Slashdot Mirror
Email (As We Know It) Doomed?
Mephie writes "A pretty interesting article at Slate.com takes a look at how spam may be killing email as we know it. With the increase of spam, the argument is made that more users will switch from blacklisting spammers to 'whitelisting' specific, trusted addresses, making email more like instant messaging: if you're not on someone's 'buddy list,' you have to prove you're an actual person (e.g. identify a word in an image) to send a message." May be?
Right now, my email box gets about 30 spams a day. I almost never receive legitimate email anymore.
.. Email is just becoming outdated as a method of communication, funny how fast that happened. Spam didn't help though, that's for sure.
Additionally, I find that email communication is too slow, which is ironic since its so much more efficient than the old way everyone used to communicate by post.
Instant messaging clients have more than replaced email for me. They can do everything email clients can do, without spam.
Email will always have a place of course, like websites will need email addresses for contacts, and other such things. But for person to person communication, instant messaging clients are much easier to use
Tolerate no spamming what so ever. If one complain about a customer with an proven case of spam would arrive at a abuse department, shut that account down. There is no need to allow this, and no need to "warn" users doing this.
My ISP limits me from commersial activities at my homepage, why not limit the e-mail account from spamming.
The biggest problem today is that the price of spam is not charged from the spammer, but the poor user who recieves the shit. For all you americans out there, sue a spammer, make him/her pay for all loss of productivity he/she has caused. It'll make you rich, and perhaps make spammers think twice before clicking that send button.
Another doomsayer, give me a break, the Internet is going to fall apart in $random years, we'll be swimming in spam and popup ads, hackers will wage "cyberwar" on our "infostructure" unless we do something about it. Whatever. Use the proper tools. By now if you're still swamped in spam/popups/adware, then you're an idiot.
The moron who cut me off on the road this morning is a danger to motorists, highways are doomed to failure!
Previously bayesian spam filtering was demonstrated on slashdot to be very effective. Once this becomes commonplace, and seamless, no extra configuration required on the users behalf, hopefully we will see the end of spam.
However, combined with whitelists this could be quite useful. Bayesian filters to filter out spam, except for whitelisted spam. Eg mailing lists of advertisements you sign up to being whitelisted could be effectively. I suppose that when you sign up to a mailing list that would normally be recognised as spam, when it sends a confirmation e-mail your client could recognise it and ask if you want to add it to your whitelist.
Anyway, with the introduction of bayesian filters into an ordinary client means that the future of e-mail may not necessarily have to be so bleak.
Then, I should ofcourse plug this Openchallenge submission about Learning e-mail classifier:The use of a naive bayesian algorithm in automatically filtering spam and classifying e-mail has been discussed and also implemented in the past. Implement an automatic e-mail classifier system which works together with an IMAP server. The system should: a) constantly refine the database used to classify messages either by periodically re-analyzing the IMAP folders or by tracking each incoming message and periodically checking to which folder the user actually moves each message. b) assign each incoming message an extra header item which contains the path of the IMAP folder where the message belongs according to the classification algorithm.
Also, you could also mine your site for smammers like this.
So, my point is that just during last two years the spam problem has exceeded so much that there is enough interest in fighting it seriously. Spam will die.
I just can't really see email going away, especially not in favor of IM. Emails true usefulness, the thing that makes it a 'killer app' is that it is asynchronous. Unlike IM, when I send someone an email, it is unnecessary for them to be online, or have their IM client running in order to receive my message. Their email server is more than happy to hold their email for them until they can get it, and allows them to respond when they can.
Additionally, it's not like IM is spam-free. A quick google search reveals a growing business in providing anti-spam tools to IM users, so I doubt that making email more IM-like will help, though I do see some limited use of whitelists to be beneficial.
Businesses however, can never get away with using whitelists, or even most blacklists to reduce the amount of spam they have to deal with. I know that at our company, we cannot block nearly the number of netblocks that we would like to, as we need communicate with customers almost exclusively by email, and cannot afford to lock out potential buyers for any reason.
The solution to the spam problem is not an easy one, especially not for businesses, but small steps forward are made all the time, in better pattern matching, address lookup, etc that one day will (hopefully) allow for spam to be stopped, or at least to stem the tide...
The anti-spam movement has been saying this since 1997. It's about time the world woke up and realized how badly the spammers have trashed the effectiveness of email. I know I block using several DNSbl's, a huge access.db with spamassassin picking up the slack that the others miss. I have had to whitelist people whose email gets caught in the other traps.
To me, I dream of the day we can go back to simply leaving email unfiltered and where we receive only that mail we would normally expect, not drivel from marketoons who think that email is the next best thing to handbills posted on my front door. I'm tired of having to update my access.db. I'm tired of keeping up all the diligence, watching logs to see what legitimate mail might have bounced.
Thank you, you rotten, spamming assholes and all the idiots that ever bought anything advertised in spam email.
Rich
The worse spam gets, the more people will look to alternatives. Maybe it's time to set up some infrastructure for Internet Mail 2000.
If one complain about a customer with an proven case of spam would arrive at a abuse department, shut that account down.
I don't think it's quite as easy as that. If one customer using my laptop gateway sends a spam from my IP address, is that the end of my cybercafe? If one angry employee at IBM sets off a spamming program as he walks out the door, does IBM vanish from the Internet?
A while back our server got blacklisted for a week or so by SPEW because it was in the same 16-bit IP range as a machine that has been used for spam. That's potentially 65k machines! It was at this point that I vowed not to co-operate with any of these anti-spam measures, which inevitably martyr innocent users at random and don't touch the big spammers with the resources to change IP address and ISP three times a day if necessary. The cure is worse than the original disease!
Virtually serving coffee
... has been discussed here before: Hash Cash.
os x's default email app, mail, seems to toss spam directly into the trash with (about) 99% accuracy... that is, 99% of spam is correctly identified as spam. perhaps twice i've found emails that i've wanted to receive in the trash, but that's over many months, and the mistakes will never be repeated after a quick "whitelisting".
anyway, if you're really upset by spam, it's pretty friggin' easy to avoid it... do NOT put down your regular email address for any site that wants to email you a password for registration. get a trashy hotmail account (or whatever) just for verifications, and use your regular email addresss for real communication.
perhaps spam, collectively, is a huge problem, but the problems it causes for typical individuals are small, especially given the existence of spam filters. that's why spam won't "kill" email by any measure.
.
Subject: bulk email received from one of your account
hi,
I just received a unsollicited bulk email from one of your email adress : e8johan@etek.chalmers.se
Here's a copy of the first few lines of this email :
Received: from mail.etek.chalmers.se (129.16.32.20)
by mta448.mail.yahoo.com with SMTP; 10 Oct 2001 17:48:42 -0700 (PDT)
Message-Id:
From: e8johan@etek.chalmers.se
Subject: product for you... but i think u need to buy it
X-Priority: 3
X-MSMail-Priority: Normal
Date: Thu, 11 Oct 2002 3:47:35 +0200
Mime-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Online Drugstore can have your order of discounted Viagra shipped to you for
only 5 minutes of your time!!!
http://www.justgottago.com/od/azzbc/
No Prior Prescriptions Needed
-Licensed U.S. Physicians are ready to fill your order
-Guaranteed Lowest Prices Available
-Discreet Mailing directly to your home or office
Just visit http://www.justgottago.com/od/azzbc/ and enjoy the good life today!!!
So now, your account will be shut down without any warning, that's it ?
#include "coucou.h"
Am I the only person who doesn't receive spam? OK, that's a little bit of a lie, but by and large, I reckon less than 2% of my email is real spam. It's not like I don't get any email - I receive probably 60-100 emails per day over about 3 different accounts, including several mailing lists.
.net about a year ago (I think???), and then these settings were added and enabled for everyone so if you didn't notice it, it will still be enabled.
I think the secret with spam is to stop spreading your email address around the internet. I object to having to provide my email address to forms to register for every damn website (eg. download.com) - I always give a false address if I can. If I can't, I will very seriously reconsider whether I need access to that site (I usually don't). I have an email account that is used solely for the purpose of registering for websites or what have you. Whenever I stick my email address into any form on the web I always check to see whether there is a checkbox that lets me opt out (or in) any mailing lists. The only sites I don't mind signing up for are those that I am genuinely interested in receiving future correspondence from, but they are few and far between.
I also have an email address that is used solely for usenet - this one receives by far the most spam.
Another interesting thing that people may not be aware of is that the default setting for hotmail accounts allows your email address and personal information to be shared. Go to options->personal profile and have a look at the check boxes at the bottom. This never used to be the default setting until the service switched over to
"Because it's there." - George Mallory, when asked why he wanted to climb Mt Everest, March 18, 1923 (New York Times)
The telephone gets bombarded with equally determined spammers and yet that hasn't changed. Certainly, you might not pick up the phone if it's not a number you recognise, but you're still going to look. It's the same for email.
The only reason email will go away is when mobile (cell) phones become as convenient and cheap a way to communicate as email currently is.
I had spam yesterday where they spelt Viagra wrong. Unless Viagrea is a new wonder drug?
Not funny at all. You knew what they meant; a filter on your inbox on the keyword 'Viagra' wouldn't have. Someone I know once worked on software to do realtime filtering of keywords in "family friendly" chatrooms. He said it was almost impossible; a human's ability to communicate FUCK without out actually typing it was far ahead of any rules he could encode into his software without breaking legitimate conversations. That's one of the reasons the spam problem is so difficult to solve purely with technology.
I've said it before, and I'll say it again.
Sending emails back to spammers is for brainless cretins - it serves only to clutter up your mail queue and risks offending innocent impersonated senders or having your email address confirmed as valid for spam.
And sending automated emails back to legitimate senders is downright *immoral* - making everyone do the work that a spammer *should* be doing to get through to you is indefensible.
And I've seen a case recently where this TMDA thing was so misconfigured that it sent an mail back to a mailing list saying there was an unrecognized sender address, and of course that mailing list was half of the gnu.emacs.help mail2news gateway, so the message appeared on the newsgroup for *all* to see. Talk about efficiently multiplying spam.
Now for something useful. Use one of the Bayesian filters, seeing as they're all the rage and get about 97-98% spam matched correctly, coupled with SpamAssassin as a fall-back for the remaining 2% cases, and you'll have far less of a problem.
Now incorporate those filters in your MTA so that the whole body is checked for spammishness before being "accepted for delivery" and you'll have the best solution of them all: bounce the mail at injection-point and be done.
~Tim
--
Rushing on down to the circle of the turn
This wouldn't happen. Anyone who lives in the EU: check your emails - are any sent from EU nations? NO. If the US would stop this stupid insistence on your personal details being everyone else's property but your own - then we wouldn't have to put up with so much sh*te being sent to our inbox about mortgages on another continent. I hope the EU goes through with the (jokey) threat to find and list the names of the people breaking the law - so if they ever take a holiday to Paris, we can be waiting.
Pimping my Karma Whore since 1847.
Let's think outside the (mail)box for a second.
Imagine a system where only whitelisted e-mail with a confirmed return address gets through. That would be enough to kill spam. The problem is, how can we allow previously unknown people to get on this whitelist without human intervention and gray/blacklists. Complicated? Not necessarily.
Here's the idea: suppose that we have a certifying service attached to our e-mail address. Say, my e-mail address is me@foo.com and my certifying address is certify.me@foo.com. Now I would want to send e-mail to you@bar.com but you do not know me and you are using a whitelist. No problem. I send you an electronically signed e-mail, and my mailing program, upon deciding that you are not already on my buddy list, cc:s the message (or relevant parts of it) to certify.me@foo.com. When your program receives my message and checks that I am not on your buddy list, it sends a signed query to certify.me@foo.com. The automatic service behind that address verifies that
Upon receiving the certification your program adds my address to your whitelist and accepts the original message. After all, you now know my e-mail address. Even a spammer who would be willing to reveal his identity would be pummeled to a certain death by millions of certify requests (which would make his ISP very unhappy). And should a spammer once get on your whitelist, just blacklist him.
This would not be a burden for mailing lists, because the certifying procedure is only invoked during the first contact.
This scheme would triple the initial number of e-mail messages, but because it's a one time event, the overhead is small. Considering that 95 some percent of all e-mails seem to be spam, this could actually reduce the traffic significantly after all the spammers have either been auto-spammed back for every single piece of spam that they send, or vanished into oblivion if none of their messages ever reach people.
So, anybody willing to implement this?
Existence usually comes as a surprise (Idem)
I think the commercial software vendors are largely responsible for the massive increase in spam. IE is basically an ad delivery system; there's no way to control pop-ups, and no way to block images from ad servers. This is because from the corporate perspective our job as computer users is to view as many ads as humanly possible. Don't expect MS to be of any help. And don't expect any useful legislation either, as the DMA has a powerful and generous lobby in Washington.
But where proprietary software fails us, free software supplies the features that people actually want. Mozilla has built-in pop-up blocking and a great deal of work is going into spam filtering. On my linux box, I use spamassassin and vipul's razor for email, and filterproxy and mozilla to block ads and protect my privacy on the web. Very rarely does any spam make it into my inbox, and I almost never see ads of any kind online. However, it fills me with horror to use other peoples' computers. How can anyone stand all the flashing and blinking?
Conclusion: decent tools are the answer, not bug-eyed rants about the death of email.
OK i thought of a way to stop spam. It is very simple. Charge people to send e-mail. Yep, let's say you charge .0001 per e-mail that is sent out. That would be 100 e-mails for a penny. Spamming would then be unprofitable, and people would gladly pay a few cents a month to stop spam.
Now this may be a situation like the mouse putting a bell on the cat, great idea impossible implementation, but I don't understand enough about e-mail to know.
Comments as to why it wouldn't work?
Would your ISP have terminated their spammer if SPEWS hadn't escalated their listing to the whole /16?
Read what he said first. He clearly stated that SPEWS starts by blocking smaller IPs and notifies the ISP. If the ISP doesn't response, they block a larger range, until the ISP feels compelled to terminate the spammer's account.
If you're an ISP and want to avoid being blocked by SPEWS, it seems like all you really have to do is reply to abuse reports and terminate the offending account. See, Was THAT so hard?
How's that for a brilliant plan?
Jesus, I'd hate to see how you blow your personal problems out of proportion.
"Communism is like having one [local] phone company " - Lenny Bruce
I have had several serious misunderstandings with people when communicating over IM.
Instant messaging is a difficult medium. It as immediate as conversation, but without being as clear and concise as email or other forms of writing. With most writing you read back what you wrote to make sure that you didn't accidently write something that can be misunderstood. Since IMs happen in (almost) real time this sort of care is not generally used. Also people do not type at the same rate so the thread of the converstation is often lost.
If the subject is important I always use another medium.
In the trite words of a screaming Chris Tucker, "Do you understand the words coming out of my mouth?
Here's what typically happens.
1. SPAMMER gets account on your ISP
2. SPAMMER SPAMS from your ISP
3. Someone reports SPAMMER
4. SPEWS sends warning to your ISP
5. ISP does nothing
6. SPEWS blocks small IP range, sends second warning
7. ISP does nothing
8. SPEWS blocks larger IP range, sends third warning
9. YOU get blocked (It's obvious your ISP doesn't care about your connection)
10. ISP finally takes appropriate action, SPEWS unblocks ISP
If SPEWS didn't follow that procedure, then shame on SPEWS. If you're ISP didn't respond to SPEWS, then shame on your ISP.
Either way, Sounds like you need to get another ISP that actually cares about keeping the connection up for its legitimate customers.
"Communism is like having one [local] phone company " - Lenny Bruce