Slashdot Mirror

← Back to Stories (view on slashdot.org)

SendMail CTO Sounds Off On Spam and FTC

Posted by Hemos on from the yeah-some-experience dept.

CowboyRobot writes "Eric Allman takes his well-deserved turn in commenting on the state of spam, the dark future, and the need for intervention. He calls spam an "arms race" where "in the long run everyone loses (except the arms dealers)." As you might imagine, he's on our side, and he does a good job of clearly describing the current state of spam, and the possible solutions."

12 of 233 comments (clear)

  1. I like the idea by Transient0 · · Score: 5, Insightful

    of the do not spam registry that they mention in the article. But it seems like a real pipe dream considering how much trouble there has been getting the do-not-call registry up and running.

    Also, most telemarketing is done from in-country because of LD charges. Not so with e-mail. It's pretty hard to enforce US laws on a Taiwan spamhaus.

    Ah well, every little voice against spam warms me a little at least.

    --
    lysergically yours
    1. Re:I like the idea by aborchers · · Score: 5, Interesting
      Even if most spam does currently originate in America, if the U.S. somehow passes and enforces an effective anti-spam law, there is effectively zero cost involved in these spammers moving there business out of the States and still spamming Americans.


      As much as I find balkanizing the network to be philosophically repugnant, there is a second step that is not often discussed in the context of US legislation against spam.

      Once spam is banned in the US, we (the network operators) have to block traffic from netblocks assigned to countries that are friendly to spam. The legitimate business and communications needs of those countries will then drive them to enact their own anti-spam policies to get off the block lists. If their only need for the network is to send spam, then they will soon find themselves isolated and ineffective.

      I don't like it, but to me it looks more and more like the lesser of evils...

      --
      Trouble making decisions? Just flip for it.
  2. The more I think about it...... by The+One+KEA · · Score: 4, Interesting

    ....the more I realize that no amount of technology or legislation is ever going to completely eradicate spam from our lives. More and more it seems to me that the only way we can get rid of spam is through educating the next generation of Internet users to ignore it.

    Spammers spam because they make money. Educate people to ignore spam, and the spammers don't make money. Bingo, no more spam!

    I know it sounds like a pipe dream, but what other options are there?

    --
    SCREW THE ADS! http://adblock.mozdev.org/ Proud user of teh Fox of Fire - Registered Linux User #289618
  3. Re:Spam is bad...mmmkay? by pirhana · · Score: 4, Insightful

    I am sorry to tell you that you dont understand the average internet user at all. Installing any such spam filter or tool is well beyond the capability of 95% of the users atleast. Classifying mails as "spam" and "ham" and training the bayes engine and all are good for geeks, but not for the average user.Belive me for this. For him/her, these are just unacceptable solution and spammers exploit this weak point. As long as substantial chunk of users are non-geeks, spammers can flourish.And anti-spam laws are relevent in this context.

    --
    http://www.nasirudheen.blogspot/
  4. Re:Spam is bad...mmmkay? by mumblestheclown · · Score: 4, Insightful
    Your observation about the slashdot stupid spam story phenomenon is a good one.

    Your last paragraph, however, shows that nevertheless you completely don't get it, and, by completely, I mean that you really sound as clueless as can be on the topic of spam.

    Let's see how many standard spam-thread replies are required for your two sentences of nonsense at the end.

    • SPAM is an arms race - single tools don't work, because eventually they will be beaten, as has happened to ALL tools as yet, including bayesian filters.
    • SPAM tools such as you suggest are basically for the 3l337. you are basically saying "spam is not my problem if *I* can avoid it. this is a) antisocial and b) bs, because ...
    • your note does not in any way address those billions of dollars of bandwidth wasted before spam gets to your personal box.
    • if you stop 99% of spam now, by a rough guesstimate of what the parent article alluded to, you can roughly expect to get 100 times more spam than you currently do in 2.5 years time. ergo, problem not solved.
    • you still haven't worked on the issue of spam definition.
    In short, any article, post, or message that claims that Product X is an acceptable solution to SPAM just doesn't get it.
  5. sorry, a gut feeling is good enough by Schlemphfer · · Score: 5, Insightful
    You've asked for statistics, but this is a case where none are really needed. Logic is good enough. What you've asked for can't be all that easily studied. Harvesting email addresses from opt-out lists has to be about the sleaziest thing a spammer could do. And you'll agree that the sleaziest spammers forge headers. So, how on earth could you be 100% certain that your act of opting out has caused a given piece of spam?

    All you can do is look at the spam industry itself, and ask, "why wouldn't they harvest opt-outs for future spamming?" By opting out, after all, you've just given proof that the email address in question is valuable to you. Why wouldn't they want to take advantage of that piece of information. Do you think spammers suddenly adopt scruples on this point? Given how unscrupulous spammers are in every other aspect of what they do, I think it's absurd to think they treat opt-out lists with any integrity.

    That opt-out lists will be abused by spammers is common-sense. I think the burden of proof is on you to show otherwise.

    --
    I'm generally "Interesting," "Insightful," and even "Funny" here. What the hell happens to me at parties?
  6. Re:Sendmail is a Good Guy? by Anonymous Coward · · Score: 5, Insightful

    OK, at first you were just the usual whinging slashbot, repeating the "Sendmail is BAD" mantra that people who've never run major mailserver like to parrot. (With the usual complaints, which all sound like "Ford cars must be slow, because the Model T was slow, and they must all be broken, because the Ford Motor Co. has had recalls where they fixed cars for free".)

    Then you mentioned "MS Exchange developers" in the same breath as Wietse Venema and Dan Berstein, and finished off by calling Allman a "suit".

    You must be a troll, then! Or profoundly, phenomenally ignorant.

  7. Secure email protocols won't help. by Anonymous Coward · · Score: 4, Interesting

    It sounds like a good idea on the surface, but it won't work.

    I got hit by a spammer last week who was changing his host names every couple of messages. And not just on the envelope - he was changing 'em in DNS because he had his own nameserver! He got shut down by the mid-level carrier after about 12 hours, during which my servers received thousands of messages that I had to block by IP. Today, though, I am getting the same stuff, now coming from a cracked cable-modem user.

    Hundreds of the spams that hit here every day are sent from cracked systems connected to Comcast, RoadRunner, and Verizon DSL.

    If you allow anyone to send mail, regardless of how that mail is encrypted or secured, the spammers will find a way to illegally take advantage of that legitimate mailserver and send their trash.

    This is because they are criminals. Not "legitimate businessmen" and not "entrepreneurs exercising their freedom of speech". Criminals who purchase accounts with stolen credit card numbers and move on as soon as an ISP shuts them down.

  8. Person to person communication in the future by Filik · · Score: 5, Interesting
    Darn, article got slashdotted before I could read it, so this reply is just general musings.

    The spam problem has to do with the whole future of person to person communication, as well as the whole future of adverticement. Whichever way it will be solved, a very likely outcome is that in 10 years it will no longer be possible in any way to get in touch with someone you don't already know from outside the Internet, and the first decade of Internet will be looked back upon with nostalgia as the only decade of totally free communication. This is because the real problem lies in the initial contact.

    You might argue that we can still communicate via boards, chat channels and similar things, where you can give out crypt-keys to those you wish to continue communicating with, but remember that these will be the next target for adverticing after open email collapses. I'm sure adverticers will even write AI's to simulate people so that they can lure the crypt-keys from innocents.

  9. Re:I'm calling bullshit on this part: by dazed-n-confused · · Score: 5, Informative
    Examples, statistics please. No more anecdotes, no more gut feelings.

    OK: here's a year-old ComputerWorld article documenting a study that did exactly that. Its title? Unsubscribing from spam counterproductive.

    The best anecdote/example/statistic?
    "We then set about religiously unsubscribing from the invitations sent to one of the addresses, but not those sent to the other. We've had it running for three weeks at date of writing and more than twice the volume of spam has come back to the 'unsubscribed' mailbox as to the untouched one."
    So this study found that unsubscribing made spam volumes more than double.

    Feeling better now?
  10. Re:Sendmail is a Good Guy? by doug · · Score: 4, Insightful

    Back in the '80s, all sorts of open forwarding were great ideas. Do you remember having to put someone%domain@att.com because AT&T seemed to have better routing abilities than your local box?

    Root access always was a hack, but it is a quick and easy way to get around file permissions. Back before pop/imap when everyone read directly from $MAIL, you needed a way to restrict mail to the user and the sendmail program. Who bothered with complicated groups just for that?

    I agree that these justifications have gone the way of the dodo, but anyone who's been around understands where they came from.

    I'm not trying to defend how sendmail works today, just to explain why those features are present. Personally, I prefer the old "trust everyone" model for mail than the insanity that we have today, but that isn't realistic. DJB's paranoia is useful thing in these modern times.

    - doug

  11. Re:Spam is bad...mmmkay? by bfields · · Score: 4, Insightful
    Whine and insult me all you like... and you can throw all the papers you want to my way, but the proof is in the fact that I DONT GET SPAM (except for the mindless responses such as yours posted to slashdot).

    One of the things mumblestheclown is pointing out is that the fact that you personally are currently managing to filter out your spam is *not* sufficent evidence to prove that the software you are using will be an effective long-term solution.

    The software you're using (however clever it is, however hard it tries to "learn" new types of spam), has easily exploitable flaws. The spammers haven't gotten around to exploiting them because it probably hasn't seemed worth their while--probably not enough people are using the same type of filter yet. But they will, eventually. At which point filters that take a fundamentally new approach will be required. Which the spammers will eventually figure out a way around. Etcetera.

    Most spam filters are designed with the goal of filtering out spam that is similar to currently circulating spam; they make no attempt to resist an intelligent person who has spent some time thinking about how to circumvent the filter.

    Bayesian filters are no exception here.

    --Bruce Fields