How to Kill Spam Without the State

WaxParadigm writes "The Colorado Freedom Report, an online libertarian publication in Colorado, has an article today about How to Kill Spam Without the State. Will our heavy-handed attempts to stop spam through legislation have the outcome we desire?" The article advocates putting the burden on the end user, saying "We must also take personal responsibility to kill spam. We can't pretend the politicians will do it for us. Their incentive is to develop a cute re-election flyer, not solve the problem. If you're still tempted by the political approach, ask yourself one simple question: who is more technologically savvy, your average spammer or your average politician? There are steps each of us can take to kill spam, and to help foster a culture that encourages spam killing." While this forgets the onus of spam on the ISP and telco companies, it should well be part of a multi-tiered plan against spam.

Onus is on users

[Kanasta]

Firstly, stop buying things from spam!

My friend once commented on how all he hated getting so much spam the everyday. I myself get maybe one or two pieces a week, so I started to show him the basics of filtering out some of the crap.

So what do you think he says? He doesn't want all his spam automatically deleted he said, because sometimes something interesting comes! He even likes to follow the links two visit the sites.

Fuck I wanted to smack him right in there and then. Actually I'm in a bad mood right now I want to go back and find him and smack him anyway.

Solution: Make forging and obfuscation impossible.

[meldroc]

In order to deal with spammers, we have to analyze their vulnerabilites. Understanding their weaknesses is easy once you answer this question: What do spammers fear the most?

That's easy. Look at spam messages. You'll see forged return addresses, redirections through open relays, spoofed Received lines, etc.

What does this mean? Spammers are most afraid of being tracked and identified.

And they have a good reason to be afraid. When spammers are identified, they get their ISP accounts terminated, and may get stuck paying hundreds of dollars of cleanup fees. They're harrassed, sued, threatened, they quickly earn a terrible reputation. They'll go to extremes to remain anonymous.

The key is to make it difficult or impossible for spammers to forge headers and obfuscate their emails' points of origin. How do we do this? Require cryptographic authentication of all mail going through any MTA. No exceptions, ever. Every time a mail goes through an MTA, it must be signed by that MTA. Any message without a signature or with an invalid signature gets dropped. By requiring crypto signatures, responsible MTAs can be easily tracked, and spamming MTAs can be blocked.

Key creation, distribution and endorsement can be through a central authority, though I prefer a PGP-style web of trust because central authorities can abuse their power. Naturally, any MTA caught distributing spam should immediately get their keys revoked, and the revocation should be distributed to MTAs as widely as possible, causing all emails from that MTA to be blocked in a matter of minutes. If an MTA wants its emails to reach its destinations, it will crack down hard on spammers.

The difficult part is convincing ISPs to require authentication and drop unsigned messages. However, if a large ISP such as AOL or Comcast can be convinced to do this, MTAs will have a strong incentive to start signing messages, and authentication will start to catch on.

So if someone is pissing through our letterbox....

[Dj]

So if someone is pissing through our letterbox, the libertarian response is "Get a bucket", rather than stop the person pissing through the letterbox. My that's brilliant! And the way to reduce gun deaths is for people to learn how to dodge bullets matrix-stylee.

Re:dumb article

[TuataraShoes]

The author of the article says he is not a techie. Does that make him clueless? No. He says in the article that he would welcome response from the technical community. Too bad that a certain vocal percentage of techies are so egotistically arrogant that they insult anyone who is less technical than themselves.

So if a non-techie says he is willing to learn, he correctly evaluates the economic reasons that spam continues, he suggests something quite sensible about graphical email addresses on web sites, and asks for further technical input... then why not give him the benefit of your technical knowledge? Or on the other hand, if you have no ideas of your own, you could just insult him.

The thrust of his argument is understanding why spam exists. Until this is understood, the psuedo solutions will fail, because they miss the mark. I thought the article had a valuable point to make. Good on you, Ari.