Slashdot Mirror
Spam Meeting Wrap-up
wendigo2002 writes "Get used to that daily flood of e-mail come-ons, Viagra offers and lucrative enticements to invest in Nigerian pyramid schemes. Internet gurus, software designers and lawyers today ended a three-day Federal Trade Commission discussion on combating spam by concluding neither technology nor laws are yet capable of completely dealing with the plague."
they might work better if they got spammed every day? If we can persuade these guys to get hotmail addresses, they might understand better...
I'll see your Constitution and raise you a Queen.
I can't post anonymously anymore?
Do you even lift?
These aren't the 'roids you're looking for.
To over 40 million email addresses. If you don't wish to continue recieving these emails, you can follow the link at the bottom to unsubscribe.
Yay for meetings to determine that which you already know.
The technology obviously hasn't caught up because my mailbox is full. The laws can't because the First Amendment is crystal clear on the issue (and all the spam from overseas makes our laws irrelevant). The future is Bayesian.
But what will this mean for my tiny, tiny penis????
I mean come on people!! Let's not lose sight of my tiny penis.
Who are y oo ?
Public executions always sounded effective to me.
...but SpamAssassin in combination with Razor and Distributed Checksum Clearinghouse works quite well on most mail servers I've seen.
The Washington Post takes a slightly more sensationalist take on the "bare knuckle," "historic" forum.
I wish all those who convene to discuss law-enforcement and/or regulatory initiatives were so honest about their future prospects for success. Can you imagine what the DEA would be like if someone back in the 50s or 60s had actually gotten together and said "you know, guys, we'll never stop the flow of drugs into the country, and it's only going to get worse". On the other hand, that might have made the problem worse.
I still couldn't fault them for being honest, though.
Lets see more of those! I hope the reward applies irrespective of whether you bring in the spammers dead or alive :-)
Fair enough if they don't think it can be completely eliminated, but it would be nice if the article would mention a few tools like http://spamassassin.org
``We are now importing more spam from the United States,'' he joked. ``We are actually learning what American culture is through spam.''
Hopefully you know that it's not an entirely accurate view of American culture...
Do you have ESP?
p2p spamming (black lists will be futile, unless you wan't to blacklist the entire planet)
advanced intelligent randomization (harder to track, as each spam is unique)
rouge java/activex objects (we hide an applet in our spam page, so you send us more spam).
Selling rouge software that opens up relays and disables firewalls.
SMTP Tunnelling
Setting up pop/smtp servers designed to delete the messages source completly (worse than forge headers.
And worse.
That was #5869911, become a subscriber. :P
Why did GEAR crush RDP?
One little campaign contribution can be the difference.
Bush = Harken oil = Enron = creative accounting, creative stock options = quick millionaire = buy texas rangers = if you try doing the same , you go to JAIL.
We need a federal law with some that lets you go after:
1: The spammer themselves provided you can find them.
AND/OR
2: The entity in the US that the spam was sent on behalf of. If they're trying to sell you something, or scam you, even if they didn't send the mail, they're the root cause.
and
3: You should be able to opt-out of any entity you directly do business with. Opt-in for any of their parters. If I buy something from Amazon I can opt out of recieving their mail. Their partners can not send mail unless I specificly ask for it. If the company gets bought, the opt-in does not transfer, except for one email informing me of that.
4: Here's the gray area; there needs to be some sort of failsafe. So for example, if I hate slashdot and I spam a million people telling them to buy a slashdot subscription. If the people who get the mail can't find me because I sent the mail from an open AP and bounced it off a server in Korea, slashdot gets screwed.
Disclaimer:
I am not a spam expert (I do know a bit)
I am not a lawyer
I am not a lawmaker
Take with salt. Flame on.
Back when the Internet was a nicer place, it made sense to allow anyone to send anyone mail through any system. Now that Internet access is much more common and the propensity of abuse on open systems, it's time to either bury RFC-821 or make it significantly more modern.
No, the deluge of unsolicited garbage will continue regardless of what is done legislatively and with technology. I'm glad to see that people are finally waking-up to the fact that more laws won't fix the spam problem. But technology can be used to make it harder for spammers to hide in their anonymous cloak.
The processing of sending email needs an overhaul that gives system administrators the ability to determine the source of incoming mail and impart a "trust" level of the message. Messages coming from systems that have a high trust are tagged in the headers while those coming from systems that seem dubious or lack any sort of real credentials are tagged accordingly.
No, it won't stop spam, but it'll allow people to simply deny access to systems and users that are a continued problem, forge credentials or email addresses.
That's one approach. Another is sender-risks-paying.
It seems to me that the problem with accountability/traceability is that it would probably require people to have a digital identity that pervades the whole internet. Well, how is this going to be implemented? The bearded-hacker community tried to implement a public key infrastructure, but it's been a huge failure, since it's never reached the critical mass where it would become useful to most people. (It's also way too hard to use.) The other well-known proposal is .NET. Do you really want a future where you have to have a .NET identity in order to send e-mail?
And what about those times when you really do need to send anonymous e-mail? What about corporate whistleblowers? Political dissidents?
I prefer the sender-risks-paying idea. There have been a lot of these proposals floating around, and yes, they've been discussed a lot on Slashdot before. No, they will not require your ISP to bill you for e-mail. No, they will not require non-spammers to pay any money at all. No, they need not involve any actual money to change hands (the currency could be based on CPU cycles, for example). There's nothing technically wrong with these proposals. The bearded-hacker community just needs to go ahead and implement one and start using it. Otherwise MS will implement it in a proprietary way (their Pennyblack project), and it will be another brick in the prison that keeps people locked into Windows/Office/Outlook.
Find free books.
*cough* I know that Clinton didn't take any contributions from Enron , right?
I've got a 76" penis, Wireless web cam's in multiple ladies change rooms, and no debt All thanks to Spam!
Keep it coming!
OK, we all know we can't deal with it completely. How about dealing with it as much as possible?
Much as I hate big government and feel that most laws are bad laws, I would love to see a set of laws in place that would cut my spam in half...
Follow the adventures of the new wandering jews
I've always thought that this is a golden opportunity for La Cosa Nostra. They could sell spam protection insurance. Get spammed? Guido will pay the spammer a visit and "explain" how spamming is not conducive to a long and healthy life.
Mea navis aericumbens anguillis abundat
I like the "neither technology nor laws are yet capable of completely dealing with the plague."
So they'll just give up completely.
Pehaps we should also apply this to: the "drug war", the "war on terror", welfare/social assistance.
In each case, no amount of technology and no volume of new laws will completely solve the problem. I hearby suggest that we give up on those fronts as well.
Take the billions of dollars that is used for those purposes and cut taxes by the same amount. There's your tax cut funding Mr. Bush!
Article X: The powers not delegated... by the Constitution...are reserved...to the people
SPAM: This mail is probably spam. The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM:
SPAM: Content analysis details: (12.2 hits, 5 required)
SPAM: Hit! (2.4 points) 'Message-Id' was added by a relay (2)
SPAM: Hit! (1.7 points) Sent with 'X-Priority' set to high
SPAM: Hit! (0.5 points) BODY: A WHOLE LINE OF YELLING DETECTED
SPAM: Hit! (2.0 points) Received via a relay in relays.osirusoft.com
SPAM: Hit! (3.0 points) DNSBL: sender is Confirmed Spam Source
SPAM: --------------- End of SpamAssassin results ----------------
Spam Meeting Wrap-up
Posted by michael on Saturday May 03, @03:12PM from the spam-and-eggs-and-spam dept.
wendigo2002 writes "Get used to that daily flood of e-mail come-ons, Viagra offers and lucrative enticements to invest in Nigerian pyramid schemes. Internet gurus, software designers and lawyers today ended a three-day Federal Trade Commission discussion on combating spam by concluding neither technology nor laws are yet capable of completely dealing with the plague."
I am sorry, but I have to pay for Internet service. Since I pay for it, I should be able to control what is transmitted on that service. If they want to send me spam, they should have to pay me for using some of my bandwidth. Plain and simple. Before anyone starts to compare it to the regular postal mail, it isn't the same. I don't pay anyone to have a mailbox. I don't pay the mail man to deliever my mail. But those damn credit offer companies DO have to pay to send over postal mail. They pay the people that deliver it. They pay for the paper and envelopes, etc...
This raises couple of endless quotes:
Give me 2,000 good man and three weeks and I will crush them like cockroaches
-Unknown general in 1800's
I am the Law
Judge Dredd
There is no spam in your mailbox. And there never will be
Iraqi Information Minister
Why wouldn't a nationwide 'do not email' list work?
I would think this is even more feasible and enforceable than the 'do not call' list that people are trying to establish to combat telemarketers.
Pass a law that unsolicited email sent to an address on the list is subject to a fine.
If the spammers are sending out multi-thousands of emails, even a fine of $50 per complaint would soon put spammers out of business. The fine could be split between the 'spamee' and some agency to enforce the spam law. I would think that there are enough unemployed people with the skills to staff such an agency, given the state of the nation's economy.
The spammers have to send contact information if they are trying to sell you something, thus there is an easy way to find who is responsible for the spam.
Look at all the new criminal organizations (spammers) that will be sued and people jailed. I can't wait. Hope new legislation is retroactive to the point the company started spamming. Then for my years of torment, they can get years of jail. YAY! I maybe could sue them and make lots of money for lost time deleting junk. 1 second a message, 100 messages a day, 354 days a year that means, 36,500 seconds a year or 10.14 hours a year. Yes one day worth of work.
Motohiro Tsuchiya, a communications professor with the International University of Japan, said Friday that about 80 percent of spam in Japan comes from outside the country and most of it is in English.
``We are now importing more spam from the United States,'' he joked.
Yeah! Finally Japanese importation of at least one U.S. product exceeds their exportation!
"We are excited at the news to increase the amounts of this highly desirable content that we email every day," said Xing Dung Ho Chung, president of some organization in China that sends over 5 billion SPAM emails daily. "Our customers will be very pleased when download times increase proportionally with the desirable noise to undesirable signal ratio as we flood the Internet with our information, preventing undesirable signal from getting through."
Hong Dong Chong Shlong commented, "Our goal is to reduce the Internet into a medium for advertising with no possibility of gaining any other use from it. Our long term plans include government lobbying to illegalize the information that people want while simultaneously forcing people to spend a minimum quota of time reading every word of SPAM and clicking on every full screen advertisement that comes up. Strategic partnerships with computer companies and additional legislation will force the consumer to purchase a new computer each day because the hard drive of yesterday's computer will break down with the wear and tear of yesterday's immeasurable amount of SPAM."
SPAM companies also indicated plans to lobby for laws requiring the consumer to purchase every product and service advertised to them. The long term plan is to give huge multinational corporations an easy method to eternal, perpetually increasing profits with no benefit to the consumer. Humanity, except the shareholders of several enormous conglomerates, will be enslaved forever.
It seems that folks in DC can get things done...when they want to.
Perhaps you should understand a technology before calling for a rewrite.
The sender-risks-paying concept can be implemented on a small scale. All you need to get started is to run a single mailing list on it -- logically, it would be the mailing list for the people developing the new e-mail system. From there, it can spread to any organization that cares to use it. A corporation or a university can say, "Hey, our people are wasting too much time on spam. For internal use, let's require them to use this new system." If it's technically superior to the old system, gets rid of spam, and is easy to use, then it should just spread until it replaces the old system completely.
The problem with a system based on authenticating the sender's identity is it's a chicken-and-egg situation. An online identity is meaningless if it's just like a disposable Yahoo e-mail account. It has to be pervasive and reliable, and it has to point to the real identity of a real person. Probably only MS could pull this off, because their users are such a large percentage of the computer-using population.
Find free books.
Blockquoth the poster:
"Theft of service." Hmm...
How is it that sending spam such a heinous crime while "sharing" MP3s is a service to Mankind?
--the solutions are there, just very few people want to be the first ones, and it has to come automagically installed out of the box. That's the bulk of the email users and receipients. They use what comes installed. They use mostly microsoft. Microsoft does not ship any email client that filters spam AFAIK. It doesn't ship an easy to use click here to generate a whitelist for receipients, that bounces everything else. There's your basic problem. Once again, those that made the most money by far ship the least common denominator product. When there was an opportunity to put the fear of bankruptcy into them, it failed. Their fine and punishment consisted of getting to advertise more, that was it basically. Spam (and mass viruses) will continue until a default microsoft OS installation is a lot more secure and has filtering qualities to it. That won't happen until they get tens of billions stripped from their corporate coffers, and a host of high level execs get some sort of jail terms, or at a minimum get banned from being "part" of microsoft. If the 800 lb gorilla can't do it, every single other machine on the planet could be filtered, firewalled, etc and it WON'T MATTER to the net in general. It is not all their problem, that's obviously true, but I'll say it's going to be have to be mostly their solution, catch 22 there, doing all that makes them no money, just costs them money, they won't spend it, profits are king.
I'd like to use email more, used to use it a lot. It's not useful enough to me any more to bother with it much. viruses and spam and drivel. 99% of the people I know use microsoft, they will NOT_not_send me html email, they consistently cc multiple recipients, they forward every lame joke and stupid rumor and scam, mostly I get drivel, maybe every 1 out of 20 is a legit email now. Spam and drivel, I give up. I glance at my email once a day, sometimes not even once in three days, it's just not useful any longer. I don'teven maintain any sort of address book. I am reluctant to register for any new forums, or to go back to being on email lists. I have almost completely stopped buying anything off the net. I don't WANT any more email addys.
Basically, just waiting for the mother of all viruses to knock out every microsoft machine on the net, then maybe things will get a tad better. I'm actually rooting for the microsoft killer virus to show up. Sooner the better, get it over with. It's a sucky attitude to have, but I have it now.
I've seen here on slashdot all these advanced schemes and techniques,they all look good,many are over my technological head,but none of them seem outstanding or easy though. The problem everyone at the top levels of these conferences, etc, tippy toes around, it's microsoft brand "stuff" just makes the internet insecure. SPAM is just part of it. It just *does* because of the sheer bulk and bugginess, it's designed just...wrong. Close but no cigar but man has it cost people.
Geeks and techs can make anything work well enough,even microsofts stuff, that ISN'T the problem,people on this forum can deal with it using their favorite methods, the problem is there WON'T be a solution until something is done with the dang borg way of "doing" things.
You don't need an internet-wide identity, just one you share with people you know. A simple signed message would work without a huge totalitarian system set up.
The payment method is idiotic because you're introducing a whole new system into the mix: money. Before, you're dealing with the relationship between two people and their computers. Sender-pays involves getting the ISP, and the banks involved. It's just so complex, and to top it off, you'd still need the same identification system as in simple sender-verification!
Sender-pays is the most idiotic system ever devised for stopping spam.
autopr0n is like, down and stuff.
Spam tools are currently at the point tht detection of spam is a near-certainty and the probabilities for false-positives (e.g. good mail getting called spam) are measured in the 0.00n-0.0n% range (that is n in 100,000 to n in 10,000) which can almost always be improved on locally by the user through various means that are anti-spam-tool independant.
SpamAssassin is currently my tool of choice. It's very flexible, can be used with any UNIXish mailer and is just getting frighteningly better over time.
SA's recent addition of Razor2, a Bayesian filter and improved handling DNS blacklists (which SA weights so you can apply them withour worrying about slicing large and useful parts of the Internet out of your field of view) have reduced many concerns that folks had before about active abuse of SA's rule-base in the past. The speed with which this system applies hundreds of tests to a message is also quite stunning, and a major boost to Perl's tacit reputation as a "slow" language.
The biggest problem with SA right now is probably the inability to scale up to the mid-range ISPs and medium-sized business without SERIOUS harware allocation due to the heavyweight neature of its testing. That's my personal mission for SA over the next year or so. My goal is to make SA a reasonable option for anyone that has to process orders of magnitude more mail than your average ISP (e.g. AOL).
When the upcoming 2.54 comes out, I HIGHLY recommend checking it out. You can install SA on most UNIX-like systems, as long as they have Perl installed by typing (as root)following the configuration process if you have not done so for Perl before, and then typingAfter that it's just a matter of how you want to configure your MTA to talk to SA. I recommend using SA in "spamd" mode with sendmail and procmail. If you already use sendmail with procmail delivery, you just have to change your
Good luck!
No way to combat it? This isn't like illegal drugs sold in a secretive black market. In order for SPAM to work it must send you to a place to buy a product, thereby always giving you someone to arrest. If its across international boundaries we'll extradite or put an import tariff on the country for not allowing it.
I suspect the latter is why they shot it down. You would have to hurt trade with 3rd world despots not willing to extradite offenders in order to stop our mother from getting graphic beastiality pics in her email.
Evil Man
Nothing will be done until someone answers the question that lawmakers always ask:
..." All the politician hears is "There's these people who make money" and wonders "How can I get some of it?"
What's in it for me?
No matter what you present to a politician, no matter how good the cause or important the problem, laws get introduced and passed for only one reason, and that reason is that someone was able to answer that question.
Sure, it's possible that the answer was "you'll advance your career if you save mankind with this bill", but that almost never happens. There's always a payoff somewhere, and what I can't figure out is a way to tell a Congressman what's the benefit to him for putting in the effort to fix the spam problem. And getting a bill passed is a hell of a lot of work.
I say: "There's these people who make money by sending a deluge of annoying fradulent emails
that
If every spam victim donated a dollar to support congressmen (IE, campaign funding) to do something about spam, then it'll get done. I for one am ready to help.
Just put your name at the bottom of the list, and send $5 to the person at the top of the list. Now send the list to five of your friends and soon, real soon, we'll have enough money to buy a whole session of Congress. This is completely legitimate, a lawyer looked it over, but you mustn't break the chain.
What you're talking about seems like nothing more then a simple modification of the Black Hole system. which doesn't work at all.
I suppose a 'source trust rank' along with other analysis like baysian filters and other techniques might be slightly more effective, but spammers can simply use these tools to 'check' to see if their messages get through as well.
autopr0n is like, down and stuff.
You know, it's really not that big of a problem for me...
I use Yahoo! mail, and they really do a great job of filtering spam. They have an option by every email to report it as spam, have it investigated, and then blacklisted if appropriate (delivered to spam folder, not deleted, just in case it's important in some way)
In addition to their spam filters, you can create your own and they work pretty decent, too. I get about 100 spam mails a day, about 95 are filtered to my trashcan or spam folder, and only about 5 get through...I can deal with that.
I don't see how spam makes any money any more...oh well.
---------------------------
Spam would stop if nobody bought anything from spammers. SOMEBODY out there must be buying the generic viagra and paying for memberships at hoochiemamma's webcam site. Likely it's nobody that reads or at least is an active participant in sites like this, but THAT's the message that needs to get out. "Don't want spam? Don't buy any of these things". Spammers need money to send spam email. If we don't buy their product they either go out of business or learn that they are losing money by sending spam.
Now, I want and can think of many uses for some X-10 hardware - But I won't buy it because of spam. I have a dog that takes heartworm prevention pills - but i'll pay the extra price to get it from the vet instead of getting from the cheaper online dealer, who, spammed me.
The message needs to get out: "If you spam me, I won't buy your product, even if I do want it."
Don't Tread on Me
I have two different issues with spam:
One, my email address that i use for almost everything for the past 4 years only recieves 1 or 2 spam a day. The address i used for 3 months recieves 100-150 spams a day, it is impossible to use that address for anything..
Now i use two email addresses, one for things like MSN and registering to forums and websites that goto a drop box and then my main address that i only give out to people these days.. its useful, even behind the current spam filters we have on the mail server it gets 8-10 spams a day.
I've left to find myself. If you happen to see me, please, keep me there until I return.
White list.
:) ) unseen. Eventually, if everybody started doing this, spammers would see zero revenue, and the tide of spam would disappear.
If the *only* way for email to arrive in my mailbox was if it came from (or at least purported to come from) somebody on my list, I'd never see spam again. No need to bounce it, just delete it from the mail server, sight (and site
Anybody know of a Linux email app that does this all, deleting spam at the server but downloading wanted email? I'm all ears.
Lemon curry?
Anyway, here is how it works: Set up filters for people who you want to get messages from. I personally have several different mailboxes - for family, work, newsletters I subscribed to, etc. Everything else goes by default to the trash. Operating several Web sites, I needed to make sure that strangers can contact me, too, which is shy I set up links to my e-mail to include a standard subject, and I set up a filter to look for those subjects. This way, I'm able to eliminate 99% of spam (the rest is a combination of viruses (virii?) and spams the spoof the sender's address to someone who's on my list. In turn, I lose less than 1% of messages that I'd actually want to receive. Considering that I was getting 50-70 spams per day and only 3-5 real e-mails, the numbers are on my side.
neither technology nor laws are yet capable of completely dealing with the plague.
Um, of course they're not. If they were, the problem wouldn't exist.
That's why we develop new ones.
The coolest voice ever.
Unfortunately there is money to be made sending spam.
ISPs make money from spam. Some internet users, like those using Aol, MSN, and other tricked out ISPs,
have not got the brains to read anthing in depth anyway so they need to have flash, groovy pics, colored text etc to have the computer work.
These types of users GO to the URLs that pop up in spam and could'nt use a real email program if they knew what it was in the first place. The only thing they do with the computer is use IE or AOL to tell them where and what to veiw on the net.
The problem with spam is the same problem with paper flyers and junk mail, unfortunately they work!
OH THE SHAME I fell off the wagon and use sigs again!
The laws are necessary because it forces the spammers to modify their messages in such a way that they (the spammers) won't get caught.
Then, programs like Spam Sleuth can easily detect the deception and remove the messages.
Pass the laws, and use technology. The solutions exist already. Receiving spam is a nuisance (bandwidth). Seeing spam is a choice.
I think spamd is the way to go. Its in the new release of OpenBSD. Of course - spammers will react very quickly and blackhole any OpenBSD protected site.
But that is great for us - because we don't want to hear from them anyways.
This is just part of the evolution of the net. A new species pops up and slowly takes over.
Eventually uncompetative experiments die out completely.
Ah, the ./ answer to any problem. And it's so simple, no thought required. What would we do with them?
Hacking has been illegal and stereotypically 'bad' since like, the dawn of time. Did it ever stop them? Attaching a stigma to something by creating laws to 'prevent it' merely makes it more interesting, not less. we *need* a guaranteed technological 'solution' to spam promoted and agreed upon by *ALL* the big-guns, otherwise no amount of 'law' making will make it stop. This is all completely pointless until a technological solution can be provided for all. Learn from our past mistakes! History will prove this true. Whatever solution is found, you need to make it Illegal to not implement it, otherwise it's again pointless.
I've been using Spamassassin along with the Razor and DCC plugins and it works very well, 99% of the spam that enters my Inbox is clearly labeled as such. However, does anyone know of a piece of software that will automatically add the IP address of the mail server that sent the spam to my sendmail access.db reject list? If there isn't such a thing, already, I could probably write one myself, but I don't want to go through the effort if it's already been done.
--It's Pimptastic!--
But only after they are stoned to death with hard drives full of SPAM!
+1 Troll
Well - I figure the solution for unaddressed junk physical mail is the principal that: "If it ain't addressed to me then it is misdelivered". Since it is a against federal law to destroy mail - the only recourse is to put it back into the Big Red Mail Boxes the post office has so that they can deal with it.
I presume they return it to the senders.
If it is addressed to me and its unsolicited - then just write: "Return to Sender" on the envelope and again - put it in the Big Red Mail Box.
If more people did this - the problem would go away.
Forward your deceptive spam to the FTC at uce@ftc.gov. If we can up the numbers they get from thousands to millions, maybe they'll fix the problem.
http://www.ftc.gov/opa/2002/02/eileenspam1.htm
How many times does it have to be said - "re-write SMTP!" is not insightful, it's a failure to understand the problem.
My next sig will be ready soon, but subscribers can beat the rush
I am not surprised at the amount of laughter that DMA president H. Robert Wientzen caused by saying that commercial email should be opt-out. It is no wonder people hate the marketers mentality that consumers should be force to see their advertisements.
Pretending for the moment that all the spam problems don't exist and ignoring their redefinition, can you imagine trying to opt-out of billions of email messages? Even if there was rules and they did honor opt-outs, they are still killing the usefulness of email by flooding you with crap that prevents you from getting you real messages.
Then there is the fact that the DMA they probably will not follow the rules or will have lots of holes when they make the rules. One example I can think of will be that they make it so they can just change the names of the "company" or have several "companies" and switch the "company" sending the email so they can re-send you the same emails.
If companies really wanted to be ethical about this and have customers, they would not resort to ticking their potential customers off and they would use confirmed opt-in and not sell their customers personal info (email, phone, street address, etc). It may be harder to get customers, but it is a lot better in the long run if you are get and retain those customers that way then what you might get if you resort to spamming the hell out of them.
.... deal with it. what is the % of computers connected to the internet, well over 90% microsoft based, running microsoft email clients? This is yes/no binary. It appears to be *yes*. Ergo, the solution, that will make the most good in the quickest time and be the best all around is to somehow get ALL those machines to have filters of some sort, and "more secure" features. That isn't bashing, it's just reality. If every single mac, linux, unix whatever machine on the net was 100% totally secure, how much spam and viruses would there still be? Buhzillions still? Be honest, you know it would still be horrendous. it's dealing with 100 million computers running microsoft products that are the problem once you get past the few hundred major spammers. the spammers exist because the microsoft running machines are EASY TARGETS.
It's just data, get over it. Microsoft has billions cash and flocks and fleets of millionaires, they can spend some of that money to make the internet more secure and to help with the spam and virus problem, and they can also do it without turning the internet into microsoftnet. That they choose not to is THEIR decision, not mine. It's up to them to ship more secure products and to include an email client that has filtering and other securing qualities to it. Asking people by the tens of millions to go out and find software and download it and try to make it work is *not* the answer, and this is just SO obvious. YES, it IS mostly their problem. When SPAM and viruses weren't a big deal, swell, who could blame them, the internet was designed for ease of communications PERIOD. That was then, this is now. Now that we know that there are problems associated with that, it's up to them to get on the stick and do the right thing. And not just "more of the same" like they always do, but to make their products better and not smash other peoples products or create two different versions of the internet. They have the opportunity to be righteous, ball is in their court. If it was some other company, then that's what I'd say, because it's mostly -by an overwhelming majority- their machines we are talking about, well, that's the proper noun to use, it's just DATA. There's no "opinion" to it. NO SPAM or virus solution can be attempted without identifying and singling out "microsoft" as the primary place to institute "the fix".
OK, it's time to start thinking in a different mode - what's been done so far isn't working well enough. Look at the facts: almost all relay email sent through open relays because they are open relays is spam. I mean something like 99.9999% of it - almost all. Most of the rest is spammer relay tests. Quality people don't looking for open relays through which to send their email. Spammers do that. Take advantage of that knowledge. If only spammers use that pathway MINE that pathway. It's figurative mines, not real ones: prohibitions against deadtraps don't apply.
/dev/null - ACT. Make up your own way of dealing with them, but make it hurt them in some way, however small. Get any number at all doing something with the tests and those that merely accept the tests and ignore them will help strike fear in the spammers hearts (the operator who does nothing knows he does nothing. The spammer has to worry that the operator does more.)
: 7bit
4 610011
.co.uk location - US law doesn't reach that far. DO IT.
Instead of continuing the three-years-long moan about all those clods who run open relays (I was once one of them myself) why not quit moaning and DO SOMETHING? Spammers send relay tests. DO SOMETHING that screws the spammer because of that. Report relay attempts to his ISP, accept and deliver the tests and send the spam to
Like, for instance, here's a relay test from today:
Received: from adsl-65-70-89-125.dsl.tulsok.swbell.net by X.X.X;
Sat, 3 May 03 12:04 CDT
Message-Id:
Date: Sat, 03 May 2003 12:01:44 -1700
From: 0eik00ha7i95o4@starband.net
Subject: hello
To: timsmith777@connectfree.co.UK
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.3018.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300
054053046055048046056 057046049050053058097 1001151080450540530450550480450560570450490500530
510804611611710811 511110704611511909810110810804611 0101116058049049048051058057058089101115
(I had to beeak up the strings becuase of the Slashdot "lameness" filters.)
It takes as close to no smarts at all to trap a test like this as is possible. DO IT.
(By the way, I altered the string in the message-ID: that's where spammers who use this form of test encode the IP tested.) Similarly, they encode where the test originated in the body. It's decimal ascii: "048" encodes "0," etc.
Don't want to do SMTP trapping? No problem - trap some spammer open proxy abuse. MAybe you'll learn his IP, even (the clown who sent the test above has been using the same IP since at least 11-Mar-2003.)
I've been telling connectfree.co.uk about these test messages going to the spammer dropboxes in their space. I suggest that they simply divert email to the dropbox address so it goes someplace else. This is SOMETHING they can do that really screws the spammers. Until the spammers figure out the email is being diverted they discover no open relays if the email through those open relays to the dropbox doesn't get delivered.
Isn't it about time people though about what to do to stop these spammers? Is it so terribly hard to divert email to a known spammer dropbox address someplace else? Does that not conform to the TOS? CHANGE the TOS - quit waiting for someone else to solve spam and act. Worried about the US DOJ saying this is a crime? Hey, we're talking about a
Read my post again. See anything that says action must wait for a change in the SMTP protocol? NO. See anything that says the little guy with a DSL or cable connection can't take part? NO. ISPs could do even better - think about what the ISP with hundreds of abused open proxies could do if it intercepted the proxy connections made by the spammers.
This does nothing to stop direct spam. There blocklists work like a charm. This does an awful lot to sop abuse-path spam (non-direct spam.) DO IT.
Or continue to moan. One path has better results - see if you can tell which.
Make it illegal to sell email lists from one company to another company or individual.
Pete Carr Owner Chatmag.com
...Who came up with this? The technology for dealing with spam and spammers has existed for longer than e-mail. It's called 'a gun'.
Kill the spammers, and the spam stops. It's that simple.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
You should check out TMDA. TMDA offers challenge/response based whitelisting so that unknown senders can mail you after an initial confirmation. With a correct TMDA installation legitimate senders will only need to confirm once, after that they are added to the whitelist and future mail passes through automatically.
The trouble is that comparatively few people are savvy enough to switch to whitelist email systems. And it only takes a small percentage of internet users who don't block spam, and who order occasionally from spam, to keep the spam problem a growing nightmare for the rest of us. I think it's unrealistic to suggest that whitelists can solve the spam problem, since there's no way to argue they'll be adopted widely enough to keep huge amounts of spam from reaching people.
And another thing. I want random people to be able to contact me, for whatever reason. What I don't want is to be contacted by automated email systems for purposes of marketing. In my mind, whitelists prevent the latter, but they also prevent or seriously inconvenience the former. And to me, that's unacceptable. I presonally rely on Mozilla filters, which rid me of about 97% of my spam, while allowing the email of random people who need to contact me to (usually) get through.
I'm generally "Interesting," "Insightful," and even "Funny" here. What the hell happens to me at parties?
Most spam is only from overseas if you are not in North America - specifically the USA.
If you guys get rid of what comes from your country, the remaining amount will seem minor (until the spammers move and get a whole country into the RBL...
I'll see your Constitution and raise you a Queen.
Why not charge the advertisers of whatever product or service that is being pushed? Wouldn't that eventually lead them to reducing the spammers? Is this too logical or just a stupid idea and I somehow missed the point?
http://www.internetmarketingconference.com
May 12-13-14, 2003 - Palais des Congrès - Montréal, QC, Canada
has anyone else noticed a stream of spam that appears to be forged in an attempt to get the highest spam scores possible?
Over the last few (2-3) months, I've watched the maximum spamassassin scores for filtered mesages -- rise steadily. it looks like people somewhere are actually trying to create spam that trips as many of the rules as possible. Its actually kind of funny -- scores like 45-55 are not uncommon.
anyone else noticed this?
I think whitlelists are a poor solution to the spam problem.
We are the music makers. We are the dreamers of the dreams.
Of course, they're wrong. All you would have to do is put a mechanism in SMTP that would require the point of origin to have a valid IP and perform some sort of lightweight handshake for confirmation.
Maybe something like this:
1. mta1 @ valid ip (1.1.1.1) -> email -> mta @ valid ip (2.2.2.2)
2. mta2 -> (email_id,email_md5) -> mta1
3. mta1 -> ok -> mta2
4. mta2 delivers email normally
If mta1 is a spammer and they are trying to spoof an ip, then the handshake will fail because either (a) the host at the spoofed ip will reject the connection or (b) the host at the spoofed ip will accept the connection, but will fail the handshake because the email_id or email_md5 aren't in its records.
e.g.:
1. mta1 @ spoofed ip (1.1.1.1) -> email -> mta2
2. mta2 -> (email_id,email_md5) -> host @ 1.1.1.1
3. host -> reject || wtf? -> mta2
4. mta2 drops email and makes a note in the logs
a scheme of this sort would provide some level of accountability for spammers by preventing spoofing. They would be trackable. End of a lot of spam. the extra steps wouldn't require that much more processing power, especially for low-volume servers (e.g., 1000 emails/sec ).
Don't become a regular here, you will become retarded. -- Yoda the Retard
There seems to be a simple solution to this problem. Why not just go after the people that will be making money off of the spam? It really doesn't matter at the end of the day who sent it. What matters is who will be recieving the money from the spam doing its job.
Spam email has to have a way of the recipient replying the spammers (and the spammers cutomers)
so that it makes economic sense.
If there is a law that prevents spam from being profitable, chances are it won't exist much longer.
We have caught the sniper like a duck in a noose. We understand that hearing us say this is important to you...
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
TMDA supports this by allowing you to create temporary email addresses and list-specific addresses. For example, say my email address is me@whitelist.com. I sign up for an account at Amazon. Instead of putting in an email address of me@whitelist.com, I put in me-amazon.whitelist.com. Mail sent to this address is automatically passed through. If Amazon sells my email address, I will be able to tell since I will get spam to me-amazon. If so, I can remove this address from my pass through list and complain to Amazon.
Alternately, if I want to put out my email for a reply that will come within a week, TMDA can create an expirable email of the form me-A283653DE@whitelist.com (the A283653DE is an encrypted date/time string). I can then happily send that email out to anyone with the assurance that after a week, messages sent there will bounce.
I agree that this is not an absolute solution to the problem since not everyone will use whitelists. However, it can be a very good solution to the personal problem of trying to manage one's own receipt of spam.
Check out TMDA.net. Essentially what it does is require people who have never emailed you previously to respond to a challenge email. If you respond to the challenge, you get whitelisted and your email goes through henceforth. This is discussed more lower in the page (look for TMDA).
I don't think that this is *the* answer to spam, but it is an answer that improves the current situation.
--ahh, good to know, I sit and type corrected! Does it work well? Either way, glad to see it!