Slashdot Mirror
IBM Researcher Offers an E-Stamp Spam Solution
UnanimousCoward writes "This Internet Week article describes a research project by Scott Fahlman that looks to limit spam using e-stamps. Here is more detailed description of the system under his CMU homepage along with a link to the original paper." As crappy as it sounds, charging some tiny fee per email would cut spam dramatically. 207 of the buggers so far today. Hundreds of megs a month. I'd love to see something done.
Not bloody likely. Pay for email?
Check's in the mail.
Stupid idea. I refuse to pay to send e-mail. The best solution to ending SPAM is killing spammers with extreme prejustice. It's time for President Bush to launch operation "Kill Spammers Dead!". Want to increase my penis size? BAM! A MOAB just smacked you in the head.
cut spam dramatically? how do you explain all the junk mail I get IRL? they pay for postage on that, you know....
I'd rather deal with filtering the spam I get, than have to pay for sending email.
Any solution that involves paying for something that used to be "free" is not going to catch on.
A better solution would be to make people register for a signing certificate and require email software to sign all messages. At least that way people would know who sent spam... and a national spam blacklist could be created for certs that get a certain number of complaints filed against them.
--
"What do you want me to do? Whack a guy? Off a guy? Whack off a guy? Cause I'm married."
Charging for spam will not stop it any more than it stops snail mail spam.
The spammers will simply pass the cost through to their customers who, granted, might become more discriminating in response but it will not stop them.
As crappy as it sounds, charging some tiny fee per email would cut spam dramatically
Yeah. Sure.
How much crap do you get a day in your postal mailbox? How much of that was sent with a $0.37 First-Class stamp? How much of that was sent with heavily discounted postage because of its "bulk mail" status? (I won't even go into how ordinary citizens end up subsidizing this crap, even junkmail from large companies that could afford a full-cost stamp).
How much you wanna bet that some kind of postage on email won't make much difference, as the cost will either be so low that most won't care, or there'll be ways for companies to get out of it (or to get a much cheaper rate)?
Sure, it might cut back some. Maybe. But remember how the big junkmail senders got cheaper rates in the first place: Lobbyists. So I wouldn't expect it to last.
Why can't you set up your own filter, instead of promoting making email expensive!
Yes, it does seem reasonable, but
a) I'm used to having FREE email
b) Once you start charging for something, it's only a matter of time before the fees go up and up as high as it can "sustainably" go, and like stamps we'd be seeing it rise every couple of years.
Fuzzy Knights: New RPG Strips Tuesday and Friday!:
http://www.fuzzyknights.com
sorry really!
[self dealloc];
Nearly all the spam I get comes from bogus addresses. If SMTP servers did not allow forging of the from: address, the problem would be drastically reduced since the spammers would have to get new accounts much more frequently, and most people would be able to block all the "free" email domains like hotmail and msn, where spam is most probably coming from.
Why pay for some type of filter when SpamAssassin is free (as in speech)?
habeas is a way to help prevent spam sent to you. By subscribing to Habeas, you have X-Habeas headers put into your email. You can filter based on these to help prevent more spam and know the email is legit.
Check it out. I don't use it personally, one of the mail lists I'm on uses it.
-- DuckWing
I honestly do not believe you when you say that you have got 207 spams today already. My email address is all over the internet on webpages and in software download readme files and as headers in source code, without any kind of protection. I have been using the same address for 3 years. I am not at all careful about who I give it to, and I use no filtering software.
At most I receive three a day - sometimes as many as (gosh!) five or six.
And this is why. Assuming you have the computer, phone line and small monthly fee(depending on service) Email a an effective and free form of coomunications. In effect, you are already paying for it, when you pay for your monthly service. Adding a fee for E-mail would in effect be an "E-Mail tax", but instead of going to public works or anything like that, it goes to line the pockets of the sellers of the E-stamps.
Case in point, bad idea.
You say you want a revolution....
Face it. They might not like the way the spammers conduct their business, but fundamentally they're like any other business.
Why should we waste so much time and money to stop something only a few people are doing. If you ask me they should just outlaw spam on a global scale and then throw spammers in jail. It's great so see such innovation in this field but is it really where we should be putting all of our resources to? Would it be more productive to loby the government to outlaw spam? Well of course that would make sense and it would destroy the need for all these anti-spam solutions. They don't want there own products to be worth nothing. There is money to be made off creating and stoping spam :)
"I believe in everything in moderation. Including moderation." -Dean DeLeo, Stone Temple Pilots
Lots of people have talked about this sort of system (pay $.01 per email you send, receive the same per email you get), but it's good to see someone writing it finally.
A question remains: my Social Implications teacher also teaches Telecommunications Law. She maintains that this sort of thing will open a floodgate of per-use fees on our internet access that we won't want.
I guess that by having a third party do it (instead of the ISP), we can get around that problem for now. Does anyone have any idea if she's right, and if so if it could affect this as well?
-- Bill "Houdini" Weiss
I recieved my first spam email today ... on my cellphone!!!! That costed me 5 cents.
If you read the article, the idea is to whitelist your friends and mailing lists, and then you personally choose to set a fee that you charge for accepting mail from any person/business unknown to you.
So basically, you get paid for receiving email, but you only need to pay if you are in the habit of sending unsolicited email to random strangers.
I do not deploy Linux. Ever.
OK, a lame suggestion full of holes, but...
:-(
Your ISP could foot the bill for the "estamps" and each email you send could get marked in this way making the message "legitimate" going through their email servers.
Though the spammers themselves could easily get around this. Unless, however, every ISP clubbed together to create a list of legit stamp-issuers and not allow anything unstamped to pass through. their relays.
Though this is just filtering based on an email field that does not exist.
MS would probably hijack it and bastardise it anyway
Just me thinking out loud.
Smokey, this is not 'Nam, this is bowling. There are rules.
I am sorry sir, you need to use to E-stamps, that email is over 30k in size...
The only way to make this work would be to make the person buy the stamp from the mail receiver. Maybe a middleman would take a little cut, but I wouldn't mind getting a penny or more for receiving each email. I pay for the bandwidth anyway. . . its not like its free for me to get the mail (unless it is at work where the corporation should get the money since they fund the system)
Not only would it cut down on SPAM, people would think through their emails before writing as many flames and time-robbers.
Personally, I won't pay three cents to send an email.
You are talking about a guy who required 21 attempts to get XP on his computer.
Supplying XP with his time zone was too complicated for Malda. You expect him to set up email filters?
A payment for email would be cracked or bypassed within a week, and social engineering could be use to get other unfortunate users to foot the cost for those who cannt work it out.
1) people would just create open email protcols to bypass any such system
2) countries outside the US would ignore the system, except perhaps poodle Australia
3) all email would then truly be government monitored
Quote from the pdf:
"When a message arrives at my machine or mail-server, it is examined. If the sender is on my accept list, the message is passed through to my in-box."
spammers do this with forged email addressess all the time... and pass trough whitelists all the time as well.
After this we can tax people who breathe, because I am sick of hearing opinions that I don't agree with. If someone wants to tell me something I am not interested in hearing, they must interact with my token agent and pay me a fee. If they don't pay the fee, then they will have to stop breathing. (Bush would be dead in seconds)
postmodernsideshow.com
I don't have a solution to spam, but there are a few things I do that make me feel so much better when I get it.
I own my own domain name so any email address at my domain gets to me. So when I register for stuff, I use unique email addresses every time (i.e. amazon@mydomain.com, circuitcity@mydomain.com). So if anyone SELLS my email address, I know because I start getting spam at a particular address. So anyways... here are my two simple solutions:
1. For every piece of spam that I get, I send a 5 copies back to the mail relay that sent me the mail. If they are going to annoy me, at least I will chew up some of their bandwidth and CPU cycles.
2. And if someone "sold" my address, then I also send 5 copies of the spam to the rat-bastard seller. I hope to chew up their resources as well.
If EVERYONE did this, I think it would totally crash the offenders machines and clog up their big fat internet pipes.
I would never support an e-stamp for sending e-mail. What about the guy who goes down to the library once a week to e-mail his relatives? Are you telling me he has to pay something, even if it's only a couple pennies, to use this feature? He'd still have to send those pennies somewhere. Personally, I like *gasp* Microsoft's idea better. (see previous Slashdot post that I can't seem to find right now). Charging computer cycles, while wasting some processing power, would not hurt any user sending a reasonably limited amount of spam. But it would make it impossible to flood1,000 "Free pr0n! No Credit Card Required!" messages to inboxes in less than an hour. Pardon the cliche, but keep the Internet free.
michael greene
Such schemes can work even if nobody collects the costs of the stamp. For example, it can be the computational cost of finding a collision in a cryptographic hash function (where one of the inputs is the message+sender+recipient).
many developers depend on them. I hardly ever send mail to such lists, but read all of them. Not really fair if they'd have to pay for sending me valuable information.
It's so silly to see so many complex anti spam solutions, if all we need is jurisdiction aruond the concept. The biggest issue with spam is that tere's no law forbidding it. Fix that, and trigger happy lawyers will take care of the problem.
When will I end this grieving ? When will my future begin ?
And then that moves me to overseas operation spam. Well, there should be some online despository for ISP admins to get together on, corolate on who is sending what spam from where - IF they are american in origin, and have just moved to china for the pure spam operation, tax them in whatever way you see fit.
Well, you don't have to pay when you email your friends, colleagues, etc. people that you know (if you read the article). Hmmm... apparently, not many people have actually read the article. You really don't have to pay money unless you are sending out unsolicited emails.
... something doesn't sound right.
But I still don't think that this is a great idea. That's my hunch. Email wasn't designed to pay for it under any circumstance including, what you know today, spam. Once any email becomes non-free, free as free beer, it really changes the way in which email is used today. Sounds like a good idea to me generally, but
Show of hands.
How many people give out cmdrtaco@slashdot.org or similar as their email address when registering for a website or whatnot?
We've gotten maybe 50 spams company wide all year so far.
Charging for email wont end spam. It'll end email. Why bother? If I'm paying for a service, I'll use a more reliable and secure one.
I don't need no instructions to know how to rock!!!!
How about a protocol for personal PGP stamps.
I can issue stamps with as many tags as I like and configure my email front end to deal with messages based on the stamps
"Friends"
"I am a customer of company X"
"I work for A and buy from B"
"I work for A and sell to C"
"Registered at site M to enter contest"
"Tech web site registration"
"News web site registration"
"Entertainment web site registration"
In the event you went on holiday you could even set up forwarding based on the message stamps.
"Times have not become more violent. They have just become more televised."
-Marilyn Manson
Maybe there should be a collective spam filter applied to the whole internet somehow. If possible, it would "eat" spams before they ever got to anyone, and the more you block, the less everyone gets.
stuff |
... a regular stamp, it's fee starts out tiny, and is then increased little by little. See the boiled frog theory.
Jaysyn
There is a war going on for your mind.
I have previously worked at an ISP, and now in a software development organization, and it has always been common practice to send automated emails from webpages or servers.
How would a pay-per-email fee affect people like this? What about the "Forgot Your Password?" links on sites that email your registered email?
I think something like this would hit the Internet a lot harder than people think, since most people just seem to be concerned with Joe User at home sending 50 joke mails a day.
no comment
Can you imagine the overhead for people who run mailing lists? They've got hundreds of emails a day to thousands of recipients. Even if the cost were a fraction of a cent, the list admin would be swamped.
No comment.
Spammers steal bandwidth now by using offshore misconfigured mail servers and relays. They hide the origin of their spammage. They claim to comply with bills which were never passed into law. They lie about removal lists and how their spew is "double opt-in".
If they can spew for free, why would they sudddenly turn "honest" and start paying for the bandwidth they use? What's to stop them from continuing to use the broken servers they are using now?
I am opposed to any measures which might connote any legitimacy to spam.
Every time you send an email, you pay the recipient $0.01.
:)
End result?
The average email user breaks even if they send as much as they recieve. Someone who sends much more than they recieve is only out $1. Legitimate buisnesses will only pay about $0.05 per sale on average. Still peanuts. However, a spammer that sends out 10,000,000 emails ends up having to fork out $100,000. Still alot cheaper than snailmail spam, but you KNOW they'll be checking thier lists alot more carefully and targeting a bit more precisly than the sun. When that 1 in 10,000==success plan starts running $100/success. It cuts into the profit margin. They'll want to reduce that to a 1 in 1000 for the higher return spams (which are probably 1 in 100,000 or more anyways).
If you really wanted to make money by doing nothing each day, with that setup it'd be possible just by recieving the spam
If you think education is expensive, you should try ignorance -- Derek Bok, president of Harvard
http://www.pbs.org/cringely/pulpit/pulpit20030313. html
Though I have to say, neither one are originators of the idea - I've seen it plenty of times before, but this IBM guy is closer to the implementation of a system.
There is simply no way to feasibly convert the existing e-mail system to a e-stamp system. The technology is there to create a system, but implementing would be nearly impossible.
The only way people would even consider this plan is to market it like cell phones, where the first x minutes are free, and each additional minute costs $y. For instance, your first 100 emails are free, but each additional email costs five cents. No one can do much spam damage with only 100 free emails.
But, even then, I'm not convinced customers would embrace this or any other "e-stamp solution."
Adidas To Bring Back Sneakernet
That's the supposed goal of Microsoft's Penny Black Project which had a story earlier on /. The idea is to require a small amount of money for each e-mail sent. I don't think I want this to be a requirement that Microsoft implements.
Developers: We can use your help.
I don't know what to make of this email that appeared in my hotmail account this morning:
From : Saddam
Reply-To : Saddam
To : xxxxxxx@hotmail.com
Subject : We have every intention of getting you laid
Date : Fri, 14 Mar 2003 18:00:00 -0500
Only one Sex Club makes sure its members get laid - IraqiDate. This site is run by Iraqi women who want to fuck, so we're happy to help you find girls who are ready and willing to put out for you. Our goal is to make sure all of us have great sex whenever we want it. Take a look at what our members are like.
More Then 100,000 Registerd Women
64% are married and involved women
94% are looking for an anonymous sex partner
36% are looking for anal sex
65% are looking for oral sex
12% are looking for "taboo" sex
21% are looking for 3-some experience
26% are looking for an older man
100% Horny, 100% Amateur, 100% Real, 100% Ready to fuck tonight!
We have every intention of getting you laid. Our Iraqi female members are motivated by their own sexual needs. They want to fuck and they want to do it now.
Your enemies by day... Your sexual fuck slaves by night.
There was an article some time ago about a white paper someone at IBM (I believe) had written about a system wherein the recipient had the option to charge the sender of an email. The sender was informed whenever an email delivery was attempted that the recipient could charge the sender for the email. It was up to the recipient to do so, therefore your friends could send you email and you wouldn't charge them, unless your subscription to hotcollegecoeds.com was running out. Spammers, though, you'd charge. The application was put over to telemarketing too... the caller heard the blurb about the charge and had to press a tone to accept. Again, you could bless phone numbers the same way you could bless email addresses to avoid the system. But it didn't categorically block everyone you didn't have listed, just informed them of the possible charges. Wish I could remember the link but it's back in the archives somewhere. I loved the idea, myself.
As the typical slashdotter, I have not read this article, however it did give me some thoughts about a system.
Now, this system would only work if there were to be viable micropayments. Assume this is the case.
Any email sent results in a fee. Make it high, even a quarter. The money for the email goes to the recipient. If the recipient responds to the email, the money gets returned to the original sender.
For a typical user of email, (ie, not a spammer) you will in general have a balanced account. For a typical email conversation, you send messages back and forth; thus, the last person to respond would generally be the original recipient (for a zero-sum balance), or the original sender (one credit difference). We will suppose that over time, the typical user would initiate and receive equal numbers of email conversations. Thus the one-credit difference would tend to average out, leaving a zero-sum total for typical email use.
In the case of the spammer, it (not he) is sending out vast more numbers of emails than he is getting responses to (even including flames and the like). His cost will be:
(# spams - # replies) * cost per email.
For cost per email of about a quarter, you get into very unprofitable ranges very quickly. Spamming disappears!
Not to mention, if you wanted to make a few extra bucks, set up some spam honeypots and collect the $$$!
Just my thoughts.
---
--
Mac OS X--Unix without the assholes^Whassles.
While we're at it, lets charge web servers a penny for every HTML page they serve up. This will dramatically reduce the amount of crappy web pages on the web.
Then we can charge Google for every result they return in their querys. This will reduce the amount of irrelavent pages returned to the user
Conserve Oil, Recycle, Boycott Walmart
Spammers will get dumping prices and WE will pay in full, right?
Please remove this article it makes me worry about the sanity of this world..
For any of you that subscribe to MIT's Technology Review, it has a good brief in the current issue about some efforts to use CPU time as a method of thwarting bulk mailers.
To sum up, requiring a cpu intensive calculation to send off email would limit the number of emails that a person could send off per day (a 10 second calculation would limit a spammer to 8k messages per day, but would still be bearable for you and me).
Won't stop the tide, but could help stem it's growth. Would raise the cost for sending spam dramatically. Bulkmail renderfarms anyone?
There is no sufficient evidence to assert that the fee will go up only that it might go up. The fallacy of the slippery slope is an art form on Slashdot!
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
Ben Franklin: "Those who would give up a few essential liberties in exchange for a little temporary safety deserve neither liberty nor safety" Give up free e-mail for protection from spam (for a while). uhm... how about no. And who here doesn't believe that as soon as we allow them to charge for email it will start increasing the same as snail mail stamps do every year? ugh! -Dave
I typically receive about 750 spams a week. The combination of SpamAssasin on the mail server and the new Junk Mail controls in Moz. 1.3 have nearly eliminated the amount of junk mail that shows up in my Inbox. No false positives so far, and I haven't had a spam in my inbox in two days.
Guys,
9 49&cid=5440 477
3 20 743
This idea has been out there already, and I have a beta site that is working for me at this time using an e-stamp solution.
some posts mentioning the solution:
http://slashdot.org/comments.pl?sid=55
http://slashdot.org/comments.pl?sid=53993&cid=5
If IBM (or Large copr X) says it's news though... it's news, otherwise it's not news. So Slashdot folks... we have great ideas, why do we always look at them in a different light when someone in a large company has the same idea?
BTW: the e-stamps in my solution would be paid 80% to the email user, and 20% to the email service or isp.
Hey IBM, (or other large corp) If you would like to license this solution, and have it sone for you, Contact me.
anthony@brainclone.com
...reading this I'll start right now to look for alternatives to eMail before the american world gov erment starts to fuck email users..
The only problem I see with this is that the spammers will throw a fit, and this thing will spiral out of control, and EVERYONE will wind up paying for email.
Is that what we really want? How long before the price of email starts to climb due to "increased costs"? Have you bought a stamp for snail mail lately?
We really need to sit down and think this through. There's no way we're going to be able to ride financially on the back of the spammers.
Reeses
By associating a fee with the sending of spam, you're legitimizing the practice, much as junk postal mail is "legitimate".
Don't even begin to open that door, you fools. We must make it illegal to send spam, then from there, make it illegal to send unsolicited postal mail, solicit on your doorstep, and make unsolicited commercial/charity/political telephone calls.
It's my phone, my email inbox, my mailbox, and my doorstep. Fuck off if you think you have a right to use it at will to sell your crap.
Why are you letting these clowns ruin our country?
This approach means that spammers have to pay for a charity stamp for every single spam they send out. And that would undoubtedly eat into their profits, and prevent the most ineffective spams from being sent.
But here, I think the developer of the idea pushes the logic too far. He says, "The whole spam industry depends on spam being free to the sender," Fahlman says. "If we change the social rules of E-mail just a tiny bit, I think the whole problem of spam goes away."
I think it's far more logical to conclude that the problem won't go away at all. But it might become more manageable, because it will force spammers to only launch campaigns that can return a profit after charity stamp expenses. In essence, spamming will become more like bulk mail. It costs Land's End a dollar a catalog for their postal mailings, and they probably get a 3% response rate, but the profits they make on that clothing is worth continued and highly targeted mailings. The same dynamic may one day be true with spam. And I'd rather get 30 emails a year from reputable companies like Land's End than 3000 emails a year from Viagra pushers.
I've heard a variation of this idea, and I think it might in fact be Fahlman's work, and that the Internet Week article sort of missed the boat on this reporting. In the variation I've heard, the "charity stamp" is expensive, say a couple of dollars. This system would create a social agreement that redeeming a charity stamp is sort of a slap in the face. Your best friend from elementary school could email you, and you'd be perfectly entitled to redeem his charity stamp since he's not on your whitelist. No reasonable person would burn friends and family like this. But what fun it would be to burn spammers this way, having each unwanted email result in a dollar being sent to your favorite charity!
I think this kind of optional redeeming of charity stamps is the core of what would make this idea work. But we'd need to set up a new email/micropayment infrasture to make it possible, and couple it with strict laws that spammers trying to evade the charity stamp face criminal penalties. Creating a new system like this would pose enormous problems, but it sounds workable. I think the bottom line is that the spam problem can almost certainly be reigned in, but whatever approach is used, it's going to take big money, government intervention, and a partial redesign of how email servers currently operate.
As for me, I recently started using the Bayesian filters in Mozilla 1.3's email client. I can't say enough good things about how well this has worked--I've reclaimed my email box. It used to take me ten minutes or more a day to delete spam. But Mozilla does it with uncanny accuracy, and probably with fewer mistakes than I would make if I'm hurrying.
I'm generally "Interesting," "Insightful," and even "Funny" here. What the hell happens to me at parties?
The article seems to be a new wrapping for a years-old idea of making the sender pay for each individual message mailed.
The article proposed to maintain a white list of trusted addresses. Anyone not on the white list would have to pay money and (manually) obtain a token allowing to send a message to a mail box. I would say this is too difficult.
I think obtaining a token manually is sufficient for all spam-fighting purposes. If it can be assured that the e-mail was sent to me individually by a human being, then it's worth my effort of looking at the subject line. So, if the sender is not on my white list, my server could reply with an automatic message something like "Your message has not been delivered. Visit the page http://.../?id=123456789, read the number in the image and enter it in the box". That would cut pretty much all spam.
I know at least one free e-mail vendor who implemented this technique. It's simple and easy and still not widely used. I bet the idea from the article would suffer the same fate.
While I think it could work to help stop spam (if a reliable system could be set up), I don't trust companies to not raise the price of each email in the future. Just like with anything else, once somebody finds out that they can make a profit they will raise the prices up and soon email prices will compare with the prices of regular mail.
It's one thing to post on the wrong story, but to post on the wrong story regarding Robo-pornography is just disgusting. Sure, we all think about robots and how they would be the perfect mates from time to time, but not on work time, buddy. Pack it up. You're fired. Be out of this office by 11:40am EST.
What about mailing lists like LKM, would they have to pay for each email forwarded?
GTA3 is like the Sims to me - MC Hawking
I've said it before and I'll keep saying it. You only get spam these days if you want it.
There are a lot of well documented, cross platform and highly effective techniques for avoiding spam.
I won't go into details, because, well, I can't be bothered any more. It's like talking to a brick wall sometimes.
Government of the people, by corporate executives, for corporate profits.
The bulk mail subsidises your 'regular' mail. Your post office runs an infrastructure to let you buy individual bits of gummed paper, tramps around the country individually receiving each bit of mail you've written, tries to decipher the scrawl you've made across the front with the biro and then delivers- all for your 37 cents a pop. The junk mail sender just drops several thousand pre-paid, pre-typeface-addressed identically sized mailshots on their doorstep. They're obviously a lot cheaper to process, but bring up the number of items they handle allowing them to pass on the ability to send a 37c letter to you due to economies of scale.
Saddam Hussein - Truely an american icon!
Pay to send, or pay to receive? How can you force a fee on either given our open standards on the internet?
Spam sucks...yeah we all hate it.
But you know what, if you actually put forth an effort to not splash your e-mail address around, you can avoid enormous amounts of spam before they ever reach you.
I've had one main e-mail address at a major e-mail/web provider for just over four years. I am constantly checking it and I use it for virtually all of my e-mail correspondence.
Right now the spam is the worst it's ever been for me; I get about 12 a day.
sedawkgrep
Is that a salami in my pants or am I just happy to be me?
I have Personally and all alone come along a much better idea: Charge only those people sending spam with lots of money! You may complain this is not possible or is nonsense or anything but I don't care as always I have a great idea like this people start to complain! But I'm sure only if technology would allow it, my method would be the best...
I think a better though analogous solution was already proposed and discussed on slashdot. Basically, to accept or relay any e-mail (not on a whitelist) the sender would have to perform a small numerical calculation of the recipients choice. E.g. find the roots of a sixth order polynomial with 7 coefficients provided by the recipient.
This takes a few millisecond to calculate the answer and its is trivial to check. One could dial up the problem strength as needed.
For normal users this is a trivial cost since my CPU is definitely idle many many milliseconds every time I send an e-mail. But for bulk senders its a problem.
It could be done either by the relaying e-mail servers or as long at the final recipeint. The latter is probably superior as long as forged sender info does dont create accidental DOS attacks.
In any event, it adds a trivial burden to the amount of internet traffic, and given a reduction in spam traffic over time would save on total traffic. And It cost nothing since it uses unexploited resources. And it would I believe kill any centrally served spam dead.
In fact one could actually get useful work out of this.
Imagine this scheme. To get your stamp of approval you have to get a ticket issued from some grid computing server that supplies the mini-tasks. For example, I might sign up with some service that issues mail stamps in return for doing 1 second of calculation on some easily stated but hard to solve problem (prime searching, etc...)
Some drink at the fountain of knowledge. Others just gargle.
So what if it's harsh. If they're low enogh to spam, then they're probably conning old folks in tele-marketing schemes, bank fraud, and everything else you can think of.
I suggest you read Slashdot
At least implement it as a wait period! Pegging the CPU wastes electricity with heat and reduces the processor lifetime. And can you say DOS attack?
all incoming & outgoing mail and if the mail you receive is not encripted then send it to /dev/null. If someone has to contact you then they can get your key from a website.
So even if spammers got your key they would have to go through the process encrypting the email which is more time consuming and would probably result in less spam sent each day.
But then they could buy more expensive machines and we would end up at square one!
Ah forget what I said!
My penguin ate my sig
I started using ASK( Active Spam Killer ).
It works great. It works by requireing a response the first time someone emails you. They repond to an automated email and are whitelisted. Since spam has it's replay lines forged the spammer never replys to the automated email and you don't get any spam.
Since I have started using this 2 months ago I have gotten 2 spam emails. That is down from about 40 a day.
The other bonus is that unlike filters if someone needs to get an email to you they will and it wont accidentally be junked.
We should take a lesson from Iraq and shoot 40 Tomahawk cruise missiles at spammers' headquarters.
... about an "email tax", consider this: Microsoft's Penny Black Project aims to do the same thing, but implementation only requires some sort of cost, not necessarily monetary.
One method is especially interesting, the CPU-based scheme in which "the sender must solve a recipient-defined puzzle in which computation of the solution is moderately and provably hard." If that were the case you wouldn't even notice if you're sending one email, but a spammer certainly would if he tries to send out 1,000,000 at a time.
If each user had a quota of say 1000 or even 10000 emails sent a month free, and have an emails fee for additional emails, that would help reduce spam while not pissing off the regular users. Another thought is to have each server that re-routes the email to charge a small cost when the quota has been exceeded, that way the spammers that use their dedicated smtp servers will still have to pay.
For my Hotmail account, I've been tracking down the source of spam e-mails that reach my inbox for the past few months by examining the headers(I just empty those that go into the junk mail folder). I then contact the appropriate ISP to report the spam.
Ten or more spam e-mails used to reach my inbox each day (with up to 30 going into my junk mail folder). Now, I'm happy to say that my work has paid off, and I'm starting to see results. I generally have as few as 2 or 3 (usually about 5) spams reaching my inbox each day. That's a pretty good improvement!
.
To end Spam, you must "de-monetize" it.
To do this you must increase the bandwidth loading of the spammer's sponsor (the 'business' paying to have the spam sent) beyond tollerable levels. The only way to do this is with a distributed "insincere curosity attack".
To do this you must write a mail app plug-in that allows you to drop spam into an analyser bucket on your desktop. This analyser would parse the spam for URLs and toll free numbers in the body of the spam. This analyser then routes these "targets" out on to a peer to peer, gnutella style network. As soon as each peer in the network gets about, say, 20 or so copies of that same target submitted from other peers, then a small HTTP client would start making random requests to the target URL or toll free number. This would keep up until the target disapears.
Oh, and to play the Flute, you just blow across the little hole on the one end while moving your fingers back and forth on the outside of the tube.
"A microprocessor... is a terrible thing to waste." --
GeneralEmergency
Why not just lower connection speed for all SMTP servers. Well, maybe not "connection", but lets say you are only allowed to send 1 e-mail to one address per 30 seconds.
Probably wouldn't effect 99% of home users, but would make it extraordinarily time consuming to spam even hundreds of people.
"If anything can go wrong, it will." - Murphy
To counteract this spammers have stared stealing peoples identities by putting some unsuspecting users valid email address in the reply lines of their spam blocks.
When this happens to you is really suck becaus suddenly you are getting thousands of bounced email s back - one for every invalid email address that the spammer tries.
I love it it when they say. "Of course we have the right to protest." And then go on for a long time about how horrible the protesters are.
I can't believe the press does this. You'd think of all groups they would understand the importance of respecting everyone's rights. But their time is gonna come when the brown shirts start pulling their chains too. The entire media is starting to sound like Rush Limbaugh. All mind games and bullshit.
Weeeeee! Welcome to America! Have you heard about what's gonna happen if a Red Alert is announced? It's marshall law, people. Want to pick up your kids from school during a Red Alert? Well, they're not going to let you. Is this not an important thing to be aware of? Is the press talking about Red Alert? Nooo. It's all about how evil the protesters are and how glorious the war effort is.
If the nation escalates to "red alert," which is the highest in the color-coded readiness against terror, you will be assumed by authorities to be the enemy if you so much as venture outside your home, the state's anti-terror czar says.
Hey we get yet another "czar" too.
Now WLS is talking about how much they love police, and again how horrible the protesters are. Boy, it doesn't take long for people to put on the brown shirts.
Could you please describe how an ISP can set up a system to refuse emails that have a forged from: address?
A huge problem with this, at least here in the United States, is that you start to infringe on the little thing called the first ammendment.
everything you've listed, spam, telemarketing, stopping by the front door, etc equate to someone wanting to say something. It may be something as stupid as 'make money now' or 'enlarge your penis' but it's still protected speech just as much as those guys in white hats that run around in the south.
So they'd challenge it under the first ammendment law.
Now, I'm all for shutting them up. But if you let someone shut them up, our wonderful legal system has a way of taking that shut up as a way to shut other things up, and before you know it, we can't post comments on slashdot.
As a rock-in-roll Physicist once said, No matter where you go, there you are.
We hear about yet another pay-for-email system every few months. Sometimes it's money, and sometimes it's processor cycles...
They never catch on because it requires a change in infrastructure and cooperation amongst all participants, which will never happen.
http://www.brainclone.com/email.htm
1- Will it cut down my spam, if I know regular that I still recieve crap in USPS regular mail?
Yes, because you set how much stamps some anonymous guy has to pay you to email you. So instead of the 1 stamp (for 0.10 cents) you ask for 100 stamps. You will never recieve email unless someone buys $10 worth of stamps, just to email you 1 email.
2- Nearly All spam comes from Bogus addresses, how can you filter this out?
The current Email server solution, filters out this email. You never see it.
3- My Family wont be able to email me without paying, WTF?
Grab all your family emails, and any work, or billing domains, and add them to your white list. Folks in your white list never pay a thing.
4- Ok people buy e-stamps, do I get anything out of it?
Yeah, you get at least 80% of the bought stamps back to you every month, through either paypal, or a check sent to you.
5- I got this Buthead emailing me spam, and paying for e-stamps, but I really don't want to rais the amount of stamps for anyone, I just don't want to recieve crap from this one idiot, who is harrassing me.
No problem, there are 2 solutions, we have a black list where you put people that you never want to hear from again, but if you fear for your life or want to file charges, you can also call the police, and in such cases we can provide the info to help find the idiot through his banking institution. (which he needs to buy e-stamps with)
SMTP bogus email, will simply not work anymore.
Anymore questions? E-mail me: anthony@Brainclone.com
Ruf ruf ruf! Ruf ruf ruf ruf. Ruf ruf ruf ruf ruf ruf?
Sincerely,
Sparky
.
.
needed for lame "postercomment": compression filter
If you wanna get rich, you know that payback is a bitch
This weeks Cringley column points out a variation on this that makes even more sense to me. His plan is, instead of a tax, the money goes to the recipient, a la PayPal. And, as he states, For most people, their payments and receipts would probably balance out, so only the spammers would really be paying, which would create the equivalent of postal junk mail except in this case the postage goes to the reader, not to the Post Office. And it doesn't require legislation, you could join voluntarily. And you could still use the "white list" as described by Scott Fahlman.
i think whoever posted last week that they should start suing the advertiser, not the spammer would cut down spam significantly. in the end, you know who it's coming from. it's from whoever hired the spammer to advertise their crap.
:(
the only problem with this (if it ever happened) is that if i got a hard on for getting slashdot in trouble and started mailing spam advertising slashdot then...if all goes well, Slashdot gets sued for sending spam
when the Post Office recieves money for dropping "the occupier" [that's all - no address] letters through my letter box I believe this enables them to keep the price of postage at what the market will bear.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
I would like to see a system where you were able to have two mail boxes - one that was public and caught all unsolicited mail. This could have a list of authorised users, and could forward mail from them to you. Non-authorised users could buy a stamp as suggested here, and then the public mail box could forward it on.
This would mean that people could pay to contact you, for example to change address or get in touch. Your friends and close collegues could use email as in the good old days.
--------------------------------------------- "In the end, we're all just water and old stars."
What about spammers that forge the FROM address? Some mail would still get through the whitelists that way. What about the guy who's address he forges, or whose authorization code he steals? If a spammer gets hold of your auth code, are you required to pay for the millions of emails he sends with it? And since this requires all of our mail servers to be updated with new software, why not just write a better protocol that lets us keep out the spam while keeping email free.
do not read this line twice.
Because he's a liberal. The answer to everything is more government. There's no need for individual responsibility.
Ok so let me get this straight I still need to pay to send email to my business associates? This is really silly.
Some email is from friends, but quite a bit of my email is from business people, people who attend my conferences, courses, etc. This will add costs that I really do not want added. And if the costs are so low that it does not bother me then it will not bother the SPAMMERS either to pay the amount.
We have junk and that is all there is to it....
"You can't make a race horse of a pig"
"No," said Samuel, "but you can make very fast pig"
I'm real, real happy with Fastmail's (http://www.fastmail.fm) ability to send Spam to a "junk" folder with SpamAssasin's help.
Honestly, Spam isn't an issue for me.
"User" of _what_ exactly? This is not AOL, this is the great big wild and woolly Internet that nobody runs, remember?
I like the idea someone came up with not-too-long ago of a communications 'escrow' system, whereby anybody wishing to send me any form of communication would be required to acquire some form of credit by paying into an account. $x for a phone call, $y for an email, etc., with changes in price for different permutations (time of day, size of communication, etc.)
The premise of this whole idea was that, unlike paying someone for the privilege of sending someone else spam (the whole idea of 'e-stamp' is a stretch, because when you buy a postage stamp, you are essentially paying your bit to the international post office system to deliver your mail--I have my doubts that an electronic communications tariff would really go to all those mom and pop providers out there), with a communications escrow system you are guaranteeing me money if I don't accept your right to communicate with me.
So, say Alice wants to send Bob an email, she has to agree to deposit $.25 in an account. If Bob agrees to accept her communications, she gets back the $.25. If Bob dislikes it, he keeps the quarter.
It's not very thought-through, but I find it a far more interesting approach to the unsolicited communications problem than the usual hue and cry of "force a tax on anyone wanting to spam". It addresses the issue between the individuals involved in a communication, and ensures that legitimate comms remain free.
Charging a non-retrievable-under-any-circumstances mandatory fee for every email sent, regardless of how small, has the potential to snowball into a behemoth that throttles Internet communications. After all, wasn't the first US federal income tax rate somewhere around half a percent or so? If email carries a mandatory charge, that has to go to _someone_, _somewhere_, and that's not going to be the recipient. How willing do you think that someone is going to be to ever give up that source of revenue?
Unfortunately I can't find the link. Anyone?
Cole's Law: Thinly sliced cabbage
A lot of the spam are nw on dialups/cable/dsl from giant ISPs that could care less. Especially when they're outside of your home country. I was being DoSd once from a couple of cable provider. I called one of them up (both were national providers) and they're autogreeting told me I needed a court subpoena before they would take action. That is what I mean by them not caring.
Charging this way for e-mail will do nothing at all positive to stop spam, it will in fact have just the opposite effect.
The big time spammers are tightly in league with their service providers, this "postage" cost will not be a real cost for them at all, but it will have major impacts on any legitimate use of e-mail. Shoestring organizations that link hundreds or a few thousand worldwide members with useful, informative e-mail messages will be put out of action cold. New business models that automatically e-mail you important information that you want (such as confirmation of delivery, or news or sports information) will have to rethink their options and either cut back such inovative services or charge additional for it. Even individuals will be less likely to send quick acknowledgments when they know the will eventually be bled dry by snowballing small charges.
Meanwhile, the spammers who don't really pay these charges at all (either because they are in league with their ISP, they are their own ISP and so pay themselves, or they are using a temporary account, viouating it's terms of service, and intend to abandon it and pay nothing) will claim that because of this bogus e-mail postage charge they somehow have a paid for right to overflow your in-box to the point that you can't get legitimate e-mail and waste even more of your time sorting through their deceptive crap so that you don't happen to miss that rare but important legitimate message.
Given that this lame idea will not prevent any spam, and will certainly have negative impacts on legit users, it should not at all be encouraged as "anything as long as it might fight spam" or "I'd love to see something done." but rather but rather be actively discouraged as the bad idea that it is.
I'm an American. I love this country and the freedoms that we used to have.
You sign up on a website that sends you an activation code for your account there. The site you signed up on is a small business that can't afford to pay to get this email through to you. So either you have to remember to add their email address to your free whitelist, or you don't receive the email (and many users wouldn't have any clue why). The small business thus gets so much less business that they go under.
The same goes for subscribing to an eZine or mail lists (can you imagine how many bounces bugtraq would have to deal with?), receiving any other email from a site where you sign up, etc. And every time a friend changed their email address or you met someone new, you'd have to update your whitelist.
This kind of system would be useless for an email address where you accepted bug reports for products, etc. (any address that you would HAVE to keep open for free).
I guess if there are people who would want to use such a system, then I'm all for someone creating it. But I won't be using it, and I can't see myself paying to get my emails through.
Convert RSS to HTML - integrate webfeeds into your website
Asking for some kind of money (even for charity) for sending mail to something will stop a lot of people of sending email, even mail that you would want to receive. Suppose that I want to mail someone with this system because he have a worm, or an open relay, warn him about something or whatever that he wants to know. If I have to pay to do a favor to someone, well, I will forget about it. Worst than this, suppose that the author of this paper use the system, and I want to warn him of a problem there, well, in this case the problem will happen in the worst moment possible, but I will not warn him.
Hardware and CPU cycles for servers cost a lot of money. Purposefully burning cycles without actually performing any work will cost the OE customer money.
Frankly, I don't care if MS made my mail program go slower
Are you kidding? Since when does speed and cost not matter? You obviously don't run OE for a big company or you should be fired just for saying that.
Developers: We can use your help.
Comment removed based on user account deletion
I think they are on the right track. The reason spam is so prevalent is because it is so inexpensive. Attacking it on an economic level is the way to go. Law won't work because they would only work inside a jurisdiction, and the inter net knows no boundaries. That is assuming you could enforce them in the first place and I doubt that very much. The only thing it is missing is a way for the recipient to allow messages from someone NOT on the white list. Because there it is certain to be a friend or family member you did not put on your white list they will be treated as a spammer and not get through with out paying.
Chemisor Also had a good idea as well. If the SMTP protocol was extended to verify the sending address and or reply address the mail servers could filter out the most of the spam that clogs out in-boxes.
*blam* "No!!" *blam* *blam* *blam* "AHH!!!" *blam* *blam* *blam* "Oh god no!" *blam* *click-kchak* *blam* *blam* *blam* *blam* "Augh!!" *blam* *blam* *blam* *blam*
Bwahahaha!!
This will work... except when either the origin of SPAM is untraceable, or they make some claim you opted in to receive their valueable offer and have waived any fee. 100% of SPAM will fall under one of those two exceptions. Good luck collecting.
It has several advantages that pay solutions don't.
It doesn't require a micropayment solution
It doesn't require a central registry
An additional benefit is that for small senders the cost remains negligibly small -- perhaps 2 seconds per e-mail address sent to. For spammers 2 seconds per e-mail address is a huge burden. If you're trying to mail to 10 million addresses, you need 231 hours of processor time to compute the hashcash "stamp" required for all the address. It's not an impossible feat, but if a spammer needs to set up server farms just to compute stamps their profit margins shrink signifigantly.
Group working on an implementation of hashcash
I'm not trolling, but isn't a spam filter enough? I, too, was burdened by spam. I'd get 100 per day, and was growing very frustrated. Last week I installed Spamassassin and the problem is gone. I still get a couple per day, but it's no longer a big deal. Am I a "best case scenario" for spam filters? Why wouldn't Taco just run spamassassin and be done with it?
What am I missing?
/. finds me to be 20% Troll, 80% Funny
That has given me a mental image of Saddam on one of those shitty pop idol shows...
No way. This is a very bad idea, and I strongly oppose it. I do not get spam. I do not want to pay for emails I send, because other people #1 give out their email addresses to untrusted sources, #2 have emails with a serviceprovider who gives their emails to other "trusted" sources, #3 have email addresses which are easily randomly generated. If you get an outrageous amount of spam, it's no fault but your own.
i get absolutely no spam. why? because i don't post my email account. i'm sure taco has a private email account that all his friends and family use and only has his slashdot account for the stupid slashdotters who sign him up for stupid spam lists. the difference between spam email and junk mail is that all street addresses are public knowledge (hence the reason why they're addressed to "resident" and not a person). i think it'd be terrible to charge per email. i can't believe i'd ever hear taco say that it should cost money to do that.
please me, have no regrets.
The only argument I've seen against an anti-spam law is concerns over freedom of speech. These concerns are easily met. The law need only say:
Port 25 (the Simple Mail Transfer Protocol port) is reserved for human to human communication. It is an offence to cause or permit a robot to post to multiple messages to it.
It is easy to craft an exception for mailing lists that do the three step, subscribe, validate, confirm thing.
First ammendent jurisprudence lets the government regulate speech provided its regulations are narrowly tailored to serve a compelling government interest. What kinds of things count as compelling the US government? Other rights in the Bill of Rights, and laws of physics. For example, if you have two radio transmitters broadcasting on the same frequency each will interfere with the other. This is the justification for Government regulation of the radio spectrum. One way of looking at it is that freedom of speech is played off against freedom of speech. It is hard to oppose government regulation of the radio spectrum on the grounds of freedom of speech if the consequence is that neither speaker will be heard. Equally, it would be very hard to argue in court for the admission of robots to the designated human-to-human channel on freedom of speech grounds when the cause of the regulation was that humans were finding it hard to talk to each other because their channel was being swamped by robot traffic.
Notice also that this proposal avoids violating the first ammendment because it focuses on solving the problem we have, and leaving alone a similar problem that we don't have. Specifically, some-one who wishes to offer you a penis enlarger remains at liberty to get your email address from any source and type in and send an email to you, with their offer. They may repeat this, obtaining somebody elses email address, typing in a fresh message, and sending them a similar offer. They may repeat this as long as their stamina holds out and their fingers will keep tapping away at the keyboard. All that is forbidden is automating the process and then using the humans only port.
Why should the end user get paid? Why not the ISP? Afterall who has their resources and bandwidth used up?
I don't know about "e-stamps" for *all* e-mail, but what about an optional thing for e-stamps that would mark your mail as non-junk? Like, I could by 100 e-stamps (say, for 5 cents each). I could use them on specific emails that I want to (I wouldn't necessarily use them on all of them, only certain ones), and those ones would automatically be let through spam filters. Then we could have filters find those e-stamps, and if it has one, would let it through automatically. This could solve the problem of false positives in spam filters, and also would start costing spam companies major money!
http://www.virtualvillagesquare.com/ Online Communities: The Next Generation
-- Having a Creationist Museum is like having an Atheist place of worship
I got this image as an ad below the story. First I thought it was part of the story itself...
1 048263156125
http://images.slashdot.org/banner/ciph0004en.gif?
Oh, I can't help quoting you because everything that you said rings true
In our solution at Brainclone:
h ol d=0&commentsort=1&tid=111&mode=thread&cid=5565 115
http://slashdot.org/comments.pl?sid=57921&thres
we pay the ISP up to 20%
Anthony
http://www.cypherspace.org/~adam/hashcash/
GUYS:
Zone Labs has a new product out ($30 full retail) that is designed to reduce spam. It has considerable capability but one really neat feature.
If you mark a letter as SPAM, it returns that letter to the sender as if your email account no longer exists. It creats a return message identical to the return message your mail server would send (for a non existant -- or terminated account).
I understand that spammers use these messages to delete discontinued addresses from their SPAM lists.
How about that guys?
Tom
The only way to "truely" stop spam is for organizations like the "US Postal Service" to get up-to-date with technology and run a set of secure servers across the country to deal with nothing but eMail. These servers would talk to thier own eMail clients and not have anything to do with any other server outside of their trusted set of servers. End of story. Any other solution will be "forged" or "compromised".
hey just change your email address every two years. I was getting so much junk email that I decided to change addresses. Just gave out the new email address to friends and haven't gotten on anyone's list yet.
Very simple solution.
Just to warn you, I'm applying for a patent, so if you change your email address to avoid spam you owe me $5.
So much for businesses that depend on new customer contacts via email. No one is going to PAY to contact a business for the first time.
~REZ~ #43301. Who'd fake being me anyway?
An even better idea is a spam deposit, like the stamp idea. But the reciever gets to decide if it is spam, a yes means the charge is made and a no means the charge isn't made. I also think that the fee shouldn't entirely go to the reciever if it is spam, it should be split with the isp.
As x approaches total apathy I couldn't care less.
I think a solution against spam would be to have
an authentication mechanism that identifies the sender.
Users would have to pay only once a small amount of money to get a pub/priv key pair from a certification authority.
Then users would use this pair to authenticate the messages they sent.
E-mail recipients could then simply choose to enable or disable reception of unauthenticated messages.
David
--I probably don't have all the details correctly, but here's the gist of the funniest and most practical example of junk snail mail I ever heard of. It was back duing the energy crisis of the 70's. It was on one of those TV shows like "That's Incredible". This guy up in new hampshire gets a brainstorm, his heating bills are outta sight. He gets himself on-purpose on every junk mailing list he can find, I mean goes WAY out of his way. Pretty soon he's getting mailbags full a day coming to his house. He gets one of those paper-log roller machines, rolls up the junk mail and burns it in his woodstove!
What I did for electronic spam and getting mailed viruses is I stopped being on lists, stopped using my email addy except to a few friends. It's taken awhile but I'm down to only a few a day now, easy enough to delete. Also using that "junk" feature with mozilla, but no idea if I'm even using it correctly, but I really only get a few now.
As a group,you could pool your money and pay me,per odious spammer,to locate,castrate and render the hide off each one.(for a lil extra i will sell the
leftovers as momentos.)
since i have time,no employment presently,and a hatred for spammers that equals yours,it only makes sense.
I figure about $5000 per spampig would cover my expenses.$100 could get you their yarbles in a jar.$1.95 could buy their worthless hide(s&h fees)
think about it. it really isnt a lot once you have a bunch to pitch in.anything leftover we could buy beer with.
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
Any plan that includes adding fees to everyone's internet costs will never be allowed. We need to punish spammers where it hurts. They are usually based or routed through foreign countries, so suing them is costly. Once they have sent their million e-mails, they don't care if you managed to track down the service that sent the e-mails and lock them out. The only thing of value left is the website included in the e-mail that they want people to click on.
This is where DDoS comes in. Spammers usually hope for just a few hundred buys out of millions of e-mails sent out. If the website is getting pounded down by thousands of hits per minute, potential suckers won't have a chance. Or at a minimum, the spammer will get clobbered by a massive bandwidth bill. The best case would be that the ISP quickly sees what a loser site they are hosting and deletes the account. American ISPs already refuse to relay spam. It's about time they stopped hosting the websites as well.
Hopefully as ISPs get used to spammer websites killing their bandwidth and causing outages, they would add provisions to the user agreements charging penalties for massive bandwidth spikes that bring the rest of their network down. Most spammers would probably stop if they were facing a $1000 fine from their ISP just for trying to hawk their penis cream, herbal breast remedy, viagra knockoffs, russian brides, lose 20 pounds this weekend, teen sex, online casino, cable descrambler, DVD copier and special mortgage rates.
The US Postal Service is already PLANNING TO DO THIS. This must be stopped at all costs! Please forward to all your friends! URGENT!
</sarcasm>
[mild_flame] /. editors complaining about spam. /etc/mail/access
I often see you
1. DNSBL (ORBS, SPEWS, etc)
2.
3. dnl accept_unresolvable_domains
4. (optional) IPChains/IPTables blocking.
Really, you're supposed to be geeks. We have *tools* to handle these sorts of things. Yes 1-3 are sendmail specific, but there are methods for Postfix and Qmail as well.
[/mild_flame]
I get maybe three spams a day now, down from over 100 a day. It's just not that hard to make spammers your bitch.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety" - BF
SPAM filtering is certainly one answer that can probably be made to work very well for most people in most situations, but we are also aware of the many problems with this. Either you set it up and maintain it yourself, or you rely on your ISP (ala AOL's filtering discussed here) or software vendor and you probably lose a lot of control.
Clearly, there is also a role for law enforcement as well, and they don't seem to be even trying at this point. In any case, this is really the approach for the worst offenders; nobody should have to deal with unsolicited, explicite emails and this should an a minimum be criminal, and actively pursued and prosecuted. More can be done from this angle (required notice that it is advertisement, for example).
Despite it sounding an interesting thought experiment it's a bit grim if you go to all the trouble of killing someone but get the time wrong. My car bomb could fail to go off and then explode under investigation the next day rendering my prediction useless thus I will not be recompensed for my risk.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Hmm. You could easily whitelist people with GnuPG's Ring of Trust-idea. I hope that one catches on.
Only unknown addresses will be charged, you could probably extend known addresses to include entire domains. Finally, if there's a third party involved, I would think it would be trivial to refund these charges from legitimate people. Finally, you don't HAVE to charge for unknown recipients.
And if the costs are so low that it does not bother me then it will not bother the SPAMMERS either to pay the amount.
Wrong, it WILL bother and even stop many spammers. They're business model completetly depends on their ability to send millions of e-mail messages a day without cost. If you start incurring costs, you've just blown their business model. Even if it's half a cent. Let's see, what's that crazy thing called again? Oh yeah MATH:
$.005 X 1,000,000 messages = $5000
So for each mass mailing of that size, the spammer is paying $5000. Currently a lot of the big guys are sending out over 10 million a week! Hello? That's a log of money!
Now maybe they'll have to actually FOCUS thier mailings and maybe even (gasp!) start pushing products that aren't of dubious value and legal content. Junk is here, but we don't have to tolerate this amount or content.
Computer Science is Applied Philosophy
If that's so, then why are the major consumer ISPs currently in an advertising battle over who has the best spam filtering? I can't hardly turn on the television these days without seeing an ad from AOL, Earthlink, or MSN touting "now with better spam blocking!" or "protects your kids' email from porn spam!" The one with the butterfly dumping the spammers down the hole is kind of funny, no?
The fact that the majors are advertising spam filtering to the general public indicates to me that they perceive a demand. My guess is that their tech support staff went to the bosses and said, "You know, we're sick of Mabel Homemaker ringing us up and bitching us out about the Russian teen porn spam her husband and kids get. If the mail admins would start using SBL, we could play more Quake -- I mean, handle more important calls."
You don't need a pay-per-use system to keep spam off the net. All you need is an authentication system that tells you whether or not an email came from an authentic person. This could be accomplised using weak public key encryption. Keep a bank of public keys (in a database similar in function to a DNS) and make certain that these came from real people. Then have mail clients automatically try to decrypt messages as they are received. If they're not encrypted or if they don't decrypt to the public key from the public database, trash the email.
Making certain that all the public keys came from real people would be critical to the credibility of the system. Charge a per-year or per-month fee to have your key on this system. Make it billable to a credit card, and if any key is found to be spamming, the credit card that it is billed to should no longer be accepted by the system. At least this way, spammers have to mess with their credit to keep spamming. If they use someone else's card to spam, then you have a crime to be reported to autorities.
Anyone who wants to implement this idea- please cut me in.
DISCLAIMER: This post was not checked for speling and grammar- if you complain- you're a whiner
Here we go with another stupid idea to curb spam.
Basically the author is saying we should have to PAY to have spam stopped. Not only will it NOT work, but it'll just mean that spam would be ok if they pay to send it.
eTrade SUCKS
Instead of simply charging for every e-mail
Here's what I would like to see:
1) I set up a small list of people who can send e-mail to me for free.
2) Anyone else has to pay 50 cents. Half goes to me, half goes to overhead for collecting the money, etc.
If someone wants to e-mail me out of the blue, they still can, and then request that I put them on my free list, for the next time around.
Spammers always have to pay.
Yes you will get only what you want, we have been working on it, and are beta testing our solution now.
In our Brainclone solution:
QUICK F AQ:
1- Will it cut down my spam, if I know regular that I still receive crap in USPS regular mail?
Yes, because you set how much stamps some anonymous guy has to pay you to email you. So instead of the 1 stamp (for 0.10 cents) you ask for 100 stamps. You will never receive email unless someone buys $10 worth of stamps, just to email you 1 email.
2- Nearly All spam comes from Bogus addresses, how can you filter this out?
The current Email server solution, filters out this email. You never see it.
3- My Family wont be able to email me without paying, what about my mailing list I am subscribed to??
Grab all your family emails, mailing list email, and any work, or billing domains, and add them to your white list. Folks in your white list never pay a thing.
4- Ok people buy e-stamps, do I get anything out of it?
Yeah, you get at least 80% of the money from bought stamps every month, through either paypal, or a check sent to you. ISP's/Service Providers will be paid the other 20%
5- I got this Buthead emailing me spam, and paying for e-stamps, but I really don't want to rais the amount of stamps for anyone, I just don't want to receive crap from this one idiot, who is harassing me.
No problem, there are 2 solutions, we have a black list where you put people that you never want to hear from again, but if you fear for your life or want to file charges, you can also call the police, and in such cases we can provide the info to help find the idiot through his banking institution. (which he needs to buy e-stamps with)
SMTP bogus email, will simply not work anymore.
Anymore questions?
E-mail me: anthony@Brainclone.com
Anthony Loera
Somehow I'm reminded of this:
"Never teach a pig to sing. It wastes your time and annoys the pig."
~REZ~ #43301. Who'd fake being me anyway?
You don't have to charge. Just set up your customer service account to not charge for unknown addresses...
Computer Science is Applied Philosophy
Wow, more than 100 posts already and still 90% of posters obviously did not grasp the (rather) simple concept. I've seen a number of completely irrelevant objections:
The law would never pass : That's one of the best feature in this idea. No need for a new law. The recipient already has the right to block incoming messages. You know, when your phone rings, you won't go to jail if you don't take the call.
Spammers will never accept this : Of course not, but nobody asks them! Using this kind of solution is YOUR decision; you don't have to ask anybody's permission, especially spammers.
Widespread adoption will never occur : So what? This system will work for me even if I'm the only user. It's not one of those things that require a critical mass of users to be useful.
This will not completely eradicate spam : Frankly, I don't care. If it prevents spam sent to me, it's good enough.
5 cents to read spam is not worth it : You're missing the point. This is not about making money, it's about discouraging spammers. No spammer will ever send you an email if it costs him 5 cents. And the price is not for making you actually read the spam, it's only for allowing it to reach your inbox. In the very unlikely case a spammer actually pays, just delete the message as usual.
So please, read the article. The idea may not be completely new (email stamp) but the details address most obvious objections.
One problem I can think of is still pending : what happens if the sender is also equiped with a similar system? Will we see payment notices bouncing back and forth between both ends without ever reaching an inbox? I guess a solution would be to automatically whitelist any address you've sent an email to, if only for 1 hour.
Now, the really funny part is that ALL of the above (including subject line) is the exact post I submitted on Dec 10, in reply to an article about the same research by the same researcher.
We're discovering the notion of meta-dupe: it's a dupe slashdot story with dupe replies. By the way, my original post was modded +5 informative. If this one gets modded +5 too, we will achieve uber-meta-dupe status: the exact same story, with the exact same comment, with the exact same moderation. Perpetual motion, sorta...
It would be nice to be sure of anything the way some people are of everything.
Maybe they could donate all the e-stamp cash to NASA.
I'm not one for paying for anything I don't have to (Witness my email addy. Let M$ pay for anyone who wants to flame me.) but I don't see anything wrong with a kind of toll. "This user doesn't want unsolicited email, and you're not on the list, so if you want access you gotta pony up some change."
This would certainly wipe out the low end of the spam world; webcams, anatomical enlargements, etc. If some decent sized corporation wants to send me mail, that's fine.
The problem comes in through identity checking. How do you know the person who is sending you mail is on the list? I'm sure everyone here knows how to send email from a port 25 hack; even if you don't, it's completely obvious that spammers know how to forge whatever name they want.
So, in order for this to work, digital signatures would have to become much more common. Which I don't see happening any time soon. (vis a vis, if you only accepted digitally signed email, there would be no spam.)
Blah blah. I'll just stick with my filtering.
Just my 0.113620 Egyptian pounds's worth.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
That's fine if you're big enough. But my business is a one-man band, and I do rely on email contacts out of the blue to stay in business. Which means it's email thru my regular ISP. Now what??
~REZ~ #43301. Who'd fake being me anyway?
The biggest problem is plain old ignorance. If people would stop buying penis pumps and ink-jet refills from spammers, it would fail to be a useful marketing tool.
As it is, legislation is barely useful. In the few states where spam has been legislated, it is almost impossible to charge anyone with a violation and claim damages, the process is far too encumbering--that is if you can actually track down the spammer. The few people that actually do get charged are usually (fairly) legitimate, i.e. big business where you signed up for a service, and they are notifiying you of something new. This really does not account for the heart of the problem which is the thousands of schmucks in their basement selling email lists to each other and polluting our inboxes.
No, legislation is not really the answer. I propose a spammer bounty: An organisation that people can report known spammers to. Caught your neighbour sending spam? Report them. Post all of their personal details: name, address, photos, license plate, etc, etc... and then organize public protests around their homes. Get local busniess to unite and refuse to serve these people. Make their life a living hell. After a few good examples of this vigilante justice, see how quickly spammers give up!
the above is my personal opinion and does not necessarily reflect that of the little voices in my head
Let me just proposed a couple of scenarios where this doesn't work:
1. When you have a group of friends and non-friends who "Reply-to-All" in email discussions.
2. On the job search, and receiving email from potential job leads. I cannot see any circumstance where a potential employer would pay money to contact a potential employee.
3. Any scenario where you are looking to receive email from strangers, auctions, dating sites, etc.
I use Hotmail's Exclusive filter and it works brilliantly. I scoop out the good emails from the Junk folder, which amounts to about 2-3 a week. I leave my mailing lists in the junk file so that they are automatically deleted every week.
In this scenario spamming would be a tax deductible expense.
I don't think anyone wants to see that.
Before you know it your goddamned micropayments are going to be macro.
I can't believe people are falling for this, and what I really can't believe is that congress hasn't yet realized what a great source of tax revenue this will be. Yeah...this new micropayment will stop spam, right, now only the rich companies can spam.
Is your mailbox any less full every day because they have to pay to get it there. My god what idiots are pushing this stuff?
This faces a similar problem that MP3.com and the like have seen. You can't start charging money for something that has been both free and open for so long.
The face of a child can say it all, especially the mouth part of the face.
The analogy is to a stamp -- an anonymous pre-paid postage unit that can only be used once, and has intrinsic value as well as anti-forgery features (strong crypto).
The sender would need to pre-purchase a quantity of "stamps", and would have to "spend" a stamp for a message to be accepted.
Some recipients might waive the fee for all senders, while others might issue "franking priviledges" to their friends, basically a sender-specific stamp that can be used repeatedly (unless revoked).
I do not deploy Linux. Ever.
Read the article. You get to choose your whitelist. A company's "info request" email address wouldn't require anyone to pay because limiting access is not the goal of having that email address.
You or I might because we don't want strangers who aren't serious about making contact. Though a similar spam filter (requiring a reply/response step to be auto-added to the whitelist) apparently caused too much wanted email to be lost because too many human senders were unwilling to go through the trouble of sending a second email to get their first email through.
I forsee that this will have similar difficulties.
Regards,
Ross
Check out Cringley's recent article. Says basically the same thing, I believe.
The 2.3 cents per envelope paid in postage can hardly be the largest cost of real life junk mail. TRANSFAL, bud. You could jack up the costs of email to real life levels and you would get the same amount of email, because it's still cheaper than TV, billboards, radio and all that. In fact it's the only way to reach many people so anoyed with adverts that they no longer watch TV listen to radio and make laws against billboards. They will come and they will pay.
In any case the aproach is completely backward.
I'll pay a stamp for Email when the US government or some private company sets up a system just as good as real life mail. If someone can devise such a system where there are NO ACCESS charges whatsoever and all the work but writing the mail is done for me, a stamp might be a reasonable way to pay. As it is, I pay a private company for wires to my house and a private company on top of that to be able to read the web, and another to host and another to have a name. I do not feel like paying yet another party just to connect to another computer on port 25. No, 1,000 times NO. Paying for each and every email I send would be like having the worst of all worlds for email.
Shame on anyone who thinks a novel system that extracts your money will do anything more than extract money in the long run. Rember paying the cable company for advert free TV? Now you simply pay for TV. Anyone who pays extra for email will simply pay extra for email. In the end, the company running the system will be bought and you will get your censored adverts.
The only real solution is to make spam against the law and fine those who send it. A fine on those who receive it is stupid.
Friends don't help friends install M$ junk.
Most SMTP server can be set up to require authentication of the user; I think it should be possible to force each client to use only the from: address that it authenticated with.
It won't get rid of scam artists who use SPAM, but it will force legitimate businesses that send out SPAM to conform. If the field is present in the header then mail servers could scan the header prior to receiving the entire message. End users could instruct the mail server to selectively filter the SPAM based on the value present in the "UnSolicited" field.
Most SMTP servers are set up to allow connections from anybody as anybody. It is entirely possible to restrict connections to authorized users only, and it is technically possible (although I am not sure if it is implemented) to force from: addresses to the authorized user's identity. Most users send mail only as themselves. The exception is relay hosts, but those can be explicitly authorized, and you wouldn't want to allow your server to relay from a known spammer, would you?
I know there aren't a lot of Bill Gate's fans hanging out here, but what about The Road Ahead (copyright 1996) as prior art. I'm pretty sure the concept of paying per e-mail was mentioned in the book.
Maybe the EMail Stamp concept could be added to Spam Sleuth so it would work with all e-mail accounts, all clients, and all servers.
Considering most spam sending sites are out of control of anyone wishing to close them, I suppose it will be as difficult to collect the bills as it is to shutdown these e-pollution sites.
Achille Talon
Hop!
Really? Would that be because people have gone to great lengths to get around the post office? The post office cut back it's service and prostituted itself to junk mail. You realize that the government could impose the sorting rules on large mailings and still charge the full postal rate? Did you know that the post used to be served three times a day in many places alowing real business to be conducted by it? Today, real mail takes too long and gets lost in crap that cheapens it's perception.
So what have people done to get around real mail? They pay a minimum of $30 a month for a phone line and $10 a month for dhcp web service. That's enough money to send 100 real letters. Yet this is what people prefer.
Now what is proposed as a solution to spam? Punish the spamers? No, some dumb dumbs have had the bright idea to punish the rest of us. No fucking way. Just outlaw spam and fine those who send it. We should not impose the limitations of the old system on the new.
A private company might have a go at serving mail, if and only if they provide an otherwise feeless access system to it, but that would be an entierly new system and similar have already failed.
Friends don't help friends install M$ junk.
The day they start charging per email, is the day slashdotters begin work on a free alternative.
I don't know about you, but I already pay a "small fee" to send email. It's roughly equivalent to the amount I pay my ISP each month, divided by the number of total bytes I send or receive, times the number of bytes of email I send or receive.
TMDA (www.tmda.net) is pretty similar in spirit to ASK. But I actually use TMDA, so talk about it.
These problems can be solved by the use of tagged addresses, supported by sendmail, exim, qmail etc.
Basically you give your address as genius+dated+E7ABC@foo.com (instead of genius@foo.com), and tmda passes it on to you automatically until it times out (typically in a week).
Is it a bit of a hassle? Yeah.
Does it beat 100 spam messages a day? Also Yeah.
The technical hassle could be overcome by yet another mozilla hack to generate addresses on the fly much like my mail and news clients already do.
use the numbered profit scheme, but instead Ill just explain what i want to setup. Block all email.
Anytime you receive a message, you dont see it, but a reply is sent to the sender with a link to a page to purchase access to you, ie - "Im sorry, but I have blocked all incomming email, if you would like me to see what you have sent me, please click on the link below and purchase X amount of views". Then they could purchase what basically amounted to stamps to send you X amount of messages. If they are just a bot, or a dead address, you would never know the better. When they completed the purchase, they would then be given a key etc etc. This would all run behind the scenes with your email client, and you would never see spam again unless you got paid to view it. Now i just need to stop being lazy and start implementing it...
So, when I have a baby, how do the IRL spammers (junk mail companies) *find out* I've had one? My concern is that even with e-stamps, there will still be lots of spammers that abuse the email, and find ways to get 'bulk e-stamps' at a reduced rate.
My Journal.
... which means there are potential problems with this pay system. I may owe only a limited amount of money to a few people, and all the cumulative senders to me may only owe me a few bucks if I decided to collect. That means that there are probably millions of dollars to be collected overall. I some enterprising startup pays 10-25% to individuals for the right to collect on the Debts there is a lot of money to be had and a lot of incentive for someone to pursue it.
Use your head, can't you, use your head,
You're on earth, there's no cure for that - S. Beckett
this is absolutly obserd. this would be an end to all newsgroups, non-spam mailing lists, etc... and the start of a whole new wold of problems caused by those that don't pay their email bill
I read the pdf linked in the article and was excited, because this proposal seems like it might actually work. I checked out the responses and was very irritated to find that the vast majority of the posters were objecting to things that weren't even in the proposal. I haven't read slashdot much recently, and I can really see what people mean when they say it's going to hell in a handbasket.
(And hopefully someone responded to your previous post in exactly this way, creating an ultra-tiple-decker dup.)
Benjamin
I think this idea ranks in stupidity with micro payments. Pass law requiring spam to have a mimetype identifying as such or the spammer is fined. This will give clients plenty of oportunity to filter the spam. Spam will dramatically decrease because most or all people will filter it. Problem solved.
Maybe I'll get a PhD for this idea or a job at IBM.
Another way/reason the bulk senders save money is that they tend to sort the mail themselves before giving it to the postoffice. The postoffice then discounts the price for them.
(Please note that well I am only positive this happens in the UK, I am confident the same types of agreement would occur in other countries)
I can give a report on how ineffective SPAM must be.
Last December I found that a SPAM artist was using an old, inactive email address of mine, as the "Reply-to" field of some of their SPAM. I got a flood of bounce messages. At its height I was receiving 100 bounce messages per day.
I looked at every message associated with this SPAM. Only one single message was written by a real live human being.
How many SPAM messages got through, if I got 776 bounce messages? I dunno.
But the bounce messages were from a limited number of ISPs. I surmised that most ISPs mail servers can tell when a header is forged, and don't bother reporting non-delivery to a forged address. Some of the bounce messages reported dozens of bad addresses.
I am going to guess hundreds of thousands of SPAM went out.
If there are any potential SPAM artists out there, learn the lesson. Don't bother. Something like 99.99% of them get tossed without being read.
I wish I had a log of money.
*sniff*
If you have been missing the point, re-read the article. Do not let the government into this. It will be the camel's nose in the tent. There is absolutely no need to charge every email for transmission. I am already paying for that by using an ISP, thank you very much. Also, try looking at the statistics that have been posted on /. about the source of email addresses.
Lame solution: Spammers get their addresses by scouring the web. If you are going to post an email address, post a forwarding address. Joe's Email forwarding will charge a tiny fee to forward ($.05). Joe's charges the sender, not you. If you reply, Joe's will fiddle your reply message and properly send the reply with Joe's address. The entire fee will be donated to the FSF. You can still use your own regular email for free (as in beer) communications with your friends.
Hey. If somebody wants to send me Pr0n ads at a nickel a pop for the FSF, they can be my guest. It would tickle me pink to hit the delete key, every time.
I just cannot figure out a simple way to charge ordinary folks a nickel.
I do not think credit card fraud will be that much of a problem. The fundamental problem with spam is that it is *legal*. Any time Joe's Forwarding bounces a credit card number, they just send the notice to the FBI. Within a very short time, spammers using stolen credit cards will be serving very long sentences, and will have to stop spamming.
Rather than trying to create a governing body to manage this internationally, what about an idea like the following:
Incorporate the ability to create a certificate on your own computer. This certificate can have an expiration date of your choosing... 1 day, 1 month, whatever. When your client receives mail that isn't certified, it send a copy of the current certificate to the sender. They can then email you until the certificate expires. The odd spammer will get through, but this would lower the effectiveness of spamming greatly because it would take time for them to build databases. And expiring certificates takes that time away from them. Plus, in order to get a certificate they'd need to send email from a real account. Certificates could always be bound specifically to the requested account for even more frustation at their end. Since spoofing wouldn't help them, they'd be more easily traced for legal action.
I'm sure there are holes in this idea, and I have no means of implementing this in any way myself. Is it practical to add a feature like this to an open source email client?
what a horribly STUPID idea! we already pay for email through hosting and advertising costs. and people want to create an artificial additional charge???
OK, a large amount of spammers rely on *guessing* e-mail addresses. Why not charge per e-mail miss. I know, what about the guy who just mistypes a valid e-mail address. Have the ISP give out 10-20 free e-mail misses per month. This would more than cover any mistypes by us "normal" users while crippling the spammers who rely on guessing e-mail addresses.
My $0.02
ILuvSP
the openess of the internet.
My points:
1. Too many people are organizing and banding together, passing on information that disrupts the plans of the elite. Environmental issues, personal freedom, etc. For very little cost or through libraries ANYONE can have a say or pass information.
a. The elitists need to quash this source of disruption.
b. Fighting it directly will just feed it.
c. It must have a weakness.
2. SPAM appears to be the bane of the internet. Perhaps it would be a good tool of disruption(!)
3. People can be paid to send SPAM. They don't have to know the ultimate reason.
4. Who are the elite? Well, who gains the most from having control of the majority of people? Historically (post Moorish/Turkish Empire), Colleges and Universities have been the domain of wealthy European males. Wealth and Knowledge lead to POWER which is all that is needed to control people.
5. Now that the stage has been set with a problem that is universally despised, how wouldn't give anything to make the problem go away?
6.Most people are too weak-minded, selfish and short-term thinking to devise a way to solve the problem without giving up certain freedom. (Shades of the World Trade Center). Imposition of measures which began to deteriorate the openness and freedom of the internet begins apace. Everyone is on board because the problem finally goes away.
7. The easier solution of creating legislation which requires spammers to identify themselves so that they are open to lawsuits is too easy for the masses, will make the courts have more work and will keep the internet open. Why would the elite do that.
First asshole to mod this down is complicit in the arrangement.
The first thing that conspirators do is discredit the knowledgable as "conspiracy theorists".
Charging money for individual messages is a ridiculous idea. We have other spam solutions that work very well -- smart filters. If you're a mail admin, you need to get familiar with Spamassasin and other tools like it. They work. Personally, I use PopFilter on my laptop, and it works beautifully. I get 2-300 messages a day, of which about 5% are legit. PopFilter handles this flawlessly.
You've misunderstood the idea - you don't have to pay for any email you send if you are sending to someone who has you on their whitelist. And if you email someone for the first time, you only have to pay once if they add you to their whitelist.
An added benefit is, if you have a falling out with someone (old s.o.), you can remove them from your whitelist and make them pay to email you.
This is a good thing!
Use a filter to get rid of spam. I get around 20-100 spam mails per day, but using bogofilter it's all filtered away. I get around 1 false negative per week and no false positives.
These micropayments seem interesting, but are really useful for spam reduction for people that don't have the capabilities to use a content based spam filter.
Besides, many mailing lists and ISPs are starting to use spamassassin or other filters, to the spam problem may go away in time. Or not.
spam is a communal event. we all get the same spam at pretty much the same time from similar sources. being such a communal thing, it makes sense to use the communal aspect of it to get rid of it. for example : 1 mail server with 2000 recipients, if more than 10 % receive and delete/block said piece of spam, then it is identified as spam and removed from the remainder. this allows for for subgroups within the group to cleanse, in short order, the entire system. it does not affect newsletters or other internal mail and it's (the server/group) recommendations on what has been deleted can be forwarded to a neighboring group. the program for this could actually be pretty small. any comments? better still, any takers?
There is a solution. Mailers that only propagate mail if it is signed by a trusted key.
We outlaw all drugs, yet there is a push and pull (supply/demand) on drugs. Spam is the same way. Many companies that are pushing the spam are paying somebody else to do so. The more illegal that spam gets, the more offshore that it goes and the higher the costs to the company that wants it to be sent.
So far, all I can see winning this spam war is the the spammer, the company providing it, and the congress ppl who are being lobbied on both sides of the issues and taking monies from both side.
In fact, it really is identical to the drug war.
I prefer the "u" in honour as it seems to be missing these days.
We use a custom spamfilter on the BBS (written by the Real Sysop to work with Wildcat4), and it's nearly 100% effective. You can find it on the software page at http://eqcitybbs.tripod.com
:)
I don't filter my Earthlink mail at all, and my real email still outnumbers spam by about 2-to-1 (I get 10-20 spams a day, including wandering copies of Klez and Bugbear -- but there are days when I get zero spam, and it's rarely enough to even get my attention). I don't post that address on usenet, but it IS by necessity plastered around my websites.
I *do* have a DEL key, and I know how to use it.
~REZ~ #43301. Who'd fake being me anyway?
Easy. Add a field to the form, into which you paste your own "stamp" for the site to use on the email that is sent to you.
Same method could be used for those "mail this web page to a friend" links you find on CNet and the like. The concept is analogous to the "Self Addressed Stamped Envelope".
For a server that sends automated emails (e.g. weekly activity reports), you could provide a self-signed "reusable until revoked" certificate (aka "stamp") for all future emails.
The easiest way to do this would be for the web page to present you with a certificate naming their server and sending domain or full email address. you would "sign" this certificate with your personal email key, then paste the signed certificate back to the form and submit.
If the site "goes bad" and starts spamming you, you have the option to revoke the certificate.
I do not deploy Linux. Ever.
any estamp like infrastructure will make it much much easier for governments to TAX each and every email.
We don't want to make it easier for any government to create new taxes.
Taxes never go away...just look at th 3% federal tax on your phone bill which was a 'temporary' tax to pay for the Spanish American war in 1893.
Correction, 2003-1893 == 110 years is temporary considering the newest copyright extensions in place.
or if you want pure problems, send them three problems, two are useful, one is one you already know the answer too.
The solution to Spam is to require 'human-verification' of senders before accepting mail from them.
:P)
The first time someone emails you, have them look at a picture of words, or even just have them reply to a validation email. (or allow them to reply if you email them, otherwise this system would never work
Any solution that requires other people to change their software to email you is not going to work. And I'm certainly not going to pay any money to email someone. A few people might, but the vast majority won't. This system would do far worse with false positives then any filter. And it wouldn't do any better at all then requiring a simple digital signatures anyway!
By the way, one interesting thing about this technology, If it became widespread, it would change society a little. People would solicit email from people to get the cash. If you charged 5, and got 1k emails a day, that would be $50/day or $18,000/year. I could so see people running popular websites asking people to email them to support the site, rather then (or in addition to) advertisements or conventional donations.
autopr0n is like, down and stuff.
most of the spammers have a large budget behind them to send out all the mail.
I still lean towards the best solustions being things like rbl databases.
I know I cut the amount of spam I get on my site by well over 90% when I used a combination of
rbl queries, mailscanner, spamassassin, razor, and dcc.
2) There are many perfectlly good means of killing all spam. Here is one:
A) get an email program that has both a filter and an auto reply function.
B) Set up a filter. If an email comes in that does not have the word "maps" (Spam backwards) or some other code word in the Subject line, your filter i. appends an instruction to your recepient to use that code word, ii. autoreplies to that sender, and iii. deletes the email. Spammers can NOT afford the time to deal with any replies.
C) If your buddies also do a similar thing, you might get caught in a loop. To deal with this you can have the auto-filter insert your code word to the subject line before you reply. The only problem might develop is if the spammers started using an auto-reply function of their own (A highly unlikely event in my mind).
This simple system kills all spam going into your mailbox today. It does cause minor inconveince to people trying to mail stuff to you as they have to remember to input your code word. But their inconveinence is less than you having to delete 1,000 junkmail from your inbox every other day.
excitingthingstodo.blogspot.com
I suspect that the reason you get so much spam is that your email address is so prominently displapyed on the internet. What else could one expect?
I have had the same email address for 3+ years now and I average less than one piece of spam per month. I have a separate free email account that I use for ecommerce transactions and to give out to websites. Even it gets a minimal amount of spam.
I would be outraged having to pay to send email. People should just be responsible with their addresses and not give their primary email out to every webiste on the internet. That would solve the spam problem quite well.
But how hard would it be for ISP's to blacklist "open relays"? So that if anything in the email headers indicates that it *EVER* has passed through an open relay system, then the email gets rejected. Further, if the mail is actually coming from any system OTHER than what the topmost "received" header says, the email would also get rejected. I would suspect that this rejection would probably have to amount to discarding the email rather than bouncing it, because the sender's address cannot be confirmed, and trying to bounce each one would create a network traffic problem.
File under 'M' for 'Manic ranting'
why charge in dollars when one can easily charge in cpu cycles? hello!? wake up!
The details of my punishment do not concern me as much as the net result. Right now I don't have to pay anything to send mail. Nor do I have to maintain another list or login or whatever. So the net result is that I get to pay for what I do freely now. No thanks, I'd rather make comercial unsolicited email against the law and fine people who send it.
Friends don't help friends install M$ junk.
Why not use the enforcement that is already in place? Just forward your spam to UCE@FTC.GOV and let the government go attack the spammers?
x .h tml
D E= PU01
http://www.ftc.gov/bcp/conline/edcams/spam/inde
https://rn.ftc.gov/dod/wsolcq$.startup?Z_ORG_CO
If you have a specific complaint about unsolicited commercial e-mail (spam), use the form below. You can forward spam directly to the Commission at UCE@FTC.GOV without using the complaint form.
D'oh...it's wheel not well
Instead of some central "Post Office" body that you pay, the money should go directly to the recipient of the message. People would actually WANT spam.
Scott invented :-) so maybe his computational challenge idea will gain wide acceptance as well.
Reading all the comments here makes me think that this is the worst case of people not reading the article before posting that I've ever seen. All of the concerns expressed here are addressed. This one is worth taking the time on, trust me.
Four fifths of all our troubles in this life would disappear if we would just sit down and keep still. -C. Coolidge
Spammers are getting more sophisticated in their never ending attempt at avoiding detection and having their service shut off. Most spammers these days don't use their own ISP to send mail and prefer to send through "anonymous proxies" that are usually misconfigured mail servers in different parts of the world. Charging per email would only prevent legitimate users from sending email because it could become cost prohibitive. Spammers, on the other hand, wouldn't be stopped at all. Get real!
Anthony Papillion
Advanced Data Concepts, Inc.
"Quality Custom Software and IT Services"
Whatever idea you're blathering about, it's clearly not the one described in the article(s). RTFA!
Nope. In an illegal drug transaction, neither the buyer nor the seller wants official attention, so the authorities have to go to great lengths to detect, much less suppress, the activity. In spamming, the recipient wants the cops to catch the perpetrator (and maybe bend the Eighth Amendment just a wee bit), so the evidence will be readily available to anybody making a credible attempt to crack down on spam theft.
/. If the government wants us to respect the law, it should set a better example.
--you take double grumpy pills this morning? I didn't say I don't use email,nor recommend that people don't use email, not even close, I just dropped off some lists I was on, both from not really using them and also from the obvious massive spam increases I got. I am reasonably careful on how I give my email out now, as well. Just normal common sense useages, and as a result I still communicate with people I want to, and get the same business emails I always got, but only a few spams per day, very easy to deal with. considering I used to get like dozens and dozens, I think my crude technique worked fairly well.
MY over-all solution to spam? Make it illegal, even if it's a UN thing, much as I don't like the UN for most purposes, for things like that it might actually be useful. Once it's illegal all over the planet it might work better, and any tiny nations that keep it "legal" can just be blocked by people if it gets to that. Personally I would have no problem whatsoever if my ISP blocked entire nations or domains if that was possible and they had a request thing for that, that any user could simply notify them. Commercial unsolicited mail should really be opt-in, not phony opt-in, no forged headers or return-tos. I say treat forged headers and phony return-to addys as fraud, wirefraud, a federal felony, which is what they are. Then they need as much po-leece effort and general press efforts as they are putting into "cracking down on P2P sharers". Governments always having this "war" on this or that, tell ya what, compared to all the other "wars" I'd say a "war on spam" would garner 99.999% planetary support against the "email spam terrorists". It won't stop all of it, but it will stop a lot of it. No one wants to pay per email, neither the senders nor the recipients. No one really wants the wasted bandwith except for those few jerk hosting places that sell space and bandwith to spammers, who SHOULD be universally shunned and blocked by people.
That pay per view e-mail nonsense just ain't gonna fly, so the main premise of the article is seriously flawed. It would be like going back to pay by the minute internet, yeech. Well, maybe some corporations might for their "official" email, but I can't see many individuals all eager to sign up for it. That and more research and adoption of these various spam filters, make them just much easier to use.
Maybe slashdot should run a poll, who would pay to send or receive email? I doubt many people would, but it would be interesting to see the results.
That my friend would be the death of the current spammer buisness model. Yes, you would still get targeted adds, but in smaller numbers, and maybe, just maybe, for something you might be interested in seeing.
Of course, that would be just until some 733t h@xor figures a way around the collection scheme. But we can all dream, can't we?
I think of email as falling into the following classes:
(a) sources I know
(b) sources I don't know but not spam
(c) spam
The difference I note is that the first two people are not deceptive in their point of origin. If there were a Mail Transport Agent that could, upon connection with SMTP, use the from field and Received field to verify that the originating system has the from address on it, and could then mark the mail "Certified", that would go a long way towards giving the control to the recipient to deal with the content.
To implement this would require the efforts of the honest sources, and would let honest sources decide if and when they wanted to deploy. It would also eliminate the deceptive practice of source routing to use a weakly secured system as a reputable source.
I haven't really thought this out in depth, but I think determining the principles by which good sources can certify their emails is the way to go.
*I* am *NOT* going to pay extra to send email.
I say *SHOOT* spammers in the head on national television. ALL CHANNELS without exception, FORCE everyone to watch PUBLIC EXECUTIONS.
"We interupt this broadcast for the public execution of a spammer"
Within a week ALL spam will cease to exist...
You know what's really pathetic? I "previewed" that post _3_ times, only to catch "log" instead of "lot" AFTER I hit "submit"...
Computer Science is Applied Philosophy
Fuck That. I don't see how that would accomplish anything but take us one step closer to internet fascism.
"I feel it is my duty to look at the porn that kids download before I delete it, to be sure what it is."--School Admin
The best way to solve the spam problem is
you spammers get a clue
go do something useful with your lives
sell me something i want
i'm too desensitized for your porn
Know your pads. One time pad: good for cryptography. Two timing pad: where to take your mistress.
"As crappy as it sounds, putting spammers to death would cut spam dramatically."
I already pay for my Internet connection -- why should I have to pay more? Keep that up and you'll see Internet bills like phone bills: 10 pages of line-item bullshit, every month.
Spammers use other peoples resources, and most spam messages are deceptive (fake return addresses and headers). Why is it so hard for elected representatives to understand? Spam should be illegal, just like junk faxes and false advertising.
what's REALLY pathetic is that you have no concept of, uh, what's that word again? uh, oh yeah, MATH!
if the spammer gets a one percent response rate (not unreasonable) on a product that nets him just ten dollars... let's see...
1,000,000 spams * $.005= $5,000 cost
1% response of 1,000,000= 10,000 bites
10,000 bites * ten dollars each= you do the MATH
kneebiter rutle
The first time I cleared my 11 yr-olds email account at hotmail, I wasn't surprised to see that 90% of it was porn. So I changed the security features on the account to only allow mail from those in her address book, which cut out all the unsolicited stuff. Isn't that essentially the same thing? Why would you have to put together a payment scheme.
The problem with this solution is that it doesn't affect the spammers at all. This is essentially a whitelist with potential to "redeem" unsolicited email. It is implemented as a buffer between the server and the mail reader. Spammers can continue to inundate the net with their sea of output, which will wash upon the "shores" of mail servers, with "stamp" subscribers insulated, along with other whitelist and blacklist users. Much of the spam still gets through.
The only real solution is a "token" system which retains the email content on the originating mail server, passing a token to the recipient, which responds with a "send" or "refuse" token. This can be augmented with whitelists to simplify the transaction for expected emails, with minimal inconvenience and resource use for unexpected mail. For example, you see a token from a verified address, with brief header, in your mailbox, click "read", and the message is instantly requested and retrieved from the originators server.
Of course, this will require revamping of the email infrastructure, including mods to MTA's and MUAs
And don't let ANYBODY pay to bypass it. Bam. Spam problems solved, no money changes hands, everybody happy.
Implement an additional protocol where people can send you an email address and a short description to request admission to your white list. Limit these to say 100 chars so that nobody can really use whitelist requests as advertising. Have the whitelist software check all received addresses for validity by autosending a response.
Obviously not that effective for an email account where you might WANT to receive mail from strangers, but great for personal accounts. I mean, how do you usually get a friend's, a relative's, or a business acquaintance's email address anyway? Over the phone, in person, on a business card etc., so big deal if we add the whitelist request step to the transaction.
For accounts where you might want strangers to send, how about a web page to submit whitelist requests. On the page the user would see a keyphrase represented in a PNG or JPEG. The user would have to type in that passphrase to the web page to generate a whitelist request. This way while not exactly eliminating whitelist requests from spammers they would be limited to those with the patience to hunt for whitelist request pages and actually type pass phrases.
Magic numbers? Go do some research to back up your MATH and I'll listen. I don't remember ever reading anywhere those 2 returns. 1% is high and $10? Are you kidding?
Don't flame, try to back it up. I eagerly await silence...
Computer Science is Applied Philosophy
Everyone knows that dragons don't exist. But while this simplistic ...
formulation may satisfy the layman, it does not suffice for the scientific
mind. The School of Higher Neantical Nillity is in fact wholly unconcerned
with what ____does exist. Indeed, the banality of existence has been
so amply demonstrated, there is no need for us to discuss it any further
here. The brilliant Cerebron, attacking the problem analytically,
discovered three distinct kinds of dragon: the mythical, the chimerical,
and the purely hypothetical. They were all, one might say, nonexistent,
but each nonexisted in an entirely different way
-- Stanislaw Lem, "Cyberiad"
- this post brought to you by the Automated Last Post Generator...