Slashdot Mirror
Another Whack at Spam
mmoncur writes "Tim Bray just put up an article called Another Whack at Spam that has been getting some attention. It just looks like a variation of the old pay to send idea to me."
← Back to Stories (view on slashdot.org)
Should've been "Another Scam at Work"
If you keep throwing chairs, one day you'll break windows....
I looked at the article, and I still don't see how payments would even work. I have to send a few emails a day -- so I'm paying pennies per day? That's ridiculous. Plus, there's already all this software that sends and receives email for free... it's all going to have to change. It's a herculean effort, and will still result in spam -- regular mail costs a ton in comparison, and I still get junk mail in there. Perhaps filters plus busting bad offenders will eventually make a good difference... just taking my name off of lists has helped me a great deal.
stuff |
The only viable solution to spam using the current infrastructure is learning algorithms such as Bayesian spam filters. (Would be interesting to see if similar techniques could be used to beat such spam filters and get spam through..)
Trying to get everyone to change from SMTP to something else just isn't going to work. There is too much for an instant change. This principle is basically why we're still using IPv4.
Wouldn't it be possible to forge the source address as the paid server? Once you've achieved this you can get into everybody's inbox, filtered or not.
/* TBD */
It sends email from anybody to anybody for 1 ($0.01) each. You open an account with them, drop in say $10 and you've bought the rights to send 1,000 emails.
Even though a penny an email sounds innocuous, this just won't fly. For one thing, the infrastructure you'd need to track the financial side of things would probably prevent the figure from being that low. Plus there's the whole loss-of-anonymity that goes along with paying for email rights. The biggest problem is that while this service might appeal to those on the receiving end of email, I can't see a wide market wanting to sign up as senders...
Stop by my site where I write about ERP systems & more
spammers are some of the slimiest people out there. i can picture millions of people giving their OK to be spammed, sitting at home waiting for a check that will never come. THERE IS NO GOOD WAY TO LOOK AT SPAM. NONE.
So the basic idea of the article (I guess I'm not a real hardcore /. reader since I bothered to read the article) is that every mail is sent through a common SMTP relay and everyone that wants to e-mail you, must sign up with that company.
Then you filter all e-mail not sent through that relay...i.e. e-mails not signed by them!
Here's a cheaper idea: I tell everyone I know to start the subject line with "goat" if they want to e-mail me. Then I filter all e-mail without "goat" as the first word in the subject...
On a personal note i just stop spam by removing all html mails, if my friends send me junk in html format i explain carefully and with a pointy stick that I dont want html emails.
The article linked to above suggests steps in the same direction although baby ones.
Ask people to fill forms in triplicate, deposit a refundable amount with the ISP and only then would you be allowed to send emails. Introduce a bit more red tape with emailing and that will be the end of frivolous emails and spam.
As it is, even at workplace everyone CCs everyone else, you get emails of births, promotions, checkin notices, build notices, resignations, business deals, mailing lists and what not.
We should seriously consider limiting the number of email even ordinarily (i.e. without spam in the picture) and the amount of information thrown our way or failing that attaching an external storage and processing device to our brains.
I think the bigger problem is the lack of consideration for currency exchange rates. $0.01 in many third-world nations is more than a family would spend on food for the day. In England, it's only a fraction of a pence. Wouldn't this just drive spammers to wealthy nations and prevent poorer ones from interacting at all?
GL
It'd be much better if that money could buy me time alone with the spammer that sent me the mail, in a basement. I'll bring my own cane. If they could guarantee I'd get that every time someone spams me I'd pay a buck per mail and not even blink.
---- Take the Space Quiz!
You will not change every person's behavior. Especially if it changes from doing something for free to paying to do the same thing.
The spam problem will only be solved by changing the underlying technology that is invisible to end users.
That way, you only have to change the behavior of every postmaster. :)
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Barring all the previous comments people have made relating to the infrastructure required jsut to set up a scheme like this there is another far more compelling reason this scheme will not work.
People will not agree to pay for something they previously had for free.
Email has been free to send for a great deal of time now. People just wont agree to pay for it.
This whole story sounds a lot like the Urban Legend along the lines of the US government planning to introduce an email tax for each mail sent.
I have no sig yet I must scream.
Unless several main organisations and companies join forces to introduce a new way of sending mail with massive support, it is not going to happen. Yet another paper about yet another protocol is not going to change that.
It's a fraction of a pence in Scotland, Wales and Ireland too.
Being responsible for several email lists I'd second those thoughts and add that I don't understand why more people are not using Active Spam Killer. I've been using it for a couple months and love it. No spam, no hassles (once set up admittedly) and no fear of missing a legit. email.
90% of the wealth is in 2% of the pockets. Bummer to be in the majority.
It costs me less than a penny a piece to deal with an individual spam. Hit delete, turn on my filter, etc. Is it really such a nuisance that we have to waste billions of dollars to "solve" it?
This seems to be an ISP solution, not a user-oriented solution. A user-oriented solution would be authentication based. Why not put a system in place to check the validity of the "real" sender and be done with it? What does the penny solution have over this? Both require all SMTP servers to be upgraded.
It is easy to see that there are SOME spammers who would pay. Just like with telemarketing. It costs them. We would just end up with the problem all over again.
No thanks. I already pay for ISP service. Next, they'll want to charge Web hosts for every page they serve up in order to stop pop-up ads. Sounds like a vast left-wing conspiracy! We'll TAX the problem out of existance! Never works.
"If you want to improve, be content to be thought foolish and stupid." - Epictetus
Wasn't the post office supposed to start a service to give people some sort of certificate to authenticate people in the virtual world? It seems to me the only viable solution (and a simple one at that) is some form of authentication. Even if certificates are too much hassle, why is it so hard to change the protocol to verify IP addresses before allowing mail in or out? If you couldn't spoof IP's in e-mail, then you could reliably blacklist spam-friendly ISP's and easily track down who sent the spam.
Take it a step further, and tie IP addresses to an organization or individual. Then if you never wanted another e-mail from ZD Net, you could block the organization and it wouldn't allow any mail from any of their IP addresses.
666-607: 6th floor apartment of the beast
Why do people keep inventing new organizations that they want to give money to? Why should I pay some third party so that I can send email from myself to someone else?
No, no. The only thing that makes sense--if you want to consider a pay-for-email scheme-- is to pay the recipient. THEY are the one whose resources are being consumed. They are the one who can determine what price is a suitable deterrent for the spam that they receive. Nobody else can do it-- it's as simple as that.
It's true that the infrastructure to implement this system would probably require a third party financial clearing house, and they'd probably have to get a cut, but fundamentally, the payment must be receiver driven.
So imagine that to send an email, you contact an escrow service which gives you a token for your email: a promise of payment equal to the amount required by the recipient for delivery. The mail gets sent, the receiver can choose to collect payment or not to (friends don't pay friends to read their emails with this system). Obviously there are some technical challenges, but there are a lot of bright people out there.
Just, for god's sake, don't make me read another article where someone invents a company that they want to give money to when the recipient is the party being injured by spam!
I was providing just one example, mate.
GL
The spammers would still make a profit... they'd just charge more for their services. Though, charging 1 penny each is not a bad idea. And, you can still keep it 'free' by allowing upto a set number per day. Start at 100 emails a day, then after a set period of time, go up to 500 per day, etc. Businesses that need more than a set number can simply verify themselves as 'valid' senders. Perhaps just allowing mailserver owners to validate their servers/IPs might be enough. If you are running a mailserver, join a 'circle-of-trust', and create certain standards for the circle.
Tim fails to understand that he's still getting spam only for the reason that his Bayesian filter sucks. Most other Bayesian-style filters (and friends) are up to a 99.9% filter rate and working towards five-nines efficiency. Their learning potential continues to improve as well with new concepts such as inoculation. It's no longer a question of "can we filter spam" it's a question of "how do we stop that one in a thousand spams that get through"...and that's soon going to be one-in-ten thousand. The problem is that only a small number of people have actually done any research in this area and tried Bayesian-style filtering. If they did, they would realize it worked ... very effectively. There are also server-side tools that make it easy for the 95% of non-tech people on the Internet. Bottom line, Tim needs to quit his bichin and go rewrite his spam filter - or install someone else's.
The problem with solutions like this is that it involves money, and thus, is subject to corruption. Spammers would eventually be givien discounts (look at your paper junk mail folks) so that the regulatory company can make an extra buck.
However, there is another solution that would work just as well.
Every email that is to be accepted by an SMTP server must include a digital signature of some root SMTP-signing servers of some kind, otherwise it's automatically rejected. This server will only allow, say, 10,000 signatures per IP address (or per registered user, whatever) per day, maximum. Additionally, it will only sign one message per second per IP addresss, no faster.
There are many variations on this, all of which would work great. For example, have the rate of signing be inversely proportional to the number of messages sent that day. Maybe also have "registered users", meaning people who have an actual credit card number or bank account linked to their name and will be charged $1,000,000 per message after 10,000 have been sent in a day (Sure, there will be spammers using fradulent cards, but in that case spamming has become a real, high-stakes felony).
The point is, as long as you have a few central authorities, just like DNS, where we can go to validate email, then we'll end spam.
What next, paying per HTTP request?
This will never happen, the second that SMTP transactions cost money people will switch to another, perhaps rogue, protocol that is free and that would be the end of stardardized email.
Whoever came up with this idea lacks some basic understanding of the Internet and information in general.
The power of Christ compiles you!
It just looks like a variation of the old pay to send idea to me.
So why'd you bother posting it? Too much free time?
Daniel
Carpe Diem
Here's an idea. Instead of blacklisting domains that spammers use (because we all know that they have effectively an infinite supply) or going to extreme lengths such as paying for each email sent, why don't we make it so that emails may be classified based on the volume of mail they send, and such classification be mandatory? Hence, we could block certain accounts that were sending, say, more than 10,000 emails per day. If, for example, there were a digital certificate in each email that added one to a remote counter for that email operated by an independant entity, and our emails were configured to only accept emails sent with such a certificate, I think it would be a feasible idea (except perhaps for the bandwidth costs involved in keeping track of said counters, but I don't have the answers to everything).
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Another interesting option would be to use deposits rather than payments - you'd lose your deposit if the mail was unsolicited. That way sending mail is free unless it shouldn't have been sent, and if the deposit was of a big enough size spamming would no longer be profitable. I started a discussion about this a few days ago here
The problem with all these spam preventing ideas is that they don't get to the root of the problem; the spammers. I have a foolproof solution.
Capital punishment.
Simply kill the spammers. Send spam? Instant death. No jury. No judge. Maybe the spammers can be the first to appreciate the benefits of "Real Cheap Life Insurance" when they're frying on the electric chair.
Don't moderate me funny. I'm not joking.
If I get this right, the idea is to lose the one clear advantage email has over regular mail, namely no cost (let's ignore actual ISP costs, those are together paid by the sum total of all internet subscribers in the world).
By artificially making each email cost something, the economics of the email system become identical to the economics of postal email, except it's faster. That's the idea, unless I'm missing something.
Now in the real world, we already have an example of a system with such economic properties, namely the postal system. Unfortunately, in the real world, we also have an example of the way spammers have adapted to that economic system. It's called junk mail, and I get tons of it in the physical mailbox.
So maybe the companies pay for their junk mail to be delivered to my physical mailbox. Guess what? I still don't want it. But they paid for it, so I guess it'ts allright....not.
Thanks but no thanks. I'll take my chances with a personal junk filter.
p.s. I accept that ISPs have a huge problem, but this way is only going to legitimize spammers who are willing to pay.
If they ever got off the ground, they'd be shut down in short order due to the trouble they would be in for being a spam-cannon.
Don't blame Durga. I voted for Centauri.
Just auto respond to everyone who is not in your email white-list with a challenge/response. If someone I don't know wants to contact me they can take the five seconds it will take to respond. Spammers wont have time to make this work on bulk.
Micropayments still suck.
Why the hell should I trust this company, particularly when Verisign buy all successful competitors - as they did for digital certificates?
Most importantly: there is no natural reason for the cost.
Now, if there was an easy way to pay me one penny to receive each email, with free channels set up on a case-by-case basis ... that would work wonderfully. All we need then is a workable mechanism for single-penny transactions to be workable for almost everyone ...
http://rocknerd.co.uk
Remember the days when ATM's were bright shiny new? Then came some interoperability, and some token fees. What happened to the fee's then? They went up. Revenue. Not many companies ignore a revenue source. And many know one when they see it.
My point? Simply this. That penny fee will go up, after some period of time.
emt 377 emt 4
My Netscape email has some settings that I can do that filters emails.
In the email program, it says, "match any of the following", so I typed in abcdefghijklmnopqrstuvwxyx and chose "move to trash" It must work great because I don't get any more spam.
Pete Carr Owner Chatmag.com
It is good that you go the extra mile and actually document when someone opts in.
Thanks to the spammers, the term "opt-in" has no meaning at all: I've gotten hundreds of spams claiming that I opted in and never did at all.
This whole idea is a joke. It would be treated as something to be worked around.
Don't blame Durga. I voted for Centauri.
This concept is nice and dreamy, but the reality is this - most spammers are pretty much on the low end of the internet evolutionary chart, and don't have many morals to begin with. Trying to change the business model on those whose business for those who already crack other organization's systems to spit out millions of emails is simply not going to happen - they'll just find some way to get around this as well. What should happen is either an extension to SMTP or a completely new protocol for MTA's. Perhaps one that would use some sort of SSL certification to authentificate itself as the MX of a domain would be more effective? (At least it *might* put an end to all the forged emails.)
monitor spam. report to ISP. if they ignore your complaint, blacklist them. if they continue to ignore you, blacklist their whole IP block.
go after the people whose products they're advertising. with a big stick.
"That means that some formerly-free list subscriptions are now going to cost you a penny a message. Deal with it; it's the price of killing spam."
I'm on quite a few mailing lists, due to my wide range of interests. I can receive 400-600 messages a day from these lists. So I should spend $4-$6 a day to fight spam, eh? The largest estimate of the cost to ISPs for dealing with spam has me paying about $8 a month.
Its a nice idea, but it just won't fly. Try again.
This sounds like it might actually work.
Its human nature why should I pay you for something that is already free. Unless there was a massive simaltenous move then its just not going to work
Rus
Cheap UK and US VPS
This is more than just sending off a single email to a scantly watched abuse email.. This means getting hold of a real person and explaining, realistisay, what sort of legal liabilities they might be open to if they continue to support the spammer's actions. (Hacking laws, aiding and abetting, Trademark infringement and vicarious liability) often fit in there.
If more people would do this, life would get a lot harder for spammers.
When you send snail mail there is some actual, legitimate cost involved in transporting the letter for A to B. But email can be zapped to any net.connected machine pretty much instantly and for a vanishingly small cost. Layering on some expensive infrastructure will never work, for exactly the same reason that charging big bucks for easily reproducible media won't: everyone will use a cheaper way, and the expensive way will be ignored.
In the article Tim Bray says the problem with the current email system is no cost coupled with relative anonymity. Ok then, lets pull back on the anonymity a bit. Let's find a way to identify and block hosts that are sending millions of mail per day. Anything is better than enabling some massive new bureaucracy, which will inevitably put the screws to us the same way Verisign has.
I mean Jesus, haven't we learned anything?
This won't eliminate spam, though it will reduce the amount of it. And this can allow web services providers to make more money, but who will pay me? The enduser, who still will be reading that crap...
May Peace Prevail On Earth
I have had this idea floating around for some time now. Anyone seriously interested is invited to look at my journal
strangers who I want to contact me e.g. from business card or that I've given my email adress to?
President ISES
(International Society for Elimination of Sigs)
With the recent connection of Sobig to a spam network, what if:
* Grandma has a box that got hax0red
* box is used to send 100.000 emails
Who is going to pay?
* Grandma?
* OS manufacturer for making lousy OS
* Spamming company
I'd prefer the latter but it required having to trace the company through complicated follow-the-money-go-overseas-FBI-CIA type of actions. So in reality they'll make grandma pay
No thanks
If an experiment works, something has gone wrong.
It's just too late now. The REAL problem with spam is that addresses get forged, and e-mail as it stands now is too insecure to be totally fixed. We'd need a new replacement for e-mail and I think that instant messaging could replace e-mail. Instant messaging can be set from the get go (easily) to ask permission before you get on the list. Once your added, you can send mail. If someone pisses you off too much, you yourself can ban em.
Gorkman
One of my friends is the Production Manager for a small touring theatre company. They had a tour in the Republic of Ireland just as the Euro was coming into use. So, some of the receipts for the tour were in Pounds sterling, some were in Punnts, and some were in Euros. The accountant just about shat himself when he was presented with them.
Using a pay-to-send relay agent is crude, but it doesn't really address all the issues. Who runs the relays, and who decides if the relay is valid, or is a spammer's? Who decides the price of relaying? What about mailing lists?
I prefer a system of micropostage, in which there is no single postage-issuing authority, but the mail receiver maintains a whitelist of acceptable ones. (If one becomes compromised by spammers, then it gets deleted from the whitelist, a quick anc clean form of RBL.) Micropostage is only needed when the mail comes from a stranger; users can put their friends, correspondents, cow-orkers (whole domains) and mailing lists onto a whitelist. Postage is only checked at the receiving end, where something that arrives without a valid stamp and is not from someone on a whitelist will be rejected.
In this micropostage scheme, micropostage is very cheap (fractions of a cent). It takes the form of one-time digital signatures. The recipient has to query every stampette-bearing email against its issuing micropostage authority, which determines if it isboth valid and has not already been used. The micropostage authority recovers its costs via the sale of stampettes. And if it sets its price low enough for spammers, then its stampettes don't get whitelisted. If it sets its price too high, a competitors' stampettes get used instead.
End users should get allotments of stampettes from their ISPs. If they're compromised by a virus, the allotment will run out, and the ISP will demand virus removal before giving them more.
Let's face it; SMTP sucks, was never intended for a big public network, and needs major replacement. But the insistence that email be "free as in beer" will doom any alternative. Cheap, yes but when a million mails to strangers cost nearly zero (especially with spammers stealing service as they do), it's too tempting to spam. Some tiny cost is needed.
I personally think pay-to-send is only a matter of time, once enough people get pissed off (read as: big corporations losing enough money because of this increasing problem). Five cents per email would cut way down on my most hated form of spam, the illicit/illegal kind.
Yes, yes. I know, there are ways to defeat any pay-to-send system, but under a pay-to-send system the spammers would be easier to trace, and the presumed burden would fall under spammers.
I can't think of *any* other communication system in the world where you can send as much mail you want to as many people as you want for as little cash as you want (often less than $20 USD/ month) while still remaining anonymous for all practical purposes.
Who do you think pays for all of this wasted bandwith of spam now? The answer is Joe User.
.
uR iGn0ranc3, Their Power
I hate spam as much as anyone but I would not be willing to pay money to stop it. The spammers are the ones who would find a way around payment.
The poor sap who gets a bill from his ISP at the end of month, discovering the latest MS vulnerability left his machine to send off 150,000 spam emails.
How exactly would this scheme work? Would you need verification of every email you send? What if the above scenario occurs and no verification is in place?
(I can't believe the old linked article mentions my ancient Flying Rat project! That failed, and...) A disclaimer: I'm self-interested (obviously) and I think the media have done a poor job covering it, but...
There are a number of Get Paid To Read email programs which use e-gold for small efficient payments to lots of individuals (*willing* individuals!) all over the world. These explain the huge number of tiny spends at http://stats.e-gold.com and a few of them are quite popular it seems.
It's not a perfect solution, but this does absorb resources which would otherwise almost-certainly go to spammers, IMO. I wish the media would cover this voluntary solution to a tiny part of the problem, but so far they haven't.
JMR
(I speak ONLY for myself!)
Try e-gold - (contact me). I'm NOT e-
http://www.bondedsender.com/
Essentially a whitelist of senders, rather than a blacklist. There's been lots of whitelist talk, but I don't think anyone's taking it seriously because it would be difficult to get everyone to fall into line with this concept. Imagine how much mail your clients -wouldn't- get if it was to be implemented. But now, it's gotten to the point where the community HAS to do something, I mean really now. So I propose admins that are reading this hop onboard and sign up to see what they have to offer.
What I'd like to see is a community run list, like a polar-opposite RBL, that would do an open relay test, a reverse IP test, and would be open to human scrutiny. We could give ourselves 365 days to get the word out and implement it, that should be a good amount of time.
Hmm, gotta break out the pen..
Luck favors the prepared, darling.
That's as idiotic as responding to spam.
But, perhaps it would be a new revenue stream for law enforcement. They could also charge $50 to those that are mugged on the street, and $1000 to those who's car is stolen. Yeah, that's the ticket! Charge the victim!
Steve's Computer Service, Hobbs, NM
Agree.
My pet idea is that the general principle is sound --- i.e., introduce some obligatory cost when sending email --- but it shouldn't be monetary. Instead, just introduce a, say, ten second delay every time the SMTP server accepts email.
This delay is short enough that most people won't notice it, particularly if their mail software has an outgoing queue. But it means you can only send about 8500 messages a day through the SMTP server. If you also introduced widespread blocking of port 25 by ISPs, it means that the only way to send email is via the delayed SMTP server --- which means the network can't be used to send spam.
(Before anyone asks, yes, this would affect mailing lists. But mailing lists are special, and any self-respecting ISP could easily set up a properly authenticating mailing list server that's not subject to the delay.)
Of course, this will never be adopted --- because it prevents an ISPs own customers from sending spam, rather than preventing the customers from being spammed from another ISP, there's no incentive. But it's cheap and easy to implement, involves no cultural or technological changes, no nasty financial penalties, and would probably actually work...
But isn't that a necessity? If you can send messages while remaining completely anonymous, cheaply, and expect them to be seen, then you can send spam. I can't see any way around that. All the proposed solutions I've seen have involved breaking one of those parts: either the anonymity directly (e.g. authentication), the cheapness (e.g. charging, which breaks the anonymity indirectly), or the expectation of being seen (e.g. challenge/response, which needs a semi-permanent address and risks anonymity that way). All end up losing anonymity somehow.
Ceterum censeo subscriptionem esse delendam.
BTW, that is called an automated Turning test. I've (and I am sure many others) have see this many places on the internet. I know Yahoo and Hotmail both use it to prevent bot from signing up spam accounts. I have heard of anti-spam ideas which use a central "challenge server" and another which the client sends back a response before it will allow the user to see it. Both have thier individual problems and neither allow for proper use of mailing lists (without whitelists). I believe that to reduce spam many solutions will be needed.
We will fight them on the client, We will fight them on the server, and We will fight them at their access.
We must win, We will WIN !!!
The grass is only greener, if you don't take care of your own lawn.
In such a model, we would be free to send good email, and the fear of the likely costs of widely disseminating unwelcome email would do "the right thing".
tone
The same mistakes from the war on drugs are being proposed for the war on Spam. Going after the "dealers". As long as there are people who are willing to purchase drugs, there will be someone who is willing to take legal risks to sell them. As long as there are businesses who are willing to pay a spammer, there will be people willing to find ways to evade any laws or costs to send it for these sleezy busunesses.
Unlike Spammers who try to hide, the business/con artist has to have a means of contact for the victim to get ahold of them. This is the weak link in the spam chain. Make it illegal to hire a spammer AND to send it out on your own, then start nailing the SOBs.
Quemadmodum gladius neminem occidit, occidentis telum est
It shouldn't be necessary for people to actually pay 1 cent per email in order to stop spam. You can use the same mechanism (ecash, or rather tokens) without connecting it to the real economy:
Each person (or rather, their email program) sets a 'price' in tokens for incoming mail, depending on how many mails they need to send. They then use the tokens they recieve to 'pay' for their outgoing mail. Everyone refuses to pay more than a certain amount.
For mailing lists you *want*, you simply configure your mail program to accept it without paying.
It may be much less costly to build such a system than to connect to the real economy, because:
1) there are various checks required by the regulators for currencies connected to the real economy
2) real cash can only by double spent by some percentage before the economy collapses. email tokens could be 'double' spent 100 or 1000 times and still spammers would not be able to send enough out. Maybe crypto experts can devise cheaper ecash mechanisms which take advantage of this.
A spam email usually gives you an option to BUY something.
If 0.1% of those of us recieving spam mail placed a false order (or 100 000), the companies advertising through spam would get no value out of it. It would costs them money. Their customer and order systems would get spammed.
If it was impossible to make money from sending out spam, then the spam will stop.
The only way to stop spammers is SABOTAGE!
#find
Okay, that works for you, fine. But I'm guessing you don't get very much spam. Imagine if you got over a thousand spam messages a day (as someone I know has been doing). That's an average of one every 86 seconds. Wouldn't you find it more of a nuisance then? Wouldn't you be considering drastic measures, or even payment, to avoid that?
I'm not saying that this proposed solution is a good one; I don't think that it is. But please don't assume that everyone's experience of spam is the same as yours, because as a problem it varies very widely.
Ceterum censeo subscriptionem esse delendam.
We all put up with a certian amount of junkmail, it's a given, we already get it with our daily snailmail, in newspapers and with products we buy.. we do tolerate a certian amount of this stuff.
I think one of the biggest things we can do is to cut down the number of open relays (this will help) also have a global ban list of ISP's that allow large scale spammers. I have pretty much banned entire contry codes and class A networks because all that comes out of them is spam. But also all the ISP (in the world, not just the US) need to define dsl or modem connections, these are the worst, i have spammers coming from open dsl connections all the time. They have to define in the reverse lookup that the connect ins a dsl user, like xxx.detr.dsl.comcast.com I need to filter those ip's based on the "DSL" or "cable" portion, right now i can only ban based on city codes they use, as I would love to ban all of "comcast", "t-dial.de" and a few other spam sending ISP's.
I know that my ISP, Sympatico.ca, won't allow me to send out email directly anymore which cuts down on spammers, but allows all dsl users to relay thru their mail server (which does annoy me cause I could run an smtp server I wanted too but I like which relevies me from getting any spam from the domain)
my thoughts..
-b
In the las couple of months spammers have managed to use DoS attacks on most of the RBL lists and many of the RBL lists have now gone out of business. The ability of spammers to conduct DDoS attacks using hundreds of thousands of zombie Windows machines against select targets would easily break any system such as the proposed which has a single point of failure. If you do a DoS attack on the mail relay, then nobody's mail gets through. If there are only a handful of relays, then it would be simple to stop all mail using those relays. If you greatly increased the relays and made it easy to set up the relays, then spammers would be back just about to where they are now as it would become much more difficult to figure out the good relays from the bad relays. And if you shut down a good relay that you thought was a bad relay...
Those who trade freedom for security will lose both, and deserve neither" -- Ben Franklin
You'd be getting 'em all right now.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
And using Bayesian to accomplish it does it for free and with no changes to the cost or anonymity of email.
Someone else: 2. I don't want to pay to send email. I just don't, I like the fact its free to anywhere in the world.
You: I wish I did not have to get a driver's license, but the fact that everybody does it protects me.
It protects you? From what? People still drive without a license, with an expired license. Many others get licenses even though it can honestly be argued they don't know how to drive, especially in rain or snow.
I use that technique too, but I understand that I am still paying (because my ISP is still paying) for their receipt.
And I understand that while receiving spam and paying for the bandwidth is a real cost, it is insignificant compared to the cost of my time to deal with them. If I don't have spam in my inbox, I've just addressed 95% of the cost of spam to me. If everyone uses Bayesian filters then we've just addressed 95% of the cost to society. Sure, it'd be nice to get 100%--but if everyone used Bayesian filters then the remaining 5% would just dry up and die anyway.
but the payment should be non-monetary. It should be something that most people think of as free: time and CPU cycles. There have been various schemes to this effect proposed, but most people still seem to be unaware of it. It requires no money, and no centralization, and doesn't interfere with the anonyminity of email. The basic idea is, that if your SMTP server tries to send me an email, and you are not on my whitelist, my server responds with a challenge of a "moderately" hard problem. Something like factoring the product of two 50 digit primes. Once this is done, you can send me the email.
This system could be put in place at most ISPs transparently, users who send a few emails a day won't notice the difference, but suddenly the spammers can't just sit in their bedroom with a 486 and spew millions of spams a day anymore.
Content filtering doesn't work if you don't have the content, yet. And by the time you do have the content, you already have most of the impact of the spam. You might as well just press delete, since at this point all that content filtering is doing for you is an automatic delete (unless, of course, you're silly enough to set up a spam folder for it all to be put into, which means you'll end up sifting through it for something important, anyway).
There is hope that spammers will just stop spamming if everyone just deletes the mail (even if automatically). But that is a false hope because it only takes a few dumb souls to respond, and the spammers succeed at their goals. Then they will keep on spamming, and they will keep on doing it on the cheap which means they won't clean their lists (because cleaning them costs more than just mass mailing to everyone).
This issue comes down to objective. What is it we are trying to accomplish? Are we trying to take spammers out of existance? Or are we trying to shed the costs that spammers are imposing on us? Adding on things like Bayesian filtering are increasing our costs, not just in the processing it takes, but also in the fact that we have to accept the data stream of every message to do that.
now we need to go OSS in diesel cars
is a subscription to this service (with a reasonable number of messages per month free) being a standard part of the ISP package. that solve the main problem is see with this approach -- home users wouldn't have to go through the hassle of setting up a separate account.
of course, i would bet that any large organization could negotiate a better deal than 1c per message -- as long as they kept their spam rate down.
-esme
a "pay to send, get paid to receive" model. Think of it this way: you get a particular quota of outgoing and incoming email bandwidth per month. For each email you send, you pay $0.001 per recipient copy. For each you receive, you receive $0.001. For non-commercial users, the cost would cancel out. For commercial users, it would be part of the cost of doing business, and would still be cheaper than direct mail (1/370th the cost to send, and no paper, envelope costs, and far less labor). The only people it would really kill would be spammers.
Has anyone really looked at a spammer's business model? In the article he says that they cannot afford 1c per email, however is that claim substantiated by any research, has anyone done any research on the topic?
Promoting violence? It sounded like he was trying to buy the Spammer's service, assuming the spammer operates some sort of dungeon facility..
I think he must be some kinda prophet.
Either that, or Slashdot itself has somehow gained sentience.
"America has done some terrible things. But I know that Americans don't cheer when innocents die." -Dave Barry
If we all as recievers sign up only for pay mail, then the spammers will have to sign up too if they want to send mail to us.
What if it was say 10 cents to send a mail, but when the reciever got it they could "do somthing" to indicate that they "accepted" the mail and the 10 cent charge would be
dropped. Your friend sends you email, you read it and accept it. Jim the realator down the street sends you email, but because you are thinking of buying a house you accept that email too - jim sends for free. Mike in the big city spammer send out mail, at 10 cents a whack that no one is interested in (get rich quick) and mostly pays for it because no one accepts it.
If the relayer accepts unsigned mail, spammers are just going to forge From: addressess to get their sleaze sent out. And if folks are willing to sign their mail to the relayer, then why do we need a relayer in the first place?
Pick this one apart, people.
I've been thinking about the problem for a while, and here's what I got. You forward an email to spamcop (or paste it on their web site), and it analyses the headers for you to figure out where the email originally came from.
Now, what prevents SMTP servers from running a similar check when receiving emails? Walk the IP list in the headers, see where it originally came from, check whether is matches the domain on the "From:" line, and bounce it if the results differ.
Time/Bandwidth overhead? Mailing lists? Anonymous mailers?
Ich werde nie wieder denken
For the life of me, I do not understand why this is a debate still. There is an easy client side authentication scheme that works very well. You send me an e-mail, but you are not in my address book. My client automatically sends a request to you to prove you are human (in nice words). Your e-mail sits in a pending folder until authenticate yourself.
How your authenticate yourself can easily be changed and for once, the onus of work is on the spammers to beat the system.
I am using a paid system that uses this method. I will not mention their name because they are involved in a SW patent suit over their solution and that pisses me off, so no free advertising. Anyway, this service helps me filter my hotmail account which gets over 200 spams a week.
And how does it do? It works. Out of 4,500 e-mails, 4 charity spams got through because the e-mailer took the time to respond to the authentication letter. That's good enough for me.
I've heard arguments about businesses not being able to afford losing contacts because of this method etc. This is where the final improvement needs to take place. You could place a reverse baysian filter on your pending folder to pull out e-mail that has a likely hood of being real. Problem solved.
I am convinced that this solution needs to be implemented in a universal, easy to install, and easy to operate way. The system I use is pretty straight forward, and it works. Anyway, I believe the final solution to spam is out there, but no one is noticing. Very frustrating.
-Nuke the moon
This is actually a working solution to brute-force hacking. By introducing a delay before verification, it's practically unnoticeable to the common user who knows their user/pass, but it deters (and maybe even defeats) the common brute force hacker. Sure, given enough time they'll be able to overcome this obstacle, but it aggravates most from attempting it.
Creator of the popular web game Proximity
ISPs should charge each other for transporting
email. AOL provides Earthlink a service by
delivering Earthlink customer's emails to the
recipient using AOL's equipment. So they are
justified in charging Earthlink for that service.
Now if traffic flow is balanced, no actual money
is exchanged. How you affect spammers is when
traffic flow is imbalanced. An Isp sending more
email than it receives ends up paying the other
Isps. Then the spammer who creates the excess
email will be billed by his Isp, and the Isp
on the receiving end has a new source of revenue
to defray it's costs, leading hopefully to lower
charges for normal customers.
It would take a handful of the larger Isps to
agree among each other to do this, and to
declare that after a certain date they will
no longer accept traffic from senders who do
not agree to the deal.
Daniel
Every time I hear someone suggest a pay-to-send strategy for email, I cringe. As the owner of a small business that operates primarily online and generates a fair amount of LEGITIMATE email to people who've SIGNED UP with me, this would be a crushing blow. I would shut my sites down and look for a job with The Man. And when I think of that, I cringe again.
Here are my thoughts:
1) If you're willing to pay a penny a message to send, wouldn't you be willing to pay a little for filtering that kept your spam level low enough that it wasn't a problem?
2) If dealing with SPAM is a variable cost based on how much email you send, rather than a fixed cost, you're going to send less email. This will cut into your business. Every message that goes out is going to require an economic decision. At a penny a piece, you're not going to have to submit an email sending permission request for each one, but you're going to have a little nagging voice in your head saying "isn't there something you can do to avoid sending yet another email?" Is the added effort and stress over deciding whether to send email or find another method worth the time saving from not having to filter or delete spam?
3) You're going to force your customers either to pay to receive emails (probably not directly--you'll just raise your prices) or you're going to force THEM to jump through hoops to get information from you in ways that don't require you to send email. And guess what! People who you get email from are going to require the same of you! You'll either pay more for the privilege of receiving email from them, or you're going to have to go through the inconvenience of some other method of receiving information from them...cancelling out the time you saved by not having to delete spam.
Of course there ARE methods available for shifting some information distribution from email to non-spammable methods. For example, a company could put info they used to email out into an RSS feed which their customers could subscribe to. Since not everybody has an RSS reader, they could give customers the choice of whether to receive email or use RSS. Given that you wouldn't have to give out an email address or any other information to subscribe to the RSS feed, people with privacy concerns would likely jump on that method. In case some of the info to be distributed is personalized, the URL of the feed could even contain some sort of identifier--a customer number and password or something--and the feed could have personal items added to it dynamically. I'm sure there are other technologies that could also help. Maybe what we need to do is work on gradually shifting things that can be handled by non-email methods away from email.
Finally, I would much rather go to a white-list system than pay to send emails. For example, if a message comes from someone not on the white-list, they get a message saying "please do such and such to get on my whitelist". Once they do, they're on a tentative white-list. The recipient then periodically either approves the address on the tentative list or moves them to a black-list, in case a spammer actually bothered to get on the tentative list.
The final, and perhaps most important point I'd like to make is that if every person on the internet is going to switch from the current system to something new in order to solve this or any problem, let's all switch to a system that doesn't throw out the benefits of the internet as it is today. Let's not add artificial costs to the system. Let's not make the system less convenient. Even if we can only find partial solutions that are free and easy, I think that's preferable to jumping wholesale onto a solution that creates a new set of problems or negates the benefits we currently enjoy.
Convert RSS to HTML - integrate webfeeds into your website
Bayesian filtering works great, yes (I use SpamBayes). But the the traffic volume remains a problem, both personally and globally. For example on my VPN link to my company it takes half an hour to download and filter all the 500 spam & virus messages I get daily now. And I refuse to give in and disable or completely hide my old and well-known mail address.
I don't have the links handy, but there was a suggestion, and now f.ex. PGP Corp. has the product, which makes the company mail relay sign all outgoing mail by the company private key (S/MIME or PGP). I think it is realistic to make this the norm: all organizational mail relays will sign all outgoing mail automatically. SMTP relays will only accept messages with valid and trusted signatures for further processing.
The beauty is, that the users don't have to do anything.
Of course you can still spam, but not very anonymously. Getting your keys trusted will require some well-known signers, and they will require a contract preventing spamming. Removing trust from the few that manage to cheat the system will be easy.
Anssi Porttikivi / app@iki.fi
Sounds pretty innovative to me. Maybe we can get Verisign to host the new SMTP server.
Yes, a Turing Test is named after Alan Turning who had certain theories about AI, an automatic Turning test is becoming a common sight on the internet.
Also, I found another one in my previous message -"thier" is really spelled "their".
The grass is only greener, if you don't take care of your own lawn.
What's more, just set the system up so that the recipient gets half the fee. I'll be happy to read anything anyone wants to send if they pay me...
I could see alot of reasons why big ISPs or mail networks (eg AOL, HotMail, Yahoo) would consider offering such a facility as part of their service.
Imagine the marketing power of being able to say that all your clients' addresses can be authenticated... that any mail from your domain can be verified.
Estimates are now that 70% of all traffic is spam. As another poster mentioned, ISPs, especially the top-level backbone providers are stuck with a conflict-of-interest, as they profit on the sale of bandwidth, and therefore are not motivated to contain the overwhelming amount of unwanted noise clogging the Internet.
Imagine if you picked up your telephone and 70 percent of the time it was already in use?
Imagine if 70% of the time on the DVD you just purchased was filled with commercials?
Imagine if you had to put 233% more gasoline in your car than is necessary to get from one point to another?
This is the Spamedemic we are faced with, with a bunch of idiots in power who are either clueless or uninterested in addressing the problem. If this level of inefficiency were present in any other system, it would not be tolerated.
Mabu's solution to the Spamedemic:
1. Form a new enforcement agency that is dedicated to cyber crime. Populate the agency with well-trained IT people who know the laws and the nature of the problem. This agency does not need to encroach into areas covered by US Customs or the FTC (i.e. not be concerned with the content of spam, but merely focus on computer/network-tampering/exploitation. The FBI is not adequately equipped to fight cybercrime. A new agency separate from the other law enforcement organizations should be created.
2. ENFORCE CRIMINAL PENALTIES for computer exploitation: mail-relay-hijacking, trojan horse, worm, virus and vulnerability exploitation. There are already laws on the books criminalizing these activities, but since Americans like laws and have a short attention span, it wouldn't hurt to pass a new law which exclusively, specifically addresses the issue of computer/network/communications exploitation by third parties, and levies very initimidating CRIMINAL penalties. There should be no threshold of monetary damage before criminality is triggered: that only punishes diligent admins to catch attacks before extreme damage is done, or further encourage spammers to employ larger numbers of smaller, distributed attacks.
I think 1 & 2 would essentially cut spam traffic immediately after a few spammers were made example of.
Now.. to deal with the international/jurisdictional aspect of spamming and network exploitation:
3. Establish a formally-sanctioned SMTP IP whitelist database.
If you want to send mail on the Internet, you have to "register" your IP with a centralized, sanctioned database, not unlike what you have to do to register a domain. Other SMTP servers have the choice of only accepting mail from whitelisted IPs.
Whitelisting the relays makes a lot of sense. It would require less resources than blacklisting IPs on the Internet proper. It would also DRAMATICALLY reduce the ability for worms and viruses to propagate via e-mail (most worms now turn the client IP into an unauthorized SMTP server -- the SMTP IP whitelist could have halted the spread of many of the worms making the rounds)
How do you pay for this? I think that users would be happy to pay an extra $5 or so for each domain registration/renewal to fund a program of this type.
I think it would work. It would also give people the ability to find out definitively where there mail is coming from, as each person who relays mail would effectively require a "license" in order to operate. Since the ratio of users-to-smtp relays maybe on the order of 1:1000+, it wouldn't be difficult at all for ISPs to quickly and conveniently register.
Obviously anyone could artibrarily start an smtp whitelisting service but the reason why this needs to be formally-sanctioned is for the same reason the DNS root servers need to be sanctioned: to create some organization and authority. This is something ICANN could potentially have the authority of implementing but that organization is devoid of any common sense, so I recommend the United States, which controls the majority of Internet resources, take the initiative and imple
I sort of like the pay-to-mail system, but I don't like sending the money to a big company/government.
You know who should get the 1 cent? The recipient!
If I send you a mail, I pay a penny, you get one. If you reply, you spend a penny, and I'm up. So most "conversations" will cost at most one penny total.
And, if you do something noteworthy in the world, like the Star Wars Kid, and people send you thousands of emails to "congratulate" you, guess what: windfall!
There is a middle road...
Add metadata to the system that allows a destination SMTP server to determine wether a piece of inbound e-mail is authenticated, anonymous or forged.
Right now, a destination SMTP server has no (reliable) way to tell whether the FROM: domain is forged, the entire FROM: address is forged.
A first step would be to give domain admins the control over which hosts are allowed to send e-mail out on behalf of their domain. (Eliminate joe jobs.) This is what the reverse MX proposals attempt to do (DMP, DRIP, SMTP+SPF, RMX). It answers (2) basic questions: Has the domain admin locked their domain down to a limited number of hosts that are allowed to send e-mail on behalf of that domain. Is the host that is currently trying to talk to my mail server on that list? Poorly administered domains will have loose/missing RMX information, and your server may choose to delay/reject/question e-mail from a domain like that. (Nice part is that reverse-MX is opt-in and puts control in the hands of the local admins.) You can still be anonymous under this system.
Second step is authenticated sender stuff. Where you have to present credentials to the outbound SMTP server and your e-mail gets signed with your credentials. Implementation costs are a good bit higher and you get into the issue of key security, biometrics, etc... That's not to say that it's impossible to be anonymous under this system, there will still be domains that don't authenticate their senders.
A big problem in today's spam fight is that real spam is forged 6 ways from Sunday. If we can at least tell that e-mail is forged, it makes it easier to fight.
Wolde you bothe eate your cake, and have your cake?
So if you could actually get the public to be willing to use penny-per-message email, the big spammers would die, because they wouldn't be able to make a profit, and there'd be fewer of them selling spamware to amateur spammers, and it'd be easier to find and kill the amateurs. The problem, of course, is that nobody really wants to pay for sending email, so businesses aren't going to set up their email that way because it annoys their customers, and home users aren't going to set up their email that way because it annoys their friends. But you could do it today if you wanted to - just set up a Paypal front end, or Peppercoin or something.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Now, what might work is to criminalize the use of spam as an advertising medium, assign responsibility to the party who profits (that being the party on whose behalf the spam is advertising) and assign half the penalties back to the people who received and reported the spam.
* ^X-Spam-Tag: YES
! reporting.authority.com
Mail? Put "slashdot" in the subject to pass the spam filters.
Some of these solutions require changing your email sender client, some require changing your email receiving client, some require changing the sender's or receiver's mail transfer agent, some just require using different options (e.g. unique email addresses per sender-recipient pair to manage accounts), some require middlemen, some require digital signatures, etc. Almost all of them want to charge you something like $0.001 to 0.01 in cash or CPU time to send a message, making it cheap enough that it's not too annoying but expensive enough that 99% of spammers give up because they know they can't make money, and the other 1% who are stupid enough to try anyway lose some money before they give up.
Almost all of the proposed mechanisms require senders to get an account with either a mail forwarding service or a micropayment service if you want to send mail to a recipient who uses them, and either require you to include the account number in your message or a micropayment token in your message (which could require simple client changes) or to digitally sign your message or recognize you based on some login process or your IP address or something else that's out-of-band from your client. In some versions, if the recipient thinks your message wasn't spam, he keeps the money, and if he thinks it was spam (or more generally, thinks it wasn't worth his time to read it), he keeps the money. Most versions include some whitelisting mechanism so that legitimate mailing lists can continue to work for free.
A less radical alternative to paid messages is the auto-responder that requires an unknown sender to confirm that she really exists, either by replying to a "Please confirm" message or clicking a website, and often including some Turing Test such as typing in a number from an attached picture or answering some word puzzle, which prevents spammers from using forged From addresses to reach their recipients. That doesn't cut down on the amount of spam your mailbox receives, but it cuts down on the amount that you see.
All of these technical alternatives can be built in a decentralized fashion - either directly by the recipient, or by businesses that think they can get customers and sell mailboxes to people who don't want to receive spam. The catch is whether enough recipients are willing to annoy people who they want to get mail from in return for not getting spam. So far, the answer is "Not Yet", or you'd be getting a lot more confirm-you're-human requests. But maybe that's just because none of the version out there are friendly enough to become popular, and maybe YOU can write the next one. Most email-provider ISPs offer filtering or blacklisting services of various sorts, because from their perspective, they not only want to attract or retain customers, they want to cut down on the huge volume of relay-abuse spam and dictionary-attack spam because it costs them money, and it's harder to do that without changing the infrastructure.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I'd like to see this implemented for corporate email as well. Many employees get deluged with so much "legitimate" email that it turns into an enormous time sink. Do you want to tell the entire corporation that Joe Frobnitz is the new deputy assistant vice president for efficiency studies? Cough up some cash!
Mea navis aericumbens anguillis abundat
I understand why there are telemarketers, at times maybe I do want my windows cleaned. However, the SPAM that I get, there is not a chance that I would ever want to order anything or even open the email under most circumstances. So, those who do SPAM what do they get out of it other than the pleasure of anoying millions of people?
The problem for the spammers is that they're catching on to the filters and just throwing more at them. There's more money right now in getting past the filters than creating better ones. We have Spamassassin here at work, and those picture-only emails are still slipping through from time to time. But there's too much effort on both sides being wasted in this vicious cycle. Let's call a truce on the filter wars, and let spammers pay us to read their stupid emails.
The major problems, as I see it, with the pay-to-send method is there's no incentive for people to read the mail they receive. I, for one, don't care a bit if I receive spam or valid email--if I am being paid to do so.
If the sender pays money to send an email, I should collect it, not some impossible 3rd party that happens to run a relay service and handle micropayments. It's simplistic to expect SMTP (or any other protocol) should connect directly from end users machines to a central server and forward mail directly to other end users machines. The reason for having many mail servers and lots of routing is for connection redundancy and bandwidth control--any inexpensive (non-monthly charge) system would be DDOSed out of existence.
My second issue with the idea is $0.01 is far too little to charge. Instead, make it $1 or $5 per email, so people think a bit before sending one. Each email would have a button that the receiver could click to redeem their money, and it would be common courtesy to not click the button from friends or strangers with legitimatge business. Or you could redeem it and turn around and send them a thank you note, so that you return the sender's money to them. If someone sends you a nasty letter, or spams you, you mutter 'fuck it' under your breath and keep their money.
Suddenly email becomes friendlier, and you now have a way to transfer cash to relatives without bank charges (assuming you can raise the cost of an email arbitrarily).
The only problem is that any decent server that accepts micropayments would want to require a digital certificate for a user to modify their account, so it really doesn't simplify the matter much, except that they (the micropayment service) could issue the certificates and link it to banking information.
Any connection between your reality and mine is purely coincidental.
Assumming (and its a big assumption) you could get people to switch to a different email mechanism than the free one currently in use, I'd suggest the following.
...
Every email sent results in a "email debit" of $.20 and every email read (as in placed in a email inbox and not filtered by the ISP) results in an "email credit" of $.20. At the end of the month and positive balance is reset to zero. Any negative balance is billed to the sender. Normal business or personal email (as opposed to SPAM) would tend to balance out (or be cost competitive with postal rates), and spammers sending millions of SPAM a month (is SPAM its own plural?) would soon find it not paletable due to cost. Take the money gathered and allocate 10% to the local postal system (this gives the government an interest in collecting, and since they have the "guns" so to speak, the SPAMmers would be more inclined to pay if they play), take the other 90% and split it amongst the sending ISP, the recieving ISP and the consummers who receive the email. Thus the ISPs involved get paid, the SPAM recievers get paid, and the governmental agency doing postal service gets paid. If you want to complicate the system then set the fee and credit at the local first class postage level for in country (by destination IP) email and international rate for other email.
While the above would be a fairer system, it would still be woefully inadequate for "moms" or "aunts" or mailing list operators who send more than they receive and are public service oriented or family interest related. So
It would seem to be best to fine the cr*p out of the SPAMmers where possible, and in the meantime increase the filtering tech and for the love of FLCL please don't allow automatic robots to resend virus laden payloads to the poor b*stards who get their email address put into spoofed headers. Really, how hard is it to make the simple check that the originating email address is in a CIDR associated with the domain of the sender. It is not like you'd need to do it for all email messages, just the bounces to be very effective.
Ranting off, sorry, 300 plus and rising SPAM a day now get past the filters, over 500 get killed by them. Lots of that is because I pre-filter all postmaster and administrative addresses since people quote spam in legitimate complaints and these rules lead to holes for the SPAM to follow.
BTW Anyone else started getting ads that look like complaints but aren't from legitimate users. This is right up there with the SCUM (tm) (Spammers Causing Untold Mayhem) using fake virus problem reports for the Sheep to respond to and install the viruses manually. Dog I love Apple since most all (actually all to date) have been Windoze oriented using that tactic.
Ranting off for real this time.
- Tjp
I am in wallow with my inner money grubbing capitalistic pig. ... Oink!
It amazes me how often people come up with such crappy ideas and even dare to voice them aloud...
The following reasons are cited for turning free email into something we should pay for:
1. There is too much spam.
Learn to filter. Eg, SpamAssassin (which is free...) is a great tool for this, as well as others. If you think your time is too valuable to install such software, you can still pay for a spam-free mail account. But at least others, who are more clueful or have less cash will be free to implement other solutions.
2. Spam causes hidden costs to your ISP. It is better to pay for each mail than to pay for it via your monthly rate!
So... a 1500 spam mails / month are less than 10Mbyte my, my, this is incredible. How big is the Linux distroy you downloaded yesterday? How many hits does the website your ISP hosts for you get in the same time? The cost of email including spam is still so small that I see no advantage in creating a layer of beaurocracy above it.
3. If mail is no longer free, spam will cease.
Think about it: telemarketers are living people, paid to blab into one person's ear at a time. Let me guess, for the cost of one of those, you can harrass tens of thousands of email users by paying the paltry sum of 1 cent / mail.
Or think about a commercials - for the price of one, you can probably spam 100k people. And of course you only pay for delivered mails...
Paying for mail will be the end of free mailing lists like 'full disclosure' and open source software development lists (linux kernel?). A small price to pay? Bill Gates would think so.
4. But real mail costs money too. Why should you not pay for email?
This is not an argument, it is a trick question. Oxygen in gas tanks costs money. Why don't you pay for breathing?
5. There is no loss of anonymity.
Hm, so instead of sending mail from my pc to someone else, I will have to use a specific mail server where I need to be a registered and paying customer and this in no way will put my personal information about my mail traffic in the hands of yet another agency? Suuure.
Things most of the cash-for-mail people also do not understand:
- they create new bottlenecks and points of failure.
- they hurt free speech and the free flow of information (Where better to suppress unwnated opinions and information than at the central mail gateway? The chinese firewall will pale in comparison to those new super-email-relayers; and best: you can track each and every mail because it is digitally signed or paid for...)
- they think that a new system for mail can simply replace the old system.
- they fail to see why other solutions (filtering, hanging spammers) may be also viable.
- they want the victims to pay as well as the spammers ("A thief uses this road. Quick, install a toll booth!" "Criminals watch PayTV. Quick, make all customers wear special glasses and adjust the programm so that you can only view TV with them!")
- they create yet another barrier for poor countries who wish to use the internet for something else than 419-Scams.
- they cannot conceive of someone hacking this new system. Think about a spammer sending one million emails, each for 1 cent from your account...
At first I thought this article must somehow correlate to all those single Slashdotters and the rise in pr0n spam. Whack...whack...whack...
Never look down your nose at others. Someday, someone is bound to see your boogers.
> Spam is a problem. But if I had to choose between spammers
> and those that would charge for email, I'll take the spammers.
> At least I can filter them and it'll probably cost me less to
> do so than pay for email.
This is the same thinking that got us into this mess.
"This month, the spam level is 1 spam per month, no problem, I can ignore it!".
"This month, the spam level is 1 spam per day, no problem, I can delete it!".
"This month, the spam level is 1 spam per hour, no problem, my filter can delete 99% of them!".
What brilliant ideas do you have for a few years from now, when it's one spam per second? Whatever they are, we have to get them in place NOW. THinking that the spam density will stay the same is just stupid.
OK, so my vision of the future is this: everybody has two or three layers of spam filters, because when you turn off all but one layer of spam filter, the firehose of spam that comes through cloggs up your disk faster than you can deal with it. Spam volume is increasing faster than disk capacity. It's SKYROCKETING. Pay attention! We have to do something.
One of the biggest problems is this stupid attitude "I don't want to pay money for anything". Guess what. When water is free, some pig hogs it all and belches out pollutants. When trees are free, some pig cuts them all down. When books are free at a library, people steal them, and cut pages out of them. When bathrooms are free, people trash them and walk away. When software is free, somebody wraps it up and charges money for it, at a bigger margin than the for-sale software.
Every single 'commons' that is free, gets abused eventually. And we're in the computer age, so it's all happening faster than yesterday. Every day.
Marketing-driven companies end up over-marketing their products. Engineering-driven companies end up over-engineering
> I have to send a few emails a day -- so I'm paying pennies
:Plunkett, don't I know a Don Plunkett? Should I open that? No its spam, forget it. No, Don Plunkett, isn't he the guy... What do you think, 5c or 10c worth of time?
> per day? That's ridiculous.
Let's see, people around here maybe go for $60/hour? Good order of magnitude. That's $1/minute. That's 1.7c per second.
How much time does it take you to compose an email? Maybe 15 seconds, up to maybe 2 hours for a long diatribe. That's 25c to $120.oo. OK so that means the price of sending email goes up anywhere from 4% to like 0.0083%. Gee that sounds prohibitively expensive. not.
How much time do you spend messing around with your Baysian Filter? I'm sure it's a fun toy, so say half price = $30/hour. I'm sure you've spent at least an hour. Probably days but let's say an hour. That's the cost of 3000 emails.
How much time do you spend looking at a spam, going, waydaminit, Don
How much time am I spending writing this? Gotta go, this is getting too expensive.
Marketing-driven companies end up over-marketing their products. Engineering-driven companies end up over-engineering
> The change from SMTP to something else is probably
> the only thing that will work, in my opinion.
> Every other proposed option is a kludgy workaround.
I agree. The reason why IP6 hasn't caught on is cuz IP4 works plenty well enough. (doesn't it?)
How about 1c per email, Paid by the sender, Received by the recipient? Horror upon horrors, some MONEY might get EXCHANGED!! OH NO!!!
But if you converse with a friend, it'll all average out between you.
Why not use SMTP on just a different port number? Say, port 2525. Nobody will allow any SMTP servers to connect to them on port 2525 without setting up a proper micropay account. Doesn't even matter what the rules are on this, it'll all work itself out. You know why I know that for sure? CUZ IT'S WORTH MONEY. The SMTP:2525 server has to pay money in order to deliver all those emails, so it'll make sure it collects up front.
Someone SMTP2525's ten thousand emails to your server, that's $100 they owe you, and you'll be damn sure they'll pay up. Some spammer connects to ANY server, and dumps 10 million spams, that's $100,000, which will pay for a lot of lawyers. Any security holes, any way to cheat, will be fixed ASAP. You know it's going to stop the spam avalance.
The existing port 25 email system remains intact, as it is now. So if you refuse to pay a penny an email, go ahead. When you get sick of the spam firehose, you'll join the 2525 crowd.
Marketing-driven companies end up over-marketing their products. Engineering-driven companies end up over-engineering
because spammers react on them. An other alternative (SMTP-with-a-delay)
greylisting
"How can a pay mail service even work?"
Simple, the current system requires that you PAY TO GET SPAM along with the mail you want.
Your ISP provides email service and bundles the cost into the ISP monthly fee you PAY.
If you're ISP merely provides a connection, then you PAY for the bandwidth required to deliver the SPAM to your mail relay, and you PAY the computer and storage to process the SPAM and PAY for electric power.
Even if you run the best filter in the world, you have to pay for the hardware that runs the filter and you have to PAY for the bandwidth to deliver the SPAM to be discarded and PAY for the power to run the filter.
And those free mail boxes offered by the many "free" mail services make you PAY to use them because MUST agree to PAY for the bandwidth to deliver PAID advertisement delivered along with your mail.
Make no mistake, you PAY FOR EMAIL.
The only question is "WHO should pay"?
Please explain how you manage to get truely free email?
How do you not pay for an email account
AND
not pay for transporting email
AND
not pay for storing the email
AND
not pay for filtering email
AND
not spend your own time reading email?
Mail? Put "slashdot" in the subject to pass the spam filters.
So the only real question is, which is better, the sender pays or the current the victim, errr, receipient, pays.
I've preferred email for most of the past two decades, but in the last couple of years, the best way to get in touch with me is to see me in person.
Email has become just too expensive in terms of my personal time. Once or twice a week I'll check email, but until a way of making the cost to the sender at least as high as it is for me, I can no longer recommend email to anyone.
Btw, if we assume that my ISP is spending $1 a month to provide bundled email, then I'm paying at least $.10 per message I send, and that's on a good month, other months I'm paying $1 a message.
The only practical way to do email postage is with some huge beauracracy (USPS comes to mind, though it's US-centric), and would require a digital certificate to associate the stamp with the message. (spam prevention, remember?) That certificate could easily be extended into your Internet Driver's License, complete with procedures for revoking it. See where this can very easily lead?
No, thanks. SpamAssassin and procmail are no hassle. RedHat installs them by default. I'd much rather spend a few of my CPU cycles than have to pay for someone else's permission to send email.
Mail? Put "slashdot" in the subject to pass the spam filters.