism is like having one [local] phone company " - Lenny Bruce
If they reduce spam (blocking more spam), the ones that get though it will be smarter, and more effectly. Even you might have trouble noticing it's spam at first glance.
So the effectiveness of sucesfull spammers will grow making it a great bussiness (only to those that can master it).
Well'll have less spam, and better quality spammers.
unfinished: (adj.)
IMHO, the DUL is a complete PITA. The requiring that no one run a mail server of their own...it's just stupid, and breaks architecture.
White lists would be *far* more intelligent. They be almost perfectly effective (perhaps worms could spam, until whatever hole they were exploiting is closed, but that's it).
White lists are inevitable, barring some other massive change. Let's move to them, and stop having to deal with all these stupid half-assed anti-spam measures that make legitimate users miserable.
May we never see th
Why not? You have whitelist based programs like TMDA and ASK that do something like that but you need user action. If you could integrate to servers and clients, you could have this more transparent (and more effectively fighting spam). The idea is simple: 1- The email is sent. It stays on the queue. 2- A challenge is sent back (in case the origin is not already in the whitelist). 3- The origin is then authenticated sending a reply to the challenge... That's it. (a bit the same TCP does to IP... Make it trustable.) PS.: Of course the spammer could legitimate his origin, but at lease you can add (and identify)him more easily in the blacklist.
Are whitelists truly bad? Sure, you have to spend additional time establishing your identity with the other person. But once established, the entry doesn't need to be reestablished. I'd almost prefer that, but I'd rather not manage such a whitelist myself.
A company that managed a massive whitelist database for individuals could have a lot of ISPs as subscribers. Protected, persistent whitelists that can follow you from computer to computer.
The most amusing spam I ever received (names withheld to protect the innocent):
Date: Sun, 19 May 2002 23:03:19 -0600 (MDT)
To: [30 addresses at my ISP]
From: [Probably fake return address]
Subject: Government Alien technology needed! 7132
If you are a time traveler or alien and or in procession of alien
or government technology I need your help! My case is truly
genuine! I seek to work with someone who is of a kind nature,
someone I can call my savior as well as a friend.
My life has been severely tampered with and cursed by evil beings!!
I have suffered tremendously and am now dying!
I need to be able to:
Travel back in time.
Rewind my life including my age back to 4.
I am in great danger and need this immediately!
I want to work with you in any way possible.
I am aware of two types of time travel one in physical form and
the other in energy form where a snapshot of your brain is taken using
either the dimensional warp or the brain snapshot device and then sends your
consciousness back through time to part with your younger self. I'm almost
certain the dimensional warp would be the safest and best
solution. Please explain how safe and what your method involves.
I have a time machine now, but it has limited abilities and is
useless without a vortex. If you can provide information on how to create vortex generator or where I can get some of the blue or red glowing moon crystals this would also be helpful. I am however concerned with the high level of
radiation these crystals give off, if you could provide a shielding this would be
helpful. I believe the vortex would have to be east-west polarized,
North-south polarized vortexes are used for cross-dimensional time
travel only. Also, I know about the three dimension 4 bit (CODE) our universe is written in. If you are one of the very few beings who can edit this code, or know the passwords which can be spoken over a vortex, please reply!
If you have this technology and can help me please
send me a (SEPARATE) email to: [withheld]@aol.com
Thanks
Bayesian spam filters will save it.
Especially when they are used at the ISP end like they're supposed to be.
It's Christmas everyday with BitTorrent.
I have had several serious misunderstandings with people when communicating over IM.
Instant messaging is a difficult medium. It as immediate as conversation, but without being as clear and concise as email or other forms of writing. With most writing you read back what you wrote to make sure that you didn't accidently write something that can be misunderstood. Since IMs happen in (almost) real time this sort of care is not generally used. Also people do not type at the same rate so the thread of the converstation is often lost.
If the subject is important I always use another medium.
All it takes is a software module that can reliably filter out 95% of spam and learn new spam rules automatically on an ongoing basis. Once someone comes out with this, it will simply not be economical for spammers to do this trade.
See, the guy's article basicially puts a cart before a horse here.
Whitelists are meant to be the exception, not the rule.
Let me plug for a minute a great product my company uses: Ciphertrust's IronMail. It slices, dices, and filters email about 6 ways til Sunday (via blacklists, keywords, heuristics, you name it.), and does a wonderful job. The day after installing it here on site, the volume of email hitting our smtp server dropped 70%.
A little spam gets through, but not much -- no method of spam detection is perfect. I maybe get 1 or 2 a day instead of 15 or more, so I'm happy. Persistent spam, we blacklist.
On rare occasions when something valid does get blocked, we whitelist it to let it through the next time. THAT is the way whitelists should be used. Not the other way around, or you'll be in a situation a lot like handling NT trusts -- it gets big and messy in a hurry.
As far as IM taking over... I doubt it. I don't use it at all. I quit using ICQ mainly because I get too much freaking spam over it, and because, frankly, IMers *expect* a response yesterday, and I, frankly like to respond to something whenever I feel like it. I'm not a good IMer. Hell, I don't answer my phone half the time when it rings. (And mostly for the same reason. What's with all these prerecordeg vacation "offers" lately?! Sheesh!) I'll communicate when I want to, and email gives me that ability.
Email won't be going away, and whitelists can be effective if they're used properly.
Ed R.Zahurak
You know, oblivion keeps looking better every day.
1) My email address is pretty long and hard to guess by brute force. ;) )
2) Every time I get a spam email, I block the entire domain. (In order for this option to appear, you have to have only one email checked off when you click Block.)
3) I rarely enter this email address anywhere online. (For that I have a Yahoo account.
Result- I hardly ever get spam. Really!
http://www.filmthreat.com/GoreyDetails.asp?Id=221
A large problem seems to be that the facilities and resources are not available to police such "crimes" as spamming. If there were a portion of local PD set aside to monitor, investigate and arrest said offenders then people would be a bit more worried about getting jailed than getting one of their myriad of internet connections shutdown.
So a new police task force would be cool.
I think this is the perfect opportunity to insert crypto into the email process.
The crypto keys could be exchanged as the proof that you know the person and then the acceptance would automatically put the user into your 'white list'..
I'd use this if someone made it. It could probably even be a plugin to Outlook Express
Real world junk mail.
:)
Junk mail comes through our doors everyday, and costs the sender more than $0.001, your solution isn't.
Sorry,
spammers are exactly like the insect problem, you waste millions of F--ing dollars on it, yet you still have insects. Ask the farmer about the cost of weed abatement. Ask the government!
Blacklisting ISP's is the ONLY answer. Eventually it leads to a two part internet. Those that spam and their poor victims, and those who do not spam and their educated users.
To the PGP'ers, problem with that idea is a) hardly any mainstream fool can use pgp or (install it) b) if your not deleting the spam at the pop3 server (dial-up users get it worse) then you already wasted your bandwidth on the damn stuff.
To the manual whitlisters, problem is that sender@IP can be spoofed. PLus look at all the time your wasting, while you constantly have to setup filters and fix bugs and errors.
To the microsoft users, damn, get rid of OE, so that us linux users address's stop getting harvested when you get a worm.
ISP's can probably help the whitelister, but hey, you wanna know why they don't roll out spam free "premium" accounts? Cause it's buggy at best, and it's a LOT of work. I diminishes privacy when a human has to be paid to sort. And STILL the F--ing spam gets through. Oh yeah, some of you will say bla bla has spam free accounts. BULLSHiZ nobody has it.
The only way to stop the spammers is to kill them. But that is illegal. So the next best thing to do is spray a healthy fscking dose of Blacklist on them when they start becoming a nuisance.
The Junk mail filter in Mac OS X 10.2s Mail application works well for me. I get about 40 spams a day. About half of them I can't even read (foreign character sets). Most days the junk filter catches all but one or two spams. I've only had one false positive in the past month, and that was just an automated reply from a web page reporting that the catalog I had ordered was on its way.
Apple Mail's junk filter does require some training. When I first got it, it only caught about 25% of the spam, but after a week or two of my marking spam messages, it was running very well.
I have been wondering if this junk filter can be integrated with some service like Razor.
I get a lot of spam at work (maybe 30 or more/day) and almost none at home. I am careful about giving out my email address, and in fact I think I've given out the home address more than the work address. It puzzled me that I was getting so much spam at work, then someone here mentioned that we should not use auto-reply with Lotus Notes because that replies to spammers and confirms your email address. Of course everyone here sets Notes to auto-reply when they are on vacation, etc. I'm convinced this courtesy is the source of my spam problem.
It's too late to do anything now. Yeesh.
Atleast my local reps have switched to web forms citing an overwhelming influx of email. This sucks big time because it makes the EFF's email thingmy useless. Now I have to copy-n-paste the contents into the proper web form. The things I do for my country!
Promising newcomers such as CloudMark, which taps the collective power of e-mail recipients to identify spam, may improve things for a while.
I've been using this for a while, and am catching like 80% with 0 false-positives so far. The only downside has been a few minor bugs, which is expected for a beta product and have more to do with Outlook than anything. I think the concept is sound, and would be pretty hard to circumvent. Basically, a fingerprint (one-way hash?) of the email (not just the header) is looked up in a database which contains reported spam. Reports are weighted for reliability, which prevents spammers from unblocking their own spam. I can think of only one way, besides a DoS, to get around it, but I ain't telling here =) www.cloudmark.com
This is due to the fact that to many Microsoftees .. ever. I also subscribe to a blacklist that
admin email servers. I for one use a Unix based mailhub that gets processed by a program I wrote.
If the email passses a set of rules I created It
get's plopped into anothother set of rules. Once this passes the email gets forwarded to the user's account. I never have a problem with email
I have sendmail refuse mail from a long list of domains. When will MICROSOFTEES get a clue?
And script kiddies just learning unix setting up
a freebsd or linux box without default settings has
also been a problem. Finally distributions by default have relaying disabled.
Email works, you just have wannabees administirating it. Leave email administration to people who know what they are doing.
People who know what they are doing would never use a Microsoft product for their email.
Email technology will have to change in the future to avoid taking our precious time. One method I thought of while reading through the posts here on Slashdot that no one seemed to suggest is that DRM (the bad and ugly Digital Rights Managment) could used to encrypt legitimate email. I think that the time I spend here on Earth is quite valuable and is in a sense intellectual property and has a dollar amount that can not be used/stolen by someone else that is not approved by me. Just as the Music Industry cried, screamed, and wailed about Napster and Gnutella networks being means to assist people in stealing music and profits, so is spam stealing time from our lives. By encrypting email in a way similar to CDMA digital cellular phones, a key would be required to decrypt the message if the email was legitimate. If a key is not legitimate, the email is simply deleted. Of course, the key could not simply be a set of numbers or characters, that's too easy to break the encryption, and pass along a list for sale. What is needed is an intelligent encryption method, using a key composed of two or more algorythms. The email sent to you would contain one algorythm and your computer would contain the second algorythm. Using both algorythms together with initial conditions and present conditions (i.e. date) that exist only on YOUR computer can the email be successfully decrypted, otherwise it gets sent to oblivion.
Making email intellectual property under the DRM law is punishable by fines and imprisonment if I understand the law correctly. By breaking or stealing the keys to my email account, someone had to be hacking or participating in some pretty mischievous activities that would be recognized as unlawful and deserving of serious fines and jail time.
This is in a sense a Whitelist, though a more intellectual approach to it. Whitelists will probably evolve first with a method similar to the one I thought of to follow once the Whitelist system falls apart due to profit-seeking business corruption.
Maybe the ISP's and SMTP tools should look at the issue instead of forcing it onto the users.
Add certificates to all SMTP servers (sendmail, postfix, etc). Require them to be signed by a respected CA with all the proper details. Any communication between SMTP servers must only use authenticated connections.
Add onto this a couple of rules for sending messages. 1) Only legitimate user address in the From field of emails. 2) Allow only 50 messages to be sent per day per user. Allow some method for handling mailing lists and legitimate use for larger mailings. 3) Only accept relays from the local IP segments that belong to the ISP unless the user is using some other authentication method.
And most important, set an ABSOLUTE deadline date that this must implemented. If an ISP is not ready by then, they don't participate in email. It's in their best interest to cooperate with this since it's their server and network resources that are being wasted by spam.
...than the hotmail account is Spam Gourmet. Check out their site.
If you do not give away your email address except to "trusted" people, you are basically implementing a whitelist by hand.
I find this to be a perfectly valid spam defence, just like a tmda whitelist, and one I believe more in that increasingly sofisticated blacklist filtering.
However, it does not change the fact that email has changed character, from a method to inititate contact with people, into a method which people who already have contact can communicate.
At least tmda based whitelists will still allow strangers to contact you, even if it is slightly more work than it used to be. With manual whitelisting, that option is out.
Right now the cost/benefit analysis favors spammers.
The Spammer's View:
First, it's very inexpensive to collect/buy a million email addresses and very inexpensive to send a million emails. Second, the return is sufficient: out of those million emails, all it takes is a handful of replies to make a profit. Third, the risk of being prosecuted or otherwise suffering financial damages is still practically nil, so the worst you have to fear is your ISP cutting you off -- whoop de doo, go uncover another rock and sign up with a new one.
The ISP's View:
It costs little more than a little bandwidth to send a million emails. It costs a little in reputation to be weak on busting spammers' accounts. Signing up a new customer is a profit.
The User's View:
Here's where the "cost" of spam is high, and consequently where most of the effort in fighting it has been made. Most users either just delete or have software to keep spam out of their inbox. Some people are careful about how they publish their email address. Some use blacklists or (more recently) whitelists. The cost to receive an email is fortunately low or nothing.
When the cost of spam becomes too high to ignore, for spammers to send or ISPs to relay, spam will decrease. It already has started to become more expensive: some ISPs have strong anti-spam policies and measures; some laws have been passed against spam; and there is quite a bit of software to deal with spam at the recipient end. But that's not enough, as evidenced by the continuing growth in spam.
Eventually, spam will be dealt with more strongly at the source. It has to be sufficiently painful first, and the pain is starting to be felt by ISPs and others involved in relaying email. I expect the situation to be much better a couple years from now.
-Thomas
I have set up a mail server in my home (DSL). My wife and kids do not get any mail from anyone NOT in a filter list. Sure, the mail server gets the SPAM but that is where the buck stops. I can review the mail to make sure nothing is being tossed out that was supposed to be read but if it was AND it was important, I usually get another copy or they pick up the phone.
"If you are on fire you can just stop, drop, and roll. If you fall into Lava you are just dead." - my 5yr old daughter
Even when I lived in the US, I got at most one per day. Today where I live in a country where such calls are illegal, I get one a year at most. The difference is of course that phone calls are expensive, especially from other countries (where such calls may be legal).
That seems to be the fear of many people, and the fear that is mentioned in the article. I receive around 80 e-mails a day, about 40 of which are spam. This doesn't include the spam that is caught and deleted by my procmail filters.
I don't see how people can complain that it takes so long to delete spam. I just read all my e-mail sequentially, and hit 'd' whenever I encounter anything that says my breasts can be larger, my penis can be firmer, or I can make a kajillion dollars a day. It's that simple.
I think people just need to learn some patience.
So, no, it is not strange. You are just an example of what has happened to email, it has become a communication media for people who already have contact, thanks to spam.
Given the fact that most American business these days seems quasi-criminal, I don't know why anyone would use email for any real communications. Email seems to be a way to say: 'hey, call me.' Other than that, don't use it for real information. Look to Wall Street, Mr Grub (I mean Grubman) and his twins getting into the elite preschool. If he wasn't a braggart in his email he wouldn't have to face the music of his seemingly eggregious behaviour. Anyone who puts real information into email is a fool. I stopped using it for anything real on the day when my boss sat me down and was casually going over all of my emails while I sat there. I stopped working there that day. Yes, email is good for simple hello, or for transferring an attachment, but forget about using it to communicate or it will come back and bite you.
I think we should be directing all of this anti-spam energy at real spam that consume trees. I receive a tree worth's of paper spam everyday in the mail. Why not attack that first, it would seem to have a greater impact on the world at large.
And when the SEC shows up with a warrent for the emails. . . do you go to jail or give them the key?
It seems to me that the basic question that everyone wants answered is "how do I give secret messages".
.
Paper and a shreder seems the most secure way, and the way that is the least likely to bite you later.
Other ways?
Have a set list of things that you might say, call up and tell someone to read number whatever from that list.
Have the list be items in an on-line game.
Have an on-line game that allows the players to 'write' on the wall at some remote place in the game. The text disappears after a certain time.
Have a lot of characters doing the same thing. .
Speak in a language that only few understand (Finnish, Navajo).
OR: Be honest and don't do illegal things. But I guess no matter what you do, it could always be construed as being illegal.
My favorite idea: don't be a money-mongering bastard and you won't make enemies so even if you do transgress the law. . . the consequences won't be that great because they will see you as a good person and let you go.
I like it that the SEC is getting some of the thieves on Wall Street. Too bad that we can't get our money back. . .
>you have to prove you're an actual person (e.g. identify a word in an image)
1. Do a simple OCR routine to identify that "word in an image".
2. Sell it to lots of spammers.
3. Profit!!
I'd like to point to a programm called ASK - Aktive Spam Killer. It's something for your procmail and works like a whitelist - the "trick" is: Anybody who is reachable by their sender adress can get whitelisted by simple reply on the confirmation - and as long as Spammers don't reply this trick works... or at least doesn't has to be improved. I use it since a year and it works fine.
Where to get: Freshmeat: search for ASK
If you don't send them a paper letter that you date and sign, I am pretty sure that most congresspeople don't bother to read the stuff.
If you have real business with your congressional delegation, you need to dust off the printer and use stamps.
Best is to go and press their flesh and look them in the eye. Then send a letter. That is the most effective way to get them to respond to your needs.
Hate to say it, but this is a band-aid problem. Spammers evolve, we evolve. What we need are flexible tools that let us evolve as quickly to keep ahead. Spam assassin is AMAZING. Maybe I'm lucky, but in the last month, since I started using it, I have had neither a false positive or false negative. Can't beat that. It has a great rule structure to which new rules can be added as needed.
I think the future is something like the current antivirus solution for spam. A big company, maybe even Norton, would create a spam blocking plugin for email clients (or maybe a front-end between the server and your client). They would make money from subscriptions to spam "definitions." You wouldn't need to update as often as for AV software, and it would work.
Alternatively, these Bayesian learning filters are VERY intriguing. That would solve the problem potentially without band-aids.
-Looking for a job as a materials chemist or multivariat
Usenet went down because ISPs stopped caring about it. As the Web ballooned into the monster it is today, Usenet became a neglected backwater, where once it had been the core of an ISP's business. Suddenly the threat of a UDP isn't so terrible; most of your customers won't even notice. So why bother dealing with your Usenet spammers?
By the way, Usenet isn't such a desolate wasteland as it's often depicted. The problem is that old newsgroups never die - alt.current-events.desert-storm for instance (although that one could well see a renaissance in the very, very near future...) - so a group that has outlived its usefulness lives on as a ghost town, accumulating the occasional spam. The big groups - alt.fan.[someonepopular], sci.[subject], alt.religion.[insertflamewarhere] are still going strong, because there'll always be more people interested in that topic. Odd little net.cults like alt.adjective.noun.verb.verb.verb, though once a part of the geek experience, are faded away like Mahir.
The same thing will (has already?) happened with email - as long as the cost of exploiting it is less than the percieved profit opportunity, it will be exploited. Given the costs of sending email, it's unlikely to stop being exploited - ever.
Email isn't looking like being superseded by anything in the way that the Web eclipsed Usenet. A listing on a major blacklist (Spamcop, SPEWS, whatever) is a big threat that strikes at the core of an ISP's business, just like the UDP was in the Elder Days, and so rogue ISPs can be bullied into submission by a sufficiently large boycott. Spam will always be with us as long as the economics make it worth doing, but the economics of the email business make it worthwhile for an ISP to fight email spam. Sadly, Usenet is no longer financially worth that kind of effort...Real Daleks don't climb stairs - they level the building.
Have you heard of a file called HOSTS that sits in your Windows system directory (or in some such place).
If you use this file you can redirect any URL to local host and PRESTO, nothing from that Address comes into your machine. Hence, I get no images from sites that are on the list. I get no popups.
Also, I have Spamanator from Earthlink and that work AWESOME and I get no spam. And if I get things that are SPAM I can give it to Earthlink and they put the Spammer on the list and NOONE with Earthlink then gets spam from these people (they, of course, review it). And if I want I can go to the spamanator and look at the email that I didn't get. If I don't transfer it over, then that offensive stuff is delete in a week.
Awesome.
If you have popups, may I suggest a firewall. I run the Norton one, and while I have issues with it it was worth the thrity bucks.
As far as the HOSTS files goes: whenever I have something I don't like I open the file and add the URL to it. You can get a HOSTS file on line. DO a web search.
You do not need to be a victum if you learn the tricks. . .
Right, because we all know junk mail has killed regular mail. It's easier to hit the delete key every once in a while than it is to throw out the massive amount of coupon mailers I get in my physical mailbox every week. And yet, the mail system keeps functioning.
If you run a server or can script for one, why not just have an "email me" section wherein people can type the message and be done with it. Throw in a particular key as the message gets sent, protect your script against hacking, and any email coming through should probably be legit.
Safer than putting a href='mailto:spammeupthebutt@myserver.com' tag...
I am curious to know how many people on Slashdot have tried the whitelist approach. (Perhaps it could be a poll?) I have started to use it in the form of the Digiportal product, ChoicEmail. Like the Slate article indicates, it works using a whitelist, and people who contact me who are not on the whitelist are automatically sent a return email asking them to identify themselves. Since using it, I get zero spam.
At first I needed to watch carefully the log files to catch people whom I wanted to communicate with, but had inadvertantly not made it into my initial whitelist, but gradually, it took less maintenance, especially since it automatically adds outgoing emails to my whitelist.
The only real problem with it, is that occasionally, a client, business contact, or a friend will email me and will be surprised by the automatic response. But, I have tried to word the automated response to be as friendly as possible. Even so, some have joked, "Don't you want to hear from me?" However, being intelligent people, they always understand why I have implemented the system, and I can tell most are inspired to think about installing it themselves, as the problem with spam is so universal. So, that is the only real drawback - the potentially lost client or missed communication because the sender somehow feels offended by having to go through the hassle of asking you permission to send you email.
But, this is a cultural barrier, not a technological one. It is possible that this approach would become the standard. If it did, people would never feel offended that they were required to ask permission, since we would all be doing it, and this one slight drawback would be eliminated. I don't know what the future holds, but it is possible. And the interesting thing about it is - if this did become a universal standard method for processing email, there really would be no spam.
I bet if people start using distorted images of text and even real world objects to prove that the sender is a human, image processing and computer vision would imediately see a boom :)
"There's a madness to my method." -mthed
I have a vague memory of a woman named Babcock who tried to sign up for something, but wasn't allowed due to the "cock" part of her name. So she used "Babpenis" instead, which passed the filter with flying colors.
Leveling up builds character.
In the trite words of a screaming Chris Tucker, "Do you understand the words coming out of my mouth?
Here's what typically happens.
1. SPAMMER gets account on your ISP
2. SPAMMER SPAMS from your ISP
3. Someone reports SPAMMER
4. SPEWS sends warning to your ISP
5. ISP does nothing
6. SPEWS blocks small IP range, sends second warning
7. ISP does nothing
8. SPEWS blocks larger IP range, sends third warning
9. YOU get blocked (It's obvious your ISP doesn't care about your connection)
10. ISP finally takes appropriate action, SPEWS unblocks ISP
If SPEWS didn't follow that procedure, then shame on SPEWS. If you're ISP didn't respond to SPEWS, then shame on your ISP.
Either way, Sounds like you need to get another ISP that actually cares about keeping the connection up for its legitimate customers.
"Communism is like having one [local] phone company " - Lenny Bruce
If you're an ISP
I'm not an ISP, the spam in question was not from one of my customers, the system in question was not under my control...
See, was that so hard?
It's downright impossible, because I'm not an ISP. There are four short words in that sentence, which one is causing the problem? You are shouting at the wrong person, just as SPEW blocks the wrong IP addresses.
The logic of SPEW is that you hurt the innocent little people to put pressure on the big guilty people. That approach is wrong in principle, and is accepted as wrong in every other area I can think of. You don't beat up people's kids because their dad owes you money and is bigger than you. This is Godfather morality!
And even if you want to live in that sort of world, the starting point was an article saying that none of the SPEW-type systems are going to work anyway!
Let's think about this for 30 nanoseconds. If I need to send emails to someone, and I discover that the emails are returned because of SPEW, am I going to
a: stop communicating with that person until they put pressure on their ISP to change their spamming policy or
b: find another way of sending email to that person?
From where I'm sitting, not using SPEW sounds like a great selling point for any ISP. Or, to put it another way, does 'we promise to randomly stop delivering some of your emails for reasons that have nothing to do with you or the person you want to communicate with' sound like a good sales pitch?
On an earlier occasion some ISPs used by certain branches of a company whose email we host started bouncing redirected emails from our server. We solved the problem by telling those branches to find another ISP. Is this how the system is going to work? Because anyone with a job to do is going to do the same thing.
Virtually serving coffee
I receive tons of spam on AIM. Pr0n spammers make up AIM screennames and send out links in the message. My screenname is not connect to any email address and I have never given it out, only to associates.
100% Insightful
who cares
I wonder why people still discuss this. Using one time addresses solves all the spam issues. Each time when somebody asks for your email address just create a new email like @mydomain.com. In this way you can track who sold your email to a spammer and can disable email addresses as needed.
*runs off to bathroom*
flusssssssssssshhhhhhhh
Is everything better now?
"The best argument against democracy is a five minute chat with the average voter."
--Winston Churchill
a: stop communicating with that person until they put pressure on their ISP to change their spamming policy or
b: find another way of sending email to that person?
Let's think about it for even fifteen nanoseconds. Who's using SPEWS here? If your ISP is using SPEWS, then mail from addresses listed in SPEWS will be dropped. Mail TO addresses in SPEWS generally won't. SPEWS is used to prevent spammers sending crap to you, not to prevent you sending crap to spammers!
In the case you describe, it's YOUR provider that is listed in SPEWS and that needs to change its ways. I would therefore say that (b) is your best choice - find another way of sending them email. That other way would be to send it from an address that is not listed in SPEWS - i.e. switch to a non-spamming ISP. That way ISPs find that hosting spammers is bad for business, and spammers find that they are no longer welcome. Which is the idea.
Real Daleks don't climb stairs - they level the building.
Just one word -- spamassassin
:
... this is where I'd go :) )
It's worked great for me.. and you can sort based on score.
Here is the configuration I've found useful...
Required hits : 4 -- This marks all messages with a score of 4 or higher as Spam. This still marks some legitimate mail as spam but read on
Mailfilterrc rules
1) Don't do anything to messages with score 5 or lower (This delivers some messages marked *SPAM* to my inbox, but it catches most of the legitimate mail)
2) Move all messages with a score of 6 - 9 to a folder called Spam (I've never had a legitimate mail with a score higher than 9. This also limits the messages I have to scan through quickly to see if any legitimate messages got filtered)
3) Move everything with a score of 10 or higher to a folder called Crap. (Normally I just delete all messages in this folder. But if I ever feel like looking a ads for hot chicks
This has worked fine for me. I get about 2-3 spam messages delivered to my inbox everyday, around 30 messages in my spam folder of which about 1-2 per week is a legitimate mail, and about 40-60 delivered to my Crap folder
I'm fed up with nothing being done about spammers (OK there's been about 3 prosecutions this year) so was considering getting some people's attention:
What do you think the legal position would be if I forwarded all my spam to my MP (UK) or Governor (US)?
I wonder if this would piss them off enough to do something about it (hopefully prosecute the spammers and not me!) Maybe if we all did it....
#include <sig.h>
Here's what I think I want.
I want peer to peer distribution of spam filtering rules.
Say I get a spam containing the word 'viagra'. (I know, never happens, right?
When I (or anyone else) views that message and says 'that's spam', a rule based on that message should be published for acquisition by email servers across the net. Messages to anyone could be rejected based on a percentage match to known spam.
All of the sudden, spammers would have to compose a _different_ message to everyone on their lists. Not an impossible task, but I prefer the burden remain on the spammers to try to get a message through, and I prefer that that burden remain extremely high.
So, slashdotters and sourceforgers (er.. wait a minute there...no pun intended or implied
Thank You!
What we've resorted to, with great success, is a combination of domain and content filtering.
So yes, if we get spam from "wesendgoatporn.com" guess what, "wesendgoatporn.com" is added to our blacklist.
But also, we block ALL messages containing "free" AND "goat" AND "porn" as well. So even if they change their domain name, or if someone else tries to send us free goat porn, it's blocked automagically.
This is what we've done to stop a lot of the spam, and I mean a lot. 400/day company wide (for a company of 25 people) dwindled to about 20/day now, which is a 95% reduction. And out of the thousands of emails filtered out, only a small handful (less than 10) were legitimate emails. And when a legit email is caught, we simply tune the filters, and those incidents are now fewer and rarer.
By the end of the year, the filters should be solid enough that we should see a 99% spam reduction, and an error rate 0.001%. A lot of products are out there that do content filtering too, and many are inexpensive.
A proposal I am working on replaces email and saved the problem of spam. Rather then sending emails to user@server, everyone is just a 1024bit PGP key. That is your identity. Then the program just runs a distributed search over its locatation P2P network to find the user. A secure connection is established for all transactions. Im looking for more conceptual people to assit in the launching of this idea.
-Steve
Privacy laws are good, but they somtimes increase, not reduce spam. Privacy laws can be excessive and are being used today by Finland spammers. Finland prohibits release of whois information, so it's impossible to identify spammers from Finland.
Certainly, you might not pick up the phone if it's not a number you recognise, but you're still going to look.
Not me, not anymore.
After 20-years of having a landline, I've discontinued it. I rely on my cell phone now. In five years of use, I've recieved exactly one unsolicited cell phone call and the caller VERY quickly apologized and hung up.
I will accept no more phone spam.
The question begs, would I go to such lengths to deal with email spam? I think the answer is easy to guess.
California is just starting a crackdown. Unfortunately, the Attorney General of California didn't bring criminal charges, although some of the violations of law in the complaint carry criminal penalties in California. (While spamming isn't a crime, conducting a business and accepting credit card payments without disclosing the ownership of the business up front is a criminal offense in California.)
digital signatures
In this specific case, the choice was moving a website, a domain name, 400 email addresses etc, or telling half a dozen people to stick the next free CD ROM that drops through their door into their PC. They use email redirection, so changing their ISP was no big deal.
As it happens, we pay monthly, but it is common to pay for small servers one year at a time. In which case doing what you suggest could cost £2000 or so.
That way ISPs find that hosting spammers is bad for business, and spammers find that they are no longer welcome.
Except that, as I've already pointed out several times, a professional spammer can afford to lease a machine a week, even if it gets shut down at the end of the week, and, apparently, this is just fine with SPEW.
Virtually serving coffee
I already effectively have a "white list" of people I know that i automatically accept e-mail from. Anything flagged by SpamAssassin is then dumped to one folder, and everything else to a separate folder to be checked.
E-mail from people on the "white list" get a response alot quicker than other people.
Granted, few of them are doing it now, but as whitelists become prevalent, the spammers will simply maintain lists of email tuples, each tuple will have you, your mom, your uncle, and your best friend; all folks in your whitelist. Send to each address in the tuple with a From: address from the tuple, and voila, your whitelist does nothing.
- "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
Sure. SPEWS know who all the professional spammers are, they block them on sight. If the ISP disconnects them in a timely fashion then that's not a problem at all. Sooner or later the spammer will run out of places to hide, and will wind up on some provider, maybe Chinanet, which doesn't care who blocks it. Then they can spam all they like, they'll only ever hit blacklists.
I assume, of course, that no ISP is going to be fool enough to take on the same spammer twice. This is in general a reasonable assumption, but Verio will insist on proving me wrong... they disconnected and then reconnected your original Antipodal troublemaker.
Real Daleks don't climb stairs - they level the building.
That brandname is getting everywhere... so now they make Vodka as well as t-shirts?
If you have/have access to your own domain, set a default rule in .virtualmail and give out a unique e-mail address to anyone who requires that you give them your email (324sd034@yadayada.com or something). When you receive spam on that account look up in your log the one organization in the world that you've given that address to and go scream at them. It won't solve all your spam problems by any length, but perhaps it'll make a dent.
That's my email address! No wonder I keep getting spam, you keep giving my email address out! :)
If it was clearly illegal to send unsolited bulk email (spam) to anyone in the U.S. or Europe, and a hefty fine backed that up, it would force spammers to move to smaller countries. Those countries would then quickly get blacklisted: "Fix your laws, or you can't do business with us." There will still be spam, but it will be much, much rarer because it would be more dangerous. You could also fine companies that pay for spam - a few hefty payments would at least eliminate a lot of commercial spam.
A partial alternative would be to require (by law) automatable marking (say "ADV:" as the first characters in the subject line) and forbidding source forging. Again, could spammers disobey the law? Sure, murder still happens too. But by making it legally a crime, with real penalties, we certainly reduce the number of perpetrators.
For more info, see http://www.dwheeler.com/essays/stopspam.html
- David A. Wheeler (see my Secure Programming HOWTO)
Me and a buddy of mine actual started a company a year ago using this very technique. We were probably one of the first, if not the (according to our research), doing this with commercial intent. It works GREAT -- if you don't mind the concept of, in essence, reverse spam. We've tweaked the system to rely not just on auto-verify techniques, but other spam filtering concepts, and it seems to provide a decent blend. The only real problem so far as been a few small mailing lists we've run into that handle oddly. I'll tell ya what though, the most gratifying thing so far has been getting auto-acknowledgement e-mails from the support centers of people trying to spam me :)
Anyway, check it out if your curious -- theres a free trial and all that jazz.. http://www.atqui.com
I did a quick search and did not find those 3 letters, which is suprising, so forgive if this is a repeat but....
PKI (Private Key Infastructure) !!! I have said before and will say again - I am not convinced of it's use for ultimate security/cryptography - but it does a 'good enough' job for email authentication. Go ahead - give the post office (in each repesctive country) master Cert Server status, issue smart cards with Certificates and switch to PKI based e-mail. It would significantly reduce spam, as well as solve a number of other problems based on authenticity. Spammers need more motivation to stop? Let the post office charge a penny for mail delivery. Still beats physical mail! And elliminates the 'free marketting' atraction.
The post office is in need of something new and related to keep it alive (the writing is on the wall) - even now they are depending on physical spam mail for revenue. A national ID card will happen despite all efforts to stop it - so why fight it? Let's negotiate a positive use for it as well. What better government agency to do this? They already have the infastructure.
PKI is relatively open and defined enough to allow for this to happen - certainly as far enough along as that last tech wonder, what was it called? 'The internet' Spiked
slashdot troll = you make a compelling argument I do not like the implications of.
i use a thing called MailFiler, which keeps a white list in a small Microsoft Access DB. It works fairly well, it filters about 60% of my junk mail correctly.
-- Betting on the survival of the media industry is a serious risk. I advise investing elsewhere.
Let's see, I'm a spammer and I want to defeat a Bayesian filter, what do I do?
Simple, send no text, but a graphic advertisement in the form of a PNG or JPG file.
Does a FREE, web based, "white list" email service currently exist anywhere on the internet? If it did, I might consider changing from my Yahoo mail.
As a matter of fact, it would be nice if Yahoo mail would give me the option of toggling a "white list" on or off, for my account. That way I could filter out junk mail forever.
-- Betting on the survival of the media industry is a serious risk. I advise investing elsewhere.
I was getting so much spam on my dial-up account that it sometimes took me 20 mins to download mostly useless, if not offensive, email. Sorting it automatically by client-side methods (e.g. SpamAssassin) wasn't helping the download time, since you still have to download the blasted spam before you sort it.
So I got rid of my contaminated address. I created an account on two web sites: www.spamgourmet.com (free) and www.sneakemail.com (mostly free).
Spamgourmet allows you to create an infinity of different email addresses all going to your POP3 account, by adding various prefixes. So say, to take a recent example, that your account is SpammerMaimer and you want to subscribe to, oh, MIT Technology Review's newsletter. You create an address called MITTechReview.20.SpammerMaimer (@ the SG domain). The "20" in the middle word of the address gives them 20 shots at emailing you before the address shuts itself down (and you can manually reset the counter).
Then, surprise! This stupid magazine sells your address to several spammers. On top of that, their forum system is spammer-friendly because it encourages email address collection.. You know that it's them, because you haven't given that address to anyone else. So what do you do? You go to your Spamgourmet account and shut down that MITTechReview.20.SpammerMaimer address. Problem solved.
For truly one-shot emails, I use sneakemail, which creates disposable addresses that you can disable individually.
The hardest thing is to keep the old address active for a while until all your usual correspondants have been informed of your new address. Then, when you switch your ISP email address, you just have to change the forward address in SG and Sneakemail.
Highly recommended.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
That's the whole point. If you'd read it, you'd understand you've already lost.
Imagine if all or some very large contingent of email clients allowed you to
"retaliate" against spam messages. Highlight message, select "negative feedback"
option, a daemon is spun that traces back as far as possible the route of the
message and barrages it some fashion. By pings maybe? By directed replies? Imagine
it does this in some scheduled fashion so as to minimize the impact on your local
network. As 1 million disparate sources converge upon the last traceable source of
the route of the offending spammer, some network somewhere will start to feel the
load. Like the spokes of a wheel converging on the hub, the retaliation traffic will
thicken as it closes in on the source. The pain increases. ISPs inundated by
individuals expressing their right to freedom of speech, will feel suddenly inclined
to exercise their right to refuse service to someone.
The "negative feedback" could be dosed in a coordinated fashion if there were some
P2P means of establishing how many individuals had received a particular spam. If a
spammer hits only a hundred people, the dose of retaliatory traffic would have to be
increased to be felt. If the spam hit a million, it would require only a modest
retaliation to utterly swamp the source.
Just thinking out loud. Could this be made to work? No one's free speech is
curtailed, spam is dealt a serious blow.
fight fire with fire.
What we need is a P2P email system where messages to a recipient are stored on the server of the person *sending* the message. In that way, the storage of the countless spam emails is the responsibility of the spammer, not the people being spammed. Additionally, it would be much easier to blacklist spammers that actually go through the expense of buying all that server space.
I have often thought about this, and while I don't like the idea, it seems the way to really get rid of spam is to license email-server operators, or the servers themselves. There would be a global 'whitelist' of licensed email servers on the net. You would configure your server to only accept mail from those mail servers and no others. If a server sends spam, they get removed from the whitelist. If they continue to send spam, they lose their license forever.
Like I say, I don't really like this much intervention, but spam is getting out of control, and it seems that the solution should come from the providers running the mail servers rather than client side filters.
Just as spam wont kill e-mail. I never read spam. I just delete it. It's a minor annoyance.
In this specific case, the choice was moving a website, a domain name, 400 email addresses etc, or telling half a dozen people to stick the next free CD ROM that drops through their door into their PC. They use email redirection, so changing their ISP was no big deal.
No, in this specific case, the choice was either moving your setup to a different ISP, or calling your ISP and telling them, "if this ever happens again, then by god we are switching ISP's and we'll tell every customer of yours that you obviously don't give a damn about them".
SPEWS did you no wrong. Your ISP did you much wrong, by not responding to spam complaints in a timely enough manner and by letting spammers use their section of network to the detriment of the rest of the network.
Your ISP's inaction is what caused your pain. Complain to them, it's, quite frankly, their fault. Threaten legal action if you like. Whatever, the point is to get them to change or annoy their customers enough to make them switch ISP's.
I mean, really what would it take to make you switch from these guys to someone else? Blocked for a week? A month? A year? How far does it have to go before you realize that your ISP is causing the problems here by not attempting to resolve their issues with spammers?
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Since harbouring spammers costs other clients of theirs business, it is their job to make sure that they are not harbouring spammers. Since they do not know who will be a spammer, the way to do that is make the cost of being a spammer harboured on their system more than spammers wish to do so. The easy way to do that is that they should modify their subscription mechanism so that should the customer violate the terms of the service, they get a big hefty charge. And/or a possible lawsuit.
Yes, this is inconvenient from your point of view. But not as inconvenient as not having your mail accepted, n'est ce pas?
And yeah, it sucks from your point of view as one of thousands who are collateral damage. I understand that. It sucks from my point of view the other way as one of millions who are collateral damage. I don't think you understand that. And I don't think that you have any better answer than SPEWS either.
BS only got to see one of those once...
What's to prevent you@bar.com from getting SPAM in his mailbox or spammers on his whitelist with this scheme? Basically, you have a box receiving an email, and then talking to the sender of the email to verify that the signature was his and correct.
But I (as a hypothetical spammer) can make a signature in any name, and I can set up any accounts on any hostname I like rather easily. So a spammer could get messages into your box and get a name (even if it's a throwaway name) onto your whitelist without any human intervention. He has his certify address always respond in the affirmative, and voila.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
It occurred to me halfway round the supermarket. As I understand it, what gets blocked is the smtp server. So SPEW must be generating a huge market for clean smtp servers. Cheap to run, low bandwidth, you could ask for ID and make people sign contracts, and I reckon anyone who has been blocked because of a SPEW vendetta against someone else is going to seriously consider paying $10 a month to solve the problem in days, rather than hoping their ISP jumps through the hoops before they go out of business. Doesn't encourage spam, stuffs SPEW, makes money. Anyone see a catch?
Virtually serving coffee
Works great.
I just need to upgrade it to allow other users to make chages to their list via a web interface instead of by sending mail to themselves, because people are to stupid to understand that, yes, you can send yourself an e-Mail.
I went from more than 100 spam messages per day to 0. I still receive all my important mail.
Just once, I'd like it if someone called me "Sir".
Without adding, "You're creating a scene."
We have seen this happen before:
;)
You find a way to block spam...
Spammer finds a way to counter.
<Long informative post warning>
Yes, my friends. Suppose that this article is true and that evolution, say 5 years from now (*shudders*) makes even the average non-computer oriented american look at email the way we see postal junk, removing all the novelty and making her decline offers to open email accounts.
Step 2: She has always heard of IM so she downloads AOL IM instead because everyone else has it. This ubiquity is similar to the one of Windows. Remember what happens when an operating system becomes common? It just becomes a new target. Viruses start getting developed for it. The same thing will happen to IM if we shift to it. You have to realize that though a bit more time-consuming, spammers will start making databases of IM usernames and begin sending spam from their accounts.
Two years ago when I still used ICQ, which is owned by the prone-to-spamming AOL system, I received spam from users who seemed to not exist! Though I had explicitly chosen to be invisible to everyone but my buddylist names, there was some obscure way of sending IM's with sex ads, and that the message came from forged addresses that you couldn't track and punish.
Bear with me, from here on this may seem unrelated but look at the big picture:
Remember the days when there were no popup ads? Well, people would turn their images off to skip normal ads. Then popups came and some annoying javascript enabled them to pull you to their new browser window. Then, even cleverer, was the use of pop-unders, because everyone knows that you ignore popups because you want to see something else in the first place, However, pop unders show up when you are ending your browsing session and are in no rush to close extraneous windows: The famous X10 cameras from yahoo are known by all for a reason. Then nonspammers --but ad people indeed-- started placing ads in Flash formats, and my Opera browser began loading that too, even when my graphics were off, because pluggins load separately from images.
So, it will be only marginally harder to spam people if we do make a transition to IM whitelists, but all you need is a screenname generator, which you can develop from a password cracking algorithm, and an expendable IM name. It takes 5 minutes for a spammer or anyone to grab a new one after their first has been blacklisted by AOL. Spam by IM has already been done, and will just come back. I certainly know that no ISP will drop the free email address policy when you register, so, it may take those full 5 years before I can tell my family and friends to send me those greeting cards and announcements by IM. Worse yet, how the heck will mom learn IM if she can barely send emails? My parents hate IM because they cant type, and on top of that, they cant type fast
"Wireless : LAN
this is an everyday DOS attack on all of us.
I have been thinking about the amount of time being wasted on spam. I installed an SMTP honeypot looking like an open relay, but in reallity it just acts like a black hole. Once I recieved 35 million spam mails in 4 days. If the average recipient would have spent just one second deleting this spam, I have saved them a total of more than one year of work. Think about it, more than one your of just deleting spam mails!
What have you done to fight spam in general, and not just the spam in your own inbox?
Do you care about the security of your wireless mouse?
Simultaneous MultiTalking/Typing :).
Maximises usage of processing modules especially in high latency communications (whether due to links or processing units or situation).
But it also happens with email and other messages.
They split into multiple threads, sometimes so much so that you need to break them into actual different messages.
I may get spam in one of my e-mail accounts (EarthLink's software does a remarkable job on the rest of my accounts), but I never get Latin American teenagers looking to practice their English skills on a hapless American like I do on ICQ.
My God man! My self-description in ICQ boils down to "Go the fuck away" and still they come! That by itself will be the death of instant messaging long before the death of e-mail!
It's a temporary phenomenon. A lot of people are new to IM and get these misunderstandings a lot. After about ten years of using IM systems you stop having the problem, in my experience.
(Yes, I'm serious.)
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
so whats all the fuss about ??
visit my cool website at www.1unet.com (this is not spam)
You make your signup contract specify financial penalties for conducting a spamming campaign... $1000 ought to do it. When someone uses the $100 hosting service for a spamming campaign, you extract the $1000 from them, using collections agencies or legal action if necessary. You will succeed and get damages plus costs, because you have a solid case of breach of contract.
When word gets around that you're serious about enforcing the terms of your contracts, spammers will stop signing up for your service.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Disclaimer: I am biased because I have a college account. Of the past 547 emails I have received, none of them have been spam. Before that I had a Hotmail account (mike_hamburg at hotmail dot com), which is still open (although I don't check it often), but it receives only about 2 spams a week. Please restrain yourselves from selling me to a list out of spite.
The article is wrong. Spam is a big problem, but it will not "end email as we know it." There are plenty of ways to curb the problem that have not been implemented yet.
The best suggestion that I have seen to curb spam, although it would be hard to implement and people would bitch about it, would be to have a payment based system. Everyone has a contact list of people who can send them mail for free. If you're not on that list, you have to pay a penny to send a message. Since the profit margin on spam is less than a penny per message, no more spam, or at least not much. Hard to implement, but it would work.
Other than that, there's Hash Cash, which could be combined with the above system, to increase the computational load of spamming. Easier to implement, and to get people to switch to, could reduce spam, not a cure-all.
Encryption and digital signatures would be a useful technique too. Require all mail in your inbox to be encrypted with a Diffie key would help, as Diffie encryption is much harder than decryption. This would also increase privacy, although changing the protocol to prevent traffic analysis would be a bitch to get off the ground (although you can get something like this already at Hushmail).
Bayesian spam filtering or other advanced techniques might also help to curb the problem, but they are a bit like a band-aid on a bullet wound. The article is at least right in that spam filters are not the solution.
I hereby place the above post in the public domain.
I don't know why people have such trouble anyway. Does everyone poorly protect their email address or what? I've had my email address forever and I get very little spam. My procmail block consists of a single email address of a person I don't want to talk to or know.
Here's a problem with a whitelist account: you buy something at Amazon.com and Amazon helpfully sends you an email confirmation. A challenge will bounce back to Amazon who has no capability to respond to it. Sure you could add amazon.com to your whitelist, but after a while every spam you get will be from xxx@amazon.com. To make whitelists work Amazon needs to tell you at purchase time: "we will send you a confirmation email from shipping889034@amazon.com", so you can add it to your whitelist. And hopefully they use a unique sender address for each customer. Without this everyone will still need a non-whitelist account for their purchases; an account that will soon be flooded with spam.
Build a man a fire and he will be warm for a night; set him on fire and he will be warm for the rest of his life.
"..With the increase of spam, the argument is made that more users will switch from blacklisting spammers to 'whitelisting' specific, trusted addresses.."
I've been doing this with procmail for years.
If I don't know you, your email goes into my sh*t_can
Several times a week I go through the sh*t_can, save what little is relevant (very little..) elsewhere, and the rest goes to /dev/null
t_t_b
I'm on PJ's "enemies" list! Are you?
The Bayesian filter is not limited to just the email's message body. The message headers and PNG/JPG filename/URL are analyzed too. Plus the Bayesian filter would QUICKLY identify that people that send me email that contains NO text are likely spammers.
cpeterso
Can someone please explain to me what "spam" is? I've been using email for almost 10 years and I still have no idea. It sounds like a huge problem yet I've never actually seen it.
I'll tell you what's annoying though, every week or so I get an advertisement in my inbox from some company I've never done business with. But of course I delete a few messages each day so I just delete that one too.
You guys should explain spam to me and maybe I can help you solve the problem. I'm guessing its some sort of virus in which case you should either revert to plain-text or get a virus checker. Outlook Express tsk tsk!
Sounds like you need the TeleZapper!
How does the TeleZapper "zap" telemarketers?
The TeleZapper uses the technology of telemarketers' automatic dialing equipment against them. When you or your answering machine picks up a call, the TeleZapper emits a special tone that "fools" the computer into thinking your number is disconnected. Instead of connecting you to a salesperson, the computer stores your number as disconnected in it's database. Over time, as your number is removed from more and more databases, you'll see a dramatic decrease in the number of annoying telemarketing calls you receive.
cpeterso
This sounds like a service a friend of mine is offering. You have to be one his "Allowed list" in order for your mail to not get rejected. Check it out www.KillsSpamDead.com
sure, i get about 10 spam msgs a week, but i have filters set up in evolution, so i dont even see them, and plus, theyre so specific, there isnt any margin for accidently deleted stuff (and i still get my daily dilbert)
I have a solution for ya. Get rid of money. You get rid of money and the spammers won't have any incentive to dump spam into your email account. Also you won't have a music industry or movie industry tweaking your hardware and software to limit your access to your data. There are many other consequences when you get rid of money. Try to name a few...
1) it costs the sender nothing.... That has become a problem. The flood of spam would slow if each outgoing recipient had a nominal charge associated with it. Let the silly urban myth about the USPS charging for email come true, please. Spam would nearly stop.
2) Each message does not have an expiration date that my mail reader can chose to use to delete - so i don't need to waste my time reading out of date out of the office notices from co-workers.
not much use being lesbian with 20 blokes!
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
The tools to stop the spammers have existed for a couple of years now. If you still get spam, it's your own fault.
Government of the people, by corporate executives, for corporate profits.
I get about 80 spam emails a day. It's no longer a problem for me since I installed POPFile. It works great. There are typically a handful of false negatives, and no false positives so far, and I'm pretty sure that even this was an artifact of the data set I had on hand to set the filter up: I had many good emails saves, but the only spam I had to hand was the contents of the trash. It's success rate has been gradually climbing, and I anticipate that in a few months I'll have virtually no false negatives. I recommend it highly.
And the brethren went away edified.
The folks over at Camram (the hashcash people) are trying to work out how to bodge hashcash negotiation onto the existing mail system. It sounds like it's a pain to get right.
If we had a new, shiny, protocol designed so that there was some negotiation before the message was collected by the receiver, the hashcash payment could go in at that stage. People who don't pay don't get their messages collected.
Does anything like a publicly updated spammer list exist? I'm not sure what the algorithm might be; I'm thinking of some type of "spammer rank" maintained by a number of trusted servers which share their lists (like the DNS system). Individuals (or software acting automatically on their behalf) would transmit addresses of spammers to a local "anti-spam" server. One vote for each unique sender. I'm agnostic on the transmission protocol - email perhaps.
The obvious problem would be spammers and hackers flooding such a system with garbage. Would it be possible to detect a flood of "garbage" lists? Google seems to manage this problem (self-referencing groups of websites). Another approach would be to require users of the system to register manually. Slashdot, for instance, tries to prevent scripts by having a having the user interpret a graphic during registration. Perhaps there are other more centrally administered ways of doing this - rings of trusted administrators who manage large sets of email accounts could gather lists submitted by users in their system. These central lists are then shared by the larger community.
Any opinions on this idea? Stupid or reasonable?
I sincerely doubt that any significant (say 10000+ spam mailings) results in any less than a few dozen widely divergent spam complaints. I worked for a company which kept a pretty good handle on its mailing lists, and we'd still get a complaint or every few months after a mailing of ~50k addresses. Note that click-throughs on these mailings were in the 15-25% range -- rates postal marketers would die for. In the cases where I tracked these complaints down (or tried), it was rarely more than one person, promptly removed from the list.
Spammers hitting 300k+ addresses in a shot, even if spreading the load over boxen with a few hundred mailings each, are going to generate far more responses, readily validated.
What part of "gestalt" don't you understand?
Yeah, because we know making things illegal gets rid of them. Like rape, murder, theft. Good thing we outlawed those so now those do not happen anymore.
Oh wait, making something against the law doesn't remove the behaviour. That's why there are violations of the law at any given minute.
Most people fail to realize why Spam is so prevalent.
News flash: it works.
Sorry to say this folks, but the cost of spam is miniscule, if anything, to the spammer. If they spend nohting to get a sale, they will.
The *only* thing that is preventing big name corporations such as HP, IBM, Sears, etc. from doing it is the negative publicity associated with it. Otherwise, you bet your motherboard they would be doing it!
If the cost of Spam were borne by the sender, it would go down. Sorry but prosecution doesn't work so well. The cost of investigation to do the prosecution is just too high.
Fighting spam is like fighting the universe on the idiot war.
My Suburban burns less gasoline than your Prius.
Perhaps this will help inspire people to actually use public-key encryption and message-signing. An email client could be set up to reject email that wasn't signed, or email that was signed by a questionable key. Sure, the spammers could just create public keys and upload them to keyservers, but these keys would be quickly identified as the source of spam, forcing spammers to upload new keys to the keyservers, etc. Keyservers, being a necessary part of the process, could be set up to throttle key submissions from subnets, or even enforce some kind of verification process (via email recipts).
And this isn't even to mention the vast improvements in automatic email analysis (which were mentioned just this week). This topic borders on FUD.
How about solutions like bluebottle and spam arrest. They are both ASPs that are essentially dynamic whitelists. If an unknown sender sends you an email, they are sent an autoreply with a challenge. Only real people can solve the challenge, and when they do, they are added to your whitelist. You can still override the whitelist (to explicitly block a spammer who somehow authorized themself), as well as prepopulate it. They also work with mailing lists; and you can go in at anytime and check your unverified email. I use spam arrest, and I love it!
> Businesses however, can never get away with using whitelists,
They could if they had specific public email addresses that were open to anyone, with the rest private and 'whitelist' blocked. It doesn't have to be all or nothing.
The computations he used weren't interesting or useful, but were very easy to verify quickly. Basically, the person doing the computation tries a large number of strings, looking for one that has an MD5 hash where the first N bits match a required value, and in some versions the input string has to have a specific form also. Checking one hash is pretty quick, but finding an input value with the right values for N bits of output takes an average of 2**N tries, so it's easy to tune the system for the amount of crunching an average machine takes to get the result.
The structure of the computation means that spammers can't cheat, because it's easily verified, and if the message doesn't include a valid piece of hashcash, you toss the message, so refusing isn't practical.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
That's "you're", not "your". Better luck next time.
The good news is that almost all of the horrible things you suggest won't happen. The service it purports to charge for isn't "delivering email" (that would take govt intervention) - it's "getting *you* to read a message", and if you only use cashmail.example.net for all of your email, it;s not easily circumvented.
The bad news, of course, is that nobody really wants to pay to send email to you, so you won't get any, so you'll decide that this service probably isn't for you, won't buy it, and cashmail.example.net won't make any money offering it.
Then there's the ugly news - cashmail.example.net, failing to make money from regular customers, will start spamming other mail services with You! yes, You! can get PAID to READ EMAIL and it'll just go downhill from there, really fast :-)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Either way, Sounds like you need to get another ISP that actually cares about keeping the connection up for its legitimate customers.
In some geographic areas, there exist only two high-speed ISPs: the cable company (cable Internet) and the phone company (DSL). If both are listed on SPEWS, what is a fellow to do?
Will I retire or break 10K?
i.e. switch to a non-spamming ISP.
What if the local cable company's mail server and the local phone company's mail server are both on the SPEWS blacklist? Then where does one go for high-speed Internet access?
Will I retire or break 10K?
atm its just not possible for us to use anything beyond bog standard email
---- Put Sig here:
CAPTCHA
Both examples posted on the CAPTCHA project web site require that a user be able to view images. Blind users and other users behind text terminals can't see images. I'd suppose that the two CAPTCHA methods are not Section 508 compliant and would make Bobby cry, which means that companies who do business with the United States government can't use them.
Sites that use a CAPTCHA must also have reasonable policies, that is, no "one strike you're out". I tried "Pix" and got it wrong because I put in "ape" when it wanted "monkey".
Will I retire or break 10K?
Blocking dirty words with Soundex would provide too much collateral damage. At least the following words have the same Soundex hash as "fuck" (F200):
The following "words" do NOT hash to F200:
Will I retire or break 10K?
create an image with a simple problem. Show 5 balls each with a different color. Then, in a hard-to-OCR font, ask a question about the balls
And lose any hope at becoming compliant with Section 508. And lose any hope at doing business with the United States government. Blind people would unconditionally fail such a test.
Does IM have an open standard that can be impleneted on every available platofrm?
Yes.
Will I retire or break 10K?
Shit, I'm usually pretty good about that...
On a similar note: Did you know that consistantly switching your yours with your you'res adds a lot of color to trolls?
"Communism is like having one [local] phone company " - Lenny Bruce
I agree spam sucks, but shit happens. The world evolves. Maybe because of spam, email will become even better in the long run or a new system (protocol) will emerge, even better than email.
First experence with Spam:
Spammers flooded me untill my e-mail was useless. I ended up setting up "vacation" and left it at that then got a new account.
Second experence with Spam:
I was on the flip side this time. One user at my ISP spammed and the ISP cought the spammer.
Shortly after that a larg anti-spam group desided the ISP was a spam house. The spam hunters never ever said a word to the ISP so the ISP had to find this out for themselfs.
It took them a while to get things cleared up. Over this time sevral important e-mails never got through.
Then there is event zero:
I signed up to receave a free Unix industry e-mail newsletter from a company way back before Spam was an issue.
Then they desided to shut down due to the abuse. They just didn't want to be mixed up with that croud.
Yes Spam is destorying e-mail. I'd say the cure is worse as others clame but the cure just eliminates my e-mail the cause destorys my time in vain efforts to filter the junk.
The only thing that keeps e-mail around is the lack of a useful alternitive.
I don't actually exist.
www.cotse.net already has filters, whitelists, blacklists, gold lists, spam assassin, everything you can think of to help eliminate spam. If it's not there and you can think of it, I bet their people are already thinking about it.
Take a look: http://www.cotse.net/servicedetails.html
Jerry Fletcher,
Privacy Protection By:
http://www.cotse.net/servicedetails.html
Whitelists are great at keeping out most spam, but still aren't foolproof due to email spoofing by spammers. I've found that my free email account is much less spam-prone than my email account at my ISP (actually ex-ISP due to the cost and the spam).
:((((
:)))))
Email isn't going away, though. There are many reasons to keep it around. Sure IM is faster and probably the best way to send short messages to folks when you need to send them information right away.
However, for detailed messages, email is better. Also, if you're working with people in different timezones, countries, and/or shifts, then email is preferable (or voice mail).
So, both IM and email have their places. And, I would imagine, that spammers will eventually find out how to spoof IM identities in order to send their filthy spam, then we'll need filters on our IM
Now, if spamming was punishable by death, maybe they'd stop!
After a day off with the kids I've calmed down a bit, and also thought about which bit of this system I don't like:
The bit that I object to is the IP range thing. This system, and most of the people shouting at me on this thread, assume a system where you have a company administering an IP range with dial-up users. If that is the case, blocking the IP range is reasonable, it's tough on the users, but getting a new dial up account, or even keeping several on the go at once, is not a big deal.
In our particular case, which is far from unique and increasingly common for small businesses, we lease a server in a server park. So we get an IP address in the range of the people who own the server park, but they have no control over what they do with their smtp server, and they have no control over what we do with ours. Our machine is sqeaky clean, yet we get blocked because of the sins of some other independent server in the same park. This makes no sense on any level:
So I guess what I want is some way to say to the world that IP address X is mine, I take responsibility for it, punish me for my sins but not for those of the people with whom I happen to share a park. How difficult can this be? Sounds like one more table in a database...
Virtually serving coffee
I've read this comment and the parent a couple of times, and I can't see how it helps at all. If what you are suggesting is that anyone sending mail from my cybercafe gets my mail server whether they want it or not, doesn't this make things worse, in that I get the blame for all the spam even if they try to send it via someone else?
On monitoring, some Al Quaida suspects were found shortly after 911 in a parisian cybercafe, and there was talk at the time of requiring us to record the content of all our customers' communications. Quite how this would work with webmail beats me, but, in any case, the idea seems to have gone away again for the moment.
Virtually serving coffee
Running my own mail server is a blessing. Not only do I have my regular address (with specific whitelists set up), but I also have a sub-domain that is specifically set up to receive 'subscription' E-Mail. Like Slashdot -- all my slashdot subscriptions get sent to slashdot@subscriptions.lonestarmapleleaf.org with a specific whitelist address coming only from slashdot@slashdot.org. EBay messages go to ebay@subscriptions ... NRA messages go to nra@ ... Etc ... If I find an account being abused (ie sold to other outside parties), I can just simply kill that one account.
I think E-Mail has a very practical use still, especially in corporate environments. (ie -- global address lists in Exchange and Outlook)
But for all my friends and personal things -- I really don't use my E-Mail unless I need to send out a distributed letter.
Will E-Mail be around in 10 years? I doubt it. Things in technology are moving fast -- in 20 years, IMs will be extinct, I'll bet. Something better and faster will have come alone.
Hell, on my mobile phone, I can already check news and mail. Wait until mobile phones are nothing more than an implant that interacts directly with the human brain. 20 years.
Seth Anderson BTW, I'm not 23 anymore -- I am TexasCowboy26 now. =)
Competitive fury is not always anger. It is the true missionary's courage
and zeal in facing the possibility that one's best may not be enough.
-- Gene Scott
- this post brought to you by the Automated Last Post Generator...