Slashdot Mirror
Cornucopia of Spam
Eric Savage writes "The IETF, through IRTF, has formed an Anti-Spam Research Group. If there is any hope for a technical solution the problem, it appears the first significant step has been taken. More info here in itworld and here in ComputerWorld." Three more exciting spam related posts inside, including news from the Nevada legislature regarding spam, Arkansas dislike of the meaty email and "when students go bad"
torklugnutz writes "The NV state assembly just voted 41-0 in favor of a bill which allows spam recipients to collect up to $500 per piece of spam. The new law also requires ADV to be added to the subject line so that recipients can more easilly identify unwanted ads. In addition, spoofing of sender's email address or having an invalid return address is made illegal. The old law imposed a $10 fine on spammers, but required prosecuters to collect it. This law will, more than likely, increase my chances of reading the spam I get so that I can try to cash in. So, maybe I CAN make an incredible amount of money from this "Amazing Offer""
And in Arkansas: A.G. Russell writes "With House Bill 1008, Subtitled "Unsolicited Commercial and Sexually Explicit Electronic Mail Fair Practices Act." Arkansas looks to join other states that have criminal and cival legislation in place to deal with spam. Can we help them craft this?"
And from academia: mansemat writes "Seems spammers are using a new tactic these days by paying students to send spam over univeristy networks. This particular student will be disciplined by losing his computing privileges, and being educated on the policy he violated. One can only hope the education includes being subscribed to every pr0n, male enhancement, mortage, etc. spam on the planet." Should have booted the miscreant.
After all, we know how law-abiding spammers are. And how effective the government is in combating computer criminals. I really don't think this will make a difference.
Think of spammers like an infection. How does your body deal with it? It attacks the infections in a bunch of different ways. Why can't we do the same with spam? Rather than working hard for the magic bullet, why not use some combination of: Bayesian filtering, artificial bandwidth scarcity, blacklisting, aggressive collection of fines, targeting of domains that are advertised, etc. If you were to do all of these together, I'd imagine spam would not be a pleasant buisness to be in...
To make laws that man cannot, and will not obey, serves to bring all law into contempt.
--E.C. Stanton
I am certainly glad that lawmakers and researchers are turning their full attention to spam. It is certainly a big nuisance. I for one get very insulted having ten thousand strangers telling me that my penis is too small. If they could just step over this way I would whip it out and clobber them with it!
Still, I have to wonder if this is a slippery slope that we are travelling down. How long before chain emails and inoccuous humorous forwards are also denied?
Creating laws, regulations, and whatnot will come nowhere near solving the problems. Sure, if a spammer lives in the US then maybe this would work; but what about all these scams from Europe, Australia, Britain, etc. Just because laws exist in one jurisdication, it doesn't mean that others will play ball. And even having laws does nothing if they're not enforced. Why not have a group of IT police hunt down spammers? After all, they're already guilty of theft and fraud (think bandwidth people). Why not prosecute under existing laws and treat spammers like the theives they are. Even though you won't catch spammers outside your legal jurisdicition, you'll help. And every country that helps would quickly be eliminating the spam problem we live with.
While I would definitely be keen on being paid $500 per "Enlarge your member" emails received, I somehow doubt the effectiveness of legislation to stop spam...
Nevrar
Space tourism will have a boom after this gets approved... what else will all do with so much money?
I recommend spammers be designated cyberterrorists. For spammers in uncooperative totalitarian countries, replies with randomly generated subversive messages should be mandated by law.
Or maybe not. If its between the government or the individual to regulate the type or format of email, I won't be choosing the government any time soon.
IMPORTANT! READ NOW!
Please sign this bill from your state assembly! I did it and I got my wish! If you don't want to get this e-mail from the state anymore click the sucker link at the bottom!
Modular Redundancy--Because 4 out of 5 Nodes agree
paul.judge@ciphertrust.com.
Mail List
The email list is asrg@ietf.org. You must be a list member to send mail to the list. Subscribe via asrg-request@ietf.org. An archive of the email list is available at the ASRG mail archive."
I'm HOPING that the slashdot community uses this for good, rather than for email. C'mon, people, these people DO want to help....
(on a side note entirely, i was hoping for "Anti-Spam Governing Alliance for Research Developments" or some such... you know, ASGARD? Bloody Vikings!! I mean, who else would be keeping them in line?)
"I'd say 'Have a good time,' but arson is still illegal.
Spam makes me feel loved. I don't get any email otherwise...
Besides, how ELSE would I enlarge my member, help a suffering Nigerian from financial problems, and make six-figure income at home?
Blogs. Blogs will be the new spam target anyway...once legislatures and the IETF make e-mail spam hard, blogs will turn into adfests.
My journal has hot
Mozilla 1.3's spam filter has really come along nicely. The Bayesian method really is working nicely.
The point is that no laws have been in place to go after spammers. I don't see where you're getting the idea that the government can't combat criminals using computers. Within this country, people get caught all the time. I mean, have you read Slashdot before? DMCA violations have been noted quite a bit - that law has been fairly well used. What makes you so sure that anti-spam laws won't be?
Hey, did you see Oprah eat that chunk of feces on TV today? That was fucking awesome!
I like the idea of the antispam research group however, I see one major problem with it. The ASRG chair is a member of cipher trust a company whose ironmail sollution is way off the map as far as Spam goes. I am just a tad bit sensitive to that. We use a program that uses text algorthyms to deal with spam and we hit 90% which is acceptable for us.
From the spammer's perspective, if he has to worry about huge fines and/or jail time every time he sends out spam, and if only 1% of the emails are getting through, and after 10 minutes his connection goes dead, how long is he going to be a spammer?
To make laws that man cannot, and will not obey, serves to bring all law into contempt.
--E.C. Stanton
Sorry. Been a long week already. Use it for 'email?' *duh*
"I'd say 'Have a good time,' but arson is still illegal.
Does anyone have opinions on the best way to filter spam from a standard pop3 account?
I use *cough* Microsoft Outlook 2002 and I need to find a way to get rid of spam even before it hits my Outlook 2002 rule based filter (which usually leaves about 30-60% spam undeleted).
My domain is hosted by Earthlink, so I don't think I have any ability to filter or install software on their side.
Now we can hold them as enemy combatants
To make laws that man cannot, and will not obey, serves to bring all law into contempt.
--E.C. Stanton
What's a physiatrist? It sounds vaguely dirty.
... no new mails in my inbox :-(
... hee2 is stuck under the bed.
Since there are already some legislations out there going in the right direction (California, Washington DC, Nevada, ...) why don't they just "borrow" the text from another state ?
All the spam I get is from asia, africa, and eastern europe.
Great that nevada passed the law, step in the right direction. But this would only apply if the spam or the company profiting from it came from nevada, right? I dont think the male enhancement people from belarus need worry about this law...
As long as homo sapiens can freely send emails the spam problem cannot be solved. It's an analog gap of sorts. The MPAA/RIAA have to accept that as long as a human can hear or see it, it can be copied. We have to accept that as long as email is free, there will be spam. Why waste money researching solutions when there are none? Give the money to starving turtles or something instead.
Stupid people make stupid things profitable.
The ASRG meetings will be held 2-3 times a year generally concurrent with IETF meetings and possibly concurrent with other conferences
Way to get on the ball with those 3 meetings... a year...
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
Although I agree with the poster who said that we should try all kinds of things, the one thing that seems to be missing is fixing the SMTP protocol. SMTP was never meant to be used the way it is today. Quite simply it is a relic of the 1980's originally written by Postel for reliable email communications but not secure, not authenticated and not scalable to the commercial realm. So when I read through these guys that are going to meet 2-3 times a year, I just see no real end in site coming from the standards community any time soon. SPAM will kill email as an effective tool and the costs, both hidden and measureable, are mounting.
o unsubscription method is not feasible. I received an unsubscription method that went like this
Who is going to send a snail mail letter long distance to seemingly be unsubscribed from a spam list? Now it's starting to cost _me money to be unsubscribed. The law says to have _an unsubscription method of some sort - this falls within the law no matter how bad it is.
o unsubscription web page is non-existent - this happens to often
Analytic & algebraic topology of locally Euclidean meterization of infinitely differentiable Riemmanian manifold
You spend 12 hours a day on your PC, read abuse complaints as a living, and *complain* about people who complain (although it was actually your job), and you're telling us to get a life?
I drink, therefore, I am.
-- W. C. Fields
If the ISPs were to, say, redirect their DNS entry for a known spamming domain to a different one (say google), then that really solves the problem, doesn't it?
To make laws that man cannot, and will not obey, serves to bring all law into contempt.
--E.C. Stanton
A large percentage of "junk mail" depends upon some fashion of deceit. Either it's by masking the true identity of the sender, a spam-haus using domain after domain and ISP after ISP in order to avoid the blacklists or simply by lying and saying that "you really indeed did ask for this".
The answer to the spam problem is to find technical answers that start peeling away at the ways spammers use deceit.
I've said this before and I'll say it again, the first place is to rewrite RFC-821 and require valid reverse-name lookups before accepting mail. Also permit as an authentication scheme that allows the administrator of the accepting mail system to set permissable trust levels. Example, mail that's verified (through an SSL certificate might be one way) as coming from gm.com is accepted, but mail coming from slashdot.org is set to a lower trust level (because they don't want to spend the money for a certificate). Mail from getyerviagra.com is immediately tossed into a review folder, trashed or denied because they don't reverse properly and they have a forged or self-signed certificate or simply don't have one.
The LAST thing anyone here wants is ANY government telling us how to manage electronic mail. In the US, it'll be frought with hooks and back-doors so the feds can snoop your mail.
Let's get it together and fix the problem on our own.
If you're on an earthlink account, you should be using spaminator.
I've been pretty much spam-free since I activated it for my account. Good luck!
--K.
Sig: Bad people happen. Try to avoid being one of them.
You're just asking for trouble with comments like that...
I'll put some email addresses on my webpage and forward those to you. We'll share the "revenue" of the spam 50-50! :)
Trying to make bits uncopyable is like trying to make water not wet. Spam is just as easily reproduced as music or any other digital format.
http://tf2.digitaljedi.com
...is unfortunately not a realistic solution:
If no one ever buys anything from spammers, spam will stop.
Unfortunately, the one in ten thousand who buys into this makes it worthwhile to spend a buck to send 10,000,000 emails.
Some people just refuse to believe that unsolicited email offers are a problem. The marketing director at our company keeps pushing to "buy this list of targeted email addresses" or "pump up our ranking in search engines" as offered by the latest spam he receives. These people aren't responsible for spam, but they're responsible for making it profitable.
Like anything else governments try to control (US war on drugs anyone? how about the US prohibition era? prostitution?), spam will continue to exist as long as there is enough demand to justify the low cost of email.
Just say no to spam?
Terrycloth Lobster
Political speech is exempted. Advertising of the "call X and tell him that you are against his position on Y" is protected free speech. So expect emails of the sort: "Call Senator McGuffy and tell him that his penis can be enlarged in only three weeks!"
If Slashdot were chemistry it would look like this:Cadaverine
On average I get a hundred+ spam a day (70-300 in reality)... at 500$ each... that's about $50,000 per day! If only I lived in nv :(
Shadus
What if you got together a list of known spammer domains (many exist already), and ISPs were to automatically redirect or disable their DNS entries for those domains? What if they did this before people got the email? Then the spammer is wasting his time, because the domain won't be there by the time Grandma gets his ad for penis englargement. And if that happens often enough, combined with the serious consequences that legislation can bring (jailtime!), then how long will we have spammers?
To make laws that man cannot, and will not obey, serves to bring all law into contempt.
--E.C. Stanton
Here are three easy steps to stop spam:
- Don't buy anything you get from spammers. Yes, that 24" penis must be really tempting, and I know you're dying to lose 10^6 pounds, but don't do it.
- Encourage other people to restrain themselves. The indiscriminant spam approach only works if the percentage of buyers (a.k.a. suckers, marks) is high enough to justify the cost of spamming (which is very low for email). If you can knock down that percentage, spamming won't be as successful.
- Educate people you meet about spam. Let them know that not every email they read is for real. Let them know that responding to spam encourages spammers. Let them know that if you catch them replying to spam, you will give Indian burns to their entire family.
In short, technology isn't the problem here. The problem is that too many people keep falling for the spam. If you do your part, we can make it more expensive for scammers to use the Internet for their schemes.This post expresses my opinion, not that of my employer. And yes, IAAL.
This won't work because of one simple reason... These states are making laws to govern thier own state. What are you going to do if you receive an email from out of state?
The Internet doesn't start & stop at physical borders. If a company wants to use spam to advertise, they'd just have to "create" a company in another nation, use this company name to spam, advertise, & distribute their product.
Also, what's stopping a Texan from spamming people in Arkansas? You can't enforce Arkansas laws in Texas. It doesn't work that way.
Now if you could get a law like this implemented nation-wide, then you might have something worth talking about. Most companies aren't going to actually try the whole "create a company in another country" route (that was just stated for the sake of argument).
I don't think any kind of technological answer is really going to solve this problem. No matter what filter or program you use there will always be too much colateral damage.
For instance:
Say some one had an allergic reaction to a drug that abnormally enlarged his penis and caused his breasts to grow 2 cup sizes. I bet you the doctor's spam filter would end up blocking that email.
Just my 2 worth...
~ tmasman
"Two things are infinite: the universe and human stupidity;
and I'm not sure about the universe."
-Albert Einstein
Oh! And this one time, at band camp...
I've come up with a name for these emails. It's full of miscellaneous stuff (indents, headers), no one knows where it originally came from, no one seems to really want it, and it gets passed around endlessly (I frequently get several copies of each - often from people who were on the same to: line as I was the first time I got it!).
I call it "fruitcake".
Now here's the question:
Would it be reasonable to write a filtering program that:
- Strips out indents, headers, and whitespace
- Creates a crc or other signature for the actual cute story or magic "scroll down to see the answer" quiz
- Checks a database to see whether this is a known fruitcake and, if so, deletes it
- Allows the user to add additional fruitcake references
Any thoughts?Terrycloth Lobster
On a cold winter night, there's nothing that tastes better than a nice, juicy spammer. Tastes like chicken, only a little gamier
To make laws that man cannot, and will not obey, serves to bring all law into contempt.
--E.C. Stanton
Current spam is more psychological than, physical for the average 'promoter' (advertiser, spammer, etc.)
When something is almost free to do, and provides you somewhat an anonymous way to advertise something a 'promoter' is trying to sell without incurring much cost except for a monthly bandwidth charge, and of course the computer to do the 'promotion'. We have people who cannot resist the idea that spamming is so much better than the US Postal service.
The US Postal service, limits you to physical items for advertisement, and postage cost for sending the items. Here we see 'promotions' only from local areas who know their customer base, and advertise solely to them. (Direct marketing) While spammers throw their crap to everyone under the sun, and see what 'sticks' and who buys.
Brainclone.com is working on a system for ISPs and users to have their own digital stamps. Basically the concept is the following: An unknown person emails you, and the mail server automatically emails them back saying that the Brainclone user does not know them, that the Brainclone user requests the emailer (promoter, spammer) to buy x number of stamps for the email to be delivered to the user. At the end of each month the Brainclone user receives the cash amount of the stamps, of the emails that 'promoters','spammers' decided to 'Pay' for the advertisement email to go through to the Brainclone user. White list, black list, and a couple other items are incorporated for ease to the end user.
The nice thing about this is that each Brainclone user would set his own 'Stamp' requirements for unknown people to email them.
(so in essence I may want 20 stamps per email if I decide I really don't want anyone unknown to me to email me, or set it at 1 stamp, so that I can receive a few advertisements that I may want to read (direct marketing) and get some cash at the end of the month)
This turns the 'Marketing' aspect of the internet spammers around, takes the free advertisements aspect out (and the psychological desire to spam EVERYONE), the marketers will also need to identify themselves when buying stamps (through a process Brainclone is testing using the same type that online banking uses) and then these marketers would have to apply the rules of direct marketing to avoid wasting money on the digital stamps.
This will have the spammers psychology turn from a
ISP's make 20% of the stamp money if ads get through, Brainclone users get 80% of the cash if ads get through, and we all have a lot less spam.
Contact Brainclone Enterprises, if you are an ISP and would like to have this set up for you and your email users. Anthony@brainclone.com
POPFile. It have even an installer for windows, or you can use it in a more serious plataform. Is simply wonderful how good it works.
Think of spammers like an infection
A better analogy than you may realize! Spam is like bacteria; it is self-reproducing (spam for spam software, spam for millions-of-addresses CDs). Using spam filters exerts a selection pressure on the spammers, and the stronger spammers adapt to the filters, become resistant, and multiply.
At AOL, as the single biggest target of spammers, we had to think very carefully about the effects of filters before we implemented them; turning on a weak filter would be just as bad as taking weak antibiotics for a day and stopping, and in some cases it could make the problem worse. For instance, we once decided to start treating any message with >N recipients as likely spam. All we did was force the spammers to start sending messages with one recipient each - which meant we now had to process N times as many messages as before!
(Incidentally, the antibiotic analogy led me to discover, and donate to, the Alliance for Prudent Use of Antibiotics, which fights overuse and improper use of antibiotics, helping to keep resistance down. Check them out and give them some money; you'll save on your own health care costs in the long run.)
Jay the ex-AOL Mail Guy
Just make sure as much people in your neighborhood never see spam, and after a while spamming will not be as much as a problem as it is right now.
Informing the common computer users is the first step.
The most interesting discussions that I've seen so far are:
Most spam specific programs will not queue and retry, and thus the spam will be dropped.
Spammers that use real mail transfer programs or open relays will need to be able to hold all their outgoing spam for a while, increasing the spammer's costs and slowing down the delivery of spam. Legitimate email will not be thrown out, it will only be delayed and only for the first time.
Of course, you don't really want the databases to remember every sender-recipient pair forever, nor do you want to remember pairs that were added by spam so this really isn't a "first time" database, but it is close.
Apparently the "canit" program already does this, but I had not heard of this technique before.
If you filter during the email receive process, you can make the sending MTA do the bounce. This means that you will not have to deal with spammers forging "from" and "reply-to" headers. You won't have to clean up bounces that never succeed, nor will you be responsible for bouncing spam to another victim that the spammer selected for the "from" or "reply-to" headers.
Also, false positives will recieve a bounce message instead of just disappearing. This reduces the danger of important email being lost.
Right now, there are DNS records that tell you which IP addresses are valid to try and send email to for a given domain (the MX records), but many ISPs have different machines for sending and recieving email. There are currently no DNS records to tell you which tell you which IP addresses a domain will send email from.
The problem with this kind of proposal is that there are many people who think they have legitimate reasons to forge "from" or "reply-to" addresses. It also forces ISPs to make sure that every time they add a new outgoing mail server, they need to update the list of valid IP addresses. If they forget to do this, then only bleeding edge spam filters will detect a problem.
SPF support for most open source mail servers can be found at libspf2.
How can I UN-subscribe, when I never subscribed in the first place?!?!?
If you haven't figured out, unsubscription is really just a confirmation that you exist.
Until you either reply or unsubscribe, they don't really know if they have a 'live' email or not, unless you're allowing html mails to access url-loaded external elements, such as gifs and other web bugs.
If you allow them to push the idea that what they do is OK until you object by unsubscribing, they have won critical ground. At that point, you are on the defensive. You will have to unsubscribe to every email spam that you receive.
Of course, then, they just re-sell your address and the whole cycle starts again.
I never agreed to an opt-out scheme. When I decide to opt-in, I'll let them know.
Cheers,
Jim
-- My Weblog.
I get three hundred spam emails every day. My tarpit identifies 'em before they hit my inbox and holds the spammers' connections open to waste resources on their systems (or the open relays they're hijacking). Right now I have 100 spam connections being held open by my mail server. A large number of spambots are too stupid to break the connection until I drop them at the four day mark.
Even though I'm tarpitting so many spammers, the number of spam attempts I'm getting is steadily increasing. It bugs me that more and more people are trying to sell me underage pornography and shady business opportunities and miracle health products. It really bothers me that my poor neighbors, who have young kids, are getting all sorts of smut and trash blasted to their emailbox (and to their screens, thanks to Windows spyware and that stupid NetBIOS alert-dialog security hole) and have no idea how to protect themselves from it.
There needs to be a MUCH easier way of suing spammers. I've got an idea: why not form an organization whose sole purpose is to pursue legal action against spammers, on behalf of the people who are being spammed? In return for tracking down the spammers and handling the court cases, this organization would be more than welcome to keep the proceeds from winning their cases.
To me, knowing that more spammers are being brought to justice is more important than me getting money out of them.
First, there are religous and political spam that isn't at all related to monitary gain.
Secondly, many spammers make their money off of people paying them to spam rather than directly from the sales. As long as there are people who think that since there is so much spam, people must be making money off it and therefore are willing to pay a spammer to try for a while, there will be spam. Many businesses will start spamming when times are really bad for them and they think "hey, it only costs $500 to pay the spammer, and it might save my business!".
Thirdly, there appears to be "spam" which is really just a DOS attack.
Forth, you can use "forged" spam to tarnish your competitor or political opponent.
Fifth, you can spam and claim that the spam was "forged" by a competitor and/or political opponent in order to tarnish you.
SPF support for most open source mail servers can be found at libspf2.
Explanation I get a copy of every email sent to our "webmaster" list, as well as a number of other lists. Thus I get multiple copies of identical messages with different subjects from different senders. If a filter could remove all messages with identical text within a 24 hr period, then the bulk of the spam would disappear.
With this filter, you *want* all the spam you can get to more effectivly filter. This appraoch doesn't save any bandwith, but does unclutter you Inbox. I've not seen this discussed. Why?
The meetings are really just get togethers and a chance to hold more formal proceedings. Most of the real work has always been done via mailing lists and such.
SPF support for most open source mail servers can be found at libspf2.
See yesterday's story here
And a followup story on Trend Micro's new antispam gateway here
1) Make local laws to criminalize spam
2) Harmonize laws
3) Pressure remaining rogue states to join the system
4) Economic or military sanctions to the rest
That is the way it went with patents, copyrights, drugs, and other laws. Spam laws will follow the same pattern. Unfortunately it can take decades.
In Murphy We Turst
This particular student will be disciplined by losing his computing privileges, and being educated on the policy he violated
;-)
In the article: "The student, who was not identified, will probably have his computer privileges restricted and educated on the policy he violated"
So apparently only his computer privileges will be educated on the polocy, not actully the student himself.
The problem with spam is that people are highly motivated to send it, and as long as email is open in the sense that the messages can be delivered profitably, spam will continue.
:-) Those are my thoughts on the problem - discussion is welcome. Please be kind though - I'm tired this morning. :-)
Some people (notably congressmen) seem to think legislation can fix this - that's silly. How will you legislate against the spam you receive from China, for example.
There are a couple of big issues with spam - 1) the annoyance factor - people just don't like to get it - their time and brainpower are wasted searching for their "real" email, and 2) the bandwidth problem - recipients and ISPs are being forced to pay for spam themselves via bandwidth costs.
The closest thing we have to an answer today is whitelisting - the idea that you only accept email from people you've already listed as authorized senders. Whitelisting removes significant email functionality (currently a lot more functionality than really necessary because there's no standard implementation) - you can no longer get email from a long-lost friend or in response to account creations on web sites, for example.
Nonetheless, whitelists are the closest thing we have to a solution for Spam Issue #1 listed above (the waste of time and brainpower). Unfortunately, they do very little to address the bandwidth issue.
Some ISPs (Hotmail, for example) have implemented whitelists on the mail server side so that clients don't actually have to download the messages from non-whitelisted senders. However, this only relieves the bandwidth burden from the end-user, not from the ISP. ISPs can be protected from spam too.
There's also an even bigger problem with whitelists - how do you authenticate authorized senders? If you only rely upon the email address of the sender, your system will quickly become useless as spammers identify addresses you're likely to accept email from. This will happen really quickly in environments where whitelisted addresses are predictable (e.g. companies usually have a postmaster or administrator email address; people living in countries that give each citizen an address are also likely to have predictable whitelisted addresses).
So we need a whitelist solution that includes strong authentication and allows spam to be cut off before it wastes too much bandwidth. Here it is.
The solution involves several features: 1) a public key infrastructure that allows recipient whitelists to be looked up; 2) extensions to the SMTP protocol to allow servers to validate messages against whitelists before accepting the message (ie without opening the message itself to search for a public key); 3) interfaces to allow recipients to modify their whitelists; 4) interfaces to allow senders to request that they be added to a recipient's whitelist (although carefully designed to prevent this system itself from being co-opted into a spam method).
With such an infrastructure in place, additional spam control is possible. A compliant mail relay can check a message sender against the message recipient's whitelist and choose to reject it immediately. The cost associated with implementing this check can be passed directly to the sender - mass emailers can still do their work, they just pay more (or go elsewhere).
If a spam message still makes it to the recipient mail server, that server gets the sender, recipient, and sender's key in the SMTP headers before the "DATA" section of the SMTP exchange occurs. With that information, the recipient mail server can validate the sender against the recipient whitelist - if the key isn't allowed, then the message is rejected before the actual message is delivered, offering a huge bandwidth and cpu-overhead savings for the ISP.
So where should the actual whitelists be stored? For performance (and DDoS-limiting) reasons, the key infrastructure and the whitelists it provides will probably need to be a lot more distributed than they are now, probably to the point of being hosted on systems at the recipient ISP.
Perhaps the whitelists ought to be separated from the key infrastructure, hosted on separate systems - I think it makes sense to provide a provision for this, but not to expect it to be the initial implementation. (Thoughts?)
You may be thinking we already have a suitable key-based authentication infrastructure in place in the form of PGP - I disagree. Although I think PGP is a good start, I don't think the "web of trust" idea will hold up to spammers' attacks. Once someone is strongly motivated to compromise the web of trust, doing so becomes trivial. I believe that this fact will also reinforce the likelihood of key servers being hosted by recipient email systems, where recipients can be charged for key maintenance as part of leasing their email accounts.
Although all of this infrastructure would take a while to design, standardize, and implement, it's certainly an attainable goal, and it would dramatically improve our ability to handle spam.
Of course, whitelisting is not without its drawbacks, even when it works perfectly. The design outlined above is almost certain to incur ongoing expense for a recipient in the need to maintain a key on a server - I think it's unlikely that free email services will be willing to offer this service, at least until it is well-established.
Deployment of such a system will probably require a lot of either altruism or foresight on the part of ISPs - in the beginning the system will be virtually useless, meaning its return on investment costs will be minimal until a large user base is established. It is my hope that altruistic organizations will both fund and initially implement such a system - universities come to mind as the most likely such organizations, hopefully with some poking and prodding from other well-funded groups (government, the IETF or IEEE, etc).
Ok, now that I've written all that... do I sign my name?
-- Trever, t at wondious d0t com
We need a website coordinating a global network of people against spam. Then we need to find out the real names and addresses of the people sending this crud, and the companies paying them to do it. Then armed with this information and a network of global volunteers, we can arrange protests in front of the house of spammers, which should be televised on teh nightly news. We can organize dog crud drives, where everyone brings a sack of their dog's excrement for the spammer's lawn. Sign the spammer up to every junk mail there is. Find out what their P.O. Box is, and do the same. Make their life a living nightmare. That will stop the spammers.
tag is "Begin unordered list".
I think you wanted the <u> tag - begin underline.
It wouldn't have worked anyway - Slash doesn't allow the underline tag.
www.eFax.com are spammers
I think the entire spam situation is getting silly and the people talking about making laws, regulating, etc... haven't advanced a single idea that strikes a ballance that would allow marketeers to do what they do without being a burden on the system. Here's where the provlems really are:
1) the problem is bad, but mostly because there are no central authorities with respect to email. I adminster my own server and control what is delivered and what is not.
2) Voluntary standards are readily ignored by spammers and administrators alike. Whouldn't it be nice if the spammers would use a header to tell us the message was "unsolicited, subscription, or personal" content? Hint they wont because people will filter out unsolicited.
3) The trade off is authenticicity vs. anonymity... to stop spam, emailers need to be authenticated, but that cuts against one of the features that makes the internet so useful. If can't send a message without being identifed, then you could stop spam. Problem is there is no controlling authority and users by and large don't want one for email.
4) Pricing and payments - this is the real problem. What it comes down to is no one really pays for delivering spam except in the form of indirect expense (bandwidth, cpu time, etc)... so it's hard to quantify the damage that spam causes. Regardless, there's no central controling authority on email anyway.
Reality is that spam will exist until there is a central controling authority for email. And frankly, no one likes central controling athorities anyway. SO, filter away.
-- $G
A lot of people have commented on how laws might only apply to people in your state. NC has a very lax law on spammers. The e-mail must be unsoclicted, commercial, and deceptive. They did also ammend the "LONG ARM JURISDICTION" statue also. This means you just have to be in the US for it to apply to you. I hope other states would do the same.
Scott Wolf Senior Software Engineer Slingpage
At least you didn't bag on Arkansas spelling....
Imagine the class action suit you could follow. Even if the lawyers take a 50% commission, how many people do you think would sign up for $250 for no work, just needing to produce an e-mail they were sent? The 10,000 recepients would net the lawyers up to 2.5 million dollars if the company could pay....now the few thousand dollars in court costs to go through discovery is peanuts. One also wonders if you could get an injunction kicking any mail sent through a server off the 'net in the US....though the implications of this would be kinda scary....
Quack!Quack!.....QUACK!!
Let's see, I receive ~ 75-100 spams a day
@ $500 per spam...
so that's about 37500-50000 a day... 365 a year..
wow... I'll be rich! Rich beyond dreams of avarice! Hoorah! I knew there was a good reason I kept all of those spam receiving e-mail addresses.
~ kjrose
while we're on the subject of spam, i just thought I'd throw this out there... First spam of the day entitled "Does Magnitutde In Fact Be of Importance?" Bad translation, or trying to beat filters? I'll let you decide
The only solution which will work is one that involves the spammer at a very real, intimate, and very personal level. This is definitely not a "Politically Correct" solution, would be illegal in many countries, and reprehensible to anyone with a conscious, but it would go a long way toward solving the problem.
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
The basic problem here is that the entire email system used on the Internet is broken. The system needs to be replaced with something better. A new protocol that does not allow for open relays and other untrusted systems. I don't have the technical skills to tell you how the system needs to be changed. I'm a user, not a coder.
Boobies never hurt anyone. - Sherry Glaser.
FYI -- it's Cornucopiae Sorry, couldn't help myself :)
Bayesian filters work, period. If you are trying to find one that integrates into Microsoft Outlook, try Spammunition. Works like a charm for me. If we all used filters, the business model of spamming would change - it would be so much more expensive to reach an audience that the spammers would have to stop.
Jail doesn't seem like a really appropriate solution to fit the "crime." I think in the olden days they used to put criminals in stocks to allow the townspeople to throw eggs, rotten cabbage, etc at them.
They could charge admission... I wouldn't pay $30 for a "male enlarger" but I might to throw some rotten eggs at a spammer.
There are a lot of people who are just lonely and will respond to any contact.
"A spammer once sent me an email offer for penis enlargement. I ate his liver with some fava beans and a nice Chianti FFFT FFFT FFFT FFFT FFFT!"
The Pjammer Chronicles --
It isn't so obvious in this bill, because it's a completely new section. But, if an existing statute is being changed, it can be cited or excerpted and show the insertions and deletions in context.
Wrong. And since you got modded up it appears others share your mistaken view. Any UNSOLICITED email is spam, especially if it is for a commercial purpose (including 'non-profits' begging for money or pols wanting votes), but even missing children notices are SPAM if broadcast at random. And yes, I have had an account closed for sending a message about a missing child. Zero Tolerance.
Democrat delenda est
Has anyone seen the traffic in ietf@ietf.org lately. It really makes me wonder if these guys could do anything productive.
Anyone else share my feeling that that spammers setup accounts on slashdot for astroturfing?
Gee! I could get rich... but not have to use the slot machines to do it.
I wish Calif would have a strict law like this, but I seriously doubt of anything like this is going to really allow anyone to claim any money. Anti-spam laws DONT WORK...
What part of that does the "establishment" not understand?.... SPAM LAWS DONT WORK...
A complete re-design of the way internet processes mail is the ONLY hope we have. Kudos to the ASRG and their efforts.
I'll be in SF on 20th for this meeting. I wouldn't miss it for anything.
But once I handed my meail address in a form on morpheus.com - and now morpheus.com@myDomain.com gets a huge ammount of spam.
I realyl get perhaps 1-3 emails a month of spam from people using whois records, and that is it. And a huge fuck load from the morpheus.com alias.
I emailed them a heap of times, no response.
Friggin open source stealing goits, you know morpheus 2.0 stole open source code and broke the license, and just packed it with, they should BURN.
I heard someone today talking about paying for that net send spam, I said I would personally kill them and their family if I found that happening.
He didn't like that.
I once grabbed (internet) an aerial shot of someones house on one of the pyramid schemes, with intent of mailing it to them with really violent and blood curdling threats of violence, but I got bored when I realised all their data was so easily obtainable...
no challenge.
A recent study has found that concentrating on difficult off-screen
objects, such as the faces of loved ones, causes eye strain in computer
scientists. Researchers into the phenomenon cite the added concentration
needed to "make sense" of such unnatural three dimensional objects.
- this post brought to you by the Automated Last Post Generator...