Slashdot Mirror
Time-travel Spammer Strikes Back
HopToit writes "Robby Todino is apparently upset about being outed a couple months ago as the source of all those wacked messages about 'Dimenstional Warp Generator Needed.' According to Wired, someone has pulled a major joe-job spam attack (forged 'From:' lines) on three popular sites in retaliation for making fun of Todino's goofy search for alien technology. Robby, if you're out there, you have ceased to be amusing."
Like all good bond adversaries, this one won't die.
- Sherman
It seems that everyone in his right mind despises telemarketing. Spam too. Ask anyone, and they'll tell you that there are few things they hate more in life. It seems as if there are no exceptions to this rule -- everyone, bar none, hates telemarketing and spam.
But it can't be true. Someone must be responding to this stuff by spending their money. Because for some reason, telemarketers and spammers stay in business. Somehow, it must be worth it for them.
If everyone hated the stuff as much as they say they do, if everyone hung up on the unwanted calls and deleted the unwanted mails in nothing flat, like they say they do, then the problem would fizzle out before long. No one could make money doing it, so there would be no reason to keep trying. And yet, the crap just goes on and on and on.
I've read rumors that a certain small percentage of the people called or mailed actually do respond and end up buying something; usually the figure is put about 10%, or something similarly low. Hard to believe that such a business would be worthwhile if the response rate is so low; but whatever it is, it must be high enough that the incentive for telemarketing and spamming is maintained. Otherwise, there'd be no such thing.
A national no-call list is a nice idea, but I can't see the problem going away altogether as long as the telemarketers and spammer still believe there's a chance to make money. Certainly the spammers are not going to let some trivial thing like a Federal law stop them. (They'll just go on spamming from Antarctica, or wherever.) If we really want the problem solved, once and for all, we have to ensure that there is no future for those businesses, and that would require educating the public, right down to the last man, woman and child, to always follow this rule without exception: If someone calls you or emails you to sell you a product, then whatever you do, don't buy that product!
Someone needs to get that guy on Coast to Coast AM, with Art Bell/George Noory stat.
Knowing that show, there's someone else in the audience that actually does have all that equipment he's searching for. =)
My Webcomic: Asylum on 5th Street
The very fact that we received spam proves that time travel is impossible: If it was possible, someone would invent it, travel back in time and beat up all the spammers so that they would never have sent any in the first place.
we need to send Van Damme after this guy.
Manipulate the moderator system! Mod someone as "overrated" today.
DISCLAIMER: I am not trying to be flamebait here, this is my honest opinion:
I'm torn about the idea of an email tax. While in general I don't like the idea too much, it does occur to me that this might be the only way of dramatically reducing spam.
Look at it this way: Even a wicked-busy web maven likely sends less than 1000 emails a day outside of their own company LAN (with a few exceptions I realise. Individuals likely send less than 100 per day in general.
So, say you put a tax, to be administered by your ISP on each email, of say 0.1 cents per email. Big Business guy gets charged $1/day, home user $0.10 per day. By no means big money. Johny McSuperSpammer, however, who sends out 10 million emails every day, gets a handly little bill for $1000. Kind of changes the economics of his penis enlarger ads.
Like I say, I'm not a huge fan of paying more, but it does seem like making emails cost per message sent might be the best/easiet/only way to dramatically reduce spam.
Furthermore (ideally), to make up for the cost, you ISP could take $5 per month off your bill, to make up for the extra you're spending to send email. They still make money, because of the tax, the financial hit for you is minimal, but the spammers get hosed.
Why doesn't he travel back in time and kill all of their grandfathers? They would cease to exist.
Wait. Then he wouldn't need to kill their grandfathers. And then he would.
And...
And...
Excuse me.
[Opens Window]
I can fly!
What the fuck is a "Joe job"?
Todino's father, Robert Todino Sr., previously told Wired News that his son has psychological problems and earnestly believes in the possibility of time travel.
Are spammers going to start pleading "insanity" when they get arrested? "The aliens made me do it!"
When life hands you lemons, grab the salt and pass the tequilla...
Any good time traveler would know that to unravel Robby's mess it's just a matter of going back a few dozen months in time and changing a few details, so there must be more to this than that.
After all, the primary justification of a conspiracy is the lack of evidence.
But any healthy paranoia accumulated over time shouldn't be discounted, either.
(off topic, but you'd think it obvious that any time machine breakthrough would be all over the news right! ; i guess basic rationality doesn't come into this though. scary.)
This is my Sig, this is my Gun. One is for Slashdot and one is for Fun.
I mean, seriously, where is John Titor when you need him? Why didn't he warn us about how the very technology he spoke so highly about and by which he distorted our timeline and entire worldview would have already been the very tool by which the Enemy (spammers) spread their lies and confusion?
John, come on.. The 1980s can't be all that great, can they?
Pete
For fun putting aside the 'do they exist?' and 'can they get here easily?' questions I've often thought that if you really want to find visiting Aliens and the like then you have to find something on earth that would be worthwhile coming to see - an alien tourist honeypot if you will.
The only thing that I can think of that potentially fits this bill is a total solar eclipse. Although there's some compelling evidence that life like ours can only evolve in a similar 'double planet' system like the earth-moon, there's really no reason to expect intelligent life to be around at exactly the same time as the apparent moon and sun size matches sufficiently closely to see a total eclipse. Indeed total solar eclipses have only been visible on earth for a hundred million years or so and will continue only for a few hundred million more - quite a small window in the history of our planet and something sufficiently rare that it may be worthwhile diverting a few light years to see.
So if I did want to find an alien or the like I'd look in the middle of a path of totality
Todino Robert, (781) 933-8869, , Woburn, MA 01801
b ur n+ma&ie=UTF-8&oe=UTF-8
http://www.google.com/search?q=todino+robert+wo
If you have that dimensional warp generator, flux capacitor, tin foil hat or whatever, I'm sure he'd love to hear from you.
Are you an open source warrior?
In the bizarro world of the internet, we likewise have broken locks. Email, specifically, is like a car with really, really shitty locks on it. However, instead of knowing about this problem for many years now and a few (some equally bad) proposals for fixing it, the main mode of dealing with the problem is:
In the article, the reporter states that Todino's father says his son has mental problems. OK, fair enough. Then his father needs to step up to the plate and get the guy some help.
Barring that, the people being joe'd really need to follow up on this. Either this guy is an unrepentant spammer, in which case he needs to be made to pay the price, or he's mentally unstable, in which case he needs professional help. The latter possibility is really more serious, since Todino could conceivably go off the deep end and do something more serious. Possibly, the best approach would be for them to contact Todino's father and tell him that if he doesn't get his son some help immediately, they're going to pursue the case with law enforcement. Assuming the father's statements are true and that he gives a damn, this should at least get the ball rolling.
i kind of feel slightly better now. knowing there's a name for it.
definition linked to in Wired article: http://searchcio.techtarget.com/sDefinition/0,,sid 19_gci917469,00.html
part of the problem (and i feel like i should be careful what i say eh ain't this silly) is that many ISPs tout an "unlimited addresses" feature allow anything@username.isp.com - and some spammers are realising this. or trying everything to get around filters... :/ a right pain in the behind!
This is my Sig, this is my Gun. One is for Slashdot and one is for Fun.
The sounds like something Captain Obvious would say. If that actually happened by cthulu we would have no spam!
who modded the conspiracy theorist up?! :p heh, well fair enough, but we've gone OT. i dunno what there really is to discuss about this article. i guess it could be interesting for anyone who got one of these spams and read it to find out he really was serious.
This is my Sig, this is my Gun. One is for Slashdot and one is for Fun.
Hear me out for a sec.
:D
Advertising is a valid form of communication that is not protected by free speech. Telemarketing, spam, junk mail are legit.
BUT
They would be acceptible if a) there wasnt sheer crap pedalled, not to mention illegal, with pathetic tatics like header faking and b) THERE WASNT SO FUCKING DAMN MUCH.
I am one of those poor scmuck who walk about delivering junk mail. Sue me, I need to eat too. BUT, I think on the long walks I have thought about the situation. Most people, believe it or not dont mind the valuable (*cough cough*) advertising. what is pissing people off is that THERE IS SO FUCKING MUCH OF IT. It just never ends. There are three (!) seperate junk mail companies out there in Aust all wanting 3 - 5 sets of pamphlets delivered each week.
Really, the junk mailers, spammers and telemarketers are digging their own grave. They are burying us with shit. If they did it in moderation AND made the adverts worthwhile, for services and products that were seen to be half okay, there would be hardly a problem. But, look at the situation. Bullshit e-mail spanm thats all about porn and illegal drugs - make no mistake, the drugs like Viargra are illegal to be sold like they are pedalled via e-mail!. Telemarketers calling, calling and MORE calling. Junk mail that overflows letterboxes.
Frankly, I dont mind doing the junk mail round. Just about all people say hello if they see me. No one chases me with pitchforks (*). But how much longer? Hey, dont scream at me, those junk mailers are just paying me and if they are, I'll deliver. It's them who are screwing the pooch by the constant bombardment.
Admittedly, I feel like just tipping all that shit into the bin somedays.
So please, ignore what I do legally, even if you dont like it. Read my points instead, I think you may agree.
(*) - And if you did have a pitchfork, it's likely I'll outrun your ass. All that walking / jogging as made me bloody fit. Maybe I cant outrun a bullet, but I can dodge
Hat-stand radar activated! Begin doughnut filter deployment procedure!
I'm sure he's probably a really nice guy and all that, but it doesn't change the fact that he's a raving loony.
...Not that I would condone anything like this. My e-mail box gets full enough as it is and eventually the effectiveness would wear off as spam filters started getting more examples of the stuff. However, this illustrates just how wild the internet still remains - even with all of the legislation and legal action regarding technology. This guy just ran rampant it seems. It's kind of nice to know that people can still do that.
US Democracy:The best person for the job (among These pre-selected choices...)
earthlink.net seems to have a pretty good way of dealing with spam - when you send an email to an earthlink account for the first time it gets put in the user's "suspect" folder, then you immediately get an automated response with a url, you go to the page and enter the standard coded-number-in-a-distorted-image and can optionally add a short request message and your name, then the recipient can accept you and all further emails go straight through with no problem. You would only need to check the suspect folder if you were expecting something like a password reminder or welcome message. This is the sort of solution that will end up being adopted not some stupid "charge for emails" idea and we dont need laws that add to the complexity of everything and could potentially restrict freedom of speech (a law saying you cant send spam could provide ammo to the courts/legislators for starting other laws which go much further).
This comment does not represent the views or opinions of the user.
at least not before checking the headers. the 'from' address should match mail server(s) passed through (someone correct me if this is way out, i'm no mail expert). otherwise you could just be adding to the spam problem... i used to make this mistake and bounce everything i could, thinking it was "revenge". Oops. shameful. and if this is too far OT, mod me down. just trying to make a constructive post vis-a-vis this topic.
This is my Sig, this is my Gun. One is for Slashdot and one is for Fun.
and this guy missed it. $39.95, plus sales tax, (in 2003 currency) with FREE shipping. What a dork!
This is THE most interesting thing I have ever read, thankyou for bringing it to my attention. I'm in your debt.
When anger rises, think of the consequences.
Confucius (551 BC - 479 BC)
How on fisking earth is the first relevant post redundant?
HOW?
What strikes me is that the major problem is not the spammers doing direct DoS attacks on the targets, but that they're using brain-dead behavior of mail servers to pull off DDoS attacks. If you control an MX, please configure it to issue a 550 error during the connection if you can't deliver the message instead of accepting it and then bouncing to what you almost certainly know is an innocent party. A party who is not the sender of the message, by the way, which means you anal types who say "RFC says I must bounce" have to note that it also says you must not lose a message, which is what a bad bounce does. Please be a friendly network neighbor and stop bouncing spam.
I get a 404 in what I can only assume is Dutch (looks like a funny mix of Swedish, German and Spanish to me.)
In the real world, badly-designed car locks would make cars easier to steal. To combat this problem, people would insist that a) the locks be re-engineered to be better(...)
In the bizarro world of the internet, we likewise have broken locks. Email, specifically, is like a car with really, really shitty locks on it. However, instead of knowing about this problem for many years now and a few (some equally bad) proposals for fixing it, (...)
The thing is, what lock I got on my car doesn't affect any other car. In fact, they're in general completely incompatible. Can a key from manufacturer X be used to open a car of brand Y? No. Does that matter? Also no. That leaves room for experimentation and real effort in making a "safer" car.
You can create your own ultra-safe e-mail system but it doesn't do any good because the other 99,99% of the world isn't able to communicate with it. That's why there's so many ideas, but nothing that actually gets used.
The second reason is that there's no real commercial incentive for fixing e-mail, at least not for free. That is why they try proprietary solutions, which in general fail because there's already something that's free, universal and works - sorta works at least.
If you want to create a new mail system, you'd need the following to succeed:
A system that is in fact well designed, user-friendly and effective on a large scale.
A BSD-licenced server implementation that can work on all the major platforms.
You might say that's unreasonable. It is. But if you want to overcome the momentum that the current e-mail has, I don't think you can do with less...
Kjella
Live today, because you never know what tomorrow brings
I tend to, at least, glance at every email that I receive (spam included) and I have to say that they're not all bad. Some spam is actually pretty amusing (the time travel spam was a good example.
In fact, I would go so far as to say that if every spam that I received was that entertaining, I probably wouldn't mind receiving spam at my current rate.
Everyone knows that the *real* time traveler is named JOHN TITOR!
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
I disagree. That approach means that instead of going after the real bastards, spammers and scammers, we give up and embrace cynicism and absolute, "trust no-one" kind of mistrust as a normal way of life.
The owls are not what they seem
amazing. thank you.
Car security is abysmal. Car locks (and most other locks) are trivial to bypass with just a little knowledge. I've personallly watched a trained locksmith enter a car in under 45 seconds without a key.
But your particular experience with mental illness doesn't extroplate to the population at large. Different people will react different ways. Many, if untreated, will end up at a level such that they hurt themselves and/or others. To your stastically invalid personal experience I can relate an equally invalid but opposite experience:
A person that lived next to my parents developed a mental illness, schizophrenia to be precise. He coated all his windows in aluminium foil and was known to shout at nothing in the night. He was comitted to a mental instution where he got help and drugs and was released. The drugs allowed him to function generally normally. Then he stopped taking them and one night, shot himself fatally. Thankfully in this case he didn't hurt anyone else but very unfortunately he did kill himself.
Severe mental illness isn't something to be taken lightly. Any person seriously seeking non-extant parts to build a time machine has clearly lost touch with reality. As such he could potentially be quite a danger to himself and others as he seems to have a tentative connection to the real world. Professional help is most certianly in order.
While it is true that being severly mentally ill does not equal being a deranged killer, it does mean that a person has serious problem and is in need of serious help, not just for teh sake of others, but for their own sake. The grandparent poster is not out of line with the reasoning that this person need help before he can slip any further away from reality.
In other news Slashdot user, HopToit, has become the target of the most massive recorded spam attack in 3,000 years.
Poor guy :)
Murder is the senseless waste of a human life.
Spam is the senseless waste of millions upon millions of tiny fractions of a human life.
There comes a point where the few seconds that each of us without spam filters spend deleting this crap adds up to the average lifespan of a human being.
If someone has sent that much spam, why should they not be treated in the same way as a murderer?
A pizza of radius z and thickness a has a volume of pi z z a
Yeah, I'm going through this right now... but oddly enough I don't seem to be getting all that many bounced spams. Maybe their lists are fairly accurate? I don't know, I'm only getting about 25 or 30 per day and they're filtered out fairly easily. I do wish the sender wasn't using random usernames for each address, that would make it easier to deal with. Oh well.
--
RumorsDaily
Instead of a tax (why do some people always look to government for everything), why not use a micropayment system in which the sender must pay the recipient for delivery. If the sender is a friend or the e-mail is truly worth it, then the recipient rebates the sender's money. The recipient would set the payment level and publish it to the public.
For example, I would probably set my payment level at about 0.50 or $1.00, but if I stil get too many spams, then I would boost the charge to $2. I would also create a whitelist of people (friends, clients, mailing lists, and a few select businesses) who are automatically exempted. When somebody tries to send me an email, the MicroPayment Mail Transfer Protocol (MPMTP) would automatically inform the sender of the charge when they hit the send button. People not on the system would get automated return e-mail requesting that they join the system to complete the sending of their e-mail.
The point is that each person can decide how valuable their time is. Spammers (including those in Hong Kong) would be forced to target e-mails to only those people who would appreciate them.
Two wrongs don't make a right, but three lefts do.
And how do you implement such a system without backing it up with government-level machinery such as laws, law enforcement and judicial process? No, it's better to make it a government controlled operation from the start so that the standards are set the same for everyone.
The owls are not what they seem
Micropayments? NO! Microwaves!
I microwave my e-mail before reading to kill anthrax. It also gets rid of all of the spam too!
Eve Fairbanks says I drive a hybrid!LOL
spam should be avoided. Spammers continue to thrive ONLY because there are people who believe these spams and scams and lose money.
Chris ,
Php Programmers.
I'm using an ASCII terminal. Or a PDA with a small screen. Or VoiceXML over a telephone. Or I'm sight-impared. Or my ISP bounces your ISP's coded-number-in-a-distorted-image with request that they respond first with a coded-number-in-a-distorted-image, rinse, repeat. Or I have my filters set to autotrash any graphics in email because 99% of the time it's for penis pills. Or it was a Joe-job and your ISP sent me 20,000 coded-number-in-a-distorted-image challenge emails.
Now what?
One line blog. I hear that they're called Twitters now.
Call me.
Why does it have to be the same for everyone? If I want to configure my mail agent to only accept email that:
- Comes from someone on a whitelist OR
- Is signed with a PGP or GPG key on my keyring OR
- Includes a micropayment from a mint on my approved list
then where is the need for any involvement of anyone else, including the government?Using the force of government should be the last resort, not the first. It always results in unintended, negative consequences.
Sincerely,
Patrick
The only government involvement we need is telling China and korea that their address assignments will be firewalled by major carriers unless SPAM is eradicated. SPAM is any unsolicited commercial email, it doesn't matter who sends it. The system breaks down when clowns start trying to turn email into a 'profit center', if it gets much worse people will gladly bend over for a nickle a mail. The question is why has the situation been allowed to degenerate to this level in the first place?
And how do you implement such a system without backing it up with government-level machinery such as laws, law enforcement and judicial process?
I agree that government and law form the underpinnings of our economic system. But government did not create eBay or credit cards. Government is moderately good at creating a regulatory context in which rights and responsibilities are balanced for the average and common good. Government is generally bad at creating innovative systems that are customized to the needs of individuals. Finally, government is ill suited to standardizing/regulating international phenomena like spam and e-mail.
No, it's better to make it a government controlled operation from the start so that the standards are set the same for everyone.
The point is that not everyone wants the same standards. Some people may not value their time or not care about spam and thus chose a low hurdle (and a 0.01 tax is a very very low hurdle for spam, IMO). Others might place an extreme value on their time or loath spam so much that they place a high value of their time. So the recipient should set the payment.
Moreover, it is not the government that bears the cost of spam, it is the recipient. The recipient's "labor cost" far exceeds the cost to the internet infrastructure. Therefore the recipient should get the payment.
Since the recipient should set the payment and the recipient should get the payment and the issue is international, I would think an organization like VISA would be better at running the program than any of the Earth's 180-some-odd governments.
Two wrongs don't make a right, but three lefts do.
The problem with your suggestion is that spammers will then use the accept/reject mechanism as a means of verifying email addresses, something equally bad.
just as manIE who have soul DOWt, he is his owned reward. we're just monitoring the 'stuff that matters' deficit, & a few other things.
You can vote out a government, but you can't vote out a corporation (unless you can buy them out).
The owls are not what they seem
Did anybody open the HTML attachments with the time travel spam? They were advertisments for penis pills, viagra, and all the usual suspects. The weird-ass messages simply spoofed spamAssassin, et al., into passing this rubbish along...
Vincent "The Chin" Gigante wandered around Greenwich Village in a bathrobe, pretending to be crazy, to escape a murder conviction. Robby "Captain Time" Todino covers his slimy business with feigned nuttiness.
They both deserve the needle.
When you think about it, do you think joe-blow spammer has a warehouse full of penis pills or runs a pharmacy from his backyard?
Of course not. Spammers don't need to sell a single thing. All they need to do is convince the companies that they'll sell something. And when you come off with a pitch like "I can market your product to 10 million people through e-mail. If you get even a hundredth of one percent sale rate, that's still 1000 units sold," it's pretty easy for someone who doesn't know the hassle and bad reputation spam causes to think "Hey! That's a good idea!" with dreams of money bags flowing in as they think of the typical response rate of 3-5% of mail order catalogs.
And for illegitimate and questionable products, they're always looking for ways they can push their message without risk of getting busted. So there's a built-in long-term market for spammers to sell to right there.
That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze
We're just going to have to start killing these scumbags.
It's the only way.
How long will this "we need a new e-mail system" go on? The discussion about a new protocol to replace SMTP has gone on for ages, but nothing has happened.
I predict that Microsoft will come up with a new, better secured way of transferring mail messages over the Internet. It will be a closed architecture that requires Windows on all client and server systems. It will take over from e-mail overnight. In about a year's time, you will get more and more comments like "Oh, you still have such and old-fashioned mail address, one with a @ in it?" from most of your mail partners, certainly in business uses of mail...
Why? Because the advocates of open standards only talk about the problems of migrating to a new standard, and don't actually start designing and migrating.
So what's your public key? Or how am I meant to verify your signature?
I am still sceptical when it comes to a private organization handling the transactions
Agreed! I am not 100% comfortable with the idea, either. The thought of Microsoft becoming the micropayment manager for the majority of the world's e-mail gives me the willies. I only think that private companies will do a better job than government -- whether they do a good job is another matter.
Perhaps private companies might form and administer these networks, but government might define minimum standards and create interoperablity requirements. To me, that leverages the strengths of both groups -- private companies are relatively good at creating some level of value that people are willing to pay for. Government is relatively good at creating some level of fairness that people are willing to vote for.
Many systems would be better than the current system in which the cost of communication is so low that people are encouraged to spam the system with communications that are worth nothing.
Two wrongs don't make a right, but three lefts do.
I agree that advertising is valid, when there's a legitimate product being offered from a reputable source. I don't mind seeing the occasional email from computer hardware and software companies, stuff that I've opted to receive.
;)
What I hate is scammers who as you say do the pathetic tactics. If I set up filters blocking bogus headers, keywords and the like, it means I don't want your junk, plain and simple.
As an example, I put 'viagra' in my blocklist. So in comes an email with v1agra or v|agra in it. What does the spammer think I'm going to do? "Oh, he got past my filter. I guess I have to buy his product now." Duh. If you have to deceive your way into my Inbox, it means I wouldn't ever buy from you anyhow. Spammers are idiots.
Keep your wits about you. Those pitchfork-wielding junk mail haters are crafty. I used to do that job too, flyer delivery.
The next time I read some clueless person throwing the idea of "taxation of email" in here again, I'll throw up!
The day a email tax is born will be the very same day when email will die!
How should your begging(!) to pay a(nother) TAX for email prevent foreign spammers to spam you? You will feel fucked in the ASS after paying MONEY and still receiving offers of penis enlargement! The only thing you can do against spam is NOT buying that CRAP!!!
Without laws nobody would pay.
Credit cards weren't setup by the government, but they were made possible by it - Lender A lends you the money, and refuse to pay, you go to jail. Without such a law credit cards would never work.
There's nothing like that for email. I'm perfectly at liberty to say 'anyone who sends me email must pay $1' but there's no law to enforce it... certainly not from the spammers - although 99% of spammers are US based they use open relays in korea/poland/russia to send their emails.. and they're not easy to trace either. Even if I could trace them why would they pay? (this is why shareware never worked... nobody actually registers their software - how many people actually pay for winzip for example?)
IMO Spammers when caught should have internet bans placed on them - if a court said Ralsky wasn't allowed to use the internet for 5 years it'd be cheap to implement and hit far harder than a fine (hopefully drive him out of business permanently).
>> If the sender is a friend or the e-mail is
>> truly worth it, then the recipient rebates
>> the sender's money. The recipient would set
>> the payment level and publish it to the
>> public.
Lets see how that would have worked when I got my Cease and Desist letter for posting screenshots from GameSpot
"Wow, a cease and desist letter. This mail truly isn't worth it, I'm keeping the senders money. Good thing I put the payment level at $50."
I dunno about yours, but my TV has a power switch. Besides, who needs TV when you've got BitTorrent? :)
+++ATH0
I read this guy's father said he has mental problems.
NEVER ever fuck with someone that thinks Michael J. Fox was talking directly to him.
think about the definition of a "joe job"... it's intended to get someone in particular to be blamed for something... perhaps this is a two-layer joe-job, with the second layer (which fooled you all) being aimed at Todino?
We've secretly replaced Slashdot with new Folgers Crystals - let's see if it notices.
Spammers when caught should have internet bans placed on them
I agree, but it would not do much good. For better or worse, the curent internet does not require proof of identity to get an account, set up a server, or send e-mail. And I'm sure privacy advocates would never allow that kind of traceablity to happen.
But if e-mail senders were forced to deposit money into a escrow account prior to sending an e-mail, they would have to steal the money (a definite crime) or pay the money to get their spam delivered.
Two wrongs don't make a right, but three lefts do.
"Wow, a cease and desist letter. This mail truly isn't worth it, I'm keeping the senders money. Good thing I put the payment level at $50."
LOL! And then the lawyers would just bill the client for it.
On the other hand, they could just send you the C&D via snail mail. Also, any new friends that aren't yet on your whitelist might balk at putting up $50 just to send that first e-mail to you.
Two wrongs don't make a right, but three lefts do.
I read the article, and until he gets convicted or confesses to doing the spamming, what you have done is considered libel. You cannot say that Todino is responsible for this spam attack because you have no proof. You could be sued, so if I were you, I would change your title to something less libelous.
This is the kind of thinking that we need to be doing.
If a new email system is created by a non free/open group. It could really put the FOSS community back a more than a decade or more.
ON THE OTHER HAND if the FOSS community was to introduce a email standard it could give us a boost of a year of so, if not more.
(The difference is that we will not (and can not) prevent then from using our methods))
This is a place where the EFF or FSF could make a big contribution to the process. If respected group was to start the process then we could begin to move forward. The process does not need to be prefect the first time it just need to be able to grow and change in an ordered and up gradable way.
1 - set email fee = $0.50 ....
2 - Put email address everywhere
3 -
4 - Profit
I really like the idea,
would there be an upper limit to your per mail setting? could I set $100.00 per mail? (provided I have no friends, no family...)
Could people I send email to be added to the white list for a one time reply?
but we still need the gov. otherwise some will create an micropayment email client that generates fake micropayments just to get email in your box.
(I suppose that would be actionable under some fraud or counterfiting law...)
I bet you even worry about the signs ("+" and "-"). How pathetic!
In other words, do NOT attach a Microsoft Exchange Server to internet!
[actually, Exchange is just the most popular MTA that has no easy way to stop this behaviour, but there are others. Any MTA that doesn't have access to the a local delivery list will do it.]
Its probably a double joe job - Robby doesn't wanna annoy random website users, he just wants to get out of this time frame!
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
I had invented a time machine, but before I used it, someone from the future appeared in my room and told me to destroy the machine, or if I did not, I would severely screw up the future. I had just gone down to the basement to get the sledge hammer after the guy disappeared when another guy from the future showed up saying I shouldn't believe the first guy. The second guy says that if I destroy the machine, the future will go down a very dark path. What should I do? P.S. Please hurry, as I am really itching to push the start button.
would there be an upper limit to your per mail setting?
I would imagine that the micropayment service provider would cap the max payment to reduce the chance of fraud or limit liability in the event of fraud. Or the service provider might cap the max payment on the sender's side -- not letting a sender send an email to a $500 address if the sender's credit is poor or their account is under-funded. On the other hand, I could see some interesting business models come out of this service -- the tech support of a software company might publish a $20 email address (a good way to fund shareware too).
Could people I send email to be added to the white list for a one time reply?
The sophistication of the rules would be up the network service provider. If the system was based on open standards and an open network for transfering funds, then I could imagine multiple service providers offering different terms. For example one cut-rate provider might demand only a 5% cut of the micropayment (with a $0.01 mininum) for bare-mininum service. Another provider could offer very sophisticated sender analysis with continguent price tables, but charge 25% and a 0.10 minium.
but we still need the gov.
Absolutely! But government would play the same role as it does with the current credit card system or PayPal -- ensuring fair treatment, regulating abusive practices, mandating minium financial standards for service providers and providing a venue of ajudicating disputes.
Two wrongs don't make a right, but three lefts do.
If you control an MX, please configure it to issue a 550 error during the connection if you can't deliver the message instead of accepting it and then bouncing to what you almost certainly know is an innocent party.
I can tell you that the problem is all but easy to fix.
Not only do our Postfix servers (On the DMZ) have to accept mail to Exchange accounts (Servers on a different inside-DMZ) without knowing what accounts exist, but also for other mail servers we have no control over. For example, we send incoming emails back out over VPN tunnels to Japan, Germany and Washington without having the slightest clue or control over what accounts exist over there.
Before, I used to work for a big ISP that only serviced companies and the setup was similar there, we had this huge Sun Enterprise cluster to accept incoming email for our clients, and then sent the emails to each customer's dedicated server without having any control over them.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
It's not that simple. If you want to figure out that you can't deliver the message, you have to check. Checking takes computer resources. Now everyone has a really easy way of DoS'ing your server.
Furthermore, by returning 550 in the SMTP session, you've given criminals an easy way to search for valid email accounts.
Accepting and then bouncing the messages remains the more secure and better performing solution. (Even when it's a 'Joe job' unfortunately.)
I agree with the person who posted that we need a new protocol.
Is eBay (and paypal as well, since we're talking micropayments) really a good example? When daily we hear tales of fraud and abuse on the system, and calls for help go unheeded by the administrators?
I concur. The BSD license is the way to go. It will assure adoption as stated. It also is becoming apparent the FSF will not go to court to defend the GPL. Just look at the SCO mess right now. The FSF will not go to court,SCO is mosifing teh GPL (not allowed.) What has the FSF said?. What is teh FSF doing? The BSD license model is looking better all the time and it had been tested in court.
Facts are we have to do something about transitioning to a new Email model. The one we have that allows all this Spam is broken. It's time to quit talking and do somethng before the Microsofts of the world mandate a closed solution that forces use of their products and fragments the system into 2 parts. Consisting those that will used the closed system (stupid consumers) and the rest of us. my 2 cents.
If you don't like what I write don't be a CS and mod it down. Refute it.
Yea I can't spell. So what is your point?
If you control an MX, please configure it to issue a 550 error during the connection if you can't deliver the message
Many Internet-accessible MX hosts are not also running delivery services (POP, IMAP, etc.) They often relay the mail to a non-internet-accessible SMTP hub for the domain, which in turn relays the mail to the hosts running the delivery agents. There's usually no way the Internet MX host can know which users are valid.
Don't try to pass this off on mail admins. We're doing what we can, spending way more time setting up ways to filter out this crap than we should have to. Direct your bile at the spammers.
which means you anal types who say "RFC says I must bounce" have to note that it also says you must not lose a message, which is what a bad bounce does.
I do not think "lose a message" means what you think it means. I like the RFCs. I just don't think your little suggestion does much good except for the poor joe-jobbee. I've been joe-jobbed. Yeah, it sucked. But I'd rather delete a couple thousand messages once in a blue moon than ask every admin on the Internet to set up their mail servers so that the spammers can more easily validate their address lists.
include $sig;
1;
Is eBay (and paypal as well, since we're talking micropayments) really a good example? When daily we hear tales of fraud and abuse on the system, and calls for help go unheeded by the administrators?
And there is no fraud in government???? Fraud is endemic to all human institutions. The only issue is what is the rate of fraud and how do you limit its impact on the victims.
Since I would imagine that most people would set a modest sender's fee in the neighborhood of $1 or less and most people send out very few emails per day, most sender accounts would be capped at $5 to $50 per day of charges. Maybe somebody might want to steal your senders account and send themselves money, but it wouldn't be an easy (or untraceable) way to make money. I suppose there is always the risk of someone hacking the account system, but then anyone who uses a credit card or has a bank account faces this risk.
Two wrongs don't make a right, but three lefts do.
'Make money over the internet by accepting ads in your email!!!'.
Sorry, but all that's going to do is create another way to propogate your email address out to yet more spammers, while doing nothing to reduce traffic.
I know there are those that say we've got more badwidth than we need, but frankly, just becuase the bandwidth is there, do we have to saturate it?
Most micropayment systems for email will attempt to clear the transaction before presenting the email to the intended recipient. If it doesn't clear, the email doesn't get through. The only laws needed are the laws of mathematics.
Sincerely,
Patrick
Way to use anti-slash, fag-master.
Can't slop together 30 original words together about spam? Too busy sucking off other anti-slash dicks? Christ almighty, even the trolls on Slashdot suck.
If I could force the sender to pay me $100 per email, I'd setup a bunch of honeypot email accounts with common names: john@mydomain.com, etc. I would never publish those addresses but the spam will start flowing immediately, resulting in big bux for me.
In fact, every ISP could make a killing by scanning their logs for the trial-and-error addresses the spammers try, then setup accounts for those addresses and let the income roll in.
Well, once you start putting in filtering options like that, I have to wonder if it's really all that better than current ideas.
What does a micropayment really serve that a message sent back to the sender requiring an intelligent reply does not? I find it doubtful a spammer will be able to program bots that will be able to parse all possible request-for-confirmation replies they get back after sending out a batch.
"Orthodoxy is unconsciousness" - Orwell
Actually, it's exceptionally(frighteningly) easy, at least in Massachusetts. Your parents, as well as any nurse, doctor, law enforcement officer or judge can determine you are a danger to yourself and have you indefinitely committed, with no due process. You get a review, but the time window is "several weeks" if I recall. Now, picture having spent several weeks in a mental institution(probably a state one, and keep in mind, funding for mental facilities has been severely slashed thanks to Governor Mitt Romney) and trying to convince a panel of psychologists you're not insane. I'd probably go insane just from frustration and despair. The phrase "yeah, sure, buddy, you're not crazy, we don't hear THAT one all the time" comes to mind.
The Boston Globe did a big story about it several years ago; one of the cases I remember involved a patient of a psychologist decided to stop having sessions with her, and when she asked if he would hurt himself, he refused to answer the question, saying she should know him better than that and he found it insulting. A matter of hours later, uniformed cops broke into his house, slammed him to the floor and handcuffed him in front of his wife and young children- and he spent weeks in a mental facility despite the efforts of his wife to get him out.
It's terribly frightening- the same possibilities for abuse exist as with the Indian law which allows you to declare a relative dead, and is widely used to steal property from unpopular relatives(the Peace ig Nobel Prize winner was a victim of this.) At least those people aren't imprisoned against their will, denied counsel, and unlocateable (citing the new patient confidentiality rules, mental hospitals will simply deny a patient exists.)
Please help metamoderate.
As long as people keep supplying Dimensional Warp Generators, the spam will continue. Clearly, we need for everyone to stop making these generators available through spam requests, and only sell them at offical time travel flea markets.
Also, you've just banned blind and partially-sighted users from the net. I'm sure these aren't the only people who'd find such a solution crippling.
Ph-nglui mglw'nafh Gates M'dna wgah'nagl fhtagn.
I mean think about it.... he knows which companies are going to be successful so he can be rich, he has advanced immune system so little or no sickness.
Heck, where did he get this Platinum Gold? How did he run out of Galactic Credits? (Are they legal tender in 2003?) Did he buy the Platinum Gold with the Galactic Credits? He wants the "unit" teleported to a "Secure" location that has been revealed via a non-secure channel? He promises to pay for the device if given information on how to pay; once again via a non-secure channel?
I think I saw a dimensional warp generator in a pawn shop in the south side of Ft. Worth, TX. It still has 2 months on the note. At least I *think* it was a DWG - it *could* have been an old RCA tube radio but you never know until you look at the serial number plate.
He better be careful... he might end up with the MIBs on his doorstep.
Codifex Maximus ~ In search of... a shorter sig.
How about organizing a week when readers of /. volunteer to click all of the links in the spam they receive. /. visiting their web servers might send a message. Bouncing/Replying may be useless, but the links in their messages have to go back to them. Maybe it'll stop the one sucker that was actually gonna buy something.
/.ers together to do something like than when I can't even get them to buy penile growth pills that I KNOW they need!?!
Bah!, why would I think that I could get
Guess I'm on my own.
Hmmm, I need an incoming email filter to load every filtered spam page and spider all links within it 100 times before deleting it.
For your viewing pleasure:
This one a month earlier:
(Yes, I deleted e-mail addresses to protect the guilty, but hey, it's principles.)
Another interesting note: The first time I tried to submit this: Lameness filter encountered. Post aborted! Reason: Please use fewer 'junk' characters.
So, at least we know he's lame.
"Alcohol, Tobacco, Firearms, and Explosives" should be a convenience store, not a government agency.
This guy, reminds me a lot of Frank Chu. Frank is this crazy guy who walks around downtown San Francisco carrying a picket sign that says some bizzare gibebrish about politics and "The 12 Galaxies."
He's also generally known for showing up at most major gatherings in the city.
His fan page: http://www.12galaxies.20m.com/
Shit about Frank Chu on Google.
of corse, I think Frank it too whacked out to send millions of emails, but if he could, he would.
s'wut i sed.
Now if the sender wants me to see his e-mail, he'll have to do the following:
- Sign up with PayPal if he's not already, and fund the account.
- Make a payment to my account.
- Add information to the e-mail that references the payment, and
send it again.
If the instructions in my bounce message are detailed enough, even my tech-illiterate mother would be able to follow these steps and get her e-mail to me, but the real point is the hassle factor. What about the hiring manager who just got my resume from some recruiting firm? Will he really bother, or will my bounce message and resume just go in the bitbucket? What about automated e-mail, like the MTA bounce message I get for making a typo in the recipient line? Even if I've anticipated the automated e-mail and whitelisted it in advance, what happens when the addresses of those senders change, like after a buyout or merger?E-mail authentication, whether it involves money or just encryption, is a chicken-and-egg problem. As for using a whitelist and blocking anyone that's not on it, I can imagine too many scenarios where I would miss something from a sender that's not on my whitelist.
Loading...
Comment removed based on user account deletion
It's not that simple. If you want to figure out that you can't deliver the message, you have to check. Checking takes computer resources. Now everyone has a really easy way of DoS'ing your server.
That doesn't make sense. It has to check anyway in order to deliver the message. A bounce means additional work of storing the entire message (instead of giving the error as soon as To header is found invalid) after accepting it, and then the bandwidth usage to bounce it. The cost of a bounce is at least double the cost of an error.
Furthermore, by returning 550 in the SMTP session, you've given criminals an easy way to search for valid email accounts.
If spammers still cared about address validation, they wouldn't be forging the From in the first place. I don't think any have cared about having "good" addresses for at least the last 2 years.
Accepting and then bouncing the messages remains the more secure and better performing solution. (Even when it's a 'Joe job' unfortunately.)
Your reasoning has been shown to be incorrect. Please adjust your world view accordingly. Thank you! :-)
They often relay the mail to a non-internet-accessible SMTP hub for the domain, which in turn relays the mail to the hosts running the delivery agents. There's usually no way the Internet MX host can know which users are valid.
I will agree that relays are a tricky issue. I also think that relaying is a dated issue. There is really no reason to have a dumb relay anymore. If I can get web hosting for $5/month, it should certainly be possible to anyone who needs to accept email for a domain to have a mail server always available to accept messages directly. Alternatively, as a server accepting messages for relaying, you should require the downstream to accept all recipients. You have failed to make a case for bouncing either way.
Don't try to pass this off on mail admins. We're doing what we can, spending way more time setting up ways to filter out this crap than we should have to. Direct your bile at the spammers.
Everyone who could possible address the situation but does not gets a bit of my bile. There are clearly steps you can take to eliminate improper bouncing.
I do not think "lose a message" means what you think it means.
Then what does it mean? The message doesn't get to the recipient, and the person who actually sent it gets no error or notification of failure. Sounds lost to me. Please show how I am mistaken.
But I'd rather delete a couple thousand messages once in a blue moon than ask every admin on the Internet to set up their mail servers so that the spammers can more easily validate their address lists.
If spammers gave a fuck about valid emails, there wouldn't be so much bouncing and forged From headers in the first place! And let's hear you whistle that same tune when the ever increasing loads of spam turn your blue moon rarity to a daily sunset certainty.
Sony already does this.
They go along major tourist areas with a couple posing as tourists and get people to take pictures of them with the new state of the art camera they happen to have. Then if asked they start telling the ones approached to take the pics of this fake couple about the great new features it has.
From what I was told it works as they are getting directly to the ones that most likely would use the camera or such.
John
if they sent it snail mail I never would have gotten it, not using a real address.
Once you start putting in filtering options like that, I have to wonder if it's really all that better than current ideas.
Filtering, by itself, has three deficiencies.
1) Filtering does not address the bandwidth problem the way micropayments do. Filtering happens after the message arrives, payment occurs before the message is sent.
2) Filters suffer from both false positives (rejecting wanted e-mail) and false negatives (accepting spam).
3) FIlters are also subject to an ongoing arms-race -- spammers keep finding new ways to spell p3nis.
What does a micropayment really serve that a message sent back to the sender requiring an intelligent reply does not?
Micropayments are superior for 2 reasons:
1) Micropayments occur at send-time and incur no delays in reception. If you pay the money when you send the e-mail, then you can be sure the e-mail gets to the addresss (no gaurantee that the recipient opens the e-mail). In contrast, the intelligent reply system involves delays: I send a message, later I check my mail and find that the message did not get delivered because I've got this intelligent replay email from the recipient. If the sender is not online 24x7, the sent message is delayed.
2) But the greater flaw with intelligent reply is that it is potentially defeatable through automated, zero-cost mechanisms. I'm sure spammers are working hard to automatically parse the intelligent response e-mails or recognize the coded image. It may slow them for a time, but it does not solve the root of the problem - communications is too cheap.
Two wrongs don't make a right, but three lefts do.
A year or two ago, I heard some sort of proposal to extend RFC 822 to add an additional step in processing and forwarding email to get rid of From header forging. It sounded simple and effective.
Let's say my MX is currently connected to internet host 199.199.199.199 receiving a message that the From header claims to be from "billg@microsoft.com" My machine would then query a server at microsoft.com (probably using some form of DNS) to ensure that 199.199.199.199 is indeed a server authorized to send mail as microsoft.com. If it's not, chances are very good that the message has forged headers and should be punished by SpamAssassin (or whatever).
Of all the proposals I've heard, this one is by far the most practical. Why haven't I heard anything since?
It seems that everyone in his right mind despises
telemarketing. Spam too. Ask anyone, and they'll tell you that there
are few things they hate more in life. It seems as if there are no
exceptions to this rule -- everyone, bar none, hates telemarketing and
spam.
But
it can't be true. Someone must be responding to this stuff by spending
their money. Because for some reason, telemarketers and spammers stay
in business. Somehow, it must be worth it for them.
If everyone hated the stuff as much as they say they do, if everyone
hung up on the unwanted calls and deleted the unwanted mails in nothing
flat, like they say they do, then the problem would fizzle out before
long. No one could make money doing it, so there would be no reason to
keep trying. And yet, the crap just goes on and on and on.
I've
read rumors that a certain small percentage of the people called or
mailed actually do respond and end up buying something; usually the
figure is put about 10%, or something similarly low. Hard to believe
that such a business would be worthwhile if the response rate is so
low; but whatever it is, it must be high enough that the incentive for
telemarketing and spamming is maintained. Otherwise, there'd be no such
thing.
A national no-call list is a nice idea, but I can't see
the problem going away altogether as long as the telemarketers and
spammer still believe there's a chance to make money. Certainly the
spammers are not going to let some trivial thing like a Federal law
stop them. (They'll just go on spamming from Antarctica, or wherever.)
If we really want the problem solved, once and for all, we have to
ensure that there is no future for those businesses, and that would
require educating the public, right down to the last man, woman and
child, to always follow this rule without exception: If someone calls
you or emails you to sell you a product, then whatever you do, don't buy that product!
Simply enough:
Joe spammer sends 10 million messages to Earthlink, using your email address as the sender - you don't think spammers use their own address do you?
Even if Earthlink use rate limiting so that only one challenge is sent, what about the 10 million other domains hit which send out the same challenge.
See why C/R is unworkable?
Read the damm article. It wasn't a couple thousand, it was nearly a million across the three domains - and they got off lightly.
I had a joe-job at the beginning of 2002 which resulted in something over 1.3 MILLION bounces being delivered.
Show your real address, watch a spammer Joe it and feel the REAL pain. If you only got a couple thousand bounces, then it was an amateur at work.
Well, I for one welcome our new time-travelling overlord!
Spam requires commercial motivation. This guy isn't trying to bilk anyone out of their money. He wants to spend money! In other words, he's begging to get ripped off.
Lk
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Sorry for causing all that spam!
(on the upside, my penis is now 465,923 miles long.)
Here is a more "novel" idea to combating spam. Change the way the internet is working now.
Have domiciled email addresses. Force registration of email couriers. This would also require changes to the way we deal with the internet.
Require anyone who wants to send mail to register their server. Its easy, you are on the internet alreayd, so you ISP registers you, gives you a domain name and you are good to go. Any spam from you is easily traced to your physical address which your ISP has. Doesn't have to be too hard, just tell your ISP you would like to be able to send mail, on the form or where ever.
I think when rights are abused like this, their benefits outweigh their costs and we need to regulate this.
Mental illness unfortunately runs in my family. The fine-line myth is just that, a myth. Schitzophrenia, clinical depression, and Alzheimers. It wasn't until the late 90's I'd been diagnosed with clinical depression and wasn't until the same time that I discovered that it was rampant in the family, though one of those "deep dark secrets nobody talks about" - which only exacerbates the situation.
My own experience is difficult to describe for folks who haven't been there. A complete collapse of confidence in yourself, a terrible self-loathing, a fear of the judgement of others, a sense of hopelessness; this often results in suicide. Often you just can't get out of bed, don't want to read or watch TV, just want to cry - but can't - can't clean up, can't manage your money, can't deal with people. This is isn't laziness, it's mental illness.
The cause of my particular ailment I believe to be chiefly biological (seretonin) and Prozac took care of that, the other behavioral which required a good deal of therapy. I was on the verge of suicide by poisoning when I decided I'd give this treatment a try; always opportunity to go with plan A. After years of therapy, I'm doing great and career-wise I'm doing stupendously well. I still struggle, but no longer need therapy or meds - just to be mindful of my state of mind and behaviour.
My grandfather went insane due to a combination of Alzheimers and suffered with it for 30 years; he was extremely difficult to deal with, like a frail child. Sometimes he was lucid, very rarely he seemed completely normal, but most of the time he was like a six year old. He'd do wierd things like bend over to read newsprint two inches from his nose, only to read the article/ad again and again until he fell over.
I had a schitzophrenic neighbor who, when on his meds, was more or less functional. He was a math whiz and an incredible chess player, but on his meds he was pretty zonked. Off his meds, he'd do odd stuff like wear surgical masks and spray things (and some folks) with Lysol, hear voices all the time (pounding on my door at 3:30am and waking me up to bitch at me about talking about him and playing music too loud - total hallucination).
Mental illness isn't funny and isn't simply dealt with by "locking people away" - the state can't and won't provide adequate resources to treat the mentally ill, instead releasing them after observation - often to the streets - a lot of homeless are made up of the mentally ill.
Banning this Rob guy from getting online may be the only way to keep him from spamming folks, but it may do more harm than good where his mental health is concerned. Reason ain't gonna work with this guy, so cutting him off from the Internet may be the only solution as far as the community is concerned.
So what's your point? The fact is that mental patients are less likely to become violent than the average. Go read a book, dumbass.
The solution is easy: the e-mail application must have two windows for the received e-mails: one for the mail addresses marked as 'acceptable' by the user and one for all the others. In this way, the user can browse the e-mails that interest him/her in one window, while deleting all the others in the other window with one click (if he/she wishes so).
This will not entirely eliminate spamming, but it would sure make received e-mail management a hell of a lot easier.
nstead of a tax (why do some people always look to government for everything),
The main purpose of taxes are the redistribution of wealth to provide for the common good. No one could afford to hire trash collectors, firemen, police, build roads or get mail delivery without the collection of taxes and the redistribution of wealth to provide those services to all.
The other main purpose of taxes tax isn't the government *doing* anything really except encouraging behaviors or industries and discouraging others (in this case spamming). Just as in trash collection and police services it would be impossible to make a dent in the spam industry if it were up to each individual citizen to collect a few cents per message.
Remember that the government isn't some separate entity, but is made up of our representatives elected by us. We then let them know what we want. It is perfectly legitimate to want the government to "do" something about a problem that effects everyone.
On the other hand you better hurry up and use your democracy before the Bush/Cheney/Rumsfeld triumvirate nullifies the Constitution and starts telling you what THEY want.
The other main purpose of taxes tax isn't the government *doing* anything really except encouraging behaviors or industries and discouraging others (in this case spamming)
But this is a terribly crude tool that both fails to deter enough spam and penalizes legitimate uses of e-mail. It fails to deter spam because even if the tax were an outrageous $0.50 an e-mail, we'd still have spam. My snail mail box gets half a dozen pieces of spam (junk mail) per day. The $0.50 cost for printing, stuffing, handling, and mailing a piece of junk mail is no deterent to many marketers such as catalog retailers, timeshare hawkers, charities, mortgage brokers, credit card companies, etc. A $0.01 tax may weed out some spam, but too much of it carries such a high pay-off that it is profitable.
The tax would also punish legitimate uses of e-mail. The members of a family should have the right to send and receive e-mails without paying a spam-tax. A telecommuter should have the right to send/receive e-mail from his employer without paying some silly penalty tax. Innovative uses of e-mail (imagine the engines of long-haul trucks sending wireless e-mails on engine status, maintenance needs, etc.) should not be stifled.
Taxes are a very blunt tool -- no single tax level will balance the diverse uses and opinions about e-mail. That is why I'm suggesting that we give control to the recipient to decide how much spam costs and give control to the recipient to decide who gets free access.
Two wrongs don't make a right, but three lefts do.
Coincidentally, the coordinates given are on the path of the old Middlesex Canal.
The canal was the internet of its day, rendered obsolete by rail.
You raise some very legitmate issues.
Re: Hassle Factor & Chicken-n-egg
Yup, this is the biggie. Out-of-system senders would get an odious "join and pay-up" message just as you have described. But it is not as bad as it could be since once a person joins a micropayment network, they would never get another "join and pay-up" bounce message again. This is unlike some filtering/intelligent reply systems in which you might recieve a new hassle-factor bounce with every new recipient.
Re: What about the hiring manager who just got my resume from some recruiting firm?
This is a really cool scenario since it highlights the power of the micropayments system. If I were a hiring manager, I would set some modest, but significant, payment level (like $1 per resume). I would not whitelist anyone and I would tell all the recruiting companies to send "1 resume per e-mail". Now, it falls on the recruiting manager to actually filter the resumes and not send every resume in response to every job posting. Likewise, individual job seekers would become more selective. As a hiring manager, I would rebate payments to recruiters and individuals that sent in highly qualified resumes and keep payments from resume spammers. As a job seeker you might think that pay-to-apply really sucks, but if reduces the number of junk resumes that your resume ends up covered by, then I suspect it actually improves your chances.
What about automated e-mail, like the MTA bounce message I get for making a typo in the recipient line
Invalid/unknown user, mailbox, or domain bounces are impossible in this system because the recipient must be looked up by the protocol _before_ sending the message. The system must check the records of the recipient to determine the recipient's required payment. Bounces for other reasons (e.g., "quota exceeded", "virus detected") might be handled through a standardized set of return message codes. These bounces would need to be either handled by a code or secure message that prevents spoofing or exploitation (i.e., piggybacking a bounce message with spam).
what happens when the addresses of those senders change
Tricky! In a simple version of the system, when a whitelisted sender changes address, they would have to notify all their friends/business partners about the change and/or "pay-n-rebate" until rewhitelisted. In this way, its not any different from current spam-filters which can dump legitmate e-mails if a trusted sender starts sending from a different address. A more complex protocol would let a sender transmit a whitelist-modifying automated message to change addresses (or piggyback on their trusted "main" email address). This change-of-address/piggyback feature would need to be very secure to prevent hijacking.
I can imagine too many scenarios where I would miss something from a sender that's not on my whitelist
Is this any different from the current situation? My wife gets more than 100 spams per day (she has a 10-year-old e-mail address that some clients have publically posted, bless their hearts). Between aggressive filtering, and the crap that leaks through, she misses too many legitimate e-mails.
But a micropayment system would kill the economics on most spam to reduce the volume of it to a much more managable level. You would not need to rely on the whitelist or aggressive filters to let stuff into the inbox, people who pay would get into the inbox, people who spam would lose their money to you, new-found friends who send useful stuff would get their money back and could be put on the whitelist.
Thanks for forcing me to think more about this stuff!
Two wrongs don't make a right, but three lefts do.
OK, I'll take the time to spell it out for you.
1) If you're running a domain with more than 1000 valid addresses it often makes sense to have multiple delivery hosts with an smtp hub routing mail
2) For security reasons, you don't want that central hub Internet accessible. If you're attacked, you want the organization's internal e-mail to continue functioning. I'm not talking about ISPs, I'm talking about organizations where e-mail is an essential communications medium.
3) a dumb relay is the simplest, most secure, nearly maintenance free method of getting that mail inside your protected network.
Alternatively, as a server accepting messages for relaying, you should require the downstream to accept all recipients. You have failed to make a case for bouncing either way.
If the downstream gives a 550 error upon relaying, the relay host bounces the message anyway. Your "solution" doesn't work. Then what does it mean? The message doesn't get to the recipient, and the person who actually sent it gets no error or notification of failure. Sounds lost to me. Please show how I am mistaken.
Your problem is that the person who spoofed the reply-to is the one who lost it. If they don't put the correct info in the message, the RFCs don't require the mail servers to mysteriously determine the ACTUAL sender despite that senders attempts at anonymity. The MAIL SERVER doesn't lose the mail, the message was lost before it was ever sent if both sender and recipient headers are invalid. If you violate the RFCs when composing the message, you can't expect to hold the downstream servers accountable for "lost mail" which never had a valid sender OR recipient. It's not lost - it was never found. It's dead, gone to meet its maker. It's an EX-MESSAGE.
include $sig;
1;
My original reply was more to address the "why does everyone cry to the government" part of your message - I thought sking the government to control spam was a legitimate thing to do.
In another post in this thread I suggested a modification to a suggested tax on email to be a tax on *commercial* email. That would free common folk of an email tax. However, I also noted that if we can't get spammers to obey the few anti-spam laws that are on the books now how are we going to get them to pay their taxes (or the charges from individuals in your plan?)
Sure, taxes are blunt, but they are also relatively simple. I can't even imagine the complexity of administering millions upon millions of penny transactions for emails, the amount per email set by each and every recipient. Doesn't it make sense to have the people who are making use of most of the bandwidth of the internet simply pay taxes to support its infrastructure? I could also see people setting up hundreds of inviting email addresses to harvest all the spam micro-payments. I think that would actually increase spam rather than decrease spam.
I don't think charging for spam, whether in a tax or in micropayments will ever stop it. Taxes on commercial email however, will provide valuable funds for supporting the email infrastructure. Right now I think the best way to stop spam is a national do-not-spam list which is vigourously enforced. Frankly, I don't see a solution for international spam.
Incidently, that junk mail in your mailbox costs the sender a lot more than 50 cents.
If it causes less traffic, then it's not equally bad, it's slightly less bad. Servers should be programmed to introduce artificial delays so that farming accept/deny is then not possible. (frankly all servers should be doing stuff like this to determine DoS, etc.)
It's 10 PM. Do you know if you're un-American?
Again and again, ctf posts other people's comments
And YOU FUCKING MODS FALL FOR IT EVER TIME. Fix it! (always check anti-slash before wasting you mod points)
Jesus christ you people make me sick.
Check it out
Don't ever let it happen again. Or I'll put you on my "friends" list.
He cut and pasted. He does it EVERY TIME. You fell for it.
Don't let it happen again, or I'll put you on my friends list.
OK, I'll take the time to spell it out for you.
Nice and condescending right off the bat. I like that. Here's my retort: you're an incompetent admin if you can't manage (or manage to set up) a mail network without sending abusive bounces.
1) If you're running a domain with more than 1000 valid addresses it often makes sense to have multiple delivery hosts with an smtp hub routing mail
Irrelevant. I don't care if you have a host for every email and a 20 relay tree to reach them. Manage the setup properly and stop accepting messages such that you bounce improperly.
2) For security reasons, you don't want that central hub Internet accessible. If you're attacked, you want the organization's internal e-mail to continue functioning. I'm not talking about ISPs, I'm talking about organizations where e-mail is an essential communications medium.
Also irrelevant. Again, your internal structure does not in any way require you to send abusive bounces.
3) a dumb relay is the simplest, most secure, nearly maintenance free method of getting that mail inside your protected network.
Not true, plus it makes you a real asshole for everyone else on the Internet. Being a lazy fuck who doesn't care is not a bullet point you would want to broadcast. All you get is simple, not secure or reliable. If you disagree, please feel free to "spell it out" further.
If the downstream gives a 550 error upon relaying, the relay host bounces the message anyway. Your "solution" doesn't work.
Uh, what part of "accept all recipients" didn't you understand? If you're so foolish as to set up a dumb server, you damn well better make it dumb; so dumb it does nothing but pass things inward. To do otherwise makes you a source of abuse.
Your problem is that the person who spoofed the reply-to is the one who lost it.
No, your problem is that you accepted the message for delivery prematurely. Then you found you couldn't actually live up to your responsibility, so you throw up all over the Internet using information you pretty much know to be forged. You're dumping trash in your neighbor's yard. That's a jerk thing to do; stop it!
Uh, what part of "accept all recipients" didn't you understand? If you're so foolish as to set up a dumb server, you damn well better make it dumb; so dumb it does nothing but pass things inward. To do otherwise makes you a source of abuse.
Are you suggesting we never bounce any messages, including legitimate mail that has a typo in the username, or mail accounts that are no longer valid? You know, admins of legitimate mailing lists find those bounces very useful. I occasionally find bounces useful in diagnosing problems myself. People generally like to be notified if they make a typo in the address when they are sending a time-critical message. Not to mention that bounces are required by RFCs. Besides, even if we did set up the servers to blindly accept ALL mail to our domain and silently discard errors, there's nothing stopping users from using mailwasher, procmail, etc. and bouncing their spam themselves. You're calling me an incompetent admin? Yeah, that carries a lot of weight coming from you. You were right, I didn't understand what you were suggesting at first; I was giving you too much credit.
include $sig;
1;
I thought sking the government to control spam was a legitimate thing to do.
This, we agree on! But I disagree that a tax is an effective way to do it. I also, like you, suspect that government will have a hard time really enforcing spam laws.
Doesn't it make sense to have the people who are making use of most of the bandwidth of the internet simply pay taxes to support its infrastructure?
Yes it does (but the money should go to the telecomm companies that maintain the backbone, not the government). But bandwidth tax is not what you want, is it? Does this mean there should be a tax on file sharing or web surfing? I'm sure it only takes a few music files, flash animations, or a streaming video clip to equal a ton of spam. What you are talking about is usage pricing - charging the sender (or initiator) of a data transfer on a per-megabyte basis. This would not solve the problem, the cost of spam to the infrastructure is not that great on a per-spam basis.
Sure, taxes are blunt, but they are also relatively simple.
Hmmm... I'm not so sure about that. Where do you levy the tax? It would have to be at the sender's end so spam can't get on the network without paying the tax. How do you create a governmentally-recognized exhaustive list of internet gateways. If I get a domain name and set up a neighbor wireless LAN or server in my home, do I need to inform the government and start collecting taxes?
I could also see people setting up hundreds of inviting email addresses to harvest all the spam micro-payments.
A very good point and a very good idea! This would further ruin the economics of spam and drive spammers out of business. Dummy addresses would kill the response rate that spammers depend on (no click-throughs, no referal commissions, no revenues for spammers). I love it!
I don't think charging for spam, whether in a tax or in micropayments will ever stop it.
I agree,but micropayments will provide 4 advantages. 1) Recipient-controlled micropayments (in the $0.25 to $2.00 range) will cut the volume of spam, which is a good thing. 2) But the real advantage is that micropayments will compensate the recipient for having to deal with spam. 3) Micropayments also cope with the international dimension of spam -- it does not matter where you, you still have to pay to reach the recipient. 4) Micropayment can also help support the infrastruture because I would assume that the micropayment network provider would take a modest cut of the micropayment (say a 10% with a $0.01 minimum?).
national do-not-spam list
If it is anything like the national do-not-call list, it would contain too many exceptions to be useful (like exempting charities, political groups, and businesses that have a pre-existing relationship with you). If Congress wouldn't cut out those sources of spam telephone calls, I doubt they will cut out those sources of spam emails.
Two wrongs don't make a right, but three lefts do.
Here's my retort: you're an incompetent admin if you can't manage (or manage to set up) a mail network without sending abusive bounces.
.000005% of the joe-job problem! You now have only to get your magical software installed on every other mail server in the world, and convince all us incompetent admins that it will never, ever, silently discard a real message. Good luck, I hope your campaign is successful. But maybe you should get some practice explaining your idea, because I'm still just guessing as to what the hell you are talking about.
Or maybe you have a software package which can determine spam vs. non-spam with none, zero, NEVER hitting a false positive, and you are confident enough in its security that you're willing to install it on your mail relay. Of course, such a program is demonstrably impossible; one person's spam is another persons vital marketing data/subscribed mailing list/penis growth miracle.
But just for the sake of demonstrating your incredible skillz as an e-mail super-guru, let's say you had this all worked out, and you silently discard all spam that your software identifies with no bounces. Congratulations! You have eliminated
include $sig;
1;
You now have only to get your magical software installed on every other mail server in the world, and convince all us incompetent admins that it will never, ever, silently discard a real message.
What the hell are you talking about? Detection of spam, or any other non-delivery issues, is a separate issue from the response. A joe-job happens when a server accepts a message it cannot deliver and it then bounces to a forged From header. My initial solution stands: if you do detection before fully accepting the message it allows you to respond with a proper error. I'm not sure why you find that so difficult to see.
Congratulations! You have eliminated .000005% of the joe-job problem!
No, I have eliminated 100% of my abusive messages. If you can't show me the same courtesy, if you continue to send abusive bounces, you might just find yourself unable to connect at all in the future. So stop being an ass and fix your server so we can all deal with the spammers themselves instead of infighting.
Are you suggesting we never bounce any messages, including legitimate mail that has a typo in the username, or mail accounts that are no longer valid?
I'm not suggesting, I'm precisely stating what I want. You want to put up a dumb relay? You had better make it totally stupid. Yes, that would mean you don't bounce things because the system downstream has a problem. Make them be the ones that have to deal with their own delivery problems.
People generally like to be notified if they make a typo in the address when they are sending a time-critical message.
But your bounces don't do that. They notify the From address. What if there was a typo there, too? The only way you can properly notify the actual sender is a server error.
Not to mention that bounces are required by RFCs
Wrong. Did you not even read my initial message? What your dumb server really should do is set the Return-Path to either null or the postmaster of the system you're relaying to. Again, if you cannot reasonably return a server error on non-delivery, you can not reasonably bounce a message either. A dumb relay should be dumb, and not pretend it is smart enough to do more than shuffle things inward.
You're calling me an incompetent admin?
No, I'm just pointing out that's what you're demonstrating. Stop defending outdated, lazy behavior and fix your systems.
That's not how it works. If the user doesn't exist, the downstream server (which I don't necessarily have control over) returns a permanent failure (550), in which case my relay won't be able to deliver the message. This is from section 3.6 of RFC 821: So, tell me again how bounces are not required? Note use of the word "must" in that sentence. Also note that the bounce must be sent to the originator "as indicated by the reverse-path". The reverse-path is defined as the envelope sender, the addressed specified in the MAIL FROM command, in case you were wondering. Rewriting the reverse-path to either null or the downstream postmaster, as you suggest, is clearly a violation of the RFC. If everyone followed your suggestion, every time someone made a typo in a mail address, they would never be notified that their message wasn't delivered. That's the very definition of lost mail. You said in your original message that bouncing spam with a bad forward- and reverse-path "loses mail", which I still don't get, since the sender intended for it to be lost by not giving a correct from address. But you don't seem to be concerned about the behavior of non-spam, legitimate mail. Maybe I have wasted way too much time feeding a troll. My congratulations, you sounded pretty sincere. A masterful performance. Bye now.
include $sig;
1;
So, tell me again how bounces are not required? Note use of the word "must" in that sentence.
It doesn't say "you must send the message to an unrelated third party that you know damn well was forged". It just says a notification must be sent following a certain procedure. That procedure allows you to direct that notification inward where it belongs, which I have already noted is the only proper thing for a dumb server to do. Can the RFC be interpreted to allow you to be a jerk? Yes. Does that mean you have to be a jerk? No.
Rewriting the reverse-path to either null or the downstream postmaster, as you suggest, is clearly a violation of the RFC.
Since you're still reading 821, I don't know why I bother with you. All I know is that 2821 allows for exactly what I say, interpreting your dumb relay as a point of final delivery. It is allowed. You don't have do be a prick and bounce the joe-job, so don't do it.
If everyone followed your suggestion, every time someone made a typo in a mail address, they would never be notified that their message wasn't delivered. That's the very definition of lost mail.
Wow, you just don't get it, do you? If everyone followed my suggestion there wouldn't be dumb servers in this day and age and 550 errors would propagate freely and everyone who is supposed to would get them. Only what you do is "the very definition of lost mail."
You said in your original message that bouncing spam with a bad forward- and reverse-path "loses mail", which I still don't get, since the sender intended for it to be lost by not giving a correct from address. But you don't seem to be concerned about the behavior of non-spam, legitimate mail.
That is likely the quickest psychotic break I've ever seen. In one sentence you're saying the sender is intending a message to be lost and in the next you're talking about that as the legitimate use of mail. It's clear you're trying to see things not from the perspective of a responsible admin, but as a spammer. Way to out yourself, genius.
All I know is that 2821 allows for exactly what I say, interpreting your dumb relay as a point of final delivery.
Wow, it's all you know, and it's wrong. How tragic. Have another hit on the crack-pipe, Doc. May it ease your pain. 2821 still requires bouncing, by the way. See section 3.7, which is almost word-for-word what I quoted in my earlier message from 821. The biggest difference is that it capitalizes the word MUST, emphasizing my point.
Wow, you just don't get it, do you? If everyone followed my suggestion there wouldn't be dumb servers in this day and age and 550 errors would propagate freely and everyone who is supposed to would get them.
Hee hee, you crack me up. Where did you get the idea that 550 errors propagate?
include $sig;
1;
2821 still requires bouncing, by the way. See section 3.7, which is almost word-for-word what I quoted in my earlier message from 821.
For future reference, when someone informs you of an updated RFC which you hadn't bothered to read for the last 2 years, read the fucking thing. Not just the section that you think supports your point, but the whole thing including the sections that might be less supportive. In particular, I direct you to section 4.4 which supports the use of final delivery as a means to stop abusive bounces if you insist on running a dumb relay.
Where did you get the idea that 550 errors propagate?
On your systems they clearly don't, but we've already established you're a spam-friendly asshole. Here's the scenario if you're using a smart relay: after receiving all the data for a message and before you send a 250 OK, you do the relay service, which fails with a 550, which you can then return instead of a 250. Pretty simple, I think. Sorry you're too simple to see it.
In particular, I direct you to section 4.4 which supports the use of final delivery as a means to stop abusive bounces if you insist on running a dumb relay.
WTF? Section 4.4 specifies behavior regarding trace headers, and says nothing about relaying behavior, or error propagation except for info about the return-path header and how to make sure it allows gatewaying into other systems such as NNTP. All of which is designed to make sure bounces are successfully returned to the sender if the mail is undeliverable.
Here's the scenario if you're using a smart relay: after receiving all the data for a message and before you send a 250 OK, you do the relay service, which fails with a 550, which you can then return instead of a 250. Pretty simple, I think. Sorry you're too simple to see it.
Most MTA software doesn't do what you just described. Systems following SMTP RFCs do not propagate 550 errors. You're talking about an SMTP proxy, not a relay MTA. Proxys are not described in RFC 2821. And they never rewrite the return path, as you suggested in an earlier message. They also do nothing to prevent bounces, since most spammers use an open relay to send their mail, or a cracked Windows box which they have configured to act as an open relay. If the stupid proxy returns a 550, the open relay or cracked Windows box will generate a bounce message anyway.
I'll say it again, since we've already gone over this and you didn't get it last time. EVEN IF MY RELAY RETURNS A 550, THE SPAMMER'S RELAY WILL GENERATE A BOUNCE TO THE REVERSE-PATH. Maybe you can talk the spammers into using proxy servers (though it would dramatically slow down their spam-blast software), or better yet using a null address for the reverse-path. I don't think you'll have much luck, but your energies would be better spent focused in the direction of the spammers who are causing the problem, not mail administrators who are already doing everything they can with the tools they have available.
I see you have marked me as a Slashdot "foe". Seems like an ungrateful thing to do to someone who has spent so much time educating you about how e-mail works in the real world. You obviously have never been responsible for running a large mail system.
This will be my last post, since I've made a number of key points multiple times, it's obvious you're not getting it, and I just don't have any more time to waste explaining why your scheme is both completely ineffective and does not accurately describe the behavior of MTA software. I originally quoted 821 because most of it is copied word-for-word into 2821, and it has a shorter, less complex explanation for many things that still accurately reflect the behavior of real mail systems today.
Get some experience with real MTA software and take a look at how it ACTUALLY works before you go spouting off about how you THINK it should work based on your misunderstanding of the RFCs.
include $sig;
1;
WTF? Section 4.4 specifies behavior regarding trace headers, and says nothing about relaying behavior, or error propagation except for info about the return-path header and how to make sure it allows gatewaying into other systems such as NNTP.
Do you have ADD or something? There are two discussions going on and you seem unable to focus on one at at time. The first is regarding your dumb relaying server and the second is what a smarter server could do.
All of which is designed to make sure bounces are successfully returned to the sender if the mail is undeliverable.
This has become tiresome. How many times do I have do point out that you are not returning anything to the sender with your crappy bounces. You are misdirecting message to a third party: whoever got forged into the From header. I'm done trying to explain that point to you. Take your medication before reading and responding already!
Most MTA software doesn't do what you just described.
Holy fuck, that's why the thread started in the first place! Most servers are lazy outdated pieces of shit. The were constructed in a time when the Internet was a happy academic playground. My whole complaint is that RFCs allow them to better address attempted abuse.
Systems following SMTP RFCs do not propagate 550 errors.
They are not prevented from doing so, either. Just because you have a "reference" implementation in sendmail (or whatever) that is easy to install doesn't make it the last word on what a server can do. Just admit you're a lazy admin and stop trying to hide behind a manufactured understanding of RFCs.
EVEN IF MY RELAY RETURNS A 550, THE SPAMMER'S RELAY WILL GENERATE A BOUNCE TO THE REVERSE-PATH.
What a shitty excuse. Just because there might be some other crap server in the chain is no reason you can't keep your own house clean. If I get garbage from a server, I can block it; wouldn't you prefer I block the spammer's relay than your server?
I don't think you'll have much luck, but your energies would be better spent focused in the direction of the spammers who are causing the problem, not mail administrators who are already doing everything they can with the tools they have available.
Oh, please. Admins are doing far less than is allowed. They're mostly just lazy fucks who install something off the shelf to handle mail without too many hassles.
I see you have marked me as a Slashdot "foe". Seems like an ungrateful thing to do to someone who has spent so much time educating you about how e-mail works in the real world. You obviously have never been responsible for running a large mail system.
On the contrary, I have obviously been more responsible in my mail administration than you have. I know "how e-mail works in the real world"; it doesn't work. It's bloody teetering on the brink of destruction. If your not going to take some responsibility in cleaning it up, if you're going to twist RFCs to favor spammers, damn straight you're a foe.
Get some experience with real MTA software and take a look at how it ACTUALLY works before you go spouting off about how you THINK it should work based on your misunderstanding of the RFCs.
You still fail to get that the whole point is that how things "ACTUALLY work" is broken. How very sad for you and your users.
Oh, of COURSE. Any RESPONSIBLE admin running a large mail system would refuse any existing MTA software and write his own experimental system. Because there JUST MIGHT still be a spammer out there that doesn't use open relays. Big, hairy, fucking troll.
include $sig;
1;