Slashdot Mirror
Would you Warranty Your Email?
Kurt writes "A team from the University of Michigan is proposing an economic solution to spam. Instead of relying on technical solutions or government regulations, they use a sender warranty system. In some cases, they argue, it can even be superior to a perfect filter with zero cost, and no errors. Their working paper is available at SSRN. With the caveat that some infrastructure is necessary (isn't it always?), they also claim their approach restores control to the recipient, halts spam, and creates a marketplace for valuable information exchange."
I wonder how well this would work if everyone on Slashdot could warranty their posts. It could be implemented by adding a checkbox next to Post Anonymously, call it Post With Warranty. Your comment then gets bumped up to "+5, via Warranty." If people think it's not worthy of being +5, and they have mod points, they can moderate it down. If they mod it down, they take subscription points from the poster. If the metamoderator disagrees, the moderation is reversed as expected *and* the subscription points are returned to the poster.
I think this could work. But it sounds like a pain to implement.
(fp)
A programmer is a machine for converting coffee into code.
If I start rejecting all email which is not from a verifiable sender, I'll quickly cut spam, and impose some costs onto those who wish to sent me email. I'm willing to pay those costs when it becomes my turn to send an email. I would start with the recent authorized sender protocols, in addition to Public Key Infrastructure, to begin to authenticate a sender.
Once PKI starts to take hold, there would be an incentive for the spammers to start creating throw-away identities, which we could counter with a reputation system for the sender's domain. We could also create a "web of trust", automatically managed by our mail servers, or ourselves, to nip the counteroffensive.
So, there it is... my alternative... sign and validate all email.
--Mike--
I propose that any and all spammers be subject to possible castration when caught. No infrastructure required... although verification of actual spamming may be a good idea, I say we fly by the seat of our pants... As a positive side effect, Open relays would be fixed pronto... for many admins would fear for their manhood...
;)
Laugh, it's a joke!
---
Programming is like sex... Make one mistake and support it the rest of your life.
A team from the University of Michigan is proposing an economic solution to spam.
if you stop sending me spam now, I won't kill you
Creationists are a lot like zombies. Slow, but powerful and numerous. And they all want to eat our brains.
will I get charged a restocking fee when someone replies?
Isn't this what they do, at least at an ISP level?
Why not just change your email address every month? Keep them on the run, thats what I say!
One benefit to having email is the ability to post information anonymously in order to avoid possible repercussions. Slashdot has that feature with the "Post Anonymously" checkbox (which should be pointed out, is not 100% anonymous and can be tracked by IP and logged-in account name) and it also exists with anonymously emailers.
Forcing someone out into the open by the use of such 'warranties' imposes a chilling effect on free speech through email.
I hate spam, but I hate the idea that important speech could be stifled by the use of badly considered spam 'solutions'.
I have been pwned because my
The idea is basically this: You (the recipient) put a value (say $10) on incoming mail from strangers. If someone wants to send you mail, they have to put that in an escrow account. Then if they meet your requirements, you can recieve the mail. -- If you don't like the mail from any reason, you can take the money from escrow. If you don't do anything, escrow will be released after some time. Oh, they mention that this might not be neccessary for people you already know (whitelists).
This is just lame. The amount of "infrastructure" required is totally ridiculous.
They ignore the fact that email is a general communications media / People who do not like eachother do email because it's practical / but under this nutty system, people would only email people they trust not to "steal" their money in escrow. Mailing lists, anyone?
Once again, someone thinks that you can "solve" spam for the recipient at a huge penalty to a legitimate sender.
Arrg! I hope they didn't get paid to write this tripe.
A team from the University of Michigan is proposing an economic solution to spam. Instead of relying on technical solutions or government regulations, they use a sender warranty system. In some cases, they argue, it can even be superior to a perfect filter with zero cost, and no errors. Their working paper is available at SSRN. With the caveat that some infrastructure is necessary (isn't it always?), they also claim their approach restores control to the recipient, halts spam, and creates a marketplace for valuable information exchange.
Would you mind writing a little more and saying a little less. I found this description too short and full of specific information.
-Colin
The primary problem I see with this is getting enough people to start using this system. The majority of people probably aren't going to bother with it unless they have to, which means that most emails will be accepted whether or not it costs the sender money, good or spam, because most of a given recipient's contacts will not have the escrow set up. Unless creating the escrow account is mandated, which makes it no different than most of the 'tax' systems, I don't see this model working any better than what we have today.
What looks good in an academic paper doesn't always translate into the real world. Would their idea work? Yes, with sufficient participation. Will there ever be sufficient participation? No. Look at pgp keys/signatures. There are means of validating the sender's identity now that would stop spam, but they are not used because it requires people to opt-in and most people don't care enough (no matter how much they complain about spam).The bigotry of the nonbeliever is for me nearly as funny as the bigotry of the believer. - Albert Einstein
There we go. It creates a marketplace!
If it didn't, wouldn't it be one worthless invention?
Man I think that we should just implement filtering through the subject line. Specifically, I pick some personal word (not an important password) and I tell those whose emails I havent already allowed through my email blocking to use that word in the subject header. Then when they send an email with that specific word it comes through as it should. All other trash gets rejected. I dont see spam being able to effectively cut through something even as simple as this. Sure maybe an occational spam manages to guess both your email and then your personal word filter, but I dont think that is highly likely. Case closed.
All your mail is put on /.
Set your modifiers appropriately and let the mods do their job.
Bye bye spam
Worst
No I didn't read the FA, but you do not "warranty" things. You *make* representations and warranties which are legally-actionable promises that give rise to damages when you break them. ie. This muffler will last 20 years. If it doesn't, the giver is liable. They can give limited remedies like replacement. They are generally contractual terms.
I have no interest in EVERY email being a contract with the recipient subejcting me to contractual remedies.
I already have a contract with my ISP specifiying terms of use which restrict the way I can use their services. I think you will find that many of those agreements ALREADY INCLUDE contractual requirements that I don't spam and specific remedies if I do so-> suspension, termination of service.
Why would I add any more legal mess?
I completly agree, this is the perfect guide to be an American. Everything you said is so true.
These guys must be going for their Advanced Circumlocution degree. After the usual introductory review of existing solutions that don't work, they dive directly into graphs proving how their system will increase everyone's well-being. I gave up halfway through. Could somebody briefly sum up the mechanics of their solution -- what exactly are they proposing that the sender and receiver (and the third party) do? Maybe it was so obvious that I just missed it.
They spend way too much of their paper on analysis of why this would work, but nothing on how to implement it securely.
And because you ARE talking about money, it would have to be secure.
their approach restores control to the recipient, halts spam, and creates a marketplace for valuable information exchange.
It also cures herpes and includes an implementation of Common Lisp!
why does evry problem in life have to be solved by creating a free and open market?
I for one think that there are some things that can not be solved simply by attaching a price tag to it.
do you want to polute? how much money do you have to buy pollution credits?
do you want to send email? how much money do you have to buy a warenty?
do you want to get laws passed how much money do you have to "lobby" with.
sigh...:(
--meh--
because I *have* been busy lately, but isn't this the same idea Bill Gates proffered a couple of days ago? Yeah, I know. It wasn't his idea originally, either, since I remember talking about this on
"Lawyers are for sucks."
- Doug McKenzie
9 - Get rid of that small, economical car and get a chromium plated jukebox that does four miles to the gallon.
So these guys want our computers to spend our money? First they have to secure every machine. Of course, once you do that, you don't have DDOSes, nor proxy spam. The first step of their solution *is* the solution; the remaining steps would be a waste of time.
-russ
Don't piss off The Angry Economist
Listen, asshole. What did I tell you about this troll?
Go and read my advice, otherwise IT WON'T WORK!
So you get infected with MyDoom.D and it warrants your email... then all the people in spams collect the small fee for each message and you're broke.
Mailing lists would be a bit difficult too, not to mention usenet gateways. If I mail a gateway and it posts to usenet, does that count as one email? What about the other way around: I post to usenet, does the gateway owner have to cover the cost of the message going to all subscribers... I shouldn't, I didn't even send an email.
Then people who get this nonsense in their inboxes can get together and take the companies who use spammers (and the spammers themselves) to market their junk to court. Once the companies who use this service start getting served with class action court orders to stop or else, they should soon get the message.
Of course, there's nothing to stop the spammers moving/subcontracting to e.g. India or some other place where sending unsolicited emails isn't illegal, but it's a start. Ultimately we can hopefully have a worldwide ban against the sending of unsolicited commercial emails.
-- Fuck Beta
I'm a geek. I'm a security engineer. I'm here to say -- the solution is not in the packets, but the dollars.
Spammers have gotten to the point where they're breaking into people's machines to get them to illicitly send spam. Look at that carefully -- you can't even trust your friends not to spam you anymore. If you don't think Spyware is going to adapt to a spam transport, you're not paying attention. Ultimately, we need criminal prosecution for fraud that follows the money (because money transfers are really well traced). The money link needs to be broken.
Nothing else has even a hope of working.
--Dan
...that will put him in pound-you-in-the-ass prison...
Shouldn't that be Federal-pound-you-in-the-ass prison?
"That's not ironic, it's just mean!" - Bender
Why is it that things like this never seem to work out? Zero cost perfect performance. Say it works, then who is going to jump all over it and try to make some sort of claim to get rich? Or say that this system goes nuts and causes more spam than we ever thought possible? Maybe I'm just getting pessimistic, or maybe i've learned a thing or two over the years but it usually seems that when something comes along claiming to be the end all great solution it turns out to be the biggest problem yet.
We may experience some slight turbulence and then...explode. -Capt. Mal Reynolds
I find this interesting. It appears people actually RTFA before posting, in this case. Post quality is another topic, for sure.
You system would work, except that trolls metamod in far greater numbers than subscribers.
It would be easier for you (and other like-minded subscribers) to set a +5 bonus for subscriber posts in your user prefs, and not screw up the moderation system for us non-subscribing peons.
0 1 - just my two bits
After having introduced the concept of "whitelists" for known senders the article continues:
In the case of strangers, the warranty mechanism is more suitable. Analogous to a standard bond mechanism, delivering email to an inbox requires an unknown sender to place a small pledge into escrow with a third party. In the case of screening, recipients determine the size of this bond, which they can dynamically adjust to their opportunity costs. The email is delivered only after the recipient receives suitable confirmation that the bond has been posted. When the recipient opens the email, she may act solely at her discretion to seize the pledge. Taking no action releases the escrow after a period of time.
IMHO this means the end of mailing lists - what would prevent me from signing up (automatically, of course) to thousands of mailing lists and collecting all the bonds placed for messages posted through these lists ?
"Of course mailing list operators would first get your approval that you let through all their messages".
This is where it starts getting complicated. And complexity is exactly what I don't want with email - it is simple, and shall remain simple.
Therefore I am perfectly willing to put up with the current spam levels - hey, I can deal with those five to ten messages a day which pass through my Bayesian filter. On certain days I get more than that in my smail box.
Nice idea but it can't work. What happens in mailing lists? If someone is mailing hundreds or thousands of people legitimately then how much bond money are they going to have to risk?
What about the temptation to abuse the system? If someone doesn't spam you but you say they do to take their money, what happens?
We need to continue developing better filteds until Congress eventually decides to tackle spam rather than jump in bed with RIAA to take our rights away.
Let's call it 'Eunuchs'
*ring ring* *ring ring*
"Hello?"
"Hi, this is Darl McBride, Cease and Desist or send $690 to SCO to license this homophone or we'll sue your pants off!"
*click*
A feeling of having made the same mistake before: Deja Foobar
Is there anyone who ISN'T proposing an economic solution to spam or email? Every day it seems like someone is proposing it and making it sound as though they are the first ones who are making the suggestion. Everyone making a proposal would a long, long way to show why all of the competing methodologies will fail or be compromised and why theirs will succeed (or have a greater chance of succeeding).
Let us not forget what William Henry Gates III said [1], "I don't care what the information superhighway looks like as long as I've got a tollbooth on it." Everyone is making suggestions to charge for email not because the ideas are technically superior but because they want to be the tollbooth collecting a microcent for every piece of email running across the 'net. Unless|until there are certain issues taken care of online, micropostage will not solve the spam problem although it may still drop money in someone's open pocket (and they will likely not care about spam once that happens).
[1]ca. 1995-96 just after he returned from his annual sojourn and realized Microsoft almost missed the Internet boat.
I send you email. I have to put money in an account.
You receive my email, but you've set a monetary level to be checked before it is delivered to you. If I didn't put enough money in my account to meet your level, it doesn't get delivered.
Now, you read my email and don't like it. You get to collect the money I have in my account at the level you set.
If you do like my email, I go on a whitelist.
Example #1: I put $1 in my account, you set your level at $5. None of my email will ever be seen by you.
Example #2: I put $5 in my account, you set your level at $1, you get my email. You don't like my email, you collect $1 from me.
Example #3: I put $5 in my account, you set your level at $1, you get my email. You like my email, so I go on your whitelist.
Simple, really. In theory.
In practice, almost impossible to work.
Comment removed based on user account deletion
I don't think that free speech requires anonimity ... Basically, you add accountability.
Which would lead to --
"Children should be seen and not heard." (Because they cannot be held accountable for what they say.)
"The nail that sticks up, gets hammered down." (Because you can't voice dissent without drawing attention to yourself and your family.)
Effective free speech requires anonymity -- There's usually needed a period of underground "pot-stirring" in order to add momentum to a movement.
For example: Let's say your boss regularly beats the shit out of you when you walk in the door in the morning. But it's your first job, so you don't know if it's normal or not. But your family depends on your income. You could post anonymously on some forum asking "Hey everyone! Do your bosses kick your asses in the morning like mine?" / or sign your name and likely get a bigger ass whopping along with being fired.
---
Proud UofM Alumnus
Given how much everyone (rightly) despises the concept of having to pay postage on email - how is this that much different?
Despite the fact money in "escrow" technically belongs to the person who put it there, it is still money that is not within that person's full control. While you might say that it still is, but the company running the escrow business has a say over it (for instance, how fast it can be withdrawn).
And the other huge gaping hole is this - suppose I don't like someone - what's to prevent me from faking an email from them to myself (plenty of ways to do this), and then claiming the money from their escrow?
May it never, ever come to be....
Worrying works!! 99% of all the stuff I worry about never happens
Only accept GPG or PGP encrypted and signed email.
(okay - I don't really do that, but I would like to if only more folks cared enough)
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
Thede Loder
University of Michigan.
I think most of these solutions are overkill. If email was just a secured medium where you could reliably verify the sender (or at the very least the sender's server) everything else would work out. Blacklists would mean something. Abusers could be tracked down and put out of business using current law. It would work itself out if we just remove the anonymity. And nobody who wasn't spamming would have to do anything (but upgrade to a functionally equivalent mail package).
Just secure the medium. Anonymity is great in public forums but not in my personal space.
Cheers.
...it assumes that all the mechanisms for posting and collecting these bonds are perfectly reliable, perfectly secure, and unhackable.
Right.
If they aren't this just opens fresh avenues for abuse.
For example, you receive an email saying "Your PayPal account will be suspended if you don't reply." You find that in order to reply you will have to post a bond of $0.0001, which is the going rate for such things, so you do so without thinking about it. Later, you discover that due to some cunningly-engineered HTML, the part of your screen that you THOUGHT was telling you that the bond was $0.0001 was somehow faked, and that really you posted a bond of $1000 which the sender has collected.
Or whatever.
"How to Do Nothing," kids activities, back in print!
whitelists are cool, and I think they could work.. the problem is, that people use different mail addresses... even companies tend to send mail from different addresses (normal, could work) and different domains (that's a prob)
... they sell my address ? no prob ...
....
...
/.-ed, or it's just my ISP) so if I write something that's in there too, sorry
what would be needed: everywhere where you sign up (program, newsletter, affiliate program, online store) they should state, where they are sending mails from : (eg sales@onlineeee_store.net)
you add it to your whitelist, it works
let's say I sign up for slashdot, I use the address slashdot@mydomain.org (even better, from sales@slashdot I only accept mail to salshdot@mydomain
identity: on top of all these, there could be a pgp signature/checking associated with the whitelist..
all this could be done with simple procmail....
Customers, newcomers? : you run a business, have a form-mail... (that way mail comes from the same address + you can put validation, like machine-unreadable auth numbers like you have at lot of places nowadays...)
these are simple ideas that require less that half an hour of effort and could help a lot
just some ideas i got reading that
ps: (I did not see the uni article... before my post (must have been
Ohhh look another "best idea on the internet" that's the same old "charge them" idea that many others have had that's still stupid.
Basically this idea annoys everyone and solves nothing. There would be a lot of rich people who simply spend all day signing up on lists and then collecting the "fine" when they get e-mails.
The way to stop spam that doesn't require messing with STMP is to use web-forms. The web-form on my mail server is written in PHP and is basically a custom e-mail client. It connects to the mail server and sends to exactly one address that's hard coded in the script. Giving it random letters and numbers would prevent spammers from guessing it and users wouldn't care because they don't have to remember it. My particular PHP script only sends text only e-mails as well.
If you use a non-generic web-form with a unique filename and unique variables, it makes it quite impossible for spammers to make bots to whore their spam automatically.
What would be really clever if you want to prevent bots entirely you just have an array of images. And an array of questions, one for each picture. And the user has to answer the question like "what color is the apple?"
No amount of image scanning by a bot is going to figure that out.
Then instead of telling people an e-mail address you just give them your domain. It's still SMTP so you can contact people out side the script if you want.
The other method I use on the server side is filtering domains that spammers use to host their product pages or images. I've gotten hundreds of e-mail attempts according to RinetD's logs and only a couple spams with domains I hadn't added to the filter yet have gotten through. Since the PHP script goes through the mail server and doesn't actually send the e-mails itself, all the spam prevention is also applied to the web-form. And since no legitimate e-mails use those domains, I've had 0% collateral damage.
I get virtually no spam and have yet to break SMTP or charge anyone anything just to send me an e-mail. It's really not that hard.
Ben
Work Safe Porn
Email is one of our last few partially anonymous methods of communication. Emailing (and posting) as "Anonymous Coward" is a seriously useful thing and taking it away from people will probably be more disasterous than originally imagined.
There was some drama recently around an anonymous e-mail communication this past few weeks at my roommate's place of employ. What did the sender use? Hotmail.
Hotmail, yahoomail, and other free mail services use ciphers to identify people as human beings, and track IP's to resist automated signup scripts, but the medium is still essentially anonymous. Except for the IP address of the sender, which can be masked via a little wardriving or a trip to the library, the system is as anonymous as the sender wishes.
The ______ Agenda
> 1 - Buy yourself a gun
If you had Ted Nugent living on your continent, you'd have a gun too.
> 2 - Put on at least 25 stone...when much of the world is suffering massive poverty
I'll fully admit that I'm disgusted at what a bunch of fat fucks we've become. (Me? I just ran my first marathon.) But do NOT expect me to feel guilty about the rest of the world being skinny. It's not like we showed up in Ethiopia and took all *their* food. We eat like pigs because *there's always food here*. Hell, if the British didn't boil pizza then they'd be tubbed up with us.
3 - Learn the lingo..."your" with "you're".
Up you'res! Heh. And yes, you're right. "Shucks" is a silly word. I'll start saying "cheerio" and "governor" and "achtung!" instead.
4 - Throw away all maps, history books etc.
Guilty as charged. But, you have to admit, it's a *lot* harder to pick up on foreign culture when it's *so far away*! We know a lot about Mexico because *they're all here*, and visiting Canada isn't exactly going native in Borneo, now is it? Your average European can't walk in a straight line for two hours without wandering into a new country, so your situation is just a *wee* bit different from ours, now isn't it?
5 - Become totally irrational and nonsensical...Talk about "freedom of speech" and watch TV programmes about the Ku Klux Klan.
And that's contradictory *how*?
8 - Watch abysmal TV...Watch as some over-paid talentless "actor" enters the scene, and whoop and scream hysterically as he delivers some ridiculously poor wisecrack.
Two words - Benny Hill. And don't think about throwing "Friends" in our face, either. We didn't beg to have Helen Baxendale on the show, the BBC did because *you* liked the show so much. (Although if it weren't for that, I never would have heard of her. She's quite a dish.)
The problem is, there are a TON of moderators that will go and mod-bomb people because they don't like them, regardless of how well-reasoned their post is
Who are these mod-bombers? I mean, what does it take to earn the wrath of people on Slashdot? Who takes Slashdot that personally?
Myself, if I've got mod points, I mod up when I find value to the post, I mod down if I feel it's overrated, and very rarely I'll mod down for other reasons.
How do these mod-bombers get mod points? doesn't the meta moderation system let you put the screws to these mod-bombers? Can't we moderate their own posts down, so that the system deems them unworthy of mod points?
dont, theres nothing wrong with email.
only degenerates and hotmail users recieve spam. I've yet to be spammed since I give my email address only to human recipients who would need to contact me.
I don't need no instructions to know how to rock!!!!
Sounds secure to me... Perfect idea. No flaws at all, either social or technical.
Not only is this the perfect solution to the Spam problem, this is the perfect solution to my jobless problem.
Now if you'll excuse me, I've got some mail from the University of Michigan to mark as spam.
The ______ Agenda
Think legimate mailing lists.
Any solution to stop spam must be designed to ALLOW emails that are closest to spam, i.e., solicited bulk email.
It's not hard to block everything from your inbox except message from your friends. But that's not the real problem now, is it?
There are only 10 types of people: those who understand decimal, those who don't, and, uh, 8 other types I forget.
Can my email get the "true coat" undercarriage protectant as well?
e.
Build Your Own PVR/HTPC news, reviews, &
The "abstract" reads like a Patent application.
Oh wait! If they don't hurry up, I'm going to cut/paste it into one, apply for a patent for this "method" of email and soon I'll be the owner of all the email in the world. euuuhahaha (evil laugh).
Can you take the font down about four sizes? It'll be a lot more readable. Or you could just paste the text into a post here for easy reading. Or I can do it for you, if I have your permission.
http://www.eecs.umich.edu/~tloder/one_pager.html
That site has a shorter and easier to read description of the ideas presented in the paper. The paper is really a technical economics paper, not a mass-market thing. The one-pager is much easier to read, and its the same people.
Another whitelist-based idea. Imagine that.
expense, source, transition, architect, internet, network, trend,
and any other nouns that have recently been determined to actually be verbs.
This would require new legislation, something I know SFA about so let me know if its stupid/impossible.
Users are asked to put $1 into an account held by an independant non profit organisation when they want to start up a legitimate email address. when you receive AN UNSOLICITED email trying to sell you something, that $1 buys you the right of being able to log the sender and more importantly the website the spam refers you to.
Commence legal talk: introduce new legislation that requires companies to prove that the traffic/purchases on their site were not refered by spam. Investigate only companies that have been logged by more than (lets just say)10,000 users. Now the new legislations should include: if company A received purchases and money changes hands they are liable to a certain degree (I hate spammers so $10 for every $1 they receive).
then the organisation holding the account makes a purchase over the website (tracking the money as they go). immediatley stops payment and commences lawsuit against "company A" for damages 10 X the purchase.
the idea being to make spam not worth its while. also consumers can still buy, and at the end of the day take company A for 10 times their purchase if they are inclined.
as you can tell not much thought into this, but hey, maybe has some good point.. maybe not.
serenity now!
I propose a one time open season on spammers, wherein one can exchange the scalp of a known spammer for some monetary compensation.
The meat from said spammer or donated to a local soup kitchen. Such meat is often composed from the parts that "they won't put in hot dogs", but nevertheless is a good tasting, Hormel product.
Such a venture would not only thin the spamming population, but intimidate the remaining population that they might not venture to clog our inboxes any longer.
Good enough summary?
The sender deposits money with a third party to send an email. Once enough money is in, the email is delivered to the recipient.
The recipient can choose to take the money for whatever reason (needs a beer etc). If the recipient doesn't do anything, after a while the money returns to the sender.
The recipient can put the sender on a white list which means the sender doesn't need to put up money.
The authors/proposers say that the alternative of making everyone digitally sign their emails doesn't work. I don't see why that is harder to implement than this approach, esp since digital signing involves a lot less money AND there is no need for trusted third parties to be trusted to hold millions of bucks in escrow. It is very easy to blacklist CAs who certify spammers, CAs can always insist on valid IDs - so spammers will have to keep hiring Joes to send their spam for them, and ISPs and Antispam software can easily detect the unusual case of a single Joe sending 1 million messages.
So digital signing can work if everyone uses it. But would everyone use it? Similarly would everyone use this money deposit thing? You have to set up even more infrastructure than digital sigs (already many email clients support s/mime, and there are plenty of CAs).
This has many of the disadvantages of digital signed emails and few advantages.
Imagine when the next email worm makes tons of random people very rich and millions of stupid people poorer just coz some kid in Belarus thought it would be funny.
Stupid idea.
It also won't be approved by Banks/Govs/etc because these ppl like to keep track of money transferred around. Think: "money laundering", and keep thinking some more.
Stupid idea.
Well, this is a perfect spot for YHBT.
There is a simple rule for responding to troll posts: write a troll post of your own. Going on the defensive means you've already lost. Say things like:
1) If you're in Britain, buy a set of bad false teeth.
2) When in France, don't shave or shower! It also helps to show utter disdain for every other culture on the planet.
3) In Belgium? Act important despite the fact that the only reason you're on the totem pole at all is Van Damme.
4) If you're in Germany you can act irritated at everyone else in the EU for having to pay taxes to subsidize the other EU economies that are in the tank (which, incidentally, is all the rest of them).
5) Back in Britain? Expect to be robbed, the bobbies let off the burglars with a warning!
If you continue in this vein, you'll be on the right track to proper troll responses.
Is it different than what we currently have?
If so, it won't work.
Looks, spam, spam mail, telemarketers all exist today due to profits. People profit from them, so people will continue to do it.
"But take away the profit then!" far easier said than done. And even if you could, I would argue that you shouldn't. At least not legislatively. Let's see someone be half as creative in the private market as the spammers are. If they are creative, and their system works, then they get to be rich beyond belief. What's that? You don't want to pay for a spam solution? Well, believe me, those little things called Taxes? You're paying that judge to sit and preside over your case and you're paying those hundreds of Congressmen to sit and chat about this e-mail spam problem. It ain't free people.
If there was no market for spam, then it wouldn't exist. There is a market, you don't like it and I don't like it, but it does exist. People aren't sending chunks of steak through the mail unsolicited because that wouldn't be profitable.
www.jackasscritics.com
Sounds to me like Christmas presents ...SOME assembly required. Ya! sure! ...
Que Deus te de em dobro o que me desejas
[May God give you double that which you wish for me]
Anyone else getting this:
Hotmail.com has added some interesting new filtering to their 'spam blocking' tools. Essentially, they're blocking mail based on the content of the message (what you send), but they won't tell you why it was blocked. There's a magical formula there somewhere. It is not blocked by IP address, as some messages go through and some do not.
This is occuring from *all* senders, in *all datacenters*.........It's a hotmail specific problem. Here's a microsoft.com employees response to the issue:
quote:I've been talking with others here at MSN Hotmail and going over possible options for a domain having this problem with our filtering system and trying to find out what we can do about it.
We recognize that our filtering technology is blocking your email and unfortunately, we are not able to reveal the details. Although we have no obligation to ensure that your email is delivered, we are working on a solution for people in your situation. At this time, however, we have no solution to offer you.
We have hopes of such a solution sometime by next couple of months but that is by no means a guarantee.
I'm sorry I can be of no further help in this matter.
Julius Caesar - Act I, Scene i: "What mean'st thou by that? Mend me, thou saucy fellow!"
4) If you're in Germany you can act irritated at everyone else in the EU for having to pay taxes to subsidize the other EU economies that are in the tank (which, incidentally, is all the rest of them).
And how exactly is that insulting to Germans?
not regarding e-mail or telephone calls.
If you want to be annonymous, participate in the public debate. Post to Slashdot, whatever. I'm all for "AC"s - as you might notice by this very post.
But when you target me, by name, using my resources, and DEMANDING my personal attention, I have an absolute right to know who you are.
I also think the World(tm) should equate forged e-mail for what it is - identity thieft. Jack spamming right up there into Felony territory right along with mis-appropriation of Credit Card numbers.
It's not that hard!
http://stephan.sugarmotor.org
Since we know that economic boycotts work and we know that 80% of all spammers live in Florida, why don't we just boycott all florida-based businesses until they sort it out?
Just think of all the money you'll be making from the hapless windows users every time there's another email virus outbreak. It would be worth your while to set up all sorts of email accounts that simply rejected everything sent to them. If this solution became popular I could retire early.
Michael
What about the third parties who are supposed to manage the escrows? There would doubtlessly have to be very few of these companies (maybe even just one) doing the job, otherwise you have the problem of trust -- with thousands of companies holding escrow like this, you may well be wary of a company that comes along and says "don't worry, we've got the escrow, now give us your bank account number..." So we're primed for a monopoly of sorts. And whatever megacorp comes along and fills this position, they will have access to the e-mailing habits and history (not to mention financial records and perhaps even buying habits) of potentially billions of people. Anyone else scared by this prospect?
Even though the parent isn't a well thought out reply... it does bring up a point that others have discussed.
Being Anonymous has merits. You can VENT like this without fear of Ashcroft and his cronies descending upon you. I don't think the parent will actually follow through with what he/she said... but... it does give some relief to think about revenge.
When Sobig was making the rounds, we were getting close to 6000 emails an hour, a large portion of which claimed to be from Microsoft. Let's see. $10/email times, say, 1000 emails/hr times several million people worldwide equals...
"I'm not impatient. I just hate waiting." - My Dad
What the hell is M2 ?
For everyone talking about escrows in the dollar+ range... that's crazy. Frankly, even a quarter is excessive... A 1 cent escrow is all that would be necessary to take any profitablity out of spam, (and that penny probably more than evens out the amount of time it takes for you to hit the delete key). The point here is not to take piles of money from strangers who have a reason email you. With the right infrastructure: some mechanism to make whitelisting a signature easy, this would be perfect. At 1 cent per email, no individual sending legit emails would likely ever have to spend much more than a dollar or two in escrow. Spammers would have to have hundreds to thousands of dollars for each spam campaign. And with an easy enough whitelisting mechanism, adding a mailing list should be no problem.
Now realistically will this ever happen? no.
... that i have no mod points.
I agree completely and emphatically. Email is not a free-speech/privacy issue, and i think people are forgetting that.
There is no provision in the constitution that guarantees an audience for free speech, yet this is precisely what anonymous email does. It puts a burden on me, the recipient, to sort through the garbage of others.
If you want more anonymous speech, get a blog, post to a web board, post to usenet.
Your freedoms stop when they infringe on the freedoms of others. Your freedom to be heard is wholly consitutionally blocked with my right to post a no soliciting sign.
I see no reason why I can't effectively put a similar sign on my email box. (let alone my meatspace mailbox)
the only reason bulk mail persists, is because it's effectively privately subsidizing the outdated and inefficient USPS. Spam, on the contrary, is wholly an economic drain on the delivery system. there is no benefit to anyone to retain spam, except those corporations who wish to have no responsibility to maintain an honest opt-out policy.
sure, spam finds willing recipients, so someone must want this garbage - but so do door to door salesmen. And I'm perfectly within my rights to forbid them from coming onto my property. a right which does not in any way infringe on their right to be heard, or their ability to simply bug my neighbor.
// "Can't clowns and pirates just -try- to get along?"
When SPAM stops being profitable (as in people who respond and purchase things), than SPAM will go away.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
And yet, there are moderators who will mod down anything that goes against the "geek norm", regardless of content. On some recent thread about movies, I posted what I thought were reasons why LOTR-ROTK was just a good movie and not fantastic. I was modded as a troll faster than you can download a picture of Natalie Portman. See for yourself Now granted, I didn't go on in great length about my points, but I still think that if you can let go of the fanboy fanaticism and look at it honestly, what I said holds. I was by no means trolling.
The problem with moderators is that meta-moderating is just a little-too-late. And even if it did work well, it wouldn't be able to stop biased moderating. Or it would plunge it into the void of predictable moderating. Or are we already there? There is a mod of "Troll", but not of "Karma Whore".
My beliefs do not require that you agree with them.
well, one of the authors in question :) /. definately ups the dl count
<ActivatE> as i said
<ActivatE> it's just a hoax to get umich on slashdot.
<jwagnerk> OK, I think I get that bit
<ActivatE> great. that should answer all the questions then
<rwash> ActivatE: ?
<jwagnerk> I was referring to something else
<ActivatE> hi rick.
<rwash> ActivatE: not to get umich on slashdot, to get our SSRN download count up!
<ActivatE> they count that?
<jwagnerk> well, getting it on
<ActivatE> wow. inflation. i thought that citations was the stuff that counts.
<rwash> yup...
<rwash> hehe.. SSRN doesn't track citations, only downloads.
<jwagnerk> so... How long before we have a working implementation of this?
<rwash> citations would be a better tracking metric, but is much harder to do
<briawn> 1,000,000 years
<rwash> jwagnerk: hah! good question... vanquish.com, cashette.com, cruelmail.com all claim to, and Micosoft is working on it
<jwagnerk> and these involve what kinds of modifications, exactly?
<rwash> how am I supposed to know? go ask them!
<jwagnerk> you need <deep wizardry> tags
Because a user can easily generate a seperate keypair for each "identity he uses online, his anonymity would not be harmed, and the signing the email would still assure arecipient that the email did in fact come from the user who claimed to have sent it (even if that userid is a fictitious construct). As for the web of trust, I know that I can sign qtp's key to assure that thiose who trust my key know that I have identified qtp's key as belonging to him.
PKI is, IMHO, the correct way to solve the sender verification problem but there has been difficulty in getting it adopted for wide usage, and in creating interfaces that remove some of the difficulties for newer users.
Read, L
The response rate is already at .25%, I don't think we can expect it to go any lower. But we can go after the money from a different direction, go after the vendor.
I might be missing a critical idea. I feel that I must be. (In my defense, I was up all night playing Crimson Skies and then preparing for an 8:30AM project status meeting.)
It seems that this warranty, escrow account system would not work well with hacked computers, viruses, et cetera. Here's a simple example; please tell me that I'm wrong. My grandma makes a reasonable attempt to secure her system but leaves some holes. Some hacker, working for a spammer, gets in her system and installs a nice little backdoor program. The spammer starts emailing people from her computer until the money in grandma's escrow account can no longer cover the warranties. The recipients are obviously angered by receiving this spam and collect the money on the warranty. How is she going to get her money back?
I don't need to belabor this point, but does this plan assume that all email sent from a user's account was purposefully sent by that user? If so, I can't support that. Virus writers and hackers aren't going away. Computers may become more secure; users may become more experienced. But our increasingly interconnected world is simply too complex to eradicate every security hole.
This is an interesting idea. Maybe a good target for the application of a micropayments system too, possibly for commercial e-mail marketers. For example, a company with an escrow account may need to pay a certain percentage of one cent per message based on volume and message rejection rate. This would keep costs down for the sender (especially if the formula allowed for completely free delivery when in excellent standing), discourage the casual spammer, allow the escrow to generate revenue, and possibly avoid e-mail tax laws and the like by making e-mail usage earn taxable money. That's just off the top of my head. I don't have any specifics in mind, but I'd be interested in hearing more from the economics geeks. Anyone care to pick me up?
ascii art
3) In Belgium? Act important despite the fact that the only reason you're on the totem pole at all is Van Damme.
Van Damme? Feh.
Plastic Bertrand? TEH SPOKE!!1!
They don't and can't work without destroying email as we know it. There's a substantive difference between something which is free per use (such as email) and something which is pay per use (such as postal mail). The researchers even mention this in their paper.
Any economic scheme has to make email pay per use. Even potential pay-per-use (as in this scheme) is enough to change the nature of the medium. E-mail is as useful as it is because you _aren't_ putting a quarter in the meter every time you push 'send'. Take that away -- make people consider costs before they send -- and you've changed the medium drastically.
Some would argue the result would be a _better_ medium. I disagree. You'd never send an e-mail to anyone you didn't know (e.g. you found their web page or a post on Usenet or a message board or some such thing), for fear that they'd just take your money. Would still work fine for business-to-customer communication of course, but that's not really the point of e-mail, is it?
Another solution that won't work, mostly because it doesn't contain the magical phrases "shotgun" and "spammers head".
Seriously, though: Spammers have been breaking into computers for years now. The current international spam mafias run bot-networks of several hundred-thousand machines each.
So sending mail will cost money (stamp, warrenty, tax - no matter the mechanics). Why exactly should the spammers care? It's not like they're sending from their machines or spending their money.
The serious, working solution to spam is two words: Jail time.
Assorted stuff I do sometimes: Lemuria.org
this sounds a lot like Habeas SWE, which is already integrated into many spam-blockers...
http://www.habeas.com/servicesHowSWEWorks.html
The best current solution is really the only one. Have a list of friendlies ( possibly with server information ).
How often do you get an email from a complete stranger that you really want to read. For most personal accounts you have a limited set of email buddies, a lot like an instant messenging service.
Building this list is the big issue.
Say you buy something from amazon.com, or another site. The web application needs to be able to add itself to your friendly list. Of course this does not happen automatically, but with something you click. A simple standard would not be that hard to devise so any mail client could recieve the message. Upon receiving the message the user is asked if the email is a friendly. At this point the program could check for a valid MX record, and a slew of other tests to see if the record is valid and issue a warning, or give the green light.
Now if the email is webmaster, or your the kind of person that does get lots of emails from people on the Web, like a CmdTaco you need some
more tools. But current spam checkers matched with MX lookup could seriously limit the number of records. You could also do some kind of verification routine where your email program sends an auto-response with one of those pictures. This has gotten worked around with letting porn surfers answer the question for you, but I'm sure it won't be long before people write bots to answer the porn guys wrong.
MX lookup I think will be the first step. If you can reverse an address, then ask that server if the email is authentic, and even give a CRC/timestamp to see if the email came from it. This would make it harder to run your own email server, but if you doing this you probably know what the hell MX records are.
I like the idea of paying to send email.
Make it, say, 1c per mail, flat, up front.
For normal private use, odds are you won't even notice the cost.
For business use, it's still dirt cheap.
But for a spammer who sends millions of mails each day, the cost would be prohibitive.
If you can manage to make a profit on that money you can use it to pay developpers for community software like Apache, Bind, Sendmail, PHP, etc..
We can give you a better warranty than the "restocking fee" folks. I guarantee you'll like my email or double your electrons back.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
<spammer> Crap, this warrenty plan for email has destroyed my spamming. .ru. Spammer then invokes warrenty, quickly withdraws money, and continues the cycle with a new virus.**
<spammer> **thinks**
<spammer> **Writes email virus that causes the infected computer to send email to a dummy account in
Your idea is borked, methinks.
Suppose lots of people started crypto-signing their email. Some signatures might involve certifying that the sender is Bob, an employee of BigCorp. Others may be completely anonymous, only allowing the recipient to know that this email was sent by the same entity who sent me that email last week. Now we can begin to whitelist email from friends, mailing lists, etc based on these signatures. So far, so good.
In the proposed system, if you want to send an email to someone who doesn't know you, you enclose a coupon redeemable for a small amount of digital cash. If you offered enough, they'll receive the email and decide whether to take the money. You are notified if your message is rejected, if the coupon is redeemed, or (after some delay) if it wasn't. Add notification to you if your Id is whitelisted, and this looks pretty good.
Mailing lists (and anything else you genuinely opt into) don't have a problem. They don't offer a warranty, but you've whitelisted the list ID, so you receive the list mail.
Only two of the problems cited in this thread seem genuine to me -- security of the sender's Id and security of the digital cash transaction system.
How about just because?
/. is afraid of hurting the karma of moderators so any negative impact is minimal).
No, I understand, the Meta-Moderation system is very weak (and it seems that
Not (not to be and to be), that is the answer
is the same as:
To be or not to be, that is the answer
which is wrong.
Hmmm....
Matt Fahrenbacher
You just seem to dislike open markets. Am I to infer Central Planning is more effective?
You imply laws are passed in a open market fashion, and they maybe after a fashion this is so by side effect of effective lobbying, but no one suggests that this is a correct solution.
You dislike the idea of pollution credits obviously, but fail to show how pollution is increased by use of pollution credits, or fails in its intent to redress certain inequities in the patch work of pollution regulation we have. You just have a gut feeling people shouldn't be given permission to pollute, but this is what regulation is all about, how much and to what end.
Spam is an example of "the tragedy of the commons"
Some type of barrier to access is the only way to solve it. By making it an open market everyone has access, but they indulge their use as makes economic sense. The beauty of open markets is that they are self regulating. Call it an emergent behavior from enlightened self interest.
I am not saying these gentleman have the correct solution for spam, but to just denigrate it because it has open market as a model is unfair. Open or Free markets work well in many situations, they also fail in many situations. Many times failures attributed to open or free markets are really failures of regulation, that only free certain aspects of a market but leave others restricted. The only thing we should be concerned with is does the solution work and is it fair. Lets not discard it simply because you dislike open markets, and may I also infer capitalism?
Letter To Iran
Why can't you make a rule for your inbox that says, I will not receive e-mails from people who will not warrant that their mail is not spam. If they breach that warranty they will owe me 5 cents which I empower [spam collections] to collect. You send me an e-mail, and you are prompted with the question "do you warrant that you are not sending spam and agree to pay the 5 cents if the receivers finds that your mail is spam?" If you say yes and don't send me spam, your added to my whitelist. If you say yes and send me spam, I report you. Spam collections can collect 5 cents from you. I think this is simpler because it does not require universal adoption and it only adds 1 more step to non-spam senders and receivers. recievers have to get and add-on to their e-mail to perform the warranty test. senders have a yes/no box to check.
The grass is only greener, if you don't take care of your own lawn.
being perhaps a bit literal, ya think?
the boolean factoring of the famous quote is to be taken outside the context of the quip.
The quote is facetiously 'answering' Shakespeare's 'question' as if it were a problem meant to be reduced with DeMorgan's Theorem.
if we were to take it as literal as you, then we should consider that 'answer' is the logical inverse of 'question'. in that case DeMorgan's Theorem was applied with slightly differing parens than you assumed.
( to be or not to be, that is the question ) == not( not to be and to be, that is the answer )
in which case the humorous quip still holds true.
shut up troll. Don't try to act like you're not a troll.
I have just added you to my modbomb list. HASD. ELBOW. YHL.
Why does everyone always think "sender pays" would kill mailing lists? When you sign up for the list, you would be told what "from" address you should whitelist. Then, the owner of the mailing list sends out the messages with ZERO postage.
From the second link:
DEBUG MODE
SQL Error : 1064 You have an error in your SQL syntax near 'AND f.forum_id = t.forum_id ' at line 4
SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, t.topic_type, t.topic_vote, t.topic_last_post_id, f.forum_name, f.forum_status, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_sticky, f.auth_announce, f.auth_pollcreate, f.auth_vote, f.auth_attachments FROM phpbb_topics t, phpbb_forums f WHERE t.topic_id = AND f.forum_id = t.forum_id
Real smart.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
hotmail, yahoo, any service that provides free email, etc should have the "what's the word?" security thing.
You know, the quiz that asks you what the distorted word is.
Have this required for EVERY time you want to send email. No fucking exceptions.
Would that stem spam a bit? I know not completely, but would it put a small dent in it?
All the posts here so far have been telling us how this money system will not work. To be honest, It does not look thta hopefull to me either. :)
Is there any reason why you cannot ask anyone who sends you mail to have a specific tag that you specify in the email they send you? Your email filters can then check for this tag, and if not found automatically bin it, or maybe a little not that so-and-so is requesting your tag?
That way you only get email you want.
Tag gets compromised? send everyone in your taglist a request to update to a new tag..
hmm. I can see a few things that may need a little thinking over, but why not? This sort of thing can't be too difficult to implement?
-Eternal Soul-
Time flies like an arrow, Fruit flies like a banana.
The web of trust, as described with PGP (who first used it in regards to PKI) doesn't require any root. I alone determine who I decide to trust, and who I will consider as a transitive source of trust.
Thawte wants to insert themselves as a middleman, and is thus attempting to hijack the term. It's immoral to do so. They must be opposed.
--Mike--
Instead of money in the escrow account, how about CPU time?
The escrow service could require senders to compute really expensive things (factor large number for instance) to aquire karma (or whatever you want to call it). Actually, it wouldn't even need to be an escrow service, your email server could keep track of all senders karma points for your mail server.
The scheme works exactly the same, if you receive spam, then you zap their karma instead of money.
This has the benefit of nothing more being lost than some CPU time (otherwise bugs or malicous code could cost you serious $$$). Since the recipient has nothing to gain from falsely identifiying spam, there is little chance that legitimate email senders will need to do the expensive computations more than once (except for newsletters sent to large isp domains like AOL). Hmmm maybe it would be better to track karma for each sender/recipient pair to avoid that as well.
Other than the old problem of getting everyone to use the new system (which is still a huge issue), this seems much easier than their approach.
Arbitrary sig
> 100% of the spam I get comes from America
How do you know?
Well, that's easy... See:
in compliance with FDA regulations (who cares about FDA but US citizens)
Right now in Canada they use almost ALL generic drugs to(...) (who cares so much specifically on Canada but US citizens)
To Unsubscribe via U.S. Mail please send all inquiries to: xxxx BROADWAY(...) (yeah, obvious)
Electronic dissemination provided by : xxxxxxx Consultants PO Box xxxx Plaza Del Lago Airport xxxx xxxx Bay, St. Maarten (no country specified... from US for sure)
For more information about our services. Call us at 618-xxx-xxxx (typical US phone format)
And many, many many-many-many other examples.
100% SPAM coming from US might be exageration though... I would say only 99,97%.
I agree.
All of these schemes are a waste of time. I have yet to see one that was not US centric in thought, not to mention the "little bit" of infrastructure that is always necessary. Maybe some people wouldn't care if e-mail cost 10 cents each but someone in [INSERT THIRD WORLD COUNTRY] sure would.
Why do people spam you? Because they want to get your money.
So the simple solution is to use your geeks and technology to create an economy that runs without money. Kinda like a clockless CPU. Then nobody would want to spam you, except to get your vote. They also wouldn't have any reason to tax you or charge you interest or forclose on your home or cut your pay or lay you off...
Would you Warranty Your Email?
No, I wouldn't. It's an interesting approach, but I'd never participate in it. It will COMPLETELY break the way things work, and make communications much more complicated. For example, friends/family/colleagues send me a ton of crap. Let's suppose for a minute that I set my cost as $50 per message. I have multiple addresses, so when people forward some ridiculous chain mail on some topic that I vehemently disagree with them on, I get multiple copies. So let's say I get three copies of this chain mail from someone. With the click of a button, I can set a friend out of $150. Obviously, they wouldn't remain a friend for long, and maybe there's something to be said for making people think twice about forwarding me crap.
But now consider a corporate setting. Let's say I'm really sick of spam at work, and set the price to $500 a message. My boss sends me mail informing me of budget cuts; I'm angered by it, and thus flag it as spam, charging my boss $500.
And I won't even get into the potential for abuse, where I try to impersonate someone else sending me spam, charging random people insane amounts of money.
And this just won't work. Spammers have a 'spam and dump' mentality -- they're sign up for a server, or find a new open relay, dump a ton of spam, and move on. I would fully expect spammers to completely disregard this, running up hundreds of thousands of dollars of debt on a credit card they used to purchase the server. They never pay the bill, and move on. In some strange way, it's kind of like the "If you outlaw guns, only outlaws will have guns" -- spammers will find ways around this, and we'll only inconvience people trying to send legitimate e-mail. And the basic premise sounds to have a ton of potential issues.
________________________________________________
suwain_2
PKI authentication is a good idea, but I doubt it would work. As you acknowledge, spammers will create "throw away identities". As far as your idea of countering their "throw away identities" with a reputation system for the sender's domain.... we could do that right now, could we not? We currently have the ability to filter out ip addy's or even entire domains that send a lot of spam. But we can't just kill off yahoo.com if a few spammers happen to break whatever scheme they've devised to prohibit spammers from creating identites. That is, even under an authentication system, if spammers were able to create some throw away identities on yahoo, somehow, we couldn't just decide not to listen to yahoo.com anymore. And spammers will always think of ingenious ways around yahoo's or any other providers schemes. I think the warranty system (or something similar) makes sense. Here's what would work: Everyone who has an e-mail account would have a "accept e-mail from" list. Ideally, a sender who is not on the recipients "accept e-mail from" list would have to pay to send a recipient an e-mail if both the recipient and the sender acknowledge the transaction. All it would do is force "initial e-mailers" (people who don't know you, haven't e-mailed you before, but have a legitimate concern) to be specific in the subject line so as to get your attention and convince you to not charge them. And if you do choose to charge them, they can opt out of the deal. Something like 25 or 50 cents would totally ruin spammers business model. Sure, you'd still get the "Hey, its donna, wanna fuck" e-mails, but soon we'd all wise up and quit opening them. ;-) (jk, I've never opened one of those silly things)
OH THE SHAME I fell off the wagon and use sigs again!
They miss an important point in the article :
... unlimited.
... right, noone.
In RL, a warranty usual is the value of the purchase, that is from 1$ to
Now, who has ever returned a floppy disk to the store to claim the warranty
Warranties ONLY make sense if they are expensive, at least 50$ or so, but 1cent warranties just dont work. The money at steak must be important enough for the customer to actually justify the trouble for claiming the warranty.
In their proposal, the trouble of claiming is minimized for the recipient, so that they may be more kin to claim the warranty. However, even then, this still doesnt make sense. I wouldnt do more than click on ONE button to claim 1 cent. If I had to click on two buttons, it wouldnt be worth it.
(I might, however, do it anyway, but in this case not for me, but to punish the spammer, hoping that others do it too)
BUT : the warrant must also be large to justify the trouble of FIGHTING a false claim. As well as the spammer will be harmed by millions of claimed warranties, a hacker could make the world send him 1cent warranted emails and claim the warranty on all of them.
This is far more realistic then the 1000$ warrant someone mentioned. If I'm charged 1000$, I go to the police. Will you go to the police if someone steals you 1 cent? But with computers, a hacker could easily steal 1cent from millions of people, making tens of tousands of money.
As the warrant is to small to make it worth fighting a false claim, we will see a complete new wave of cyber-crime here.
And this even without the technical problems of actually tracing an email.
I have discovered a truly remarkable proof for my post which this sig is too small to contain.
Less permanent, nonbinary (you can't be half-castrated), and can be repeated.
;-p
Every day, you get shocked by a voltage relative to the number of people that reported mail comming from your machine as spam.
If a "friend" will just make a prank on you by reporting one of your mails as spam, you wont even noticed it.
If, however, you send millions of spam-mails, the charge will make you scream in pain.
This will make admins fix open relays and users update their machines.
And seriously, how lame is a button "clicking here will charge the spammer 1 cent" compared to "clicking here will shock the spammer"
I have discovered a truly remarkable proof for my post which this sig is too small to contain.
I posted on a couple of threads about using a White List and got slammed for it. The people doing the slamming didn't give reasons but just went on about clueless I was being. I'm not deep into the philosophy of the internet, etc. so maybe I'm missing something. What is wrong with using an e-mail white list? My unlisted phone number is essential operates via a white list (only people I know plus lucky telemarketers who guess my number get through and the telemarketers, once told I'm on the No Call List, hang up and slink away). It isn't like I (or I assume most people) will be getting e-mail from complete strangers that aren't spam ... Using my white list, I never get any spam ever anymore.
Back in the day, Prodigy used to give you 30 free emails per month and charge you $0.25 per email after that. Was there an escrow account? No. Did they still manage to charge you gobs of cash when you sent 200 emails in a month? You bet.
You're assuming people would have to set up these escrow accounts on an individual basis, and that's a bad assumption. You'd set them up on an ISP basis, with most ISP's offering an "escrow gateway", and billing you if your emails got rejected.
And your escrow wouldn't be $10, it'd be, say, 10 cents. Low enough that if your ISP has to eat it for a few messages, it's not a big deal. If you try to send out 100 mails at once with warranty, your ISP might require money in advance, or a "premiere" account. If you have too many emails get rejected in a certain period, your ISP might automatically shut down your email altogether.
And, if the escrow fee is 10 cents, your ISP could charge its users $1 if their email gets bounced even if they only pay out 10 cents to the recipient. That makes it profitable, and if it's profitable for ISP's, they'll certainly do it.
Anyway, point of the matter is just because the solution you think of sucks doesn't mean there isn't a good solution.
paintball
It's amazing how many people don't use a simple means of cutting the spam to zero: change their e-mail address and start fresh.
Of course this isn't a solution for everyone. Yes, it's a pain to send out "change of address" e-mails (and more of a pain to change a contact's address in your directory.) Yes, there are many, many cases where the e-mail needs to remain constant. But for the average user who may only receive a few messages a day from a relatively short list of contacts and are otherwise deluged with spam, it's a band-aid solution that works.
Ahh the possiblilities.
The key difference between a Programmer and a Senior Programmer is that one of them is Mexican.
Don't accept mail unless it is encrypted with sender's GPG/PGP key
No, authentication would only kill anonymous email for those who have no need for anonymous email. Authenitication would not kill random email from strangers, it would only kill anonymous email.
There are very few people who need to send anonymous email, such as whistleblowers. They don't send to just anybody, they send to specific people, ombudsman, lawyers, police, and they would still have to allow anonymous email. I imagine useful anonymous email is one out of a million.
99.999% of anonymous email is spam. With authentication, 99.999% of spam will never get past the headers; the smtp server will drop the connection rudely, or reject it permanently. Spam only works now because they can make a profit when only 100 out of a million recipients respond. When that million is cut down to a few hundred because it was not authenticated, they would still need those 100 responses, which they won't get out of such a small mailing, and they will quickly go out of business.
Spam would wither so fast it would make even Aunt Sally smile.
Infuriate left and right
This technology requires a sender-verified, secure, trackable, unbreakable e-mail system that ensures the sender is who they say they are, the recipient is who they say they are, and the message is exactly what the sender sent. All mail-sending accounts must be registered and accessible in a centralized database, and must contact that database to send mail.
The domain hosts then become responsible for the activities of the spammers, because the discovery of the spammer and their account address becomes trivial. Deal with the problem, or be black holed. Or, alternatively, the spammer can be locked out at the db level.
No where does charging the spammer become necessary. The spammer is simply locked out. E-mail stays free. Nobody gets charged when hacked.
Personally, I would support a domain-sender-message verification system, whereby a message is Md5'd (or some quicker form of hashing) on its way out and stored in a database for each 12 hour period. Upon receiving the mail, the recipient's mail server queries the reported sender's mail server with the message's listed Md5 key. The mail server goes through the databases for the last 3 12 hour periods (in reverse order) and searches for the listed key. If the key matches, it gives a positive response. If not, the message is destroyed.
Bingo, verification that the message originated in the particular domain, and that domain is responsible for the activities of its constituents. If that domain owner refuses to take action, their domain and their IP addresses would be blacklisted.
The ______ Agenda
I don't get it. Can someone please explain this concept to me, so that I do not have to read some doctoral thesis.
I didn't have a chance to read article. But clicking through the links i realized something.. not something new.. just something.
how can we put the burdon on the sender? well. how about a system where the sender cant just send a million mails a second and making a few thousands servers having to deal with it.
I think a model in which the mail is queued on the sending server, until the user accepts to recieve will put a heavy strain on the sending server and make spam not as cheap as it is.
example: when i open up mutt or mozilla-firebird.. i see a basic header information, sender, subject. that information is saved on my mailserver. if i decided to open the mail, the my mailserver checks back with the sending machine and requests for content. given, this will slow down certain types of emails...
now, we have a system that unless the spammer has lots of powerful machines it wont be worth the money to have millions of mails queued in their own server. only to have 1% of the population actually requesting the mail.
basically the sender has to put up with the burdon of sending so many emails.
problems: legit mailing lists.
just an idea.
now i will RTFA
what is nailchipper?
The premise that a monetary value wants to/needs to/should be attached to the "trade" of information via email is unfounded - Do people want the "trade" of info via talk radio, coffee houses, Oprah, slashdot, OSS, forums, etc to be monetized?
No, nor do they want to monetize the flow of trade via email if there are other means by which to stop or reduce spam.
Reducing friction is what has accelerated the pace of information exchange and change, not increasing friction - adding exchange of money to most systems increases friction and slows the overall rate of information flow on that system.
Email has a technical flaw and businesses are lining up to introduce 'traction' or fees to slow bad email. This remind sme of the Douglas Adams Quote:
"Many solutions were suggested for this problem, but most of these were largely concerned with the movements of small green pieces of paper, which is odd, because on the whole it wasn't the small green pieces of paper that were unhappy."
LS
j00 can suX0r my nuuutsizack fanboiiii!!#!!#@$
Quit your bitch-batching and take the moderation as it comes you monkey-buckler.
Are you quite certain you don't want any "Anonymous Cowards" in your house?
And if someone left an anonymous phone call on your answering machine letting you know that, say, there was a round of layoffs coming at your place of employment, or that the local mob had put a contract out on your life, or that they'd observed a suspicious character planting something under your car... how would you feel then?
You presume that the only reason someone might want to remain anonymous is that they are advocating some position which you might be uninteresting to you. That's certainly the more common situation.
But the other circumstance is when someone is doing you a favor, but is only willing to do so if they can remain anonymous. Those situations are incredibly rare. But by their very nature they cannot be anticipated so that you can turn off your requirement for identity in advance.
And by their very nature they are often very important.
BTW, for a similar but different situation, there is a certain famous organization which provides cheap health-care services to the indigent, but the name of which is so controversial, when you get services there -- even non-controversial ones -- they ask you whether it is OK to identify themselves by name if they have to call you. Alternatively, you can specify that when they call, with, say, the results of a blood test, that they identify themselves as "your friend, Kathy" or some such.
The organization is Planned Parenthood. (And if you didn't know, abortion is only one part of what they do -- they also provide gynecological exams, birthcontrol, fetility help, etc.)
Since the whole purpose of the "your friend, Kathy" ruse is to avoid letting other people who share the same phone line know with whom you're talking, it highlights nicely the other reason a default presumption of "no Anonymous Cowards" might be unwanted. While you may live alone, for people who live with others, there's internal privacy issues, too, which are not at first obvious to most folks.
-*- Any technology indistinguishable from magic is insufficiently advanced -*-
Stop the Cash Flow, Kill the Spam
All spammers selling something are processing the transactions through credit cards. Put pressure on Visa to cancel the transaction and spammers would be stopped cold, [Paul] Graham said. So what if it's a Taiwanese Internet pharmacy? Reach them through their Visa merchant account.
IronPort systems Already has a Bonded Center Pogram. This where emailiers by their way onto a whitelist With a Bond. If it turns out these senders are spammers they loose the bond, and are kicked off the white list. Infact spamassassin is already integrated with it and usally knocks down a few points if the sender is in the Bonded Sender Program.
It seems to me that the main problem with email today is the fact that messages are "pushed" to the recipient's mail server. That worked fine in the early days of the Internet when there were few email users and most of them were legitimate. But things have changed, and so should the way email servers work.
e w-pane thing. But underneath, there are a lot more advantages to the new system. For starters, if Alice is a spammer, her junk message takes up space on *her* mail server instead of Bob's. A mass-spammer immediately has a storage constraint on her side, because if no one retrieves her spam, it continues to sit in her server. Hence, less spam can be sent out in the first place. Another advantage is that there is a drastic reduction in wasted bandwidth if Alice is a spammer, because the entire junk email doesn't automatically get sent through the Internet, only the simple header does (assuming Alice is "close" to her mail server).
The solution to spam seems clear to me, and it requires little more than upgrading mail servers and email user agents. Suppose Alice wants to send Bob an email. Alice composes her message and sends it to her mail server where it sits a while. Her mail server sends a simple message header to Bob's mail server. Bob checks his email and downloads the new message header from his mail server (that's just the header; none of this preview-pane stuff where the message automatically appears). Bob has two choices: (1) he decides he knows Alice and wants to read the message, or (2) he suspects the message is junk. In the case of (1), Bob double-clicks the new message and his user agent sends a request to his mail server to go get the message from Alice's mail server. His mail server happily retrieves the message and forwards it to his user agent. In the case of (2), Bob deletes the junk message's header and continues with his business.
Note that Bob notices little difference in his new user agent compared to his old one, except for the no-automatically-displaying-messages-in-the-previ
This system is kind of like the plain-old telephone system. With a telephone, when you hear the ring and/or check your caller ID unit, you make a decision to answer and retrieve the rest of the message. The person on the other end cannot just start talking to you after they dial your number (kind of like they can with email). This is also how email should work. Given a simple header ("ring, ring"), you decide whether or not to continue. The sender, meanwhile, must wait for your acknowledgment.
Why has something like this not been implemented yet?
to you for explaining, but no thanks to the guys who have proposed this.
Now every bit of speech would be subject to an ecconomic means test. The wealthier folk could simply bar those lesswealthy from communicating with them (even in an emergency) by setting their level much higher. I would assume that most people would want their level for a particular sender to at least match the level that person would require of him.
It is as if the economics of advertising and political patronage is invading private communication. Is this an attempt at enforcing a class system? or are the proposers claiming that a class system is necessary in order to solve the spam problem.
Read, L
IMHO, the problem is the people with disposable incomes who cannot tell real mail from spam using the sender field. Their eyes somehow wonder over to the subject line. Something reminds them that they are not happy with their penis sizes, and they read the whole e-mail, click on the links, go to the website and spend their money.
I have a hotmail account and I get 5-10 spam e-mails that pass thru hotmail's filter. Deleting them manually takes me 5-10 seconds, which I have to spend because you people out there are not doing this and conducting business with spammers. Seeing how you react, the spammers up the dosage in proportion with their level of greed.
No, because a lot of spam is sent by stupid people who believe they will make money. By the time they've lost the money they paid for their mailing lists and spam software the damage is done and there's another asshole to takwe their place.
The big-time spammers like Ralsky aren't selling dick enlarging cream, they're selling spamming services to those who do.
Prove it you say? Yup. Try to spam me. My email address is "Me@RandyHamilton.com". G'wan, try. The process is nearly self-explainitory. The only thing you won't necessarily see is that if your email includes specific information about me that would be in a business letter or receipt, it would also go through.
Example #3:
1- You put $100 on your account
2- I set my level at $10.
3- I get your email, don't like it and collect $10 from you
4- while ($your_account_have_funds == true) goto 3
Sounds good for me!
I have yet to see the "web of trust" deliver on its promises.
I've been thinking about this for quite a while, and my own thinking lead to most of the same conclusions as this escrow model.
There is a far better use of RSA to leverage this proposal. The beautiful property of RSA is that key generation takes more compute cycles that verification, and this ratio increases as the size of the keys increase.
The mail recipient would specify the size of the escrow key required, depending of various factors. For a least trusted sender, it might ask for a giant RSA key that could take up to minutes to generate. A good example of a worst case sender would be a consumer broadband modem infected by spam robot.
The client "seizes the escrow" by publically repudiating the expensive key.
Repudiations would be handled the same way. The agent repudiating the key would have to put up an escrow to the repudiation server. Abuse of the repudiation server would be unwound by repudiating the repudiation.
None of these events have zero cost. The beauty of this is that the size of the escrows demanded can scale with the amount of abuse detected, so until the system reaches an equilibrium point between the overhead of generating the escrows and an acceptable level of bad mail seepage.
Furthermore, the repudiation chain can require that each repudiation become more expensive than the last. There are some especially aggravating spamholes where I would be more than happy to compute a repudiation key all night long.
Also, the mechanism can incorporate a role for precomputed keys and on-demand keys, where the key must be produced as a function of a seed provided by the recipient at the time of delivery. Long precomputed keys could be signed by less expensive on-demand keys. There is a lot of flexibility in how these primitives can be combined.
I don't have time to flesh this out, but someone sufficiently motivated should make an effort to examine the use the RSA key generation as an escrow mechanism within the ecomonic model this paper presents.
Sorry I didn't know how else to reach you...