Another Whack at Spam

mmoncur writes "Tim Bray just put up an article called Another Whack at Spam that has been getting some attention. It just looks like a variation of the old pay to send idea to me."

Uh.... no!

[TopShelf]

It sends email from anybody to anybody for 1 ($0.01) each. You open an account with them, drop in say $10 and you've bought the rights to send 1,000 emails.

Even though a penny an email sounds innocuous, this just won't fly. For one thing, the infrastructure you'd need to track the financial side of things would probably prevent the figure from being that low. Plus there's the whole loss-of-anonymity that goes along with paying for email rights. The biggest problem is that while this service might appeal to those on the receiving end of email, I can't see a wide market wanting to sign up as senders...

this will never work

[eddiecore]

spammers are some of the slimiest people out there. i can picture millions of people giving their OK to be spammed, sitting at home waiting for a check that will never come. THERE IS NO GOOD WAY TO LOOK AT SPAM. NONE.

Any generic word should work the same...

[KarmaPolice]

So the basic idea of the article (I guess I'm not a real hardcore /. reader since I bothered to read the article) is that every mail is sent through a common SMTP relay and everyone that wants to e-mail you, must sign up with that company.

Then you filter all e-mail not sent through that relay...i.e. e-mails not signed by them!

Here's a cheaper idea: I tell everyone I know to start the subject line with "goat" if they want to e-mail me. Then I filter all e-mail without "goat" as the first word in the subject...

Convert that .01!

[Angram]

I think the bigger problem is the lack of consideration for currency exchange rates. $0.01 in many third-world nations is more than a family would spend on food for the day. In England, it's only a fraction of a pence. Wouldn't this just drive spammers to wealthy nations and prevent poorer ones from interacting at all?

What's so hard about authentication

[tbase]

Wasn't the post office supposed to start a service to give people some sort of certificate to authenticate people in the virtual world? It seems to me the only viable solution (and a simple one at that) is some form of authentication. Even if certificates are too much hassle, why is it so hard to change the protocol to verify IP addresses before allowing mail in or out? If you couldn't spoof IP's in e-mail, then you could reliably blacklist spam-friendly ISP's and easily track down who sent the spam.

Take it a step further, and tie IP addresses to an organization or individual. Then if you never wanted another e-mail from ZD Net, you could block the organization and it wouldn't allow any mail from any of their IP addresses.

Mebbe learn to write a bayesian filter?

[Nuclear+Elephant]

Tim fails to understand that he's still getting spam only for the reason that his Bayesian filter sucks. Most other Bayesian-style filters (and friends) are up to a 99.9% filter rate and working towards five-nines efficiency. Their learning potential continues to improve as well with new concepts such as inoculation. It's no longer a question of "can we filter spam" it's a question of "how do we stop that one in a thousand spams that get through"...and that's soon going to be one-in-ten thousand. The problem is that only a small number of people have actually done any research in this area and tried Bayesian-style filtering. If they did, they would realize it worked ... very effectively. There are also server-side tools that make it easy for the 95% of non-tech people on the Internet. Bottom line, Tim needs to quit his bichin and go rewrite his spam filter - or install someone else's.

Screw payment options

[clambake]

The problem with solutions like this is that it involves money, and thus, is subject to corruption. Spammers would eventually be givien discounts (look at your paper junk mail folks) so that the regulatory company can make an extra buck.

However, there is another solution that would work just as well.

Every email that is to be accepted by an SMTP server must include a digital signature of some root SMTP-signing servers of some kind, otherwise it's automatically rejected. This server will only allow, say, 10,000 signatures per IP address (or per registered user, whatever) per day, maximum. Additionally, it will only sign one message per second per IP addresss, no faster.

There are many variations on this, all of which would work great. For example, have the rate of signing be inversely proportional to the number of messages sent that day. Maybe also have "registered users", meaning people who have an actual credit card number or bank account linked to their name and will be charged $1,000,000 per message after 10,000 have been sent in a day (Sure, there will be spammers using fradulent cards, but in that case spamming has become a real, high-stakes felony).

The point is, as long as you have a few central authorities, just like DNS, where we can go to validate email, then we'll end spam.

Another option...

[r1ch]

Another interesting option would be to use deposits rather than payments - you'd lose your deposit if the mail was unsolicited. That way sending mail is free unless it shouldn't have been sent, and if the deposit was of a big enough size spamming would no longer be profitable. I started a discussion about this a few days ago here

downside

[Ubi_NL]

With the recent connection of Sobig to a spam network, what if:
* Grandma has a box that got hax0red
* box is used to send 100.000 emails

Who is going to pay?
* Grandma?
* OS manufacturer for making lousy OS
* Spamming company

I'd prefer the latter but it required having to trace the company through complicated follow-the-money-go-overseas-FBI-CIA type of actions. So in reality they'll make grandma pay

No thanks