Slashdot Mirror
Another Whack at Spam
mmoncur writes "Tim Bray just put up an article called Another Whack at Spam that has been getting some attention. It just looks like a variation of the old pay to send idea to me."
← Back to Stories (view on slashdot.org)
I looked at the article, and I still don't see how payments would even work. I have to send a few emails a day -- so I'm paying pennies per day? That's ridiculous. Plus, there's already all this software that sends and receives email for free... it's all going to have to change. It's a herculean effort, and will still result in spam -- regular mail costs a ton in comparison, and I still get junk mail in there. Perhaps filters plus busting bad offenders will eventually make a good difference... just taking my name off of lists has helped me a great deal.
stuff |
The only viable solution to spam using the current infrastructure is learning algorithms such as Bayesian spam filters. (Would be interesting to see if similar techniques could be used to beat such spam filters and get spam through..)
Trying to get everyone to change from SMTP to something else just isn't going to work. There is too much for an instant change. This principle is basically why we're still using IPv4.
It sends email from anybody to anybody for 1 ($0.01) each. You open an account with them, drop in say $10 and you've bought the rights to send 1,000 emails.
Even though a penny an email sounds innocuous, this just won't fly. For one thing, the infrastructure you'd need to track the financial side of things would probably prevent the figure from being that low. Plus there's the whole loss-of-anonymity that goes along with paying for email rights. The biggest problem is that while this service might appeal to those on the receiving end of email, I can't see a wide market wanting to sign up as senders...
Stop by my site where I write about ERP systems & more
So the basic idea of the article (I guess I'm not a real hardcore /. reader since I bothered to read the article) is that every mail is sent through a common SMTP relay and everyone that wants to e-mail you, must sign up with that company.
Then you filter all e-mail not sent through that relay...i.e. e-mails not signed by them!
Here's a cheaper idea: I tell everyone I know to start the subject line with "goat" if they want to e-mail me. Then I filter all e-mail without "goat" as the first word in the subject...
On a personal note i just stop spam by removing all html mails, if my friends send me junk in html format i explain carefully and with a pointy stick that I dont want html emails.
I think the bigger problem is the lack of consideration for currency exchange rates. $0.01 in many third-world nations is more than a family would spend on food for the day. In England, it's only a fraction of a pence. Wouldn't this just drive spammers to wealthy nations and prevent poorer ones from interacting at all?
GL
You will not change every person's behavior. Especially if it changes from doing something for free to paying to do the same thing.
The spam problem will only be solved by changing the underlying technology that is invisible to end users.
That way, you only have to change the behavior of every postmaster. :)
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
It costs me less than a penny a piece to deal with an individual spam. Hit delete, turn on my filter, etc. Is it really such a nuisance that we have to waste billions of dollars to "solve" it?
This seems to be an ISP solution, not a user-oriented solution. A user-oriented solution would be authentication based. Why not put a system in place to check the validity of the "real" sender and be done with it? What does the penny solution have over this? Both require all SMTP servers to be upgraded.
It is easy to see that there are SOME spammers who would pay. Just like with telemarketing. It costs them. We would just end up with the problem all over again.
No thanks. I already pay for ISP service. Next, they'll want to charge Web hosts for every page they serve up in order to stop pop-up ads. Sounds like a vast left-wing conspiracy! We'll TAX the problem out of existance! Never works.
"If you want to improve, be content to be thought foolish and stupid." - Epictetus
Wasn't the post office supposed to start a service to give people some sort of certificate to authenticate people in the virtual world? It seems to me the only viable solution (and a simple one at that) is some form of authentication. Even if certificates are too much hassle, why is it so hard to change the protocol to verify IP addresses before allowing mail in or out? If you couldn't spoof IP's in e-mail, then you could reliably blacklist spam-friendly ISP's and easily track down who sent the spam.
Take it a step further, and tie IP addresses to an organization or individual. Then if you never wanted another e-mail from ZD Net, you could block the organization and it wouldn't allow any mail from any of their IP addresses.
666-607: 6th floor apartment of the beast
Tim fails to understand that he's still getting spam only for the reason that his Bayesian filter sucks. Most other Bayesian-style filters (and friends) are up to a 99.9% filter rate and working towards five-nines efficiency. Their learning potential continues to improve as well with new concepts such as inoculation. It's no longer a question of "can we filter spam" it's a question of "how do we stop that one in a thousand spams that get through"...and that's soon going to be one-in-ten thousand. The problem is that only a small number of people have actually done any research in this area and tried Bayesian-style filtering. If they did, they would realize it worked ... very effectively. There are also server-side tools that make it easy for the 95% of non-tech people on the Internet. Bottom line, Tim needs to quit his bichin and go rewrite his spam filter - or install someone else's.
The problem with solutions like this is that it involves money, and thus, is subject to corruption. Spammers would eventually be givien discounts (look at your paper junk mail folks) so that the regulatory company can make an extra buck.
However, there is another solution that would work just as well.
Every email that is to be accepted by an SMTP server must include a digital signature of some root SMTP-signing servers of some kind, otherwise it's automatically rejected. This server will only allow, say, 10,000 signatures per IP address (or per registered user, whatever) per day, maximum. Additionally, it will only sign one message per second per IP addresss, no faster.
There are many variations on this, all of which would work great. For example, have the rate of signing be inversely proportional to the number of messages sent that day. Maybe also have "registered users", meaning people who have an actual credit card number or bank account linked to their name and will be charged $1,000,000 per message after 10,000 have been sent in a day (Sure, there will be spammers using fradulent cards, but in that case spamming has become a real, high-stakes felony).
The point is, as long as you have a few central authorities, just like DNS, where we can go to validate email, then we'll end spam.
Here's an idea. Instead of blacklisting domains that spammers use (because we all know that they have effectively an infinite supply) or going to extreme lengths such as paying for each email sent, why don't we make it so that emails may be classified based on the volume of mail they send, and such classification be mandatory? Hence, we could block certain accounts that were sending, say, more than 10,000 emails per day. If, for example, there were a digital certificate in each email that added one to a remote counter for that email operated by an independant entity, and our emails were configured to only accept emails sent with such a certificate, I think it would be a feasible idea (except perhaps for the bandwidth costs involved in keeping track of said counters, but I don't have the answers to everything).
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Another interesting option would be to use deposits rather than payments - you'd lose your deposit if the mail was unsolicited. That way sending mail is free unless it shouldn't have been sent, and if the deposit was of a big enough size spamming would no longer be profitable. I started a discussion about this a few days ago here
If I get this right, the idea is to lose the one clear advantage email has over regular mail, namely no cost (let's ignore actual ISP costs, those are together paid by the sum total of all internet subscribers in the world).
By artificially making each email cost something, the economics of the email system become identical to the economics of postal email, except it's faster. That's the idea, unless I'm missing something.
Now in the real world, we already have an example of a system with such economic properties, namely the postal system. Unfortunately, in the real world, we also have an example of the way spammers have adapted to that economic system. It's called junk mail, and I get tons of it in the physical mailbox.
So maybe the companies pay for their junk mail to be delivered to my physical mailbox. Guess what? I still don't want it. But they paid for it, so I guess it'ts allright....not.
Thanks but no thanks. I'll take my chances with a personal junk filter.
p.s. I accept that ISPs have a huge problem, but this way is only going to legitimize spammers who are willing to pay.
"That means that some formerly-free list subscriptions are now going to cost you a penny a message. Deal with it; it's the price of killing spam."
I'm on quite a few mailing lists, due to my wide range of interests. I can receive 400-600 messages a day from these lists. So I should spend $4-$6 a day to fight spam, eh? The largest estimate of the cost to ISPs for dealing with spam has me paying about $8 a month.
Its a nice idea, but it just won't fly. Try again.
This sounds like it might actually work.
This is more than just sending off a single email to a scantly watched abuse email.. This means getting hold of a real person and explaining, realistisay, what sort of legal liabilities they might be open to if they continue to support the spammer's actions. (Hacking laws, aiding and abetting, Trademark infringement and vicarious liability) often fit in there.
If more people would do this, life would get a lot harder for spammers.
With the recent connection of Sobig to a spam network, what if:
* Grandma has a box that got hax0red
* box is used to send 100.000 emails
Who is going to pay?
* Grandma?
* OS manufacturer for making lousy OS
* Spamming company
I'd prefer the latter but it required having to trace the company through complicated follow-the-money-go-overseas-FBI-CIA type of actions. So in reality they'll make grandma pay
No thanks
If an experiment works, something has gone wrong.
Okay, that works for you, fine. But I'm guessing you don't get very much spam. Imagine if you got over a thousand spam messages a day (as someone I know has been doing). That's an average of one every 86 seconds. Wouldn't you find it more of a nuisance then? Wouldn't you be considering drastic measures, or even payment, to avoid that?
I'm not saying that this proposed solution is a good one; I don't think that it is. But please don't assume that everyone's experience of spam is the same as yours, because as a problem it varies very widely.
Ceterum censeo subscriptionem esse delendam.