Email (As We Know It) Doomed?

Mephie writes "A pretty interesting article at Slate.com takes a look at how spam may be killing email as we know it. With the increase of spam, the argument is made that more users will switch from blacklisting spammers to 'whitelisting' specific, trusted addresses, making email more like instant messaging: if you're not on someone's 'buddy list,' you have to prove you're an actual person (e.g. identify a word in an image) to send a message." May be?

One solution to spam...

[Kryptoff]

... has been discussed here before: Hash Cash.

Be careful with your email address

[simong_oz]

Am I the only person who doesn't receive spam? OK, that's a little bit of a lie, but by and large, I reckon less than 2% of my email is real spam. It's not like I don't get any email - I receive probably 60-100 emails per day over about 3 different accounts, including several mailing lists.

I think the secret with spam is to stop spreading your email address around the internet. I object to having to provide my email address to forms to register for every damn website (eg. download.com) - I always give a false address if I can. If I can't, I will very seriously reconsider whether I need access to that site (I usually don't). I have an email account that is used solely for the purpose of registering for websites or what have you. Whenever I stick my email address into any form on the web I always check to see whether there is a checkbox that lets me opt out (or in) any mailing lists. The only sites I don't mind signing up for are those that I am genuinely interested in receiving future correspondence from, but they are few and far between.

I also have an email address that is used solely for usenet - this one receives by far the most spam.

Another interesting thing that people may not be aware of is that the default setting for hotmail accounts allows your email address and personal information to be shared. Go to options->personal profile and have a look at the check boxes at the bottom. This never used to be the default setting until the service switched over to .net about a year ago (I think???), and then these settings were added and enabled for everyone so if you didn't notice it, it will still be enabled.

Re:White Lists

[PigleT]

I've said it before, and I'll say it again.

Sending emails back to spammers is for brainless cretins - it serves only to clutter up your mail queue and risks offending innocent impersonated senders or having your email address confirmed as valid for spam.

And sending automated emails back to legitimate senders is downright *immoral* - making everyone do the work that a spammer *should* be doing to get through to you is indefensible.

And I've seen a case recently where this TMDA thing was so misconfigured that it sent an mail back to a mailing list saying there was an unrecognized sender address, and of course that mailing list was half of the gnu.emacs.help mail2news gateway, so the message appeared on the newsgroup for *all* to see. Talk about efficiently multiplying spam.

Now for something useful. Use one of the Bayesian filters, seeing as they're all the rage and get about 97-98% spam matched correctly, coupled with SpamAssassin as a fall-back for the remaining 2% cases, and you'll have far less of a problem.
Now incorporate those filters in your MTA so that the whole body is checked for spammishness before being "accepted for delivery" and you'll have the best solution of them all: bounce the mail at injection-point and be done.

Re:Zero Discernment

[meringuoid]

A while back our server got blacklisted for a week or so by SPEW because it was in the same 16-bit IP range as a machine that has been used for spam. That's potentially 65k machines! It was at this point that I vowed not to co-operate with any of these anti-spam measures, which inevitably martyr innocent users at random and don't touch the big spammers with the resources to change IP address and ISP three times a day if necessary. The cure is worse than the original disease!

The idea of SPEWS is not just to block spam, but also to force ISPs to terminate their spammers. Blocking only the spammer's IP is pointless; too many providers just move the spammer about in their IP space, and the world has to play whack-a-mole. SPEWS' policy is that if an ISP decides it wants to keep its spammer online in the face of repeated complaints, fine; but then SPEWS don't want to receive any email from such a network.

Now, the question is: do you agree with SPEWS' policy? If you do, great! Use SPEWS' blacklist to filter incoming email. If you don't, no problem; there are plenty of other blacklists, some more lenient, some far more radical. Pick one or more, or none if you want to accept everything. It's a free internet.

The great advantage of SPEWS is that it _really_ hurts to be listed. It's the email version of the UDP, and has the power to hit rogue ISPs where it hurts, strongly encouraging them to rethink their policies.

Would your ISP have terminated their spammer if SPEWS hadn't escalated their listing to the whole /16? I doubt it... SPEWS normally start with the single IP, then incrementally expand the listing (as further complaints are ignored, most likely). If it took a /16 block to force them to terminate him, then certainly no number of polite mails to abuse@ would have worked.

As for big spammers who can change ISP frequently: if the threat of a SPEWS listing is so terrible, what ISP is going to sign up Empire Towers as a customer? Nobody in their right mind. Alan Ralsky spams from China these days, I gather, because nobody in the West will touch him. ISPs must decide whether they want spammers or humans as customers; those that choose the spammers will surely be listed by SPEWS, and so real humans won't have to receive their crap. Those that choose humans will not be listed, for they will terminate their spammers promptly and will not play silly buggers with IP numbers. If this means that the internet fragments into the spamnet and the nospamnet, fine - who wants to hear from the spamnet anyway?

Didn't you READ me post?

[JohnDenver]

In the trite words of a screaming Chris Tucker, "Do you understand the words coming out of my mouth?

Here's what typically happens.

1. SPAMMER gets account on your ISP
2. SPAMMER SPAMS from your ISP
3. Someone reports SPAMMER
4. SPEWS sends warning to your ISP
5. ISP does nothing
6. SPEWS blocks small IP range, sends second warning
7. ISP does nothing
8. SPEWS blocks larger IP range, sends third warning
9. YOU get blocked (It's obvious your ISP doesn't care about your connection)
10. ISP finally takes appropriate action, SPEWS unblocks ISP

If SPEWS didn't follow that procedure, then shame on SPEWS. If you're ISP didn't respond to SPEWS, then shame on your ISP.

Either way, Sounds like you need to get another ISP that actually cares about keeping the connection up for its legitimate customers.