Slashdot Mirror
Email (As We Know It) Doomed?
Mephie writes "A pretty interesting article at Slate.com takes a look at how spam may be killing email as we know it. With the increase of spam, the argument is made that more users will switch from blacklisting spammers to 'whitelisting' specific, trusted addresses, making email more like instant messaging: if you're not on someone's 'buddy list,' you have to prove you're an actual person (e.g. identify a word in an image) to send a message." May be?
Right now, my email box gets about 30 spams a day. I almost never receive legitimate email anymore.
.. Email is just becoming outdated as a method of communication, funny how fast that happened. Spam didn't help though, that's for sure.
Additionally, I find that email communication is too slow, which is ironic since its so much more efficient than the old way everyone used to communicate by post.
Instant messaging clients have more than replaced email for me. They can do everything email clients can do, without spam.
Email will always have a place of course, like websites will need email addresses for contacts, and other such things. But for person to person communication, instant messaging clients are much easier to use
Tolerate no spamming what so ever. If one complain about a customer with an proven case of spam would arrive at a abuse department, shut that account down. There is no need to allow this, and no need to "warn" users doing this.
My ISP limits me from commersial activities at my homepage, why not limit the e-mail account from spamming.
The biggest problem today is that the price of spam is not charged from the spammer, but the poor user who recieves the shit. For all you americans out there, sue a spammer, make him/her pay for all loss of productivity he/she has caused. It'll make you rich, and perhaps make spammers think twice before clicking that send button.
Another doomsayer, give me a break, the Internet is going to fall apart in $random years, we'll be swimming in spam and popup ads, hackers will wage "cyberwar" on our "infostructure" unless we do something about it. Whatever. Use the proper tools. By now if you're still swamped in spam/popups/adware, then you're an idiot.
The moron who cut me off on the road this morning is a danger to motorists, highways are doomed to failure!
Previously bayesian spam filtering was demonstrated on slashdot to be very effective. Once this becomes commonplace, and seamless, no extra configuration required on the users behalf, hopefully we will see the end of spam.
However, combined with whitelists this could be quite useful. Bayesian filters to filter out spam, except for whitelisted spam. Eg mailing lists of advertisements you sign up to being whitelisted could be effectively. I suppose that when you sign up to a mailing list that would normally be recognised as spam, when it sends a confirmation e-mail your client could recognise it and ask if you want to add it to your whitelist.
Anyway, with the introduction of bayesian filters into an ordinary client means that the future of e-mail may not necessarily have to be so bleak.
I had spam yesterday where they spelt Viagra wrong. Unless Viagrea is a new wonder drug?
SpamAssassin
It solved most of my SPAM problems. I get the rare spam in my normal mail box, but the rest gets put away as soon as it comes in.
Here's the secret to immortality:
Then, I should ofcourse plug this Openchallenge submission about Learning e-mail classifier:The use of a naive bayesian algorithm in automatically filtering spam and classifying e-mail has been discussed and also implemented in the past. Implement an automatic e-mail classifier system which works together with an IMAP server. The system should: a) constantly refine the database used to classify messages either by periodically re-analyzing the IMAP folders or by tracking each incoming message and periodically checking to which folder the user actually moves each message. b) assign each incoming message an extra header item which contains the path of the IMAP folder where the message belongs according to the classification algorithm.
Also, you could also mine your site for smammers like this.
So, my point is that just during last two years the spam problem has exceeded so much that there is enough interest in fighting it seriously. Spam will die.
so what happens when person A emails person B? if both of them have this whitelist-filter..
B's whitelist emails back saying "identify yourself", A's whitelist respons with "identify yourself"
infinite loop?
I would have no problem with public crypto. If a message isnt cryptographically signed by someone who you care about, then you could just nuke it. I'd be all for this.
Kan jeg få en pils, vær så snill?
CloudMark or other systems that use peer based filtering seem like the way to go. If 10 people have said this is spam, why should I have to see it?
"A language that doesn't affect the way you think about programming, is not worth knowing" - Alan Perlis
Checking the early morning Hotmail... *sigh* another ad for me to get a bigger penis. Imagine if my real friends were always telling me to get a bigger penis? I'd have no where to turn.
Saskboy's blog is good. 9 out of 10 dentists agree.
Be honest, besides some hotmail addresses that I use to register to some news sites, I don't get that much spam, maybe 8 a day...
I added some filters in Mozilla, since then, what I know falls in specific directories while potential spam falls in the inbox, making it quite easy to delete, unless it appears to be legitimate *or* interesting (I actually found one spam to be interesting...).
Anyway, email is like telephone : you may still get wrong calls but it should not make me consider this medium as doomed...
I have^H^Hd more issues regarding web popups or onLeave( window.open...) stuff (Thanks Mozilla, it won't happen much, now).
Trolling using another account since 2005.
One of the advantages of being a lot smarter than my computer is that it takes me probably less than 1 second to read the subject line of a mail and delete it in the case of spam.
Even at 50 spam mails a day, it probably will take less than a minute of my time... Like most people I have multiple accounts, one for subscribing to god knows what and the other as my genuine address.
I know it's irritating, but surely people aren't getting that pissed off with it ? I mean, maybe they need to gain perspective rather than change email, because lets face it, it's damn handy.
tom-george.comBecause geeks rate higher t
I just can't really see email going away, especially not in favor of IM. Emails true usefulness, the thing that makes it a 'killer app' is that it is asynchronous. Unlike IM, when I send someone an email, it is unnecessary for them to be online, or have their IM client running in order to receive my message. Their email server is more than happy to hold their email for them until they can get it, and allows them to respond when they can.
Additionally, it's not like IM is spam-free. A quick google search reveals a growing business in providing anti-spam tools to IM users, so I doubt that making email more IM-like will help, though I do see some limited use of whitelists to be beneficial.
Businesses however, can never get away with using whitelists, or even most blacklists to reduce the amount of spam they have to deal with. I know that at our company, we cannot block nearly the number of netblocks that we would like to, as we need communicate with customers almost exclusively by email, and cannot afford to lock out potential buyers for any reason.
The solution to the spam problem is not an easy one, especially not for businesses, but small steps forward are made all the time, in better pattern matching, address lookup, etc that one day will (hopefully) allow for spam to be stopped, or at least to stem the tide...
The anti-spam movement has been saying this since 1997. It's about time the world woke up and realized how badly the spammers have trashed the effectiveness of email. I know I block using several DNSbl's, a huge access.db with spamassassin picking up the slack that the others miss. I have had to whitelist people whose email gets caught in the other traps.
To me, I dream of the day we can go back to simply leaving email unfiltered and where we receive only that mail we would normally expect, not drivel from marketoons who think that email is the next best thing to handbills posted on my front door. I'm tired of having to update my access.db. I'm tired of keeping up all the diligence, watching logs to see what legitimate mail might have bounced.
Thank you, you rotten, spamming assholes and all the idiots that ever bought anything advertised in spam email.
Rich
The worse spam gets, the more people will look to alternatives. Maybe it's time to set up some infrastructure for Internet Mail 2000.
I guess this is where PGP signatures would come in handy. Simply refuse to accept anything without a valid PGP signature (and possibly all unencrypted mail too). Of course, you would be very reliant on the concept of "trust" that is already present in PGP - although on a different basis. The web of trust today only reflects how much people are who they claim to be, whereas a new model also would have to reflect how much people "like" the person sending the mail. Spammers could obviously "validate" each others, and thus the would system would break down :(
The obvious "problem" with e-mail is that anyone can send anything to any valid adress (this also makes it a Good Thing (TM) though), so it would also be an idea to make it harder to get e-mail adresses. Never typing ones e-mail adress - even in "encoded" form (my-email at thisserver dot com) - is definately a start, but all it takes is one AOLer to type it on a webpage, and you are f***ed. Honestly, putting you e-mail available only as an image is not going to help much. There will be a breach of "security" somewhere along the line, and then the flood of spam commences.
The only solution I can see is to just outlaw spam and prosecute them hard and fast. Fat chance that'll ever happen in good 'ole business-friendly US of A.
________
Entranced by anime since late summer 2001 and loving it ^_^
A better way to implement white lists is TMDA. If it don't know the one that is sending the mail, it automatically sends an email asking for a confirmation, so that defeats most spammers and gives normal people the opportunity to not be ignored by a plain white list scheme.
If one complain about a customer with an proven case of spam would arrive at a abuse department, shut that account down.
I don't think it's quite as easy as that. If one customer using my laptop gateway sends a spam from my IP address, is that the end of my cybercafe? If one angry employee at IBM sets off a spamming program as he walks out the door, does IBM vanish from the Internet?
A while back our server got blacklisted for a week or so by SPEW because it was in the same 16-bit IP range as a machine that has been used for spam. That's potentially 65k machines! It was at this point that I vowed not to co-operate with any of these anti-spam measures, which inevitably martyr innocent users at random and don't touch the big spammers with the resources to change IP address and ISP three times a day if necessary. The cure is worse than the original disease!
Virtually serving coffee
... has been discussed here before: Hash Cash.
os x's default email app, mail, seems to toss spam directly into the trash with (about) 99% accuracy... that is, 99% of spam is correctly identified as spam. perhaps twice i've found emails that i've wanted to receive in the trash, but that's over many months, and the mistakes will never be repeated after a quick "whitelisting".
anyway, if you're really upset by spam, it's pretty friggin' easy to avoid it... do NOT put down your regular email address for any site that wants to email you a password for registration. get a trashy hotmail account (or whatever) just for verifications, and use your regular email addresss for real communication.
perhaps spam, collectively, is a huge problem, but the problems it causes for typical individuals are small, especially given the existence of spam filters. that's why spam won't "kill" email by any measure.
.
For a long time, there were doomsday predictions of the "web as we know it". The pessimists claimed that the signal-to-noise ratio was constantly decreasing and that things would soon degrade to such a point that it would be untenable. Well, what happened? The link structure of the web serves to greatly amplify useful content on the web and filter out noise (so neatly exploited by google).
This is only the latest in a long line of articles saying "spam is increasing at an exponential rate. So in X years Y% of our time will be spent deleting SPAM. E-mail is doomed!!!". This author, for example, says nothing of bayesian spam filters . What is likely is that spam and anti-spam will both mature in a few years, and that a combination of filtering methods will weed out most junk from our mailboxes; users will have so problem manually sending the handful of remaining penis enlargement offers to
Maybe Yahoo and MSN will implement user by user Bayesian spam filtering now :) It would also be interesting to see if they could do the filtering on their entire user base instead of person by person.
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
Subject: bulk email received from one of your account
hi,
I just received a unsollicited bulk email from one of your email adress : e8johan@etek.chalmers.se
Here's a copy of the first few lines of this email :
Received: from mail.etek.chalmers.se (129.16.32.20)
by mta448.mail.yahoo.com with SMTP; 10 Oct 2001 17:48:42 -0700 (PDT)
Message-Id:
From: e8johan@etek.chalmers.se
Subject: product for you... but i think u need to buy it
X-Priority: 3
X-MSMail-Priority: Normal
Date: Thu, 11 Oct 2002 3:47:35 +0200
Mime-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Online Drugstore can have your order of discounted Viagra shipped to you for
only 5 minutes of your time!!!
http://www.justgottago.com/od/azzbc/
No Prior Prescriptions Needed
-Licensed U.S. Physicians are ready to fill your order
-Guaranteed Lowest Prices Available
-Discreet Mailing directly to your home or office
Just visit http://www.justgottago.com/od/azzbc/ and enjoy the good life today!!!
So now, your account will be shut down without any warning, that's it ?
#include "coucou.h"
So I've had the same email address for 10 years, another alternate email address, and two *@mydomain catch-alls that all forward to the same inbox. I get about 30 spams AN HOUR. Pine has ok filters, but some of the stuff just can't be filtered.
It's a massive annoyance... in the mid 90's I was sending over a thousand emails a month, now I'm sending less than 100 and a lot of that has to do with spam. Feh...
sig.
Not sure how having an email address that no-one knows about helps strangers to contact you, unless the strangers are clairvoyant or trying addresses at random.
Wouldn't one solution be for people to put non-mailto email forms on their websites for people who don't know them and keep their email addresses for people they do know?
Virtually serving coffee
You can still keep the system open by forcing the sender to spend a little bit of CPU time to send a message (e.g. finding a collision of a short hash function). The idea is explained at:
Am I the only person who doesn't receive spam? OK, that's a little bit of a lie, but by and large, I reckon less than 2% of my email is real spam. It's not like I don't get any email - I receive probably 60-100 emails per day over about 3 different accounts, including several mailing lists.
.net about a year ago (I think???), and then these settings were added and enabled for everyone so if you didn't notice it, it will still be enabled.
I think the secret with spam is to stop spreading your email address around the internet. I object to having to provide my email address to forms to register for every damn website (eg. download.com) - I always give a false address if I can. If I can't, I will very seriously reconsider whether I need access to that site (I usually don't). I have an email account that is used solely for the purpose of registering for websites or what have you. Whenever I stick my email address into any form on the web I always check to see whether there is a checkbox that lets me opt out (or in) any mailing lists. The only sites I don't mind signing up for are those that I am genuinely interested in receiving future correspondence from, but they are few and far between.
I also have an email address that is used solely for usenet - this one receives by far the most spam.
Another interesting thing that people may not be aware of is that the default setting for hotmail accounts allows your email address and personal information to be shared. Go to options->personal profile and have a look at the check boxes at the bottom. This never used to be the default setting until the service switched over to
"Because it's there." - George Mallory, when asked why he wanted to climb Mt Everest, March 18, 1923 (New York Times)
The telephone gets bombarded with equally determined spammers and yet that hasn't changed. Certainly, you might not pick up the phone if it's not a number you recognise, but you're still going to look. It's the same for email.
The only reason email will go away is when mobile (cell) phones become as convenient and cheap a way to communicate as email currently is.
While I don't use email, myself, anymore, simply because I find it all too encumbering, I find the idea that email itself will die amusing. Yeah, sure. That's like Ford Manufacturing just up and going out of business. What do you suggest? We all begin using carrier pigeons again?
It suddenly makes me wonder, though, has the spam industry really contributed anything overall to the technology at hand? HAve they developed anything open-source and worthwhile that everyone can use, in an attempt to come up with a 'better way to spam'. Further, I wonder how those people are able to sleep at night. I wonder how truly effective spam actually is. At motivating the user to purchase the product, that is, not just pissing them off so badly that they swear away eCommerce all together (as I've seen happen).
I digress - Email isn't going to die. It's just one of those struggles of good versus evil where new tech rises to combat bad tech and the bad tech turns around and does something else. Rinse and repeat.
Informatus Technologicus
Why not set up a fake address (somespammer@obl.org) or some blackhole list?
Then simply block all IP addresses/ranges that send email to this.
Add to webpages, sigs, newsgroup posts, and wait.
Obviously it means that we all have to use some blocking method on our mailservers.
Get your own free personal location tracker
I think part of the reason why is because I'm careful about giving out my email address in the first place. I don't post it on slashdot.org (I did as my old retired account, and while I got a couple of compliments and some constructive critisism I also got deluged with hate mail - so I stopped doing that). I don't think people should need to do this, but unfortunately I think people have to.
Somehow my work account gets more spam, I think some people make a few extra bucks by selling the company roster. This would be supported by the fact that I'm pretty sure employee information is also sold, a few recruiters have known just a little too much about what I do for an educated guess.
Chris Kuivenhoven is a thief, beware
The explosion of spam is in a way similar to population explosion -- looks life-threatening at first sight but is actually something that will stabilize over time. Game theory gives an insight to what happens in the long run. Consider a population of peaceful creatures. If there is a mutant creature that is agressive, it will have an advantage over the peaceful creatures, and will multiply. But soon, there will be enough agressive creatures that they will start to fight with and kill each other. Thus the populations of both peaceful creatures and aggressive creatures will stabilize. Such situations are well-studied in game theory; the resulting steady state is known as a Nash equilibrium .
It is early days yet for spam; that is why spammers are so successful and predictions based on extrapolation of spam based on the current growth rate are unnecessarily alarmist. But soon there will be so many spammers that spamming no longer guarantees a profit. The ratio of spam to total mail will stabilize, and spam filtering technology will mature so that the vast majority of spam will never reach the user. Sure, spam will be a minor inconvenience, but no more than that.
This wouldn't happen. Anyone who lives in the EU: check your emails - are any sent from EU nations? NO. If the US would stop this stupid insistence on your personal details being everyone else's property but your own - then we wouldn't have to put up with so much sh*te being sent to our inbox about mortgages on another continent. I hope the EU goes through with the (jokey) threat to find and list the names of the people breaking the law - so if they ever take a holiday to Paris, we can be waiting.
Pimping my Karma Whore since 1847.
$ wc -l .whitelist .whitelist
804
It works, but it's a pain, and I still have to manually check the spam folder once in a while to catch people writing to me out of the blue about my software. And there are still a few false positives in the archive (tell me about them, and I'll try and weed them out).
Rich.
Gratuitous spam archive advert: http://www.annexia.org/spam/
libguestfs - tools for accessing and modifying virtual machine disk images
Many people are also just ignoring e-mail and switching to using IM-only.
-- 'The' Lord and Master Bitman On High, Master Of All
Since ISP's give you so many email addresses, or you could run your own mail server, or whatever - when I sign up for something on the net that requires a valid email address, I create an email address just for them.
This serves two purposes. One, if I start getting spam then I know who did it. Second, I can simply shut down that email address.
So, for example, if I wanted to download AVG, then I'd create an alias email address "avg@zerion.com" that simply gets routed to my normal email address, that way when I check it I get my serial number for AVG, and if they start spamming, I know it was AVG because no one else knows that address.
"They said I probly shouldn't fly with just one eye," "I am Bender. Please insert girder."
I get bugger all Spam, at work or at home. Could this be because I always tick the "don't spam me" boxes. And because I don't put real email addresses on the internet.
Strange isn't it.
An Eye for an Eye will make the whole world blind - Gandhi
One answer is for everyone to move to using PGP and digital signatures, any mail thats not encoded with your key is blocked or whatever.
Another answer is this:
1.you have a whitelist that contains anyone you send an email to (would be added automaticly by some kind of filter or proxy) as well as anyone you add specificly (for example you could add *@mycompany.com to whitelist your company mailserver)
2.anyone that emails you who is on the whitelist automaticly gets through
3.when you post your email to newsgroups, message boards, web sites or otherwise give it out, you include some kind of small "key" (perhaps in a signature or something), basicly its a small text string or number.
4.if the person emailing you has included the "key" in their message somewhere or whatever, its let through and that person is added to the whitelist.
5.any other mails are bounced with a "if you want to get in touch with me, include xxx in your message body somewhere to get past my spam filters (where xxx is the "key"). If its a genuine email, the person who sent it in the first place will, if its important enough, respond to the bounceback and include the key, thus getting past the filters and getting on the whitelist.
I like this "real person" approach to things... identifying a word in an image seems like a pretty good way forward to me. If nothing else, it will greatly enhance OCR technology...
Apparently porn will save my marriage... or so I'm told by Jim@fouryourmarriage.net.
Perhaps slashdotting of spammers is a better way forward...
You fool! You've given cheese to a lactose intolerant volcano god! Do you know what that means?
Knuth killed his email address in 1990,
Knuth vs Email
Analytic & algebraic topology of locally Euclidean meterization of infinitely differentiable Riemmanian manifold
One thing I have observed about spam is that seems to especially target free webmail services, and in particular, MSN Hotmail. I have several email accounts, some of which are webmail accounts I signed up for, others came with dial-up or hosting accounts, the universities I've studied at, and the companies I've worked for. The webmail accounts I signed up for are the ones that receive the spam, the others get zero or next to none.
It is worth mentioning that my Hotmail account fills up in three days if I disable the `delete mail from unknown users' filter. The reason is that I enter my Hotmail address whenever I think it's going to be used for spamming. This keeps my other addresses clean.
The reason I use my Hotmail account for that, as opposed to another free-as-in-beer service, is that I have noticed that Hotmail accounts attract spam no matter what. Even though MicroSoft claims they do their best to protect their customers from junkmail, I have noticed that next to everyone who uses Hotmail complains about spam, email that is sent to a long sequence of ASCII-ordered addresses are delivered as if it wasn't obviously spam, a Hotmail account will receive junk mail even if you just let it sit there and never use it or give the address to anybody, and countless other badnesses. I don't know how this compares to other providers of free webmail, but I do know that my Yahoo account gets an acceptible (for me) amount of spam, despite having only the default level of spam protection, whatever that amounts to.
Now there is an additional issue here. I do not use my webmail accounts for everyday email; I prefer POP and SMTP for that. I don't know if more frequent usage would result in higher volumes of spam, but I could see a scenario of how this would work. Most modern email clients, whether they be stand-alone programs or web interfaces, keep an address book. The address books of notable email programs are known to contain exploits that allow hackers access to the stored addresses, and malicious (money-hungry?) webmail interfaces could easily read their clients' address books and sell the information to third parties. In this case, by sending an email to somebody, I expose myself to the risk that my email address will eventually be known by spammers.
Having said all this, I will come up with a couple of hints for avoiding spam. There work for me, YMMV:
1. Avoid using free webmail services (especially Hotmail) for accounts you don't wish to recieve spam on.
2. Use an address other than your primary account when dealing with a party you don't trust.
3. Don't leave your email address on webpages. Even encoding or scrambling your email address won't protect you - if humans can understand it, programs can be made to do so as well.
These practices have left my mailboxen uncluttered for years, aside from the incidental win32 virus. Which brings me to another point: make sure your email client does NOT execute code attached to emails. Most versions of MicroSoft Outlook and Outlook Express are known to be vulnerable. For your own good and that of the rest of the Internet: DO NOT USE THESE PROGRAMS.
I hope my comments will prove helpful to some of you. Feel free to redistribute as you see fit.
---
(1) Everything depends.
(2) Nothing is always.
(3) Everything is sometimes.
Please correct me if I got my facts wrong.
I've found that 99% of spam is either from your ISP selling thier email list, or from email addresses given out for signing up for things.
Virtually all spam can be eliminated by using one simple trick.
Get a second email account, use it ONLY for important emails from those who you know aren't going to spam you. Use the first email account for signing up for websites, everything sent here will either be email you know to look for(Signup confirmations) or stuff you don't want to see.
Now assuming you have the second email account from a good source(an isp that doesnt sell your email address), and stick to using the other address for spam-risky situations, spam will be a thing of the past.
Still, instant-messaging is going to end email, the only real advantage to email is the ability to send files to people who aren't online.
Back in the bad old days of packet radio, there was a thing called a "bud list". By adding somebody's callsign to the list, you could either never allow him/her to connect to you at all, or *only* allow those on your bud list to connect to you.
... and she checks her email every few days. Yikes! She needs this "white list" ability even more than I do!
I've been looking for this ability in an email program for a while. If you're on my list, you get through. If not, the mail gets bounced back as though my account had ceased to exist.
I "only" get some 40 spam messages a day now. Just yesterday, a friend complained that she is getting some 180 spam messages a day
So, what email clients have this???
Lemon curry?
Why not just develop a bayesian filter for the MTAs, so most of this junk will quietly disappear at the source?
,and who to report it to would help - surely any potential "customer" of these scumbags would think twice about using their services if they saw them being nailed to the wall day in and day out...
Failing that, isn't spamming just wire-fraud, and so subject to severe fines anyway? It's obvious the Bush administration is very "tolerant" of any "business" that rakes in cash by whatever means (let's face it, they're all potential donations!) but surely it doesn't take Sherlock Holmes to track these scumbags down - their ISP, the open relay, the headers all provide evidence. If there were a few arrests each week, and very very high fines, with lots of publicity, this problem would virtually disappear.
Hell, just publicity, and information to the layman about how to report the problem
Is it really that hard to stop this? Or at least drastically reduce the problem? I get twice as much spam as legitimate email now (easily 30 - 40 a day), it passed "ridiculous" long ago...
Code, Hardware, stuff like that.
No idea how they implemented it, but I wouldnt be suprised if it was based on bayesian principles as well, since it learns from its mistake (it marks junk emails as such, but allows you to change a mail's status if it guessed wrongly).
Since it starts of in "learning mode", where it only color junk mail but does not delete them, you get to check its efficiency before putting it in "real mode". And even there, by default it only moves the mail in a "junk mail" box, so you can check once in a while if there was anything important there.
Since using it, my father found that it caught something like 95% of emails, and very very rarely had false positive. Even when it had, correcting the mistake meant it was not repeated.
I expect such anti-spam systems to get a lot more frequent... and they DO work. Not flawlessly, but well enough to stop spam being such a pain.
BTW, Apple's filter also have an elemnt of whitelisting, since emails from people in your address book go through without checking.
Just my 0.02 E
What do you know about World Politic? Find out in this quiz
However, combined with whitelists this could be quite useful. Bayesian filters to filter out spam, except for whitelisted spam. Eg mailing lists of advertisements you sign up to being whitelisted could be effectively. I suppose that when you sign up to a mailing list that would normally be recognized as spam, when it sends a confirmation e-mail your client could recognize it and ask if you want to add it to your whitelist.
This is unnecessary, due to the wonder of the Bayesian filter. When you train your Bayesian filter for YOUR email, it will learn what lists you subscribe to, and even what topics you care about. I am sure that my filter would allow just about anything related to running through, since I receive a lot of valid commercial email about local road races and running catalogs, no need to whitelist stuff.
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
c'mon folks, the problem needs to be stopped at the source. we need to discourage internet companies from selling our email addresses when we sign up for one of their services.
if you have your own domain and mail server, do this:
if signing up for a efoto.com account, make a efoto@yourdomain.com email alias. when getting spam, examine the full email header. if efoto@yourdomain is listed there, then you know efoto.com sold you out. you might want to see if they violated any contract you agreed with regarding privacy issues. GIVE THEM HELL.
also, doing this also protects your real email address. if you start getting tons and spam sent to efoto@yourdomain, just kill the alias.
only give out your real email address to friends and family and tell them NOT TO FUCKING GIVE YOUR ADDRESS TO INTERNET GREETING CARD COMPANIES DAMMIT!
Problem of the 'buddy list' proposal, is that it wont work in business where most of email traffic occurs.
You cant filter out potential customers.. or existing ones you haven't listed yet.
However i guess you could send all unknowns to a central location to process by some poor employee that gets
stuck with the job of sorting and forwarding the good ones back to their recipients..
Also, I've notices a lot lately that fake the senders address to match others in our organization, ( sometimes
guesses, others are legit ) and thus would fly right past the 'buddy-filter'...
Rather frustrating. I spend a lot of item dealing with Spam for a 10,000+ user base.
---- Booth was a patriot ----
How many times have you had to send an email twice because someone deleted it thinking it was junk or because it was in with a bunch of other junk emails?
The email client which ships with Mac OS X 10.2.2 routinely flags all sorts of legitimate emails as junk. Fortunately, there's a "Not Junk" button.
Poor signal to noise ratio has limited the usefulness of the internet's first "killer app".
Wansu, th' chinese sailor
I know there are massive technical problems with implementing such a system, especially with respect to international mail, but this is at least for the sake of argument: one way to crush spam would be to put a per-message fee on sending mail.
Currently a spammer needs very few responses to a spam campaign, maybe a couple hundred out of hundreds of thousands of messages sent, to break even on it. Change the economics and perhaps spam won't be profitable.
Let's think outside the (mail)box for a second.
Imagine a system where only whitelisted e-mail with a confirmed return address gets through. That would be enough to kill spam. The problem is, how can we allow previously unknown people to get on this whitelist without human intervention and gray/blacklists. Complicated? Not necessarily.
Here's the idea: suppose that we have a certifying service attached to our e-mail address. Say, my e-mail address is me@foo.com and my certifying address is certify.me@foo.com. Now I would want to send e-mail to you@bar.com but you do not know me and you are using a whitelist. No problem. I send you an electronically signed e-mail, and my mailing program, upon deciding that you are not already on my buddy list, cc:s the message (or relevant parts of it) to certify.me@foo.com. When your program receives my message and checks that I am not on your buddy list, it sends a signed query to certify.me@foo.com. The automatic service behind that address verifies that
Upon receiving the certification your program adds my address to your whitelist and accepts the original message. After all, you now know my e-mail address. Even a spammer who would be willing to reveal his identity would be pummeled to a certain death by millions of certify requests (which would make his ISP very unhappy). And should a spammer once get on your whitelist, just blacklist him.
This would not be a burden for mailing lists, because the certifying procedure is only invoked during the first contact.
This scheme would triple the initial number of e-mail messages, but because it's a one time event, the overhead is small. Considering that 95 some percent of all e-mails seem to be spam, this could actually reduce the traffic significantly after all the spammers have either been auto-spammed back for every single piece of spam that they send, or vanished into oblivion if none of their messages ever reach people.
So, anybody willing to implement this?
Existence usually comes as a surprise (Idem)
(lame anti-flame prediction pre-response: No, I don't work for a big company with lots of money that could afford to buy something. I work for a non-profit college)
I can handle it quite well, although I believe I receive more spam than the average use (too many mailboxes are my own).
However, something is changing my email habits quite drastically: Worms are becoming more and more common which take snippets from old mail found on the disk and resend them. As long as only Word documents were leaking, my secrets were relatively safe at the receiver's end, but they aren't nowadays.
Unfortunately, the set of I people I trust to handle senstive information responsibly is much large than the set of people who are unlikely to make themselves victims of email worms.
Spam is just a nuisance, but such information leaks are scary.
the most amusing one i've gotten this week....
/. editors: PRICELESS
Online Pharamcy - No Percriptions Needed!! NyGdHuyaWP
I can only imagine....
Commision from sale of Viagra: $12
Commision from a case of FDA-regulated Painkillers: $46
Sending out 3,000,000 e-mails: $0
Finding out that Laura Bush has submitted an order,
despite the fact that your spelling skills are worse than
Chaos, Mayhem, and Destruction: Not
Spam filtering in mail clients is futile. The filtered messages still consume network bandwidth, CPU cycles and storage space on the MTA's and MDA's. Almost every spam message I have ever received had forged sender addresses, and were relayed through a third party MTA. An MTA should ONLY accept messages SENT BY or DESTINED TO users in their own domains. This way the spammers would be unable to hide their identities, and shutting down the offender's accounts would be easy. IMHO, blacklisting open relays is perfectly acceptable. Heck, we should even DNS-blackhole them out of existence !
"And you are dying so slowly, you believe to be living" - Bertrand Besigye
Sure, its annoying but i dont think its going to stop e-mail. Heck i even watch tv and they have chopped the damn shows up into small bits. Im more annoyed by popups and banners that any spam ive ever received.
HTTP/1.1 400
That is what freaks me out about whitelisting. What is the email that gets tossed is "you are hired"?
By your post I deduce that you read your junk email folder every so often. How is the problem solved this way?
And that is without a load of "133t d00d5" speak. It is easy to dump Viagra and penis enalrgement ads automagically into the trash but misspellings and alternative representations can cause problems, even a space between letters (i.e., V I A G R A) can fool simpler filters. Also there is the problem of false positives, a problem when you discuss your visit to Scunthorpe.
See my journal, I write things there
E-mail's openness is doomed when faced with massive traffic and a few bad actors.
On behalf of the Bad Actors Guild, I plead Not Guilty.
I mean, it's hard enough to make a buck when you've been typecast to play dog-catchers.
I think the commercial software vendors are largely responsible for the massive increase in spam. IE is basically an ad delivery system; there's no way to control pop-ups, and no way to block images from ad servers. This is because from the corporate perspective our job as computer users is to view as many ads as humanly possible. Don't expect MS to be of any help. And don't expect any useful legislation either, as the DMA has a powerful and generous lobby in Washington.
But where proprietary software fails us, free software supplies the features that people actually want. Mozilla has built-in pop-up blocking and a great deal of work is going into spam filtering. On my linux box, I use spamassassin and vipul's razor for email, and filterproxy and mozilla to block ads and protect my privacy on the web. Very rarely does any spam make it into my inbox, and I almost never see ads of any kind online. However, it fills me with horror to use other peoples' computers. How can anyone stand all the flashing and blinking?
Conclusion: decent tools are the answer, not bug-eyed rants about the death of email.
At least 90% of the Spam we get here has either totally fake or someone else's email address ( the cute ones is when you appear as the sender of the Spam you get ) in their header. And most often bounced from somewhere overseas..
Who am i going to contact? Some innocent person that has NOTHING to do with it?
---- Booth was a patriot ----
While I fully agree spam is a serious problem - is it really that bad? I don't know what you are doing with your addresses to attract spammers, but at least for me, the DNS-based blacklists are still effective enough. Whitelists wouldn't make my life any easier, and they would surely complicate things for those who want to send me mail.
I get less than one actual spam message per day, and most of those are to the (unfiltered, as per RFC recommendations) postmaster@ address on my domain. All other addresses use blacklists only for spam prevention; there's a fair amount of spam blocked and very few legitimate messages are blocked - it has happened to me exactly once, even though I use somewhat aggressive blacklists. My main address have been in use for several years and I can't say I've been careful about revealing it - it has been used on mailing lists, various sign up forms, it's published on a number of web pages, etc.
Content filtering (Bayesian or whatever) seems to be popular among slashdotters. With an IP blacklist, erroneously blocked mail will bounce, making the sender aware of the problem. A content filter, on the other had, usually can't bounce so the message will be sent to /dev/null or stuffed in a trash folder together with other spam - the message is effectively lost. Sure, the filters may be good, but they still do make some mistakes and the cost of those mistakes are higher than it is for blacklists.
So I still prefer blacklists, despite their shortcomings (politics for one). They may be out of fashion, but the fact that messages are blocked before being accepted by the mail server feels right on principle - the spam never gets to waste my bandwidth or disk space.
Email shouldn't die. If mailserver admins do their jobs right, it should be possible to block out loads of spam.
For instance, look at www.myrealbox.com -- I've had accounts with them for over a year and never received ONE spam in them. Ever! I don't give my address out publicly or to untrusted sources. They do a damn good job of blocking spam.
You see? You see? Your stupid minds! Stupid! Stupid!
Most decent clients anymore will let you set simple filters on subject and from. Just make a bunch of filters on From: and only let messages that pass them into the inbox. Everything else can be dumped straight to the trash or at least another mailbox. There's your white "bud list". Mozilla 1.1 has this sort of simple filter although I use KMail myself.
It's still a good idea to quickly skim the subject lines of the remaining messages and most decent clients will let you quickly reassign a message back to your inbox. The subject lines alone usually suffice to quickly id spam. You can whack em en masse without ever opening them.
Part of the problem with ICQ is that your username is a number. Not only that, but a sequential number so a spammer can message a whole range of people with a simple broadcast. Nothing like having your boss sit next to you when your spam just pops up at you. A lot of people don't do IM whitelisting. Friends change screen names, or maybe you give it out to someone and you just don't have theirs yet.
The interesting thing to me about spam is that I do not understand why I get very little spam, if any at all. I have an email account at my university. I have an email account at work. I have 3 email accounts at earthlink.net. I shop occasionally on the Internet. I get most of my spam (about 2 - 3 a week) thru the xxu.edu email system. Nearly every unwanted email message (maybe 1 a day at one of the earthlink accounts) that I get can be traced back to subscribing to a specific service or buy a specific thing at a specific commercial site. My address does not seem to have been sold or handed around. (That would make me feel so *cheap*.) I was job-hunting for a while so, being seen on those job db's, that email got around to some other job hunters, but it's not too bad, considering the messages seen here about the spam abuse. (Is that redundant?) I probably do not realize what it is that I am NOT doing, but I do not enter my email in a form unless required and then only if I really need the thing I am filling out the form for. My email addresses(es) are on no web page that can be seen w/o a userid/passwd. I do not put my email address in my messages nor in any discussion messages. It'll probably turn out that the reason that I am so spam-free is that I never passes on any chain-messages. They were probably all email-address collectors. BAHAHA. Have fun. }:{)||
Making spamming illegal would work, even if the spammers themselves went offshore -- there has to be a domestic contact point for the money (anybody dumb enough to respond to spam isn't going to navigate the hoops of international transfer), and that contact can be shut down as the receiver of the fruits of a crime.
/. If the government wants us to respect the law, it should set a better example.
He blames the blockers like MAPS... Why spam could destroy the Internet. I don't agree with him.
The spam problem is getting bigger and bigger every day. I've always archived my Spams and now have ca. 12000 in my Spam box. Appr. 8000 have been sent in 2002. That means, I've got 2 times more spam this year than in the 5(!) years before.
BUT I'm not the only one. People will start fighting. Bayesian filtering is a wonderful and elegant solution. It's not perfect, but it works good enough. After only 6 days of active filtering and training with POPFile, it detects nearly 60% of my spam correctly, with just one false positive. And it's getting better every day.
It's a POP proxy on your computer and should work with nearly every mail client on earth. POPFiles configuration and management is done in your browser. The documentation makes it failsafe to configure Outlook (Express), Eudora and some other. Installation is done in 2 minutes. Written in Perl and therefore works under Windows and Unix. A new version has been released just yesterday and now works better with international charsets, allows white-list (or magnets in POPFile jargon), configurable stop-word-lists.
The perfect solutions for all, who don't have IMAP and don't have admin access for their mail server (or simply do not have time to install server based filtering).
If POPFile manages to detect 90% of my spam with no false positives after 2 weeks of training, I will be perfectly happy.
Check it out at POPFile Homepage. It's worth it!
Bye egghat.
-- "As a human being I claim the right to be widely inconsistent", John Peel
Sure, that would work great, and it should be illegal to respond to unsolicited e-mail. Unfortunately there's absolutely no way that this could be enforced without the government monitoring every e-mail communication and managing to identify people responding to spam.
== Jez ==
Do you miss Firefox? Try Pale Moon.
you have a simple rule, if the mail is signed by someone within the web of trust then I see it, else throw it in the garbage bin. Likewise, if I see someone spamming from a trusted account then we cut it out of the web and revoke its trust. It becomes a collective white list.
Mozilla with enigmil, kmail,evolution, and there are outlook plugins for GPG and PGP. Start signing your email today!
Personally I'm really only interested in getting mail from people I know and receipes for things that i buy online. I think one way to help enforce this would be for people to start using digital certificates to sign thier mail. They are available for free from thawte.com. It would be nice if you could configure your email application/spam filter to give special treatment to mail from someone that your have a certificate for. On the otherside of the coin, spamassasin works pretty darn well at identifying spam, unfortunately it also tends to identify any kind of mass mailing as spam (ie. mailing lists) which makes it a little hard to trust. Hopefully it will get to the point where I can feel confident that I can just delete everything it marks without having to check.
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
OK i thought of a way to stop spam. It is very simple. Charge people to send e-mail. Yep, let's say you charge .0001 per e-mail that is sent out. That would be 100 e-mails for a penny. Spamming would then be unprofitable, and people would gladly pay a few cents a month to stop spam.
Now this may be a situation like the mouse putting a bell on the cat, great idea impossible implementation, but I don't understand enough about e-mail to know.
Comments as to why it wouldn't work?
I bet they (the spammers) will find ways around whitelisting too. What stops them from automatically sending a reply to each "authentication request"? There will be some schemes for such a request, 10, 20, perhaps 100 schemes. So what - they can reprogram their robots. Character recognition gets better every day.
So what? Useless, if you ask me. It's just the same as spam filter - delaying tactics, not more.
I have an email account that I just don't want to receive any spam. And it receives just once a while.
When I receive a spam I always try to contact all responsibles for all the domains involved in it. I look at the From field, the Reply-to field, the sender field (usually hidden at the email header), and retrieve the responsibles' names and emails for the domains with whois.
Once with a list of all the responsibles of all the related domains (including the responsible for the responsible of the related domain) I just send an email with a notice that probably there was a mistake and I received a email from them, and that I just don't want to receive this kind of email anymore.
Of course I also notice them that all responsibles are being notifyied and that if the spam continues I will contact the authoraties.
It always works fine for me! ;o) Why don't you try it too?
-=-=-=-=
I know life isn't fair, but why can't it ever be un-fair in MY favor!?
I'm still doing VERY well with domain-based blocking. Probably gets 99%+ of all my spam - A total of 4 messages got by my filters today.
2 were virii (haven't gotten around to filtering them, going to start that soon, I've been getting some "Spoon River" virus a lot lately.) These are easy to filter, plenty of virus scanning filters out there.
1 was to a mailing list I'm subscribed to - Automatically whitelisted. I'm yelling at the listadmin to close the goddamn list to nonsubscribers now.
Only one was an actual spam from a new domain.
In addition to domain blocks, I recently implemented four new procmail rules. Three are for detecting fake Yahoo, Hotmail, and Netscape webmail mails (ones that don't originate from any of their servers.) No false positives yet, and no @yahoo.com, @msn.com, or @netscape.net spams have gotten through. The last rule detects malformed HTML-only messages without a charset - This catches 25% of my spam, no false positives.
retrorocket.o not found, launch anyway?
I tend to believe that the more people whitelist, the better email will be. It always has the advantage over instant messaging in that it can be viewed at the end user's convenience and without being online. I've already implemented a whitelist procmail script with my email, and the only spam that gets through is the idiots bothering to respond to my auto-reply to be put on the whitelist. Currently, I see about one spam message every 2-3 months. If it gets to the point where everybody does whitelist, however, it'll be interesting to see just how complicated it gets so that spam bots can't be made smart enough to get on those lists.
The major ways of getting spam are:
1. Posting on a newsgroup with a valid e-mail address. (I use Sneakemail (www.sneakemail.com) to generate addresses for postings, and within hours of a post, I get new spam.)
2. Have a web page with your e-mail address on it in cleartext.
3. Respond to any spam, sign up for web contests, etc.
4. Have an e-mail address that is easily implied from your domain name (for example, john@johndoe.com, info@whatever.com, etc.)
5. Have a registered domain with contact info in the registration record.
i've had the same set of working email addresses for 5+ years and i get maybe 1 spam out of 1000+ legitimate emails a day. i never spam-proof my email addresses on message boards/usenet/mailing lists either.
i block mail using dsbl.org, spamcop and a few simple procmail rules (when a spam does get through, i block that company via procmail). i don't ever lose legitimate mail, and i don't get any of the "anonymous spam" i used to get from people pretending to be @hotmail.com/yahoo.com/etc.
clearly the reason that these people claim that blacklists don't work is because they're not using them.
They are killing general web browsing.. and eating tons of bandwidth too.
And dont tell me i can block them at the client level, it doesnt address the bandwidth waste to my house. Even if you block at ISP server/router level, it doesnt address the backbone traffic..
---- Booth was a patriot ----
I've been forced into whitelisting because some spammer thought it would be a good idea to start using my email address as the reply-to address for all his spam. All the bounced messages come back to me. I get about 200 bounced messages per day from so many different domains. Add that to the regular 30-40 spam messages per day. I've had my email address for almost 5 years and I use it for work as well so I don't want to change it.
I've set my mail programs to see if it's email from someone on my whitelist and if it's not then it replies with a text message explaining why I can't accept email from them but if it's important to email me or they should be on my whitelist then to email a throwaway account that I check less frequently and I'll add them.
The only boxes I've ever seen pounded by spam are hotmail accounts -- just about every other E-mail account I've had recently is spam-free. How? Just don't give your address to assholes(ie. free registration). Even my yahoomail account is fine.
It's been a long time.
Providers should immediatly block all traffic to any server, which is used for spamming.
/dev/null
Webspace-Providers, who host homepages which are promoted via spam email, should delete these homepages.
-----
spammer of month: netm*ils.com
let's mv netm*ils.com
Microsoft is heavily promoting MSN v8, complete with instant messaging service!
This message brought to you by msn.com, the same web site proclaiming email to be dead!
How about false negatives? I'd be curious to know how much valid mail was filtered out.
0.1 cents an email would be unoticeable by the legitmate user, but bankrupt the spammer.
I think this works in the long term better than whitelists:
1. Sending mail server generates a tx content key based on the contents of an e-mail being sent.
2. Sending mail server uses the tx content key with a private key to create a confirmation key.
3. Sending mail server sends the e-mail, along with the confirmation key to the receiving server.
4. Receiving mail server generates a rx content key from the e-mail contents.
5. Receiving mail server sends the rx content key and the confirmation key back to the sending mail server.
6. Sending mail server uses its private key plus the rx content key to re-generate the confirmation key.
7. Sending mail server compares the confirmation keys.
8. If the keys match, the receiving mail server allows the mail to enter the recipient's mailbox.
9. If the keys don't match, the mail is bounced.
This should eliminate spoofed e-mail, which is the only type I get. This technique also keeps the second transaction to a minimum exchange of keys. The keys add traffic, but the eliminated SPAM traffic more than makes up for the penalty. As more and more mail servers are updated with this feature, spoofing is all but eliminated. The remaining "spoofable" domains can be explicitly severed from the net or blocked.
Xesdeeni
I've been fighting a battle against spam for years. I think I've hit on some basic rules that work well.
:deny entries in tcp.cdb, and the number of bouncing messages dropped to an acceptable level.
1. Whitelist everybody you know - It's the polite thing to do.
2. Different addresses for different purposes - I use several addresses at several domains, and I make heavy use of qmail's -tag syntax. All of these addresses reach the same mail account, but each address has it's own set of rules - most of the mail sent to hotgrits@yourpants.net goes right into my junk box for later checking; only the ones that get very low spamassassin scores are diverted into my main box. Conversely, some addresses have much higher thresholds, or even bypass all of the spam checks entirely (mailing lists have special aliases that go right into a folder just for them).
2.5 Give each business or website you deal with a unique address so you know who sold your info.
3. Keep machine readable e-mail addresses off of webpages. I used to just use some light cloaking which displayed either a graphic or a encoded address based on the user agent. Last night, I wrote a more advanced cloaker which always displays a graphic, and provides a web based form to send an email.
4. Spamassassin - it is a wonderful program. I use the scores it assigns for pulling low scoring mail out of a stream of crap, labeling higher scoring mail, and for the very highest diverting them to the dreaded junk box.
5. When all else fails, block. Someone was pounding random addresses on my mailserver with hundreds of messages apparently from a nonexistant domain. The number of bounces stuck in the queue was well over several hundred and rising. A few
and managing to identify people responding to spam.
Why is this any more difficult than identifying the people sending the spam, except that the spammers are trying to hide and the people responding aren't?
You maintain a db of response urls on the basis of known spam messages, and you make the ISPs record whenever one of their customers attempts to access one of those urls. You set a suitable fine ($1 a click ought to do it) and the ISP adds the monthly total to the direct debit, in much the same way that they add sales tax at the moment. In the case of free webmail, you give the customer 3 warnings and then close his account.
Not ideal, but it would work a lot better than blacklisting half a million domains at a time with SPEW in order to punish one offender who has already moved on. I would expect your average user to never click on a link in an email again after the first month.
Virtually serving coffee
Would your ISP have terminated their spammer if SPEWS hadn't escalated their listing to the whole /16?
Read what he said first. He clearly stated that SPEWS starts by blocking smaller IPs and notifies the ISP. If the ISP doesn't response, they block a larger range, until the ISP feels compelled to terminate the spammer's account.
If you're an ISP and want to avoid being blocked by SPEWS, it seems like all you really have to do is reply to abuse reports and terminate the offending account. See, Was THAT so hard?
How's that for a brilliant plan?
Jesus, I'd hate to see how you blow your personal problems out of proportion.
"Communism is like having one [local] phone company " - Lenny Bruce
If they reduce spam (blocking more spam), the ones that get though it will be smarter, and more effectly. Even you might have trouble noticing it's spam at first glance.
So the effectiveness of sucesfull spammers will grow making it a great bussiness (only to those that can master it).
Well'll have less spam, and better quality spammers.
unfinished: (adj.)
IMHO, the DUL is a complete PITA. The requiring that no one run a mail server of their own...it's just stupid, and breaks architecture.
White lists would be *far* more intelligent. They be almost perfectly effective (perhaps worms could spam, until whatever hole they were exploiting is closed, but that's it).
White lists are inevitable, barring some other massive change. Let's move to them, and stop having to deal with all these stupid half-assed anti-spam measures that make legitimate users miserable.
May we never see th
Why not? You have whitelist based programs like TMDA and ASK that do something like that but you need user action. If you could integrate to servers and clients, you could have this more transparent (and more effectively fighting spam). The idea is simple: 1- The email is sent. It stays on the queue. 2- A challenge is sent back (in case the origin is not already in the whitelist). 3- The origin is then authenticated sending a reply to the challenge... That's it. (a bit the same TCP does to IP... Make it trustable.) PS.: Of course the spammer could legitimate his origin, but at lease you can add (and identify)him more easily in the blacklist.
The most amusing spam I ever received (names withheld to protect the innocent):
Date: Sun, 19 May 2002 23:03:19 -0600 (MDT)
To: [30 addresses at my ISP]
From: [Probably fake return address]
Subject: Government Alien technology needed! 7132
If you are a time traveler or alien and or in procession of alien
or government technology I need your help! My case is truly
genuine! I seek to work with someone who is of a kind nature,
someone I can call my savior as well as a friend.
My life has been severely tampered with and cursed by evil beings!!
I have suffered tremendously and am now dying!
I need to be able to:
Travel back in time.
Rewind my life including my age back to 4.
I am in great danger and need this immediately!
I want to work with you in any way possible.
I am aware of two types of time travel one in physical form and
the other in energy form where a snapshot of your brain is taken using
either the dimensional warp or the brain snapshot device and then sends your
consciousness back through time to part with your younger self. I'm almost
certain the dimensional warp would be the safest and best
solution. Please explain how safe and what your method involves.
I have a time machine now, but it has limited abilities and is
useless without a vortex. If you can provide information on how to create vortex generator or where I can get some of the blue or red glowing moon crystals this would also be helpful. I am however concerned with the high level of
radiation these crystals give off, if you could provide a shielding this would be
helpful. I believe the vortex would have to be east-west polarized,
North-south polarized vortexes are used for cross-dimensional time
travel only. Also, I know about the three dimension 4 bit (CODE) our universe is written in. If you are one of the very few beings who can edit this code, or know the passwords which can be spoken over a vortex, please reply!
If you have this technology and can help me please
send me a (SEPARATE) email to: [withheld]@aol.com
Thanks
Bayesian spam filters will save it.
Especially when they are used at the ISP end like they're supposed to be.
It's Christmas everyday with BitTorrent.
I have had several serious misunderstandings with people when communicating over IM.
Instant messaging is a difficult medium. It as immediate as conversation, but without being as clear and concise as email or other forms of writing. With most writing you read back what you wrote to make sure that you didn't accidently write something that can be misunderstood. Since IMs happen in (almost) real time this sort of care is not generally used. Also people do not type at the same rate so the thread of the converstation is often lost.
If the subject is important I always use another medium.
http://www.filmthreat.com/GoreyDetails.asp?Id=221
The Junk mail filter in Mac OS X 10.2s Mail application works well for me. I get about 40 spams a day. About half of them I can't even read (foreign character sets). Most days the junk filter catches all but one or two spams. I've only had one false positive in the past month, and that was just an automated reply from a web page reporting that the catalog I had ordered was on its way.
Apple Mail's junk filter does require some training. When I first got it, it only caught about 25% of the spam, but after a week or two of my marking spam messages, it was running very well.
I have been wondering if this junk filter can be integrated with some service like Razor.
I get a lot of spam at work (maybe 30 or more/day) and almost none at home. I am careful about giving out my email address, and in fact I think I've given out the home address more than the work address. It puzzled me that I was getting so much spam at work, then someone here mentioned that we should not use auto-reply with Lotus Notes because that replies to spammers and confirms your email address. Of course everyone here sets Notes to auto-reply when they are on vacation, etc. I'm convinced this courtesy is the source of my spam problem.
It's too late to do anything now. Yeesh.
Promising newcomers such as CloudMark, which taps the collective power of e-mail recipients to identify spam, may improve things for a while.
I've been using this for a while, and am catching like 80% with 0 false-positives so far. The only downside has been a few minor bugs, which is expected for a beta product and have more to do with Outlook than anything. I think the concept is sound, and would be pretty hard to circumvent. Basically, a fingerprint (one-way hash?) of the email (not just the header) is looked up in a database which contains reported spam. Reports are weighted for reliability, which prevents spammers from unblocking their own spam. I can think of only one way, besides a DoS, to get around it, but I ain't telling here =) www.cloudmark.com
...than the hotmail account is Spam Gourmet. Check out their site.
If you do not give away your email address except to "trusted" people, you are basically implementing a whitelist by hand.
I find this to be a perfectly valid spam defence, just like a tmda whitelist, and one I believe more in that increasingly sofisticated blacklist filtering.
However, it does not change the fact that email has changed character, from a method to inititate contact with people, into a method which people who already have contact can communicate.
At least tmda based whitelists will still allow strangers to contact you, even if it is slightly more work than it used to be. With manual whitelisting, that option is out.
Right now the cost/benefit analysis favors spammers.
The Spammer's View:
First, it's very inexpensive to collect/buy a million email addresses and very inexpensive to send a million emails. Second, the return is sufficient: out of those million emails, all it takes is a handful of replies to make a profit. Third, the risk of being prosecuted or otherwise suffering financial damages is still practically nil, so the worst you have to fear is your ISP cutting you off -- whoop de doo, go uncover another rock and sign up with a new one.
The ISP's View:
It costs little more than a little bandwidth to send a million emails. It costs a little in reputation to be weak on busting spammers' accounts. Signing up a new customer is a profit.
The User's View:
Here's where the "cost" of spam is high, and consequently where most of the effort in fighting it has been made. Most users either just delete or have software to keep spam out of their inbox. Some people are careful about how they publish their email address. Some use blacklists or (more recently) whitelists. The cost to receive an email is fortunately low or nothing.
When the cost of spam becomes too high to ignore, for spammers to send or ISPs to relay, spam will decrease. It already has started to become more expensive: some ISPs have strong anti-spam policies and measures; some laws have been passed against spam; and there is quite a bit of software to deal with spam at the recipient end. But that's not enough, as evidenced by the continuing growth in spam.
Eventually, spam will be dealt with more strongly at the source. It has to be sufficiently painful first, and the pain is starting to be felt by ISPs and others involved in relaying email. I expect the situation to be much better a couple years from now.
-Thomas
I have set up a mail server in my home (DSL). My wife and kids do not get any mail from anyone NOT in a filter list. Sure, the mail server gets the SPAM but that is where the buck stops. I can review the mail to make sure nothing is being tossed out that was supposed to be read but if it was AND it was important, I usually get another copy or they pick up the phone.
"If you are on fire you can just stop, drop, and roll. If you fall into Lava you are just dead." - my 5yr old daughter
probably broad minded].
:)
You mean, lesbian?
(Stop. It's a pun
Considered harmful.
Even when I lived in the US, I got at most one per day. Today where I live in a country where such calls are illegal, I get one a year at most. The difference is of course that phone calls are expensive, especially from other countries (where such calls may be legal).
That seems to be the fear of many people, and the fear that is mentioned in the article. I receive around 80 e-mails a day, about 40 of which are spam. This doesn't include the spam that is caught and deleted by my procmail filters.
I don't see how people can complain that it takes so long to delete spam. I just read all my e-mail sequentially, and hit 'd' whenever I encounter anything that says my breasts can be larger, my penis can be firmer, or I can make a kajillion dollars a day. It's that simple.
I think people just need to learn some patience.
So, no, it is not strange. You are just an example of what has happened to email, it has become a communication media for people who already have contact, thanks to spam.
Hate to say it, but this is a band-aid problem. Spammers evolve, we evolve. What we need are flexible tools that let us evolve as quickly to keep ahead. Spam assassin is AMAZING. Maybe I'm lucky, but in the last month, since I started using it, I have had neither a false positive or false negative. Can't beat that. It has a great rule structure to which new rules can be added as needed.
I think the future is something like the current antivirus solution for spam. A big company, maybe even Norton, would create a spam blocking plugin for email clients (or maybe a front-end between the server and your client). They would make money from subscriptions to spam "definitions." You wouldn't need to update as often as for AV software, and it would work.
Alternatively, these Bayesian learning filters are VERY intriguing. That would solve the problem potentially without band-aids.
-Looking for a job as a materials chemist or multivariat
Usenet went down because ISPs stopped caring about it. As the Web ballooned into the monster it is today, Usenet became a neglected backwater, where once it had been the core of an ISP's business. Suddenly the threat of a UDP isn't so terrible; most of your customers won't even notice. So why bother dealing with your Usenet spammers?
By the way, Usenet isn't such a desolate wasteland as it's often depicted. The problem is that old newsgroups never die - alt.current-events.desert-storm for instance (although that one could well see a renaissance in the very, very near future...) - so a group that has outlived its usefulness lives on as a ghost town, accumulating the occasional spam. The big groups - alt.fan.[someonepopular], sci.[subject], alt.religion.[insertflamewarhere] are still going strong, because there'll always be more people interested in that topic. Odd little net.cults like alt.adjective.noun.verb.verb.verb, though once a part of the geek experience, are faded away like Mahir.
The same thing will (has already?) happened with email - as long as the cost of exploiting it is less than the percieved profit opportunity, it will be exploited. Given the costs of sending email, it's unlikely to stop being exploited - ever.
Email isn't looking like being superseded by anything in the way that the Web eclipsed Usenet. A listing on a major blacklist (Spamcop, SPEWS, whatever) is a big threat that strikes at the core of an ISP's business, just like the UDP was in the Elder Days, and so rogue ISPs can be bullied into submission by a sufficiently large boycott. Spam will always be with us as long as the economics make it worth doing, but the economics of the email business make it worthwhile for an ISP to fight email spam. Sadly, Usenet is no longer financially worth that kind of effort...Real Daleks don't climb stairs - they level the building.
If you run a server or can script for one, why not just have an "email me" section wherein people can type the message and be done with it. Throw in a particular key as the message gets sent, protect your script against hacking, and any email coming through should probably be legit.
Safer than putting a href='mailto:spammeupthebutt@myserver.com' tag...
In the trite words of a screaming Chris Tucker, "Do you understand the words coming out of my mouth?
Here's what typically happens.
1. SPAMMER gets account on your ISP
2. SPAMMER SPAMS from your ISP
3. Someone reports SPAMMER
4. SPEWS sends warning to your ISP
5. ISP does nothing
6. SPEWS blocks small IP range, sends second warning
7. ISP does nothing
8. SPEWS blocks larger IP range, sends third warning
9. YOU get blocked (It's obvious your ISP doesn't care about your connection)
10. ISP finally takes appropriate action, SPEWS unblocks ISP
If SPEWS didn't follow that procedure, then shame on SPEWS. If you're ISP didn't respond to SPEWS, then shame on your ISP.
Either way, Sounds like you need to get another ISP that actually cares about keeping the connection up for its legitimate customers.
"Communism is like having one [local] phone company " - Lenny Bruce
If you're an ISP
I'm not an ISP, the spam in question was not from one of my customers, the system in question was not under my control...
See, was that so hard?
It's downright impossible, because I'm not an ISP. There are four short words in that sentence, which one is causing the problem? You are shouting at the wrong person, just as SPEW blocks the wrong IP addresses.
The logic of SPEW is that you hurt the innocent little people to put pressure on the big guilty people. That approach is wrong in principle, and is accepted as wrong in every other area I can think of. You don't beat up people's kids because their dad owes you money and is bigger than you. This is Godfather morality!
And even if you want to live in that sort of world, the starting point was an article saying that none of the SPEW-type systems are going to work anyway!
Let's think about this for 30 nanoseconds. If I need to send emails to someone, and I discover that the emails are returned because of SPEW, am I going to
a: stop communicating with that person until they put pressure on their ISP to change their spamming policy or
b: find another way of sending email to that person?
From where I'm sitting, not using SPEW sounds like a great selling point for any ISP. Or, to put it another way, does 'we promise to randomly stop delivering some of your emails for reasons that have nothing to do with you or the person you want to communicate with' sound like a good sales pitch?
On an earlier occasion some ISPs used by certain branches of a company whose email we host started bouncing redirected emails from our server. We solved the problem by telling those branches to find another ISP. Is this how the system is going to work? Because anyone with a job to do is going to do the same thing.
Virtually serving coffee
*runs off to bathroom*
flusssssssssssshhhhhhhh
Is everything better now?
"The best argument against democracy is a five minute chat with the average voter."
--Winston Churchill
a: stop communicating with that person until they put pressure on their ISP to change their spamming policy or
b: find another way of sending email to that person?
Let's think about it for even fifteen nanoseconds. Who's using SPEWS here? If your ISP is using SPEWS, then mail from addresses listed in SPEWS will be dropped. Mail TO addresses in SPEWS generally won't. SPEWS is used to prevent spammers sending crap to you, not to prevent you sending crap to spammers!
In the case you describe, it's YOUR provider that is listed in SPEWS and that needs to change its ways. I would therefore say that (b) is your best choice - find another way of sending them email. That other way would be to send it from an address that is not listed in SPEWS - i.e. switch to a non-spamming ISP. That way ISPs find that hosting spammers is bad for business, and spammers find that they are no longer welcome. Which is the idea.
Real Daleks don't climb stairs - they level the building.
I think this is a good point. Almost *any* confirmation based whitelist - even one that's trivial to automate a reply to - should work.
In fact, you could even make the reply standard so email clients *could* automate it. That makes it easy for the user, but it would still stop most spammers. Why? Simple...
1) They'd have to supply a valid, working contact address (no more forged headers).
2) It's easier to send millions of emails then receive them. Processing all those confirms would take tons of bandwidth and hefty mail servers.
This makes it *much* more expensive for a spammer than just CC'ing a bunch of addresses. Plus, the more spam they send, the more costly it becomes - would likely make the whole business unprofitable.
What we've resorted to, with great success, is a combination of domain and content filtering.
So yes, if we get spam from "wesendgoatporn.com" guess what, "wesendgoatporn.com" is added to our blacklist.
But also, we block ALL messages containing "free" AND "goat" AND "porn" as well. So even if they change their domain name, or if someone else tries to send us free goat porn, it's blocked automagically.
This is what we've done to stop a lot of the spam, and I mean a lot. 400/day company wide (for a company of 25 people) dwindled to about 20/day now, which is a 95% reduction. And out of the thousands of emails filtered out, only a small handful (less than 10) were legitimate emails. And when a legit email is caught, we simply tune the filters, and those incidents are now fewer and rarer.
By the end of the year, the filters should be solid enough that we should see a 99% spam reduction, and an error rate 0.001%. A lot of products are out there that do content filtering too, and many are inexpensive.
Privacy laws are good, but they somtimes increase, not reduce spam. Privacy laws can be excessive and are being used today by Finland spammers. Finland prohibits release of whois information, so it's impossible to identify spammers from Finland.
California is just starting a crackdown. Unfortunately, the Attorney General of California didn't bring criminal charges, although some of the violations of law in the complaint carry criminal penalties in California. (While spamming isn't a crime, conducting a business and accepting credit card payments without disclosing the ownership of the business up front is a criminal offense in California.)
In this specific case, the choice was moving a website, a domain name, 400 email addresses etc, or telling half a dozen people to stick the next free CD ROM that drops through their door into their PC. They use email redirection, so changing their ISP was no big deal.
As it happens, we pay monthly, but it is common to pay for small servers one year at a time. In which case doing what you suggest could cost £2000 or so.
That way ISPs find that hosting spammers is bad for business, and spammers find that they are no longer welcome.
Except that, as I've already pointed out several times, a professional spammer can afford to lease a machine a week, even if it gets shut down at the end of the week, and, apparently, this is just fine with SPEW.
Virtually serving coffee
Granted, few of them are doing it now, but as whitelists become prevalent, the spammers will simply maintain lists of email tuples, each tuple will have you, your mom, your uncle, and your best friend; all folks in your whitelist. Send to each address in the tuple with a From: address from the tuple, and voila, your whitelist does nothing.
- "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
Sure. SPEWS know who all the professional spammers are, they block them on sight. If the ISP disconnects them in a timely fashion then that's not a problem at all. Sooner or later the spammer will run out of places to hide, and will wind up on some provider, maybe Chinanet, which doesn't care who blocks it. Then they can spam all they like, they'll only ever hit blacklists.
I assume, of course, that no ISP is going to be fool enough to take on the same spammer twice. This is in general a reasonable assumption, but Verio will insist on proving me wrong... they disconnected and then reconnected your original Antipodal troublemaker.
Real Daleks don't climb stairs - they level the building.
That brandname is getting everywhere... so now they make Vodka as well as t-shirts?
If it was clearly illegal to send unsolited bulk email (spam) to anyone in the U.S. or Europe, and a hefty fine backed that up, it would force spammers to move to smaller countries. Those countries would then quickly get blacklisted: "Fix your laws, or you can't do business with us." There will still be spam, but it will be much, much rarer because it would be more dangerous. You could also fine companies that pay for spam - a few hefty payments would at least eliminate a lot of commercial spam.
A partial alternative would be to require (by law) automatable marking (say "ADV:" as the first characters in the subject line) and forbidding source forging. Again, could spammers disobey the law? Sure, murder still happens too. But by making it legally a crime, with real penalties, we certainly reduce the number of perpetrators.
For more info, see http://www.dwheeler.com/essays/stopspam.html
- David A. Wheeler (see my Secure Programming HOWTO)
Some days I have to push my door hard to get it to open past all the junk-mail. (Stupidly, British homes don't have mailboxes, they have slots in their front doors. This is to make it easy for bad people to put petrol bombs through your door, to make the post office less efficient, and to give dogs a decent chance of biting your fingers off if you are delivering an election pamphlet).
I was getting so much spam on my dial-up account that it sometimes took me 20 mins to download mostly useless, if not offensive, email. Sorting it automatically by client-side methods (e.g. SpamAssassin) wasn't helping the download time, since you still have to download the blasted spam before you sort it.
So I got rid of my contaminated address. I created an account on two web sites: www.spamgourmet.com (free) and www.sneakemail.com (mostly free).
Spamgourmet allows you to create an infinity of different email addresses all going to your POP3 account, by adding various prefixes. So say, to take a recent example, that your account is SpammerMaimer and you want to subscribe to, oh, MIT Technology Review's newsletter. You create an address called MITTechReview.20.SpammerMaimer (@ the SG domain). The "20" in the middle word of the address gives them 20 shots at emailing you before the address shuts itself down (and you can manually reset the counter).
Then, surprise! This stupid magazine sells your address to several spammers. On top of that, their forum system is spammer-friendly because it encourages email address collection.. You know that it's them, because you haven't given that address to anyone else. So what do you do? You go to your Spamgourmet account and shut down that MITTechReview.20.SpammerMaimer address. Problem solved.
For truly one-shot emails, I use sneakemail, which creates disposable addresses that you can disable individually.
The hardest thing is to keep the old address active for a while until all your usual correspondants have been informed of your new address. Then, when you switch your ISP email address, you just have to change the forward address in SG and Sneakemail.
Highly recommended.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
That's the whole point. If you'd read it, you'd understand you've already lost.
In this specific case, the choice was moving a website, a domain name, 400 email addresses etc, or telling half a dozen people to stick the next free CD ROM that drops through their door into their PC. They use email redirection, so changing their ISP was no big deal.
No, in this specific case, the choice was either moving your setup to a different ISP, or calling your ISP and telling them, "if this ever happens again, then by god we are switching ISP's and we'll tell every customer of yours that you obviously don't give a damn about them".
SPEWS did you no wrong. Your ISP did you much wrong, by not responding to spam complaints in a timely enough manner and by letting spammers use their section of network to the detriment of the rest of the network.
Your ISP's inaction is what caused your pain. Complain to them, it's, quite frankly, their fault. Threaten legal action if you like. Whatever, the point is to get them to change or annoy their customers enough to make them switch ISP's.
I mean, really what would it take to make you switch from these guys to someone else? Blocked for a week? A month? A year? How far does it have to go before you realize that your ISP is causing the problems here by not attempting to resolve their issues with spammers?
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
What's to prevent you@bar.com from getting SPAM in his mailbox or spammers on his whitelist with this scheme? Basically, you have a box receiving an email, and then talking to the sender of the email to verify that the signature was his and correct.
But I (as a hypothetical spammer) can make a signature in any name, and I can set up any accounts on any hostname I like rather easily. So a spammer could get messages into your box and get a name (even if it's a throwaway name) onto your whitelist without any human intervention. He has his certify address always respond in the affirmative, and voila.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
We have seen this happen before:
;)
You find a way to block spam...
Spammer finds a way to counter.
<Long informative post warning>
Yes, my friends. Suppose that this article is true and that evolution, say 5 years from now (*shudders*) makes even the average non-computer oriented american look at email the way we see postal junk, removing all the novelty and making her decline offers to open email accounts.
Step 2: She has always heard of IM so she downloads AOL IM instead because everyone else has it. This ubiquity is similar to the one of Windows. Remember what happens when an operating system becomes common? It just becomes a new target. Viruses start getting developed for it. The same thing will happen to IM if we shift to it. You have to realize that though a bit more time-consuming, spammers will start making databases of IM usernames and begin sending spam from their accounts.
Two years ago when I still used ICQ, which is owned by the prone-to-spamming AOL system, I received spam from users who seemed to not exist! Though I had explicitly chosen to be invisible to everyone but my buddylist names, there was some obscure way of sending IM's with sex ads, and that the message came from forged addresses that you couldn't track and punish.
Bear with me, from here on this may seem unrelated but look at the big picture:
Remember the days when there were no popup ads? Well, people would turn their images off to skip normal ads. Then popups came and some annoying javascript enabled them to pull you to their new browser window. Then, even cleverer, was the use of pop-unders, because everyone knows that you ignore popups because you want to see something else in the first place, However, pop unders show up when you are ending your browsing session and are in no rush to close extraneous windows: The famous X10 cameras from yahoo are known by all for a reason. Then nonspammers --but ad people indeed-- started placing ads in Flash formats, and my Opera browser began loading that too, even when my graphics were off, because pluggins load separately from images.
So, it will be only marginally harder to spam people if we do make a transition to IM whitelists, but all you need is a screenname generator, which you can develop from a password cracking algorithm, and an expendable IM name. It takes 5 minutes for a spammer or anyone to grab a new one after their first has been blacklisted by AOL. Spam by IM has already been done, and will just come back. I certainly know that no ISP will drop the free email address policy when you register, so, it may take those full 5 years before I can tell my family and friends to send me those greeting cards and announcements by IM. Worse yet, how the heck will mom learn IM if she can barely send emails? My parents hate IM because they cant type, and on top of that, they cant type fast
"Wireless : LAN
this is an everyday DOS attack on all of us.
I have been thinking about the amount of time being wasted on spam. I installed an SMTP honeypot looking like an open relay, but in reallity it just acts like a black hole. Once I recieved 35 million spam mails in 4 days. If the average recipient would have spent just one second deleting this spam, I have saved them a total of more than one year of work. Think about it, more than one your of just deleting spam mails!
What have you done to fight spam in general, and not just the spam in your own inbox?
Do you care about the security of your wireless mouse?
Simultaneous MultiTalking/Typing :).
Maximises usage of processing modules especially in high latency communications (whether due to links or processing units or situation).
But it also happens with email and other messages.
They split into multiple threads, sometimes so much so that you need to break them into actual different messages.
I may get spam in one of my e-mail accounts (EarthLink's software does a remarkable job on the rest of my accounts), but I never get Latin American teenagers looking to practice their English skills on a hapless American like I do on ICQ.
My God man! My self-description in ICQ boils down to "Go the fuck away" and still they come! That by itself will be the death of instant messaging long before the death of e-mail!
It's a temporary phenomenon. A lot of people are new to IM and get these misunderstandings a lot. After about ten years of using IM systems you stop having the problem, in my experience.
(Yes, I'm serious.)
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Disclaimer: I am biased because I have a college account. Of the past 547 emails I have received, none of them have been spam. Before that I had a Hotmail account (mike_hamburg at hotmail dot com), which is still open (although I don't check it often), but it receives only about 2 spams a week. Please restrain yourselves from selling me to a list out of spite.
The article is wrong. Spam is a big problem, but it will not "end email as we know it." There are plenty of ways to curb the problem that have not been implemented yet.
The best suggestion that I have seen to curb spam, although it would be hard to implement and people would bitch about it, would be to have a payment based system. Everyone has a contact list of people who can send them mail for free. If you're not on that list, you have to pay a penny to send a message. Since the profit margin on spam is less than a penny per message, no more spam, or at least not much. Hard to implement, but it would work.
Other than that, there's Hash Cash, which could be combined with the above system, to increase the computational load of spamming. Easier to implement, and to get people to switch to, could reduce spam, not a cure-all.
Encryption and digital signatures would be a useful technique too. Require all mail in your inbox to be encrypted with a Diffie key would help, as Diffie encryption is much harder than decryption. This would also increase privacy, although changing the protocol to prevent traffic analysis would be a bitch to get off the ground (although you can get something like this already at Hushmail).
Bayesian spam filtering or other advanced techniques might also help to curb the problem, but they are a bit like a band-aid on a bullet wound. The article is at least right in that spam filters are not the solution.
I hereby place the above post in the public domain.
Here's a problem with a whitelist account: you buy something at Amazon.com and Amazon helpfully sends you an email confirmation. A challenge will bounce back to Amazon who has no capability to respond to it. Sure you could add amazon.com to your whitelist, but after a while every spam you get will be from xxx@amazon.com. To make whitelists work Amazon needs to tell you at purchase time: "we will send you a confirmation email from shipping889034@amazon.com", so you can add it to your whitelist. And hopefully they use a unique sender address for each customer. Without this everyone will still need a non-whitelist account for their purchases; an account that will soon be flooded with spam.
Build a man a fire and he will be warm for a night; set him on fire and he will be warm for the rest of his life.
"..With the increase of spam, the argument is made that more users will switch from blacklisting spammers to 'whitelisting' specific, trusted addresses.."
I've been doing this with procmail for years.
If I don't know you, your email goes into my sh*t_can
Several times a week I go through the sh*t_can, save what little is relevant (very little..) elsewhere, and the rest goes to /dev/null
t_t_b
I'm on PJ's "enemies" list! Are you?
The Bayesian filter is not limited to just the email's message body. The message headers and PNG/JPG filename/URL are analyzed too. Plus the Bayesian filter would QUICKLY identify that people that send me email that contains NO text are likely spammers.
cpeterso
Sounds like you need the TeleZapper!
How does the TeleZapper "zap" telemarketers?
The TeleZapper uses the technology of telemarketers' automatic dialing equipment against them. When you or your answering machine picks up a call, the TeleZapper emits a special tone that "fools" the computer into thinking your number is disconnected. Instead of connecting you to a salesperson, the computer stores your number as disconnected in it's database. Over time, as your number is removed from more and more databases, you'll see a dramatic decrease in the number of annoying telemarketing calls you receive.
cpeterso
www.antispews.org already did it. They say people should use Spamcop instead (not sure why exactly, maybe just because Spamcop are not anonymous) and offer their mail server as a relay, for a fee. Apparently they can guarantee it won't get listed by SPEWS; if that's their claim, they'd better be _really_ conscientious about dealing with the inevitable spammers who sign up...
Real Daleks don't climb stairs - they level the building.
The tools to stop the spammers have existed for a couple of years now. If you still get spam, it's your own fault.
Government of the people, by corporate executives, for corporate profits.
It's been done. You want the Distributed Checksum Clearinghouse.
I get about 80 spam emails a day. It's no longer a problem for me since I installed POPFile. It works great. There are typically a handful of false negatives, and no false positives so far, and I'm pretty sure that even this was an artifact of the data set I had on hand to set the filter up: I had many good emails saves, but the only spam I had to hand was the contents of the trash. It's success rate has been gradually climbing, and I anticipate that in a few months I'll have virtually no false negatives. I recommend it highly.
And the brethren went away edified.
The folks over at Camram (the hashcash people) are trying to work out how to bodge hashcash negotiation onto the existing mail system. It sounds like it's a pain to get right.
If we had a new, shiny, protocol designed so that there was some negotiation before the message was collected by the receiver, the hashcash payment could go in at that stage. People who don't pay don't get their messages collected.
I sincerely doubt that any significant (say 10000+ spam mailings) results in any less than a few dozen widely divergent spam complaints. I worked for a company which kept a pretty good handle on its mailing lists, and we'd still get a complaint or every few months after a mailing of ~50k addresses. Note that click-throughs on these mailings were in the 15-25% range -- rates postal marketers would die for. In the cases where I tracked these complaints down (or tried), it was rarely more than one person, promptly removed from the list.
Spammers hitting 300k+ addresses in a shot, even if spreading the load over boxen with a few hundred mailings each, are going to generate far more responses, readily validated.
What part of "gestalt" don't you understand?
> Businesses however, can never get away with using whitelists,
They could if they had specific public email addresses that were open to anyone, with the rest private and 'whitelist' blocked. It doesn't have to be all or nothing.
The computations he used weren't interesting or useful, but were very easy to verify quickly. Basically, the person doing the computation tries a large number of strings, looking for one that has an MD5 hash where the first N bits match a required value, and in some versions the input string has to have a specific form also. Checking one hash is pretty quick, but finding an input value with the right values for N bits of output takes an average of 2**N tries, so it's easy to tune the system for the amount of crunching an average machine takes to get the result.
The structure of the computation means that spammers can't cheat, because it's easily verified, and if the message doesn't include a valid piece of hashcash, you toss the message, so refusing isn't practical.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The good news is that almost all of the horrible things you suggest won't happen. The service it purports to charge for isn't "delivering email" (that would take govt intervention) - it's "getting *you* to read a message", and if you only use cashmail.example.net for all of your email, it;s not easily circumvented.
The bad news, of course, is that nobody really wants to pay to send email to you, so you won't get any, so you'll decide that this service probably isn't for you, won't buy it, and cashmail.example.net won't make any money offering it.
Then there's the ugly news - cashmail.example.net, failing to make money from regular customers, will start spamming other mail services with You! yes, You! can get PAID to READ EMAIL and it'll just go downhill from there, really fast :-)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Either way, Sounds like you need to get another ISP that actually cares about keeping the connection up for its legitimate customers.
In some geographic areas, there exist only two high-speed ISPs: the cable company (cable Internet) and the phone company (DSL). If both are listed on SPEWS, what is a fellow to do?
Will I retire or break 10K?
Blocking dirty words with Soundex would provide too much collateral damage. At least the following words have the same Soundex hash as "fuck" (F200):
The following "words" do NOT hash to F200:
Will I retire or break 10K?
I haven't ever seen that Pix thing actually used on a site. Anyway, I found it to be too hard and I don't see how it could ever be scalable. I got one that was supposed to be "nose" but it could have been about 20 other things including mouth, ear, eye, kiss, face, etc....
The proofs are definitely not meant for the visually impaired. From what I've heard they are supposed to be solvable by x% of the population y% of the time - where x and y are in the high 90s. I guess the disabled would have to prove their humanity through more traditional means like email.
Never underestimate the power of fiber.
Shit, I'm usually pretty good about that...
On a similar note: Did you know that consistantly switching your yours with your you'res adds a lot of color to trolls?
"Communism is like having one [local] phone company " - Lenny Bruce
I've read this comment and the parent a couple of times, and I can't see how it helps at all. If what you are suggesting is that anyone sending mail from my cybercafe gets my mail server whether they want it or not, doesn't this make things worse, in that I get the blame for all the spam even if they try to send it via someone else?
On monitoring, some Al Quaida suspects were found shortly after 911 in a parisian cybercafe, and there was talk at the time of requiring us to record the content of all our customers' communications. Quite how this would work with webmail beats me, but, in any case, the idea seems to have gone away again for the moment.
Virtually serving coffee