Email (As We Know It) Doomed?

Mephie writes "A pretty interesting article at Slate.com takes a look at how spam may be killing email as we know it. With the increase of spam, the argument is made that more users will switch from blacklisting spammers to 'whitelisting' specific, trusted addresses, making email more like instant messaging: if you're not on someone's 'buddy list,' you have to prove you're an actual person (e.g. identify a word in an image) to send a message." May be?

Be careful with your email address

[simong_oz]

Am I the only person who doesn't receive spam? OK, that's a little bit of a lie, but by and large, I reckon less than 2% of my email is real spam. It's not like I don't get any email - I receive probably 60-100 emails per day over about 3 different accounts, including several mailing lists.

I think the secret with spam is to stop spreading your email address around the internet. I object to having to provide my email address to forms to register for every damn website (eg. download.com) - I always give a false address if I can. If I can't, I will very seriously reconsider whether I need access to that site (I usually don't). I have an email account that is used solely for the purpose of registering for websites or what have you. Whenever I stick my email address into any form on the web I always check to see whether there is a checkbox that lets me opt out (or in) any mailing lists. The only sites I don't mind signing up for are those that I am genuinely interested in receiving future correspondence from, but they are few and far between.

I also have an email address that is used solely for usenet - this one receives by far the most spam.

Another interesting thing that people may not be aware of is that the default setting for hotmail accounts allows your email address and personal information to be shared. Go to options->personal profile and have a look at the check boxes at the bottom. This never used to be the default setting until the service switched over to .net about a year ago (I think???), and then these settings were added and enabled for everyone so if you didn't notice it, it will still be enabled.

Re:Zero Discernment

[meringuoid]

A while back our server got blacklisted for a week or so by SPEW because it was in the same 16-bit IP range as a machine that has been used for spam. That's potentially 65k machines! It was at this point that I vowed not to co-operate with any of these anti-spam measures, which inevitably martyr innocent users at random and don't touch the big spammers with the resources to change IP address and ISP three times a day if necessary. The cure is worse than the original disease!

The idea of SPEWS is not just to block spam, but also to force ISPs to terminate their spammers. Blocking only the spammer's IP is pointless; too many providers just move the spammer about in their IP space, and the world has to play whack-a-mole. SPEWS' policy is that if an ISP decides it wants to keep its spammer online in the face of repeated complaints, fine; but then SPEWS don't want to receive any email from such a network.

Now, the question is: do you agree with SPEWS' policy? If you do, great! Use SPEWS' blacklist to filter incoming email. If you don't, no problem; there are plenty of other blacklists, some more lenient, some far more radical. Pick one or more, or none if you want to accept everything. It's a free internet.

The great advantage of SPEWS is that it _really_ hurts to be listed. It's the email version of the UDP, and has the power to hit rogue ISPs where it hurts, strongly encouraging them to rethink their policies.

Would your ISP have terminated their spammer if SPEWS hadn't escalated their listing to the whole /16? I doubt it... SPEWS normally start with the single IP, then incrementally expand the listing (as further complaints are ignored, most likely). If it took a /16 block to force them to terminate him, then certainly no number of polite mails to abuse@ would have worked.

As for big spammers who can change ISP frequently: if the threat of a SPEWS listing is so terrible, what ISP is going to sign up Empire Towers as a customer? Nobody in their right mind. Alan Ralsky spams from China these days, I gather, because nobody in the West will touch him. ISPs must decide whether they want spammers or humans as customers; those that choose the spammers will surely be listed by SPEWS, and so real humans won't have to receive their crap. Those that choose humans will not be listed, for they will terminate their spammers promptly and will not play silly buggers with IP numbers. If this means that the internet fragments into the spamnet and the nospamnet, fine - who wants to hear from the spamnet anyway?